Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | // SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2020 Facebook */ #include "vmlinux.h" #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> #include <bpf/bpf_core_read.h> #define MAX_LEN 256 char buf_in1[MAX_LEN] = {}; char buf_in2[MAX_LEN] = {}; int test_pid = 0; bool capture = false; /* .bss */ __u64 payload1_len1 = 0; __u64 payload1_len2 = 0; __u64 total1 = 0; char payload1[MAX_LEN + MAX_LEN] = {}; __u64 ret_bad_read = 0; /* .data */ int payload2_len1 = -1; int payload2_len2 = -1; int total2 = -1; char payload2[MAX_LEN + MAX_LEN] = { 1 }; int payload3_len1 = -1; int payload3_len2 = -1; int total3= -1; char payload3[MAX_LEN + MAX_LEN] = { 1 }; int payload4_len1 = -1; int payload4_len2 = -1; int total4= -1; char payload4[MAX_LEN + MAX_LEN] = { 1 }; char payload_bad[5] = { 0x42, 0x42, 0x42, 0x42, 0x42 }; SEC("raw_tp/sys_enter") int handler64_unsigned(void *regs) { int pid = bpf_get_current_pid_tgid() >> 32; void *payload = payload1; long len; /* ignore irrelevant invocations */ if (test_pid != pid || !capture) return 0; len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); if (len >= 0) { payload += len; payload1_len1 = len; } len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); if (len >= 0) { payload += len; payload1_len2 = len; } total1 = payload - (void *)payload1; ret_bad_read = bpf_probe_read_kernel_str(payload_bad + 2, 1, (void *) -1); return 0; } SEC("raw_tp/sys_exit") int handler64_signed(void *regs) { int pid = bpf_get_current_pid_tgid() >> 32; void *payload = payload3; long len; /* ignore irrelevant invocations */ if (test_pid != pid || !capture) return 0; len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); if (len >= 0) { payload += len; payload3_len1 = len; } len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); if (len >= 0) { payload += len; payload3_len2 = len; } total3 = payload - (void *)payload3; return 0; } SEC("tp/raw_syscalls/sys_enter") int handler32_unsigned(void *regs) { int pid = bpf_get_current_pid_tgid() >> 32; void *payload = payload2; u32 len; /* ignore irrelevant invocations */ if (test_pid != pid || !capture) return 0; len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); if (len <= MAX_LEN) { payload += len; payload2_len1 = len; } len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); if (len <= MAX_LEN) { payload += len; payload2_len2 = len; } total2 = payload - (void *)payload2; return 0; } SEC("tp/raw_syscalls/sys_exit") int handler32_signed(void *regs) { int pid = bpf_get_current_pid_tgid() >> 32; void *payload = payload4; long len; /* ignore irrelevant invocations */ if (test_pid != pid || !capture) return 0; len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in1[0]); if (len >= 0) { payload += len; payload4_len1 = len; } len = bpf_probe_read_kernel_str(payload, MAX_LEN, &buf_in2[0]); if (len >= 0) { payload += len; payload4_len2 = len; } total4 = payload - (void *)payload4; return 0; } SEC("tp/syscalls/sys_exit_getpid") int handler_exit(void *regs) { long bla; if (bpf_probe_read_kernel(&bla, sizeof(bla), 0)) return 1; else return 0; } char LICENSE[] SEC("license") = "GPL"; |