Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/samples/bpf/tracex5_kern.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) /* Copyright (c) 2015 PLUMgrid, http://plumgrid.com
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3)  * This program is free software; you can redistribute it and/or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)  * modify it under the terms of version 2 of the GNU General Public
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)  * License as published by the Free Software Foundation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) #include <linux/ptrace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) #include <linux/version.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) #include <uapi/linux/bpf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <uapi/linux/seccomp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <uapi/linux/unistd.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include "syscall_nrs.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <bpf/bpf_helpers.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <bpf/bpf_tracing.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #define PROG(F) SEC("kprobe/"__stringify(F)) int bpf_func_##F
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	__uint(key_size, sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	__uint(value_size, sizeof(u32));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #ifdef __mips__
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	__uint(max_entries, 6000); /* MIPS n64 syscalls start at 5000 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	__uint(max_entries, 1024);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) } progs SEC(".maps");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) SEC("kprobe/__seccomp_filter")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) int bpf_prog1(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 	int sc_nr = (int)PT_REGS_PARM1(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 	/* dispatch into next BPF program depending on syscall number */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 	bpf_tail_call(ctx, &progs, sc_nr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 	/* fall through -> unknown syscall */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 	if (sc_nr >= __NR_getuid && sc_nr <= __NR_getsid) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 		char fmt[] = "syscall=%d (one of get/set uid/pid/gid)\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 		bpf_trace_printk(fmt, sizeof(fmt), sc_nr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) /* we jump here when syscall number == __NR_write */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) PROG(SYS__NR_write)(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 	struct seccomp_data sd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 	bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	if (sd.args[2] == 512) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 		char fmt[] = "write(fd=%d, buf=%p, size=%d)\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) 		bpf_trace_printk(fmt, sizeof(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) 				 sd.args[0], sd.args[1], sd.args[2]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) PROG(SYS__NR_read)(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) 	struct seccomp_data sd;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) 	bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) 	if (sd.args[2] > 128 && sd.args[2] <= 1024) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) 		char fmt[] = "read(fd=%d, buf=%p, size=%d)\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) 		bpf_trace_printk(fmt, sizeof(fmt),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) 				 sd.args[0], sd.args[1], sd.args[2]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) #ifdef __NR_mmap2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) PROG(SYS__NR_mmap2)(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) 	char fmt[] = "mmap2\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) 	bpf_trace_printk(fmt, sizeof(fmt));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) #ifdef __NR_mmap
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) PROG(SYS__NR_mmap)(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) 	char fmt[] = "mmap\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) 	bpf_trace_printk(fmt, sizeof(fmt));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) char _license[] SEC("license") = "GPL";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) u32 _version SEC("version") = LINUX_VERSION_CODE;
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.