-
Notifications
You must be signed in to change notification settings - Fork 165
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new: support
io_uring_register
syscall
Signed-off-by: Andrea Terzolo <[email protected]>
- Loading branch information
1 parent
24403b5
commit 227690e
Showing
7 changed files
with
225 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
.../modern_bpf/programs/tail_called/events/syscall_dispatched_events/io_uring_register.bpf.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Copyright (C) 2023 The Falco Authors. | ||
* | ||
* This file is dual licensed under either the MIT or GPL 2. See MIT.txt | ||
* or GPL2.txt for full copies of the license. | ||
*/ | ||
|
||
#include <helpers/interfaces/fixed_size_event.h> | ||
|
||
/*=============================== ENTER EVENT ===========================*/ | ||
|
||
SEC("tp_btf/sys_enter") | ||
int BPF_PROG(io_uring_register_e, | ||
struct pt_regs *regs, | ||
long id) | ||
{ | ||
struct ringbuf_struct ringbuf; | ||
if(!ringbuf__reserve_space(&ringbuf, IO_URING_REGISTER_E_SIZE)) | ||
{ | ||
return 0; | ||
} | ||
|
||
ringbuf__store_event_header(&ringbuf, PPME_SYSCALL_IO_URING_REGISTER_E); | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
// Here we have no parameters to collect. | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
ringbuf__submit_event(&ringbuf); | ||
|
||
return 0; | ||
} | ||
|
||
/*=============================== ENTER EVENT ===========================*/ | ||
|
||
/*=============================== EXIT EVENT ===========================*/ | ||
|
||
SEC("tp_btf/sys_exit") | ||
int BPF_PROG(io_uring_register_x, | ||
struct pt_regs *regs, | ||
long ret) | ||
{ | ||
struct ringbuf_struct ringbuf; | ||
if(!ringbuf__reserve_space(&ringbuf, IO_URING_REGISTER_X_SIZE)) | ||
{ | ||
return 0; | ||
} | ||
|
||
ringbuf__store_event_header(&ringbuf, PPME_SYSCALL_IO_URING_REGISTER_X); | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
/* Parameter 1: res (type: PT_ERRNO) */ | ||
ringbuf__store_s64(&ringbuf, ret); | ||
|
||
/* Parameter 2: fd (type: PT_FD) */ | ||
s32 fd = (s32)extract__syscall_argument(regs, 0); | ||
ringbuf__store_s64(&ringbuf, (s64)fd); | ||
|
||
/* Parameter 3: opcode (type: PT_ENUMFLAGS16) */ | ||
u32 opcode = (u32)extract__syscall_argument(regs, 1); | ||
ringbuf__store_u16(&ringbuf, (u16)io_uring_register_opcodes_to_scap(opcode)); | ||
|
||
/* Parameter 4: arg (type: PT_UINT64) */ | ||
/* Here we push directly a pointer to userspace. `arg` is | ||
* pointer to `struct io_uring_rsrc_register` | ||
*/ | ||
unsigned long arg = extract__syscall_argument(regs, 2); | ||
ringbuf__store_u64(&ringbuf, arg); | ||
|
||
/* Parameter 5: nr_args (type: PT_UINT32) */ | ||
u32 nr_args = (u32)extract__syscall_argument(regs, 3); | ||
ringbuf__store_u32(&ringbuf, nr_args); | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
ringbuf__submit_event(&ringbuf); | ||
|
||
return 0; | ||
} | ||
|
||
/*=============================== EXIT EVENT ===========================*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
44 changes: 44 additions & 0 deletions
44
test/drivers/test_suites/syscall_enter_suite/io_uring_register_e.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
#include "../../event_class/event_class.h" | ||
|
||
#if defined(__NR_io_uring_register) | ||
|
||
#include <linux/io_uring.h> | ||
|
||
TEST(SyscallEnter, io_uring_registerE) | ||
{ | ||
auto evt_test = get_syscall_event_test(__NR_io_uring_register, ENTER_EVENT); | ||
|
||
evt_test->enable_capture(); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
int32_t fd = -1; | ||
uint32_t opcode = IORING_REGISTER_BUFFERS; | ||
const void* arg = NULL; | ||
unsigned int nr_args = 7; | ||
assert_syscall_state(SYSCALL_FAILURE, "io_uring_register", syscall(__NR_io_uring_register, fd, opcode, arg, nr_args)); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
evt_test->disable_capture(); | ||
|
||
evt_test->assert_event_presence(); | ||
|
||
if(HasFatalFailure()) | ||
{ | ||
return; | ||
} | ||
|
||
evt_test->parse_event(); | ||
|
||
evt_test->assert_header(); | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
// Here we have no parameters to assert. | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
evt_test->assert_num_params_pushed(0); | ||
} | ||
#endif |
59 changes: 59 additions & 0 deletions
59
test/drivers/test_suites/syscall_exit_suite/io_uring_register_x.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
#include "../../event_class/event_class.h" | ||
|
||
#if defined(__NR_io_uring_register) | ||
|
||
#include <linux/io_uring.h> | ||
|
||
TEST(SyscallExit, io_uring_registerX) | ||
{ | ||
auto evt_test = get_syscall_event_test(__NR_io_uring_register, EXIT_EVENT); | ||
|
||
evt_test->enable_capture(); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
int32_t fd = -1; | ||
uint32_t opcode = IORING_REGISTER_RESTRICTIONS; | ||
const void* arg = (const void*)0x7fff5694dc58; | ||
unsigned int nr_args = 34; | ||
assert_syscall_state(SYSCALL_FAILURE, "io_uring_register", syscall(__NR_io_uring_register, fd, opcode, arg, nr_args)); | ||
int64_t errno_value = -errno; | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
evt_test->disable_capture(); | ||
|
||
evt_test->assert_event_presence(); | ||
|
||
if(HasFatalFailure()) | ||
{ | ||
return; | ||
} | ||
|
||
evt_test->parse_event(); | ||
|
||
evt_test->assert_header(); | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
/* Parameter 1: res (type: PT_ERRNO) */ | ||
evt_test->assert_numeric_param(1, (int64_t)errno_value); | ||
|
||
/* Parameter 2: fd (type: PT_FD) */ | ||
evt_test->assert_numeric_param(2, (int64_t)fd); | ||
|
||
/* Parameter 3: opcode (type: PT_ENUMFLAGS16) */ | ||
evt_test->assert_numeric_param(3, (uint16_t)opcode); | ||
|
||
/* Parameter 4: arg (type: PT_UINT64) */ | ||
evt_test->assert_numeric_param(4, (uint64_t)arg); | ||
|
||
/* Parameter 5: nr_args (type: PT_UINT32) */ | ||
evt_test->assert_numeric_param(5, (uint32_t)nr_args); | ||
|
||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
evt_test->assert_num_params_pushed(5); | ||
} | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters