-
Notifications
You must be signed in to change notification settings - Fork 165
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Andrea Terzolo <[email protected]>
- Loading branch information
1 parent
48d74fa
commit 24403b5
Showing
7 changed files
with
252 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
91 changes: 91 additions & 0 deletions
91
driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/io_uring_enter.bpf.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
/* | ||
* Copyright (C) 2023 The Falco Authors. | ||
* | ||
* This file is dual licensed under either the MIT or GPL 2. See MIT.txt | ||
* or GPL2.txt for full copies of the license. | ||
*/ | ||
|
||
#include <helpers/interfaces/fixed_size_event.h> | ||
|
||
/*=============================== ENTER EVENT ===========================*/ | ||
|
||
SEC("tp_btf/sys_enter") | ||
int BPF_PROG(io_uring_enter_e, | ||
struct pt_regs *regs, | ||
long id) | ||
{ | ||
struct ringbuf_struct ringbuf; | ||
if(!ringbuf__reserve_space(&ringbuf, IO_URING_ENTER_E_SIZE)) | ||
{ | ||
return 0; | ||
} | ||
|
||
ringbuf__store_event_header(&ringbuf, PPME_SYSCALL_IO_URING_ENTER_E); | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
// Here we have no parameters to collect. | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
ringbuf__submit_event(&ringbuf); | ||
|
||
return 0; | ||
} | ||
|
||
/*=============================== ENTER EVENT ===========================*/ | ||
|
||
/*=============================== EXIT EVENT ===========================*/ | ||
|
||
SEC("tp_btf/sys_exit") | ||
int BPF_PROG(io_uring_enter_x, | ||
struct pt_regs *regs, | ||
long ret) | ||
{ | ||
struct ringbuf_struct ringbuf; | ||
if(!ringbuf__reserve_space(&ringbuf, IO_URING_ENTER_X_SIZE)) | ||
{ | ||
return 0; | ||
} | ||
|
||
ringbuf__store_event_header(&ringbuf, PPME_SYSCALL_IO_URING_ENTER_X); | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
/* Parameter 1: res (type: PT_ERRNO) */ | ||
ringbuf__store_s64(&ringbuf, ret); | ||
|
||
/* Parameter 2: fd (type: PT_FD) */ | ||
s32 fd = (s32)extract__syscall_argument(regs, 0); | ||
ringbuf__store_s64(&ringbuf, (s64)fd); | ||
|
||
/* Parameter 3: to_submit (type: PT_UINT32) */ | ||
u32 to_submit = (u32)extract__syscall_argument(regs, 1); | ||
ringbuf__store_u32(&ringbuf, to_submit); | ||
|
||
/* Parameter 4: min_complete (type: PT_UINT32) */ | ||
u32 min_complete = (u32)extract__syscall_argument(regs, 2); | ||
ringbuf__store_u32(&ringbuf, min_complete); | ||
|
||
/* Parameter 5: flags (type: PT_FLAGS32) */ | ||
u32 flags = (u32)extract__syscall_argument(regs, 3); | ||
ringbuf__store_u32(&ringbuf, io_uring_enter_flags_to_scap(flags)); | ||
|
||
/* Parameter 6: sig (type: PT_SIGSET) */ | ||
/* This is unclear, why we store only the first 32 bit? this is a pointer! | ||
* It could be also a pointer to a `struct io_uring_getevents_args`. | ||
*/ | ||
u32 sig = (u32)extract__syscall_argument(regs, 4); | ||
ringbuf__store_u32(&ringbuf, sig); | ||
|
||
/// TODO: We miss the last parameter `size_t argsz` | ||
/// we need to implement it in all our drivers | ||
|
||
/*=============================== COLLECT PARAMETERS ===========================*/ | ||
|
||
ringbuf__submit_event(&ringbuf); | ||
|
||
return 0; | ||
} | ||
|
||
/*=============================== EXIT EVENT ===========================*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
test/drivers/test_suites/syscall_enter_suite/io_uring_enter_e.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#include "../../event_class/event_class.h" | ||
|
||
#if defined(__NR_io_uring_enter) | ||
|
||
#include <linux/io_uring.h> | ||
|
||
TEST(SyscallEnter, io_uring_enterE) | ||
{ | ||
auto evt_test = get_syscall_event_test(__NR_io_uring_enter, ENTER_EVENT); | ||
|
||
evt_test->enable_capture(); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
int32_t fd = -1; | ||
uint32_t to_submit = 10; | ||
uint32_t min_complete = 20; | ||
uint32_t flags = IORING_ENTER_EXT_ARG; | ||
const void* argp = NULL; | ||
size_t argsz = 7; | ||
assert_syscall_state(SYSCALL_FAILURE, "io_uring_enter", syscall(__NR_io_uring_enter, fd, to_submit, min_complete, flags, argp, argsz)); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
evt_test->disable_capture(); | ||
|
||
evt_test->assert_event_presence(); | ||
|
||
if(HasFatalFailure()) | ||
{ | ||
return; | ||
} | ||
|
||
evt_test->parse_event(); | ||
|
||
evt_test->assert_header(); | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
// Here we have no parameters to assert. | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
evt_test->assert_num_params_pushed(0); | ||
} | ||
#endif |
64 changes: 64 additions & 0 deletions
64
test/drivers/test_suites/syscall_exit_suite/io_uring_enter_x.cpp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
#include "../../event_class/event_class.h" | ||
|
||
#if defined(__NR_io_uring_enter) && defined(__NR_close) | ||
|
||
#include <linux/io_uring.h> | ||
|
||
TEST(SyscallExit, io_uring_enterX) | ||
{ | ||
auto evt_test = get_syscall_event_test(__NR_io_uring_enter, EXIT_EVENT); | ||
|
||
evt_test->enable_capture(); | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
int32_t fd = -1; | ||
uint32_t to_submit = 10; | ||
uint32_t min_complete = 20; | ||
uint32_t flags = IORING_ENTER_EXT_ARG; | ||
const void* argp = NULL; | ||
size_t argsz = 7; | ||
assert_syscall_state(SYSCALL_FAILURE, "io_uring_enter", syscall(__NR_io_uring_enter, fd, to_submit, min_complete, flags, argp, argsz)); | ||
int64_t errno_value = -errno; | ||
|
||
/*=============================== TRIGGER SYSCALL ===========================*/ | ||
|
||
evt_test->disable_capture(); | ||
|
||
evt_test->assert_event_presence(); | ||
|
||
if(HasFatalFailure()) | ||
{ | ||
return; | ||
} | ||
|
||
evt_test->parse_event(); | ||
|
||
evt_test->assert_header(); | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
/* Parameter 1: res (type: PT_ERRNO) */ | ||
evt_test->assert_numeric_param(1, (int64_t)errno_value); | ||
|
||
/* Parameter 2: fd (type: PT_FD) */ | ||
evt_test->assert_numeric_param(2, (int64_t)fd); | ||
|
||
/* Parameter 3: to_submit (type: PT_UINT32) */ | ||
evt_test->assert_numeric_param(3, (uint32_t)to_submit); | ||
|
||
/* Parameter 4: min_complete (type: PT_UINT32) */ | ||
evt_test->assert_numeric_param(4, (uint32_t)min_complete); | ||
|
||
/* Parameter 5: flags (type: PT_FLAGS32) */ | ||
evt_test->assert_numeric_param(5, (uint32_t)PPM_IORING_ENTER_EXT_ARG); | ||
|
||
/* Parameter 6: sig (type: PT_SIGSET) */ | ||
/* These are the first 32 bit of a pointer so in this case all zeros */ | ||
evt_test->assert_numeric_param(6, (uint32_t)0); | ||
|
||
/*=============================== ASSERT PARAMETERS ===========================*/ | ||
|
||
evt_test->assert_num_params_pushed(6); | ||
} | ||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters