Skip to content

Commit

Permalink
update(bpf): introduce the BPF commands name
Browse files Browse the repository at this point in the history
Signed-off-by: rohith-raju <[email protected]>
  • Loading branch information
Rohith-Raju committed Dec 7, 2023
1 parent 98410bc commit c2eb682
Show file tree
Hide file tree
Showing 8 changed files with 59 additions and 10 deletions.
4 changes: 2 additions & 2 deletions driver/bpf/fillers.h
Original file line number Diff line number Diff line change
Expand Up @@ -5795,8 +5795,8 @@ FILLER(sys_bpf_x, true)
bpf_push_s64_to_ring(data, fd);

/* Parameter 2: cmd (type: PT_INT32) */
int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0);
return bpf_push_s32_to_ring(data, cmd);
unsigned long cmd = bpf_syscall_get_argument(data, 0);
return bpf_push_s32_to_ring(data, (int32_t)bpf_cmd_to_scap(cmd));
}

FILLER(sys_unlinkat_x, true)
Expand Down
2 changes: 1 addition & 1 deletion driver/event_table.c
Original file line number Diff line number Diff line change
Expand Up @@ -419,7 +419,7 @@ const struct ppm_event_info g_event_info[] = {
[PPME_SYSCALL_DUP_1_E] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 1, {{"fd", PT_FD, PF_DEC} } },
[PPME_SYSCALL_DUP_1_X] = {"dup", EC_IO_OTHER | EC_SYSCALL, EF_CREATES_FD | EF_USES_FD | EF_MODIFIES_STATE, 2, {{"res", PT_FD, PF_DEC}, {"oldfd", PT_FD, PF_DEC} } },
[PPME_SYSCALL_BPF_2_E] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 1, {{"cmd", PT_INT64, PF_DEC} } },
[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd",PT_INT32, PF_DEC} } },
[PPME_SYSCALL_BPF_2_X] = {"bpf", EC_OTHER | EC_SYSCALL, EF_CREATES_FD, 2, { {"fd", PT_FD, PF_DEC}, {"cmd", PT_FLAGS32, PF_DEC, bpf_commands} } },
[PPME_SYSCALL_MLOCK2_E] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 0},
[PPME_SYSCALL_MLOCK2_X] = {"mlock2", EC_MEMORY | EC_SYSCALL, EF_NONE, 4, {{"res", PT_ERRNO, PF_DEC}, {"addr", PT_UINT64, PF_HEX}, {"len", PT_UINT64, PF_DEC}, {"flags", PT_UINT32, PF_HEX, mlock2_flags}}},
[PPME_SYSCALL_FSCONFIG_E] = {"fsconfig", EC_SYSTEM | EC_SYSCALL, EF_NONE, 0},
Expand Down
9 changes: 9 additions & 0 deletions driver/flags_table.c
Original file line number Diff line number Diff line change
Expand Up @@ -709,3 +709,12 @@ const struct ppm_name_value mknod_mode[] = {
{0, 0},
};

const struct ppm_name_value bpf_commands[] = {
{"BPF_MAP_CREATE", PPM_BPF_MAP_CREATE},
{"BPF_MAP_LOOKUP_ELEM", PPM_BPF_MAP_LOOKUP_ELEM},
{"BPF_MAP_UPDATE_ELEM", PPM_BPF_MAP_UPDATE_ELEM},
{"BPF_MAP_DELETE_ELEM", PPM_BPF_MAP_DELETE_ELEM},
{"BPF_MAP_GET_NEXT_KEY", PPM_BPF_MAP_GET_NEXT_KEY},
{"BPF_PROG_LOAD", PPM_BPF_PROG_LOAD},
{0,0},
};
Original file line number Diff line number Diff line change
Expand Up @@ -59,8 +59,8 @@ int BPF_PROG(bpf_x,
ringbuf__store_s64(&ringbuf, ret);

/* Parameter 2: cmd (type: PT_INT32) */
int32_t cmd = (int32_t)extract__syscall_argument(regs, 0);
ringbuf__store_s32(&ringbuf, cmd);
unsigned long cmd = extract__syscall_argument(regs, 0);
ringbuf__store_s32(&ringbuf,(int32_t)bpf_cmd_to_scap(cmd));


/*=============================== COLLECT PARAMETERS ===========================*/
Expand Down
12 changes: 11 additions & 1 deletion driver/ppm_events_public.h
Original file line number Diff line number Diff line change
Expand Up @@ -798,6 +798,16 @@ or GPL2.txt for full copies of the license.
#define PPM_MODULE_INIT_IGNORE_VERMAGIC 2
#define PPM_MODULE_INIT_COMPRESSED_FILE 4

/*
* bpf_commands
*/
#define PPM_BPF_MAP_CREATE 0
#define PPM_BPF_MAP_LOOKUP_ELEM 1
#define PPM_BPF_MAP_UPDATE_ELEM 2
#define PPM_BPF_MAP_DELETE_ELEM 3
#define PPM_BPF_MAP_GET_NEXT_KEY 4
#define PPM_BPF_PROG_LOAD 5

/*
* Get/set the timerslack as used by poll/select/nanosleep
* A value of 0 means "use default"
Expand Down Expand Up @@ -2154,10 +2164,10 @@ extern const struct ppm_name_value fchownat_flags[];
extern const struct ppm_name_value prctl_options[];
extern const struct ppm_name_value memfd_create_flags[];
extern const struct ppm_name_value pidfd_open_flags[];
extern const struct ppm_name_value bpf_commands[];
extern const struct ppm_param_info sockopt_dynamic_param[];
extern const struct ppm_param_info ptrace_dynamic_param[];
extern const struct ppm_param_info bpf_dynamic_param[];

/*!
\brief Process information as returned by the PPM_IOCTL_GET_PROCLIST IOCTL.
*/
Expand Down
2 changes: 1 addition & 1 deletion driver/ppm_fillers.c
Original file line number Diff line number Diff line change
Expand Up @@ -6732,7 +6732,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args)

/* Parameter 2: cmd (type: PT_INT64) */
syscall_get_arguments_deprecated(args, 0, 1, &val);
cmd = (int32_t)val;
cmd = (int32_t)bpf_cmd_to_scap(val);
res = val_to_ring(args, cmd, 0, false, 0);
CHECK_RES(res);
return add_sentinel(args);
Expand Down
32 changes: 31 additions & 1 deletion driver/ppm_flag_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -2201,4 +2201,34 @@ static __always_inline uint32_t mknod_mode_to_scap(uint32_t modes)
return res;
}

#endif /* PPM_FLAG_HELPERS_H_ */
static __always_inline uint32_t bpf_cmd_to_scap (unsigned long cmd){
switch (cmd)
{
#ifdef BPF_MAP_CREATE
case BPF_MAP_CREATE:
return PPM_BPF_MAP_CREATE;
#endif
#ifdef BPF_MAP_LOOKUP_ELEM
case BPF_MAP_LOOKUP_ELEM:
return PPM_BPF_MAP_LOOKUP_ELEM;
#endif
#ifdef BPF_MAP_UPDATE_ELEM
case BPF_MAP_UPDATE_ELEM:
return PPM_BPF_MAP_UPDATE_ELEM;
#endif
#ifdef BPF_MAP_DELETE_ELEM
case BPF_MAP_DELETE_ELEM:
return PPM_BPF_MAP_DELETE_ELEM;
#endif
#ifdef BPF_MAP_GET_NEXT_KEY
case BPF_MAP_GET_NEXT_KEY:
return PPM_BPF_MAP_GET_NEXT_KEY;
#endif
#ifdef BPF_PROG_LOAD
case BPF_PROG_LOAD:
return PPM_BPF_PROG_LOAD;
#endif
}
return cmd;
}
#endif /* PPM_FLAG_HELPERS_H_ */
4 changes: 2 additions & 2 deletions test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE)

/*=============================== TRIGGER SYSCALL ===========================*/

int32_t cmd = 1;
int32_t cmd = BPF_MAP_CREATE;
union bpf_attr *attr = NULL;


Expand Down Expand Up @@ -148,7 +148,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE)
/* Parameter 1: fd (type: PT_FD) */
evt_test->assert_numeric_param(1, errno_value);
/* Parameter 2: cmd (type: PT_INT32)*/
evt_test->assert_numeric_param(2, cmd);
evt_test->assert_numeric_param(2, PPM_BPF_MAP_CREATE);

/*=============================== ASSERT PARAMETERS ===========================*/

Expand Down

0 comments on commit c2eb682

Please sign in to comment.