From ddfc61a3bded4e2ed7d101c1d70200453b135f6a Mon Sep 17 00:00:00 2001 From: Andrea Terzolo Date: Thu, 16 May 2024 12:46:36 +0200 Subject: [PATCH] cleanup(modern): clear all arrays before using them Signed-off-by: Andrea Terzolo --- .../helpers/extract/extract_from_kernel.h | 2 +- .../helpers/interfaces/syscalls_dispatcher.h | 2 +- .../modern_bpf/helpers/store/auxmap_store_params.h | 11 ++++++++++- .../events/syscall_dispatched_events/accept.bpf.c | 13 ++++++++----- .../events/syscall_dispatched_events/accept4.bpf.c | 13 ++++++++----- .../events/syscall_dispatched_events/bind.bpf.c | 4 ++-- .../events/syscall_dispatched_events/connect.bpf.c | 4 ++-- .../syscall_dispatched_events/getsockopt.bpf.c | 2 +- .../events/syscall_dispatched_events/listen.bpf.c | 2 +- .../events/syscall_dispatched_events/recv.bpf.c | 4 ++-- .../events/syscall_dispatched_events/recvfrom.bpf.c | 4 ++-- .../events/syscall_dispatched_events/recvmsg.bpf.c | 4 ++-- .../events/syscall_dispatched_events/send.bpf.c | 4 ++-- .../events/syscall_dispatched_events/sendmsg.bpf.c | 4 ++-- .../events/syscall_dispatched_events/sendto.bpf.c | 4 ++-- .../syscall_dispatched_events/setsockopt.bpf.c | 2 +- .../events/syscall_dispatched_events/shutdown.bpf.c | 2 +- .../events/syscall_dispatched_events/socket.bpf.c | 2 +- .../syscall_dispatched_events/socketpair.bpf.c | 4 ++-- 19 files changed, 51 insertions(+), 36 deletions(-) diff --git a/driver/modern_bpf/helpers/extract/extract_from_kernel.h b/driver/modern_bpf/helpers/extract/extract_from_kernel.h index 2d385b25d0..6306e84d84 100644 --- a/driver/modern_bpf/helpers/extract/extract_from_kernel.h +++ b/driver/modern_bpf/helpers/extract/extract_from_kernel.h @@ -195,7 +195,7 @@ static __always_inline void extract__network_args(void *argv, int num, struct pt unsigned long *dst = (unsigned long *)argv; for (int i = 0; i < num; i++) { - dst[i] = args_u32[i]; + dst[i] = (unsigned long)args_u32[i]; } return; } diff --git a/driver/modern_bpf/helpers/interfaces/syscalls_dispatcher.h b/driver/modern_bpf/helpers/interfaces/syscalls_dispatcher.h index 220439de39..04d35a257c 100644 --- a/driver/modern_bpf/helpers/interfaces/syscalls_dispatcher.h +++ b/driver/modern_bpf/helpers/interfaces/syscalls_dispatcher.h @@ -146,7 +146,7 @@ static __always_inline long convert_network_syscalls(struct pt_regs *regs) * * ----- x86 with CONFIG_IA32_EMULATION * - `SYS_ACCEPT` is defined but `__NR_accept` is not defined - * -> In this case we return a `__NR_accept4` + * -> In this case we return a `__NR_accept` * * - `SYS_SEND` is defined but `__NR_send` is not defined * -> In this case we drop the event diff --git a/driver/modern_bpf/helpers/store/auxmap_store_params.h b/driver/modern_bpf/helpers/store/auxmap_store_params.h index d8a1942695..60f13572b6 100644 --- a/driver/modern_bpf/helpers/store/auxmap_store_params.h +++ b/driver/modern_bpf/helpers/store/auxmap_store_params.h @@ -671,6 +671,11 @@ static __always_inline void auxmap__store_socktuple_param(struct auxiliary_map * return; } struct sock *sk = BPF_CORE_READ(socket, sk); + if(sk == NULL) + { + auxmap__store_empty_param(auxmap); + return; + } BPF_CORE_READ_INTO(&socket_family, sk, __sk_common.skc_family); switch(socket_family) @@ -1431,7 +1436,7 @@ static __always_inline void apply_dynamic_snaplen(struct pt_regs *regs, uint16_t * - recvmsg * - sendmsg */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); /* All the syscalls involved in this logic have the `fd` as first syscall argument */ @@ -1448,6 +1453,10 @@ static __always_inline void apply_dynamic_snaplen(struct pt_regs *regs, uint16_t return; } struct sock *sk = BPF_CORE_READ(socket, sk); + if(sk == NULL) + { + return; + } uint16_t port_local = 0; uint16_t port_remote = 0; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept.bpf.c index 7a775e0764..b0a4a3ef9b 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept.bpf.c @@ -77,7 +77,7 @@ int BPF_PROG(accept_x, auxmap__store_socktuple_param(auxmap, (int32_t)ret, INBOUND, NULL); /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[1]; + unsigned long args[1] = {0}; extract__network_args(args, 1, regs); /* Perform some computations to get queue information. */ @@ -91,11 +91,14 @@ int BPF_PROG(accept_x, if(socket != NULL) { struct sock *sk = BPF_CORE_READ(socket, sk); - BPF_CORE_READ_INTO(&queuelen, sk, sk_ack_backlog); - BPF_CORE_READ_INTO(&queuemax, sk, sk_max_ack_backlog); - if(queuelen && queuemax) + if(sk != NULL) { - queuepct = (uint8_t)((uint64_t)queuelen * 100 / queuemax); + BPF_CORE_READ_INTO(&queuelen, sk, sk_ack_backlog); + BPF_CORE_READ_INTO(&queuemax, sk, sk_max_ack_backlog); + if(queuelen && queuemax) + { + queuepct = (uint8_t)((uint64_t)queuelen * 100 / queuemax); + } } } } diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept4.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept4.bpf.c index 8045cbfe74..4b0f7c6369 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept4.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/accept4.bpf.c @@ -81,7 +81,7 @@ int BPF_PROG(accept4_x, auxmap__store_socktuple_param(auxmap, (int32_t)ret, INBOUND, NULL); /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[1]; + unsigned long args[1] = {0}; extract__network_args(args, 1, regs); /* Perform some computations to get queue information. */ @@ -95,11 +95,14 @@ int BPF_PROG(accept4_x, if(socket != NULL) { struct sock *sk = BPF_CORE_READ(socket, sk); - BPF_CORE_READ_INTO(&queuelen, sk, sk_ack_backlog); - BPF_CORE_READ_INTO(&queuemax, sk, sk_max_ack_backlog); - if(queuelen && queuemax) + if(sk != NULL) { - queuepct = (uint8_t)((uint64_t)queuelen * 100 / queuemax); + BPF_CORE_READ_INTO(&queuelen, sk, sk_ack_backlog); + BPF_CORE_READ_INTO(&queuemax, sk, sk_max_ack_backlog); + if(queuelen && queuemax) + { + queuepct = (uint8_t)((uint64_t)queuelen * 100 / queuemax); + } } } } diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c index 0738fbdbe5..bd9b8ded8f 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bind.bpf.c @@ -17,7 +17,7 @@ int BPF_PROG(bind_e, long id) { /* Collect parameters at the beginning to easily manage socketcalls */ - unsigned long args[1]; + unsigned long args[1] = {0}; extract__network_args(args, 1, regs); struct ringbuf_struct ringbuf; @@ -65,7 +65,7 @@ int BPF_PROG(bind_x, /*=============================== COLLECT PARAMETERS ===========================*/ /* Collect parameters at the beginning to easily manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); /* Parameter 1: res (type: PT_ERRNO) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/connect.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/connect.bpf.c index 23cea8be68..fac6616890 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/connect.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/connect.bpf.c @@ -25,7 +25,7 @@ int BPF_PROG(connect_e, /*=============================== COLLECT PARAMETERS ===========================*/ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); /* Parameter 1: fd (type: PT_FD)*/ @@ -65,7 +65,7 @@ int BPF_PROG(connect_x, /*=============================== COLLECT PARAMETERS ===========================*/ - unsigned long args[1]; + unsigned long args[1] = {0}; extract__network_args(args, 1, regs); /* Parameter 1: res (type: PT_ERRNO) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/getsockopt.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/getsockopt.bpf.c index e1fd1a2d40..626f769872 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/getsockopt.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/getsockopt.bpf.c @@ -55,7 +55,7 @@ int BPF_PROG(getsockopt_x, /*=============================== COLLECT PARAMETERS ===========================*/ /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[5]; + unsigned long args[5] = {0}; extract__network_args(args, 5, regs); /* Parameter 1: res (type: PT_ERRNO) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c index 0ae6b8d0e1..fe6a4369b2 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c @@ -16,7 +16,7 @@ int BPF_PROG(listen_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); struct ringbuf_struct ringbuf; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c index 1cb05041ed..3eab21ff16 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recv.bpf.c @@ -17,7 +17,7 @@ int BPF_PROG(recv_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); struct ringbuf_struct ringbuf; @@ -70,7 +70,7 @@ int BPF_PROG(recv_x, if(ret > 0) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); uint16_t snaplen = maps__get_snaplen(); diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c index 00d2dcac6e..a53510878e 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c @@ -17,7 +17,7 @@ int BPF_PROG(recvfrom_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); struct ringbuf_struct ringbuf; @@ -84,7 +84,7 @@ int BPF_PROG(recvfrom_x, } /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[5]; + unsigned long args[5] = {0}; extract__network_args(args, 5, regs); /* Parameter 2: data (type: PT_BYTEBUF) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c index ca59565198..869505ef5d 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvmsg.bpf.c @@ -17,7 +17,7 @@ int BPF_PROG(recvmsg_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[1]; + unsigned long args[1] = {0}; extract__network_args(args, 1, regs); struct ringbuf_struct ringbuf; @@ -84,7 +84,7 @@ int BPF_PROG(recvmsg_x, } /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); /* Parameter 3: data (type: PT_BYTEBUF) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c index 10cc4fb048..2977902639 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/send.bpf.c @@ -17,7 +17,7 @@ int BPF_PROG(send_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); struct ringbuf_struct ringbuf; @@ -68,7 +68,7 @@ int BPF_PROG(send_x, auxmap__store_s64_param(auxmap, ret); /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); int64_t bytes_to_read = ret > 0 ? ret : args[2]; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendmsg.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendmsg.bpf.c index 37fd92ec59..d93df5bb87 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendmsg.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendmsg.bpf.c @@ -25,7 +25,7 @@ int BPF_PROG(sendmsg_e, /*=============================== COLLECT PARAMETERS ===========================*/ /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); /* Parameter 1: fd (type: PT_FD) */ @@ -87,7 +87,7 @@ int BPF_PROG(sendmsg_x, auxmap__store_s64_param(auxmap, ret); /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); /* In case of failure `bytes_to_read` could be also lower than `snaplen` diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendto.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendto.bpf.c index d52f352d40..daae552954 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendto.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/sendto.bpf.c @@ -25,7 +25,7 @@ int BPF_PROG(sendto_e, /*=============================== COLLECT PARAMETERS ===========================*/ /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[5]; + unsigned long args[5] = {0}; extract__network_args(args, 5, regs); /* Parameter 1: fd (type: PT_FD) */ @@ -85,7 +85,7 @@ int BPF_PROG(sendto_x, auxmap__store_s64_param(auxmap, ret); /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[5]; + unsigned long args[5] = {0}; extract__network_args(args, 5, regs); /* If the syscall doesn't fail we use the return value as `size` diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setsockopt.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setsockopt.bpf.c index 6efdda7832..d47a3d6b3a 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setsockopt.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/setsockopt.bpf.c @@ -55,7 +55,7 @@ int BPF_PROG(setsockopt_x, /*=============================== COLLECT PARAMETERS ===========================*/ /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[5]; + unsigned long args[5] = {0}; extract__network_args(args, 5, regs); /* Parameter 1: res (type: PT_ERRNO) */ diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c index c3662d81c7..396db0c946 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/shutdown.bpf.c @@ -16,7 +16,7 @@ int BPF_PROG(shutdown_e, long id) { /* Collect parameters at the beginning to easily manage socketcalls */ - unsigned long args[2]; + unsigned long args[2] = {0}; extract__network_args(args, 2, regs); struct ringbuf_struct ringbuf; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c index 710c7104a1..d22bd71ea9 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socket.bpf.c @@ -16,7 +16,7 @@ int BPF_PROG(socket_e, long id) { /* Collect parameters at the beginning so we can easily manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); struct ringbuf_struct ringbuf; diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c index 1c418f02dc..4d8a1dc2a7 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/socketpair.bpf.c @@ -16,7 +16,7 @@ int BPF_PROG(socketpair_e, long id) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[3]; + unsigned long args[3] = {0}; extract__network_args(args, 3, regs); struct ringbuf_struct ringbuf; @@ -82,7 +82,7 @@ int BPF_PROG(socketpair_x, if(ret == 0) { /* Collect parameters at the beginning to manage socketcalls */ - unsigned long args[4]; + unsigned long args[4] = {0}; extract__network_args(args, 4, regs); /* Get new sockets. */