-
Notifications
You must be signed in to change notification settings - Fork 300
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ebpf: Call
bpf_probe_read
on *const T
BTF arguments
It's necessary to call `bpf_probe_read` not only for pointers retrieved from `PtRegs`, but also from BTF arguments. `bpf_probe_read` might return an error, so the return type of `.arg()` methods in contexts handling BTF arguments changes from `T` to `Option<T>`. `None` is returned when `bpf_probe_read` call is not successful. Fixes: #542
- Loading branch information
1 parent
0b58d3e
commit cbb2602
Showing
9 changed files
with
84 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#![no_std] | ||
#![no_main] | ||
|
||
use aya_bpf::{ | ||
cty::{c_long, c_longlong}, | ||
macros::{fentry, kprobe}, | ||
programs::{FEntryContext, ProbeContext}, | ||
}; | ||
|
||
#[kprobe] | ||
pub fn kprobe_vfs_write(ctx: ProbeContext) { | ||
let _ = try_kprobe_vfs_write(ctx); | ||
} | ||
|
||
fn try_kprobe_vfs_write(ctx: ProbeContext) -> Result<(), c_long> { | ||
let _pos: *const c_longlong = ctx.arg(3).ok_or(1)?; | ||
Ok(()) | ||
} | ||
|
||
#[fentry] | ||
pub fn fentry_vfs_write(ctx: FEntryContext) { | ||
let _ = try_fentry_vfs_write(ctx); | ||
} | ||
|
||
fn try_fentry_vfs_write(ctx: FEntryContext) -> Result<(), c_long> { | ||
let _pos: *const c_longlong = unsafe { ctx.arg(3).ok_or(1)? }; | ||
Ok(()) | ||
} | ||
|
||
#[panic_handler] | ||
fn panic(_info: &core::panic::PanicInfo) -> ! { | ||
unsafe { core::hint::unreachable_unchecked() } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
mod args; | ||
mod bpf_probe_read; | ||
mod btf_relocations; | ||
mod elf; | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
use aya::{ | ||
include_bytes_aligned, | ||
programs::{FEntry, KProbe}, | ||
Bpf, Btf, | ||
}; | ||
|
||
use super::{integration_test, IntegrationTest}; | ||
|
||
#[integration_test] | ||
fn kprobe_args() { | ||
let bytes = include_bytes_aligned!("../../../../target/bpfel-unknown-none/debug/args"); | ||
let mut bpf = Bpf::load(bytes).unwrap(); | ||
let kprobe_vfs_write: &mut KProbe = bpf | ||
.program_mut("kprobe_vfs_write") | ||
.unwrap() | ||
.try_into() | ||
.unwrap(); | ||
kprobe_vfs_write.load().unwrap(); | ||
kprobe_vfs_write.attach("vfs_write", 0).unwrap(); | ||
} | ||
|
||
#[integration_test] | ||
fn fentry_args() { | ||
let bytes = include_bytes_aligned!("../../../../target/bpfel-unknown-none/debug/args"); | ||
let mut bpf = Bpf::load(bytes).unwrap(); | ||
let fentry_vfs_write: &mut FEntry = bpf | ||
.program_mut("fentry_vfs_write") | ||
.unwrap() | ||
.try_into() | ||
.unwrap(); | ||
let btf = Btf::from_sys_fs().unwrap(); | ||
fentry_vfs_write.load("vfs_write", &btf).unwrap(); | ||
fentry_vfs_write.attach().unwrap(); | ||
} |