From 2293e3ee30a88f44fe41ddfce4ba216111ab5a2b Mon Sep 17 00:00:00 2001 From: Ofer Heifetz Date: Wed, 12 Jul 2023 12:22:27 +0300 Subject: [PATCH] fix listen syscall backlog field size bump schema version minor Reported by: github issue #515 Signed-off-by: Ofer Heifetz --- driver/SCHEMA_VERSION | 2 +- driver/bpf/fillers.h | 12 ++++++++++ driver/event_table.c | 2 +- driver/fillers_table.c | 2 +- .../definitions/events_dimensions.h | 2 +- .../syscall_dispatched_events/listen.bpf.c | 7 +++--- driver/ppm_fillers.c | 22 +++++++++++++++++++ driver/ppm_fillers.h | 1 + .../syscall_enter_suite/listen_e.cpp | 4 ++-- .../syscall_enter_suite/socketcall_e.cpp | 4 ++-- 10 files changed, 46 insertions(+), 12 deletions(-) diff --git a/driver/SCHEMA_VERSION b/driver/SCHEMA_VERSION index 24ba9a38de..834f262953 100644 --- a/driver/SCHEMA_VERSION +++ b/driver/SCHEMA_VERSION @@ -1 +1 @@ -2.7.0 +2.8.0 diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h index d02cdbc8d1..20bec73c43 100644 --- a/driver/bpf/fillers.h +++ b/driver/bpf/fillers.h @@ -4089,6 +4089,18 @@ FILLER(sys_shutdown_e, true) return bpf_push_u8_to_ring(data, (u8)shutdown_how_to_scap(how)); } +FILLER(sys_listen_e, true) +{ + /* Parameter 1: fd (type: PT_FD) */ + s32 fd = (s32)bpf_syscall_get_argument(data, 0); + int res = bpf_push_s64_to_ring(data, (s64)fd); + CHECK_RES(res); + + /* Parameter 2: backlog (type: PT_INT32) */ + s32 backlog = (s32)bpf_syscall_get_argument(data, 1); + return bpf_push_s32_to_ring(data, (s32)backlog); +} + FILLER(sys_recvmsg_e, true) { /* Parameter 1: fd (type: PT_FD) */ diff --git a/driver/event_table.c b/driver/event_table.c index 4ccdc1c298..c26028b704 100644 --- a/driver/event_table.c +++ b/driver/event_table.c @@ -71,7 +71,7 @@ const struct ppm_event_info g_event_info[] = { [PPME_SOCKET_BIND_X] = {"bind", EC_NET | EC_SYSCALL, EF_USES_FD | EF_MODIFIES_STATE, 2, {{"res", PT_ERRNO, PF_DEC}, {"addr", PT_SOCKADDR, PF_NA} } }, [PPME_SOCKET_CONNECT_E] = {"connect", EC_NET | EC_SYSCALL, EF_USES_FD | EF_MODIFIES_STATE, 2, {{"fd", PT_FD, PF_DEC}, {"addr", PT_SOCKADDR, PF_NA} } }, [PPME_SOCKET_CONNECT_X] = {"connect", EC_NET | EC_SYSCALL, EF_USES_FD | EF_MODIFIES_STATE, 3, {{"res", PT_ERRNO, PF_DEC}, {"tuple", PT_SOCKTUPLE, PF_NA}, {"fd", PT_FD, PF_DEC } } }, - [PPME_SOCKET_LISTEN_E] = {"listen", EC_NET | EC_SYSCALL, EF_USES_FD, 2, {{"fd", PT_FD, PF_DEC}, {"backlog", PT_UINT32, PF_DEC} } }, + [PPME_SOCKET_LISTEN_E] = {"listen", EC_NET | EC_SYSCALL, EF_USES_FD, 2, {{"fd", PT_FD, PF_DEC}, {"backlog", PT_INT32, PF_DEC} } }, [PPME_SOCKET_LISTEN_X] = {"listen", EC_NET | EC_SYSCALL, EF_USES_FD, 1, {{"res", PT_ERRNO, PF_DEC} } }, [PPME_SOCKET_ACCEPT_E] = {"accept", EC_NET | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE | EF_OLD_VERSION, 0}, [PPME_SOCKET_ACCEPT_X] = {"accept", EC_NET | EC_SYSCALL, EF_CREATES_FD | EF_MODIFIES_STATE | EF_OLD_VERSION, 3, {{"fd", PT_FD, PF_DEC}, {"tuple", PT_SOCKTUPLE, PF_NA}, {"queuepct", PT_UINT8, PF_DEC} } }, diff --git a/driver/fillers_table.c b/driver/fillers_table.c index d5ced6cde6..e33804992d 100644 --- a/driver/fillers_table.c +++ b/driver/fillers_table.c @@ -39,7 +39,7 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = { [PPME_SOCKET_BIND_X] = {FILLER_REF(sys_socket_bind_x)}, [PPME_SOCKET_CONNECT_E] = {FILLER_REF(sys_connect_e)}, [PPME_SOCKET_CONNECT_X] = {FILLER_REF(sys_connect_x)}, - [PPME_SOCKET_LISTEN_E] = {FILLER_REF(sys_autofill), 2, APT_SOCK, {{0}, {1} } }, + [PPME_SOCKET_LISTEN_E] = {FILLER_REF(sys_listen_e)}, [PPME_SOCKET_LISTEN_X] = {FILLER_REF(sys_single_x)}, [PPME_SOCKET_SEND_E] = {FILLER_REF(sys_send_e)}, [PPME_SOCKET_SEND_X] = {FILLER_REF(sys_send_x)}, diff --git a/driver/modern_bpf/definitions/events_dimensions.h b/driver/modern_bpf/definitions/events_dimensions.h index f1f4aec2e2..1e3615dfa7 100644 --- a/driver/modern_bpf/definitions/events_dimensions.h +++ b/driver/modern_bpf/definitions/events_dimensions.h @@ -92,7 +92,7 @@ #define ACCEPT_E_SIZE HEADER_LEN #define ACCEPT4_E_SIZE HEADER_LEN + sizeof(uint32_t) + PARAM_LEN #define BIND_E_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN -#define LISTEN_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(uint32_t) + PARAM_LEN * 2 +#define LISTEN_E_SIZE HEADER_LEN + sizeof(int64_t) + sizeof(int32_t) + PARAM_LEN * 2 #define LISTEN_X_SIZE HEADER_LEN + sizeof(int64_t) + PARAM_LEN #define CLONE_E_SIZE HEADER_LEN #define CLONE3_E_SIZE HEADER_LEN diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c index e972c882a3..bc98a44b07 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/listen.bpf.c @@ -32,10 +32,9 @@ int BPF_PROG(listen_e, s32 fd = (s32)args[0]; ringbuf__store_s64(&ringbuf, (s64)fd); - /* Parameter 2: backlog (type: PT_UINT32) */ - /// TODO: This should be an `int` not a `uint32_t` - u32 backlog = (u32)args[1]; - ringbuf__store_u32(&ringbuf, backlog); + /* Parameter 2: backlog (type: PT_INT32) */ + s32 backlog = (s32)args[1]; + ringbuf__store_s32(&ringbuf, backlog); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c index 05ff7d70e7..68437f9983 100644 --- a/driver/ppm_fillers.c +++ b/driver/ppm_fillers.c @@ -2808,6 +2808,28 @@ int f_sys_sendmsg_x(struct event_filler_arguments *args) return add_sentinel(args); } +int f_sys_listen_e(struct event_filler_arguments *args) +{ + unsigned long val = 0; + int res = 0; + s32 fd = 0; + s32 backlog = 0; + + /* Parameter 1: fd (type: PT_FD)*/ + syscall_get_arguments_deprecated(args, 0, 1, &val); + fd = (s32)val; + res = val_to_ring(args, (s64)fd, 0, false, 0); + CHECK_RES(res); + + /* Parameter 2: backlog (type: PT_INT32) */ + syscall_get_arguments_deprecated(args, 1, 1, &val); + backlog = (s32)val; + res = val_to_ring(args, (s32)backlog, 0, false, 0); + CHECK_RES(res); + + return add_sentinel(args); +} + int f_sys_recvmsg_e(struct event_filler_arguments *args) { unsigned long val = 0; diff --git a/driver/ppm_fillers.h b/driver/ppm_fillers.h index 44fe2cbe9f..377f6b3ed1 100644 --- a/driver/ppm_fillers.h +++ b/driver/ppm_fillers.h @@ -160,6 +160,7 @@ or GPL2.txt for full copies of the license. FN(sys_setpgid_e) \ FN(sys_recvfrom_e) \ FN(sys_recvmsg_e) \ + FN(sys_listen_e) \ FN(sys_signalfd_e) \ FN(sys_splice_e) \ FN(sys_umount_x) \ diff --git a/test/drivers/test_suites/syscall_enter_suite/listen_e.cpp b/test/drivers/test_suites/syscall_enter_suite/listen_e.cpp index 9e57122933..cf697d6611 100644 --- a/test/drivers/test_suites/syscall_enter_suite/listen_e.cpp +++ b/test/drivers/test_suites/syscall_enter_suite/listen_e.cpp @@ -33,8 +33,8 @@ TEST(SyscallEnter, listenE) /* Parameter 1: fd (type: PT_FD) */ evt_test->assert_numeric_param(1, (int64_t)socket_fd); - /* Parameter 2: backlog (type: PT_UINT32) */ - evt_test->assert_numeric_param(2, (uint32_t)backlog); + /* Parameter 2: backlog (type: PT_INT32) */ + evt_test->assert_numeric_param(2, (int32_t)backlog); /*=============================== ASSERT PARAMETERS ===========================*/ diff --git a/test/drivers/test_suites/syscall_enter_suite/socketcall_e.cpp b/test/drivers/test_suites/syscall_enter_suite/socketcall_e.cpp index 6b4e37dd4f..290caacc97 100644 --- a/test/drivers/test_suites/syscall_enter_suite/socketcall_e.cpp +++ b/test/drivers/test_suites/syscall_enter_suite/socketcall_e.cpp @@ -484,8 +484,8 @@ TEST(SyscallEnter, socketcall_listenE) /* Parameter 1: fd (type: PT_FD) */ evt_test->assert_numeric_param(1, (int64_t)socket_fd); - /* Parameter 2: backlog (type: PT_UINT32) */ - evt_test->assert_numeric_param(2, (uint32_t)backlog); + /* Parameter 2: backlog (type: PT_INT32) */ + evt_test->assert_numeric_param(2, (int32_t)backlog); /*=============================== ASSERT PARAMETERS ===========================*/