From 9387e6d711de91afed01108c168244f2dc074f9f Mon Sep 17 00:00:00 2001 From: rohith-raju Date: Tue, 5 Dec 2023 08:48:57 +0000 Subject: [PATCH] update(bpf): introduce the BPF commands name Signed-off-by: rohith-raju --- driver/bpf/fillers.h | 4 ++-- driver/flags_table.c | 8 +++++++ .../syscall_dispatched_events/bpf.bpf.c | 4 ++-- driver/ppm_events_public.h | 12 ++++++++++- driver/ppm_fillers.c | 2 +- driver/ppm_flag_helpers.h | 21 +++++++++++++++++++ .../test_suites/syscall_exit_suite/bpf_x.cpp | 4 ++-- 7 files changed, 47 insertions(+), 8 deletions(-) diff --git a/driver/bpf/fillers.h b/driver/bpf/fillers.h index b868fffe82e..01e1ae1aa5d 100644 --- a/driver/bpf/fillers.h +++ b/driver/bpf/fillers.h @@ -5795,8 +5795,8 @@ FILLER(sys_bpf_x, true) bpf_push_s64_to_ring(data, fd); /* Parameter 2: cmd (type: PT_INT32) */ - int32_t cmd = (int32_t)bpf_syscall_get_argument(data, 0); - return bpf_push_s32_to_ring(data, cmd); + unsigned long cmd = bpf_syscall_get_argument(data, 0); + return bpf_push_s32_to_ring(data, (int32_t)bpf_cmd_to_scap(cmd)); } FILLER(sys_unlinkat_x, true) diff --git a/driver/flags_table.c b/driver/flags_table.c index 595d3f2448b..af138c5080a 100644 --- a/driver/flags_table.c +++ b/driver/flags_table.c @@ -709,3 +709,11 @@ const struct ppm_name_value mknod_mode[] = { {0, 0}, }; +const struct ppm_name_value bpf_commands[] = { + {"BPF_MAP_CREATE", PPM_BPF_MAP_CREATE}, + {"BPF_MAP_LOOKUP_ELEM", PPM_BPF_MAP_LOOKUP_ELEM}, + {"BPF_MAP_UPDATE_ELEM", PPM_BPF_MAP_UPDATE_ELEM}, + {"BPF_MAP_DELETE_ELEM", PPM_BPF_MAP_DELETE_ELEM}, + {"BPF_MAP_GET_NEXT_KEY", PPM_BPF_MAP_GET_NEXT_KEY}, + {"BPF_PROG_LOAD", PPM_BPF_PROG_LOAD} +}; \ No newline at end of file diff --git a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c index a481f74fc6a..5e0c75cb0ef 100644 --- a/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c +++ b/driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/bpf.bpf.c @@ -59,8 +59,8 @@ int BPF_PROG(bpf_x, ringbuf__store_s64(&ringbuf, ret); /* Parameter 2: cmd (type: PT_INT32) */ - int32_t cmd = (int32_t)extract__syscall_argument(regs, 0); - ringbuf__store_s32(&ringbuf, cmd); + unsigned long cmd = extract__syscall_argument(regs, 0); + ringbuf__store_s32(&ringbuf,(int32_t)bpf_cmd_to_scap(cmd)); /*=============================== COLLECT PARAMETERS ===========================*/ diff --git a/driver/ppm_events_public.h b/driver/ppm_events_public.h index 24c2547314d..a01dde49200 100644 --- a/driver/ppm_events_public.h +++ b/driver/ppm_events_public.h @@ -798,6 +798,16 @@ or GPL2.txt for full copies of the license. #define PPM_MODULE_INIT_IGNORE_VERMAGIC 2 #define PPM_MODULE_INIT_COMPRESSED_FILE 4 +/* + * bpf_commands +*/ +#define PPM_BPF_MAP_CREATE (1<<0) +#define PPM_BPF_MAP_LOOKUP_ELEM (1<<1) +#define PPM_BPF_MAP_UPDATE_ELEM (1<<2) +#define PPM_BPF_MAP_DELETE_ELEM (1<<3) +#define PPM_BPF_MAP_GET_NEXT_KEY (1<<4) +#define PPM_BPF_PROG_LOAD (1<<5) + /* * Get/set the timerslack as used by poll/select/nanosleep * A value of 0 means "use default" @@ -2154,10 +2164,10 @@ extern const struct ppm_name_value fchownat_flags[]; extern const struct ppm_name_value prctl_options[]; extern const struct ppm_name_value memfd_create_flags[]; extern const struct ppm_name_value pidfd_open_flags[]; +extern const struct ppm_name_value bpf_commands[]; extern const struct ppm_param_info sockopt_dynamic_param[]; extern const struct ppm_param_info ptrace_dynamic_param[]; extern const struct ppm_param_info bpf_dynamic_param[]; - /*! \brief Process information as returned by the PPM_IOCTL_GET_PROCLIST IOCTL. */ diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c index b32f9464907..f7fe847c19c 100644 --- a/driver/ppm_fillers.c +++ b/driver/ppm_fillers.c @@ -6732,7 +6732,7 @@ int f_sys_bpf_x(struct event_filler_arguments *args) /* Parameter 2: cmd (type: PT_INT64) */ syscall_get_arguments_deprecated(args, 0, 1, &val); - cmd = (int32_t)val; + cmd = (int32_t)bpf_cmd_to_scap(val); res = val_to_ring(args, cmd, 0, false, 0); CHECK_RES(res); return add_sentinel(args); diff --git a/driver/ppm_flag_helpers.h b/driver/ppm_flag_helpers.h index 3763f07b188..d7e9b92d2eb 100644 --- a/driver/ppm_flag_helpers.h +++ b/driver/ppm_flag_helpers.h @@ -2201,4 +2201,25 @@ static __always_inline uint32_t mknod_mode_to_scap(uint32_t modes) return res; } +static __always_inline uint32_t bpf_cmd_to_scap (unsigned long cmd){ + switch (cmd) + { + case BPF_MAP_CREATE: + return PPM_BPF_MAP_CREATE; + case BPF_MAP_LOOKUP_ELEM: + return PPM_BPF_MAP_LOOKUP_ELEM; + case BPF_MAP_UPDATE_ELEM: + return PPM_BPF_MAP_UPDATE_ELEM; + case BPF_MAP_DELETE_ELEM: + return PPM_BPF_MAP_DELETE_ELEM; + case BPF_MAP_GET_NEXT_KEY: + return PPM_BPF_MAP_GET_NEXT_KEY; + case BPF_PROG_LOAD: + return PPM_BPF_PROG_LOAD; + default: + // if commmand name is not used (when cmd is 1 insted of BPF_MAP_CREATE) + return cmd; + } +} + #endif /* PPM_FLAG_HELPERS_H_ */ diff --git a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp index 238094d7d7c..3c73bda4669 100644 --- a/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp +++ b/test/drivers/test_suites/syscall_exit_suite/bpf_x.cpp @@ -90,7 +90,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE) /*=============================== TRIGGER SYSCALL ===========================*/ - int32_t cmd = 1; + int32_t cmd = BPF_MAP_CREATE; union bpf_attr *attr = NULL; @@ -148,7 +148,7 @@ TEST(SyscallExit, bpfX_MAP_CREATE) /* Parameter 1: fd (type: PT_FD) */ evt_test->assert_numeric_param(1, errno_value); /* Parameter 2: cmd (type: PT_INT32)*/ - evt_test->assert_numeric_param(2, cmd); + evt_test->assert_numeric_param(2, PPM_BPF_MAP_CREATE); /*=============================== ASSERT PARAMETERS ===========================*/