Skip to content

Commit

Permalink
cleanup(drivers): use helper methods
Browse files Browse the repository at this point in the history
Signed-off-by: Andrea Terzolo <[email protected]>
Co-authored-by: Federico Di Pierro <[email protected]>
  • Loading branch information
2 people authored and poiana committed Oct 7, 2024
1 parent a02c231 commit e25d0f0
Show file tree
Hide file tree
Showing 8 changed files with 55 additions and 79 deletions.
3 changes: 0 additions & 3 deletions driver/bpf/configure/TASK_PIDS_FIELD/test.c
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ or GPL2.txt for full copies of the license.
#include "../../ppm_events_public.h"
#include "../../types.h"

// struct task_struct declaration
#include <linux/sched.h>

BPF_PROBE("signal/", signal_deliver, signal_deliver_args) {
struct task_struct *task = (struct task_struct *)0;
if(task->pids) {
Expand Down
27 changes: 27 additions & 0 deletions driver/bpf/filler_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -1404,4 +1404,31 @@ static __always_inline int bpf_val_to_ring_type(struct filler_data *data,
return __bpf_val_to_ring(data, val, 0, type, -1, false, param_type_to_mem(type));
}

static __always_inline pid_t bpf_push_pgid(struct filler_data *data, struct task_struct *task) {
pid_t pgid = 0;
// this is like calling in the kernel:
//
// struct pid *grp = task_pgrp(current);
// int pgrp = pid_nr(grp);
#ifdef HAS_TASK_PIDS_FIELD
struct task_struct *leader = (struct task_struct *)_READ(task->group_leader);
if(leader) {
struct pid_link link = _READ(leader->pids[PIDTYPE_PGID]);
struct pid *pid_struct = link.pid;
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#else
struct signal_struct *signal = (struct signal_struct *)_READ(task->signal);
if(signal) {
struct pid *pid_struct = _READ(signal->pids[PIDTYPE_PGID]);
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#endif
return bpf_push_s64_to_ring(data, (int64_t)pgid);
}

#endif
46 changes: 2 additions & 44 deletions driver/bpf/fillers.h
Original file line number Diff line number Diff line change
Expand Up @@ -2821,30 +2821,7 @@ FILLER(execve_extra_tail_2, true) {
CHECK_RES(res);

/* Parameter 29: pgid (type: PT_UID) */
pid_t pgid = 0;
// this is like calling in the kernel:
//
// struct pid *grp = task_pgrp(current);
// int pgrp = pid_nr(grp);
#ifdef HAS_TASK_PIDS_FIELD
struct task_struct *leader = (struct task_struct *)_READ(task->group_leader);
if(leader) {
struct pid_link link = _READ(leader->pids[PIDTYPE_PGID]);
struct pid *pid_struct = link.pid;
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#else
struct signal_struct *signal = (struct signal_struct *)_READ(task->signal);
if(signal) {
struct pid *pid_struct = _READ(signal->pids[PIDTYPE_PGID]);
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#endif
return bpf_push_s64_to_ring(data, (int64_t)pgid);
return bpf_push_pgid(data, task);
}

FILLER(sys_accept4_e, true) {
Expand Down Expand Up @@ -6623,26 +6600,7 @@ FILLER(sched_prog_exec_5, false) {
CHECK_RES(res);

/* Parameter 29: pgid (type: PT_UID) */
pid_t pgid = 0;
#ifdef HAS_TASK_PIDS_FIELD
struct task_struct *leader = (struct task_struct *)_READ(task->group_leader);
if(leader) {
struct pid_link link = _READ(leader->pids[PIDTYPE_PGID]);
struct pid *pid_struct = link.pid;
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#else
struct signal_struct *signal = (struct signal_struct *)_READ(task->signal);
if(signal) {
struct pid *pid_struct = _READ(signal->pids[PIDTYPE_PGID]);
if(pid_struct) {
pgid = _READ(pid_struct->numbers[0].nr);
}
}
#endif
return bpf_push_s64_to_ring(data, (int64_t)pgid);
return bpf_push_pgid(data, task);
}

#endif
Expand Down
9 changes: 9 additions & 0 deletions driver/modern_bpf/helpers/store/auxmap_store_params.h
Original file line number Diff line number Diff line change
Expand Up @@ -1815,3 +1815,12 @@ static __always_inline void auxmap__store_d_path_approx(struct auxiliary_map *au
MAX_COMPONENT_LEN,
KERNEL);
}

static __always_inline void auxmap__store_pgid(struct auxiliary_map *auxmap,
struct task_struct *task) {
pid_t pgid = 0;
struct pid *pid_struct = NULL;
READ_TASK_FIELD_INTO(&pid_struct, task, signal, pids[PIDTYPE_PGID]);
BPF_CORE_READ_INTO(&pgid, pid_struct, numbers[0].nr);
auxmap__store_s64_param(auxmap, (int64_t)pgid);
}
Original file line number Diff line number Diff line change
Expand Up @@ -258,11 +258,7 @@ int BPF_PROG(t2_sched_p_exec, struct pt_regs *regs, long ret) {
}

/* Parameter 29: pgid (type: PT_UID) */
pid_t pgid = 0;
struct pid *pid_struct = NULL;
READ_TASK_FIELD_INTO(&pid_struct, task, signal, pids[PIDTYPE_PGID]);
BPF_CORE_READ_INTO(&pgid, pid_struct, numbers[0].nr);
auxmap__store_s64_param(auxmap, (int64_t)pgid);
auxmap__store_pgid(auxmap, task);

/*=============================== COLLECT PARAMETERS ===========================*/

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -308,11 +308,7 @@ int BPF_PROG(t2_execve_x, struct pt_regs *regs, long ret) {
}

/* Parameter 29: pgid (type: PT_UID) */
pid_t pgid = 0;
struct pid *pid_struct = NULL;
READ_TASK_FIELD_INTO(&pid_struct, task, signal, pids[PIDTYPE_PGID]);
BPF_CORE_READ_INTO(&pgid, pid_struct, numbers[0].nr);
auxmap__store_s64_param(auxmap, (int64_t)pgid);
auxmap__store_pgid(auxmap, task);

/*=============================== COLLECT PARAMETERS ===========================*/

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -320,11 +320,7 @@ int BPF_PROG(t2_execveat_x, struct pt_regs *regs, long ret) {
}

/* Parameter 29: pgid (type: PT_UID) */
pid_t pgid = 0;
struct pid *pid_struct = NULL;
READ_TASK_FIELD_INTO(&pid_struct, task, signal, pids[PIDTYPE_PGID]);
BPF_CORE_READ_INTO(&pgid, pid_struct, numbers[0].nr);
auxmap__store_s64_param(auxmap, (int64_t)pgid);
auxmap__store_pgid(auxmap, task);

/*=============================== COLLECT PARAMETERS ===========================*/

Expand Down
31 changes: 14 additions & 17 deletions driver/ppm_fillers.c
Original file line number Diff line number Diff line change
Expand Up @@ -926,6 +926,18 @@ static enum ppm_overlay ppm_get_overlay_layer(struct file *file) {
#endif // LINUX_VERSION_CODE < KERNEL_VERSION(3, 18, 0)
}

static inline int push_pgid(struct event_filler_arguments *args) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
// task_pgrp_nr_ns has been introduced in 2.6.24
// https://elixir.bootlin.com/linux/v2.6.24/source/kernel/pid.c#L458
return val_to_ring(args, task_pgrp_nr_ns(current, &init_pid_ns), 0, false, 0);
#else
// https://elixir.bootlin.com/linux/v2.6.23/source/kernel/sys.c#L1543
// we don't have the concept of pid namespace in this kernel version
return val_to_ring(args, process_group(current), 0, false, 0);
#endif
}

int f_proc_startupdate(struct event_filler_arguments *args) {
unsigned long val = 0;
int res = 0;
Expand Down Expand Up @@ -1549,15 +1561,7 @@ int f_proc_startupdate(struct event_filler_arguments *args) {
CHECK_RES(res);

/* Parameter 29: pgid (type: PT_UID) */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
// task_pgrp_nr_ns has been introduced in 2.6.24
// https://elixir.bootlin.com/linux/v2.6.24/source/kernel/pid.c#L458
res = val_to_ring(args, task_pgrp_nr_ns(current, &init_pid_ns), 0, false, 0);
#else
// https://elixir.bootlin.com/linux/v2.6.23/source/kernel/sys.c#L1543
// we don't have the concept of pid namespace in this kernel version
res = val_to_ring(args, process_group(current), 0, false, 0);
#endif
res = push_pgid(args);
CHECK_RES(res);
}
return add_sentinel(args);
Expand Down Expand Up @@ -7445,14 +7449,7 @@ int f_sched_prog_exec(struct event_filler_arguments *args) {
CHECK_RES(res);

/* Parameter 29: pgid (type: PT_UID) */
#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 24)
// task_pgrp_nr_ns has been introduced in 2.6.24
// https://elixir.bootlin.com/linux/v2.6.24/source/kernel/pid.c#L458
res = val_to_ring(args, task_pgrp_nr_ns(current, &init_pid_ns), 0, false, 0);
#else
// https://elixir.bootlin.com/linux/v2.6.23/source/kernel/sys.c#L1543
res = val_to_ring(args, process_group(current), 0, false, 0);
#endif
res = push_pgid(args);
CHECK_RES(res);

return add_sentinel(args);
Expand Down

0 comments on commit e25d0f0

Please sign in to comment.