| tracex5_user.c (68f0f2690e183306b52671a9ad09fb31808b0500) | tracex5_user.c (bc1a85977b950407d67cd1e5b74f261a4bee3284) |
|---|---|
| 1// SPDX-License-Identifier: GPL-2.0 2#include <stdio.h> | 1// SPDX-License-Identifier: GPL-2.0 2#include <stdio.h> |
| 3#include <linux/bpf.h> | 3#include <stdlib.h> |
| 4#include <unistd.h> 5#include <linux/filter.h> 6#include <linux/seccomp.h> 7#include <sys/prctl.h> 8#include <bpf/bpf.h> | 4#include <unistd.h> 5#include <linux/filter.h> 6#include <linux/seccomp.h> 7#include <sys/prctl.h> 8#include <bpf/bpf.h> |
| 9#include "bpf_load.h" | 9#include <bpf/libbpf.h> |
| 10#include <sys/resource.h> 11#include "trace_helpers.h" 12 | 10#include <sys/resource.h> 11#include "trace_helpers.h" 12 |
| 13#ifdef __mips__ 14#define MAX_ENTRIES 6000 /* MIPS n64 syscalls start at 5000 */ 15#else 16#define MAX_ENTRIES 1024 17#endif 18 |
|
| 13/* install fake seccomp program to enable seccomp code path inside the kernel, 14 * so that our kprobe attached to seccomp_phase1() can be triggered 15 */ 16static void install_accept_all_seccomp(void) 17{ 18 struct sock_filter filter[] = { 19 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), 20 }; 21 struct sock_fprog prog = { 22 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 23 .filter = filter, 24 }; 25 if (prctl(PR_SET_SECCOMP, 2, &prog)) 26 perror("prctl"); 27} 28 29int main(int ac, char **argv) 30{ | 19/* install fake seccomp program to enable seccomp code path inside the kernel, 20 * so that our kprobe attached to seccomp_phase1() can be triggered 21 */ 22static void install_accept_all_seccomp(void) 23{ 24 struct sock_filter filter[] = { 25 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), 26 }; 27 struct sock_fprog prog = { 28 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 29 .filter = filter, 30 }; 31 if (prctl(PR_SET_SECCOMP, 2, &prog)) 32 perror("prctl"); 33} 34 35int main(int ac, char **argv) 36{ |
| 31 FILE *f; 32 char filename[256]; | |
| 33 struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; | 37 struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; |
| 38 struct bpf_link *link = NULL; 39 struct bpf_program *prog; 40 struct bpf_object *obj; 41 int key, fd, progs_fd; 42 char filename[256]; 43 const char *title; 44 FILE *f; |
|
| 34 | 45 |
| 35 snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); | |
| 36 setrlimit(RLIMIT_MEMLOCK, &r); 37 | 46 setrlimit(RLIMIT_MEMLOCK, &r); 47 |
| 38 if (load_bpf_file(filename)) { 39 printf("%s", bpf_log_buf); 40 return 1; | 48 snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); 49 obj = bpf_object__open_file(filename, NULL); 50 if (libbpf_get_error(obj)) { 51 fprintf(stderr, "ERROR: opening BPF object file failed\n"); 52 return 0; |
| 41 } 42 | 53 } 54 |
| 55 prog = bpf_object__find_program_by_name(obj, "bpf_prog1"); 56 if (!prog) { 57 printf("finding a prog in obj file failed\n"); 58 goto cleanup; 59 } 60 61 /* load BPF program */ 62 if (bpf_object__load(obj)) { 63 fprintf(stderr, "ERROR: loading BPF object file failed\n"); 64 goto cleanup; 65 } 66 67 link = bpf_program__attach(prog); 68 if (libbpf_get_error(link)) { 69 fprintf(stderr, "ERROR: bpf_program__attach failed\n"); 70 link = NULL; 71 goto cleanup; 72 } 73 74 progs_fd = bpf_object__find_map_fd_by_name(obj, "progs"); 75 if (progs_fd < 0) { 76 fprintf(stderr, "ERROR: finding a map in obj file failed\n"); 77 goto cleanup; 78 } 79 80 bpf_object__for_each_program(prog, obj) { 81 title = bpf_program__title(prog, false); 82 /* register only syscalls to PROG_ARRAY */ 83 if (sscanf(title, "kprobe/%d", &key) != 1) 84 continue; 85 86 fd = bpf_program__fd(prog); 87 bpf_map_update_elem(progs_fd, &key, &fd, BPF_ANY); 88 } 89 |
|
| 43 install_accept_all_seccomp(); 44 45 f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); 46 (void) f; 47 48 read_trace_pipe(); 49 | 90 install_accept_all_seccomp(); 91 92 f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); 93 (void) f; 94 95 read_trace_pipe(); 96 |
| 97cleanup: 98 bpf_link__destroy(link); 99 bpf_object__close(obj); |
|
| 50 return 0; 51} | 100 return 0; 101} |