Skip to content

Commit

Permalink
update: address review requests
Browse files Browse the repository at this point in the history
Signed-off-by: rohith-raju <[email protected]>
  • Loading branch information
Rohith-Raju committed Nov 20, 2023
1 parent debf97a commit db5f0cc
Show file tree
Hide file tree
Showing 9 changed files with 85 additions and 52 deletions.
2 changes: 1 addition & 1 deletion driver/SCHEMA_VERSION
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.12.4
2.13.4
36 changes: 13 additions & 23 deletions driver/bpf/fillers.h
Original file line number Diff line number Diff line change
Expand Up @@ -1031,7 +1031,7 @@ FILLER(sys_access_e, true)
FILLER(sys_getrlimit_setrlimit_e, true)
{
/* Parameter 1: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = bpf_syscall_get_argument(data, 0);
uint32_t resource = bpf_syscall_get_argument(data, 0);
return bpf_push_u8_to_ring(data, rlimit_resource_to_scap(resource));
}

Expand All @@ -1051,8 +1051,7 @@ FILLER(sys_getrlimit_x, true)
/*
* Copy the user structure and extract cur and max
*/
if(retval >= 0 || data->state->tail_ctx.evt_type == PPME_SYSCALL_SETRLIMIT_X)
{
if(retval >= 0){
struct rlimit rl;

val = bpf_syscall_get_argument(data, 1);
Expand All @@ -1061,22 +1060,21 @@ FILLER(sys_getrlimit_x, true)

cur = rl.rlim_cur;
max = rl.rlim_max;
}
else
{

} else {
cur = -1;
max = -1;
}

/* Parameter 2: cur (type: PT_ERRNO) */
/* Parameter 2: cur (type: PT_INT64) */
res = bpf_push_s64_to_ring(data, cur);
CHECK_RES(res);

/* Parameter 3: max (type: PT_ERRNO) */
return bpf_push_s64_to_ring(data, max);
}

FILLER(sys_setrlrimit_x, true)
FILLER(sys_setrlimit_x, true)
{
unsigned long val;
long retval;
Expand All @@ -1092,22 +1090,14 @@ FILLER(sys_setrlrimit_x, true)
/*
* Copy the user structure and extract cur and max
*/
if (retval >= 0 ||
data->state->tail_ctx.evt_type == PPME_SYSCALL_SETRLIMIT_X) {
struct rlimit rl;

struct rlimit rl = {0};

val = bpf_syscall_get_argument(data, 1);
if (bpf_probe_read_user(&rl, sizeof(rl), (void *)val))
return PPM_FAILURE_INVALID_USER_MEMORY;

bpf_probe_read_user(&rl, sizeof(rl), (void *)val);
cur = rl.rlim_cur;
max = rl.rlim_max;
} else {
cur = -1;
max = -1;
}

/* Parameter 2: cur (type: PT_ERRNO) */
/* Parameter 2: cur (type: PT_INT64) */
res = bpf_push_s64_to_ring(data, cur);
CHECK_RES(res);

Expand All @@ -1116,7 +1106,7 @@ FILLER(sys_setrlrimit_x, true)
CHECK_RES(res);

/* Parameter 4: resource (type: PT_ERRNO) */
unsigned long resource = bpf_syscall_get_argument(data, 0);
uint32_t resource = bpf_syscall_get_argument(data, 0);
return bpf_push_u8_to_ring(data, rlimit_resource_to_scap(resource));
}

Expand Down Expand Up @@ -3862,7 +3852,7 @@ FILLER(sys_prlimit_e, true)
CHECK_RES(res);

/* Parameter 2: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = bpf_syscall_get_argument(data, 1);
uint32_t resource = bpf_syscall_get_argument(data, 1);
return bpf_push_u8_to_ring(data, rlimit_resource_to_scap(resource));
}

Expand Down Expand Up @@ -3930,7 +3920,7 @@ FILLER(sys_prlimit_x, true)
CHECK_RES(res);

/* Parameter 7: resource */
unsigned long resource = bpf_syscall_get_argument(data, 1);
uint32_t resource = bpf_syscall_get_argument(data, 1);
return bpf_push_u8_to_ring(data, rlimit_resource_to_scap(resource));
}

Expand Down
2 changes: 1 addition & 1 deletion driver/fillers_table.c
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ const struct ppm_event_entry g_ppm_events[PPM_EVENT_MAX] = {
[PPME_SYSCALL_GETRLIMIT_E] = {FILLER_REF(sys_getrlimit_setrlimit_e)},
[PPME_SYSCALL_GETRLIMIT_X] = {FILLER_REF(sys_getrlimit_x)},
[PPME_SYSCALL_SETRLIMIT_E] = {FILLER_REF(sys_getrlimit_setrlimit_e)},
[PPME_SYSCALL_SETRLIMIT_X] = {FILLER_REF(sys_setrlrimit_x)},
[PPME_SYSCALL_SETRLIMIT_X] = {FILLER_REF(sys_setrlimit_x)},
[PPME_SYSCALL_PRLIMIT_E] = {FILLER_REF(sys_prlimit_e)},
[PPME_SYSCALL_PRLIMIT_X] = {FILLER_REF(sys_prlimit_x)},
[PPME_DROP_E] = {FILLER_REF(sched_drop)},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ int BPF_PROG(prlimit64_e,
ringbuf__store_s64(&ringbuf, (int64_t)pid);

/* Parameter 2: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = extract__syscall_argument(regs, 1);
uint32_t resource = extract__syscall_argument(regs, 1);
ringbuf__store_u8(&ringbuf, rlimit_resource_to_scap(resource));

/*=============================== COLLECT PARAMETERS ===========================*/
Expand Down Expand Up @@ -93,7 +93,7 @@ int BPF_PROG(prlimit64_x,
ringbuf__store_s64(&ringbuf, (s64)pid);

/* Parameter 7: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = extract__syscall_argument(regs, 1);
uint32_t resource = extract__syscall_argument(regs, 1);
ringbuf__store_u8(&ringbuf, rlimit_resource_to_scap(resource));

/*=============================== COLLECT PARAMETERS ===========================*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ int BPF_PROG(setrlimit_e,
/*=============================== COLLECT PARAMETERS ===========================*/

/* Parameter 1: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = extract__syscall_argument(regs, 0);
uint32_t resource = extract__syscall_argument(regs, 0);
ringbuf__store_u8(&ringbuf, rlimit_resource_to_scap(resource));

/*=============================== COLLECT PARAMETERS ===========================*/
Expand Down Expand Up @@ -69,7 +69,7 @@ int BPF_PROG(setrlimit_x,
ringbuf__store_s64(&ringbuf, rl.rlim_max);

/* Parameter 4: resource (type: PT_ENUMFLAGS8) */
unsigned long resource = extract__syscall_argument(regs, 0);
uint32_t resource = extract__syscall_argument(regs, 0);
ringbuf__store_u8(&ringbuf, rlimit_resource_to_scap(resource));

/*=============================== COLLECT PARAMETERS ===========================*/
Expand Down
28 changes: 11 additions & 17 deletions driver/ppm_fillers.c
Original file line number Diff line number Diff line change
Expand Up @@ -4073,7 +4073,7 @@ int f_sys_getrlimit_setrlimit_e(struct event_filler_arguments *args)
*/
syscall_get_arguments_deprecated(args, 0, 1, &val);

ppm_resource = rlimit_resource_to_scap(val);
ppm_resource = rlimit_resource_to_scap((uint32_t)val);

res = val_to_ring(args, (uint64_t)ppm_resource, 0, false, 0);
CHECK_RES(res);
Expand All @@ -4100,16 +4100,16 @@ int f_sys_getrlimit_x(struct event_filler_arguments *args) {
/*
* Copy the user structure and extract cur and max
*/
if(retval >= 0 || args->event_type == PPME_SYSCALL_SETRLIMIT_X)
{
if(retval >= 0) {
syscall_get_arguments_deprecated(args, 1, 1, &val);

#ifdef CONFIG_COMPAT
if(!args->compat)
{
#endif
if(unlikely(ppm_copy_from_user(&rl, (const void __user *)val, sizeof(struct rlimit))))
return PPM_FAILURE_INVALID_USER_MEMORY;
return PPM_FAILURE_INVALID_USER_MEMORY;
cur = rl.rlim_cur;
max = rl.rlim_max;
#ifdef CONFIG_COMPAT
Expand Down Expand Up @@ -4143,17 +4143,17 @@ int f_sys_getrlimit_x(struct event_filler_arguments *args) {



int f_sys_setrlrimit_x(struct event_filler_arguments *args)
int f_sys_setrlimit_x(struct event_filler_arguments *args)
{
unsigned long val;
int res;
int64_t retval;
struct rlimit rl;
#ifdef CONFIG_COMPAT
struct compat_rlimit compat_rl;
#endif
int64_t cur;
int64_t max;
struct rlimit rl = {0};

/* Parameter 1: res (type: PT_ERRNO) */
retval = (int64_t)(long)syscall_get_return_value(current, args->regs);
Expand All @@ -4163,14 +4163,12 @@ int f_sys_setrlrimit_x(struct event_filler_arguments *args)
/*
* Copy the user structure and extract cur and max
*/
if (retval >= 0 || args->event_type == PPME_SYSCALL_SETRLIMIT_X) {
syscall_get_arguments_deprecated(args, 1, 1, &val);

#ifdef CONFIG_COMPAT
if (!args->compat) {
#endif
if (unlikely(ppm_copy_from_user(&rl, (const void __user *)val, sizeof(struct rlimit))))
return PPM_FAILURE_INVALID_USER_MEMORY;
ppm_copy_from_user(&rl, (const void __user *)val, sizeof(struct rlimit));
cur = rl.rlim_cur;
max = rl.rlim_max;
#ifdef CONFIG_COMPAT
Expand All @@ -4181,12 +4179,8 @@ int f_sys_setrlrimit_x(struct event_filler_arguments *args)
max = compat_rl.rlim_max;
}
#endif
} else {
cur = -1;
max = -1;
}

/* Parameter 2: (type: PT_INT64) */
/* Parameter 2: curr (type: PT_INT64) */
res = val_to_ring(args, cur, 0, false, 0);
CHECK_RES(res);

Expand All @@ -4196,7 +4190,7 @@ int f_sys_setrlrimit_x(struct event_filler_arguments *args)

/* Parameter 4: resource (type: PT_ENUMFLAGS8) */
syscall_get_arguments_deprecated(args, 0, 1, &val);
res = val_to_ring(args, rlimit_resource_to_scap(val), 0, false, 0);
res = val_to_ring(args, rlimit_resource_to_scap((uint32_t)val), 0, false, 0);
CHECK_RES(res);

return add_sentinel(args);
Expand All @@ -4216,7 +4210,7 @@ int f_sys_prlimit_e(struct event_filler_arguments *args)

/* Parameter 2: resource (type: PT_ENUMFLAGS8) */
syscall_get_arguments_deprecated(args, 1, 1, &val);
res = val_to_ring(args, rlimit_resource_to_scap(val), 0, false, 0);
res = val_to_ring(args, rlimit_resource_to_scap((uint32_t)val), 0, false, 0);
CHECK_RES(res);

return add_sentinel(args);
Expand Down Expand Up @@ -4321,7 +4315,7 @@ int f_sys_prlimit_x(struct event_filler_arguments *args)

/* Parameter 7: resource (type: PT_ENUMFLAGS8) */
syscall_get_arguments_deprecated(args, 1, 1, &val);
res = val_to_ring(args, rlimit_resource_to_scap(val), 0, false, 0);
res = val_to_ring(args, rlimit_resource_to_scap((uint32_t)val), 0, false, 0);
CHECK_RES(res);

return add_sentinel(args);
Expand Down
2 changes: 1 addition & 1 deletion driver/ppm_fillers.h
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ or GPL2.txt for full copies of the license.
FN(sys_nanosleep_e) \
FN(sys_getrlimit_setrlimit_e) \
FN(sys_getrlimit_x) \
FN(sys_setrlrimit_x) \
FN(sys_setrlimit_x) \
FN(sys_prlimit_e) \
FN(sys_prlimit_x) \
FN(sched_switch_e) \
Expand Down
2 changes: 1 addition & 1 deletion driver/ppm_flag_helpers.h
Original file line number Diff line number Diff line change
Expand Up @@ -1293,7 +1293,7 @@ static __always_inline uint32_t access_flags_to_scap(unsigned flags)
return res;
}

static __always_inline uint8_t rlimit_resource_to_scap(unsigned long rresource)
static __always_inline u8 rlimit_resource_to_scap(uint32_t rresource)
{
switch (rresource) {
case RLIMIT_CPU:
Expand Down
57 changes: 53 additions & 4 deletions test/drivers/test_suites/syscall_exit_suite/setrlimit_x.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

#include <sys/resource.h>

TEST(SyscallExit, setrlimitX)
TEST(SyscallExit, setrlimitX_failure)
{
auto evt_test = get_syscall_event_test(__NR_setrlimit, EXIT_EVENT);

Expand All @@ -13,9 +13,7 @@ TEST(SyscallExit, setrlimitX)
/*=============================== TRIGGER SYSCALL ===========================*/

int resource = -1;
struct rlimit rlim;
rlim.rlim_cur = 50;
rlim.rlim_max = 10020;
struct rlimit rlim = {0};
assert_syscall_state(SYSCALL_FAILURE, "setrlimit", syscall(__NR_setrlimit, resource, &rlim));
int64_t errno_value = -errno;

Expand Down Expand Up @@ -52,4 +50,55 @@ TEST(SyscallExit, setrlimitX)

evt_test->assert_num_params_pushed(4);
}

TEST(SyscallExit, setrlimitX_success)
{
auto evt_test = get_syscall_event_test(__NR_setrlimit, EXIT_EVENT);

evt_test->enable_capture();

/*=============================== TRIGGER SYSCALL ===========================*/

int resource = RLIMIT_MEMLOCK;
struct rlimit rlim;
rlim.rlim_cur = 50;
rlim.rlim_max = 10020;

int ret = syscall(__NR_setrlimit, resource, &rlim);
assert_syscall_state(SYSCALL_SUCCESS, "setrlimit", ret, NOT_EQUAL, -1);
// On success, setrlimit return 0.

/*=============================== TRIGGER SYSCALL ===========================*/

evt_test->disable_capture();

evt_test->assert_event_presence();

if(HasFatalFailure())
{
return;
}

evt_test->parse_event();

evt_test->assert_header();

/*=============================== ASSERT PARAMETERS ===========================*/

/* Parameter 1: res (type: PT_ERRNO) */
evt_test->assert_numeric_param(1, (int64_t)ret);

/* Parameter 2: cur (type: PT_INT64) */
evt_test->assert_numeric_param(2, (int64_t)rlim.rlim_cur);

/* Parameter 3: max (type: PT_INT64) */
evt_test->assert_numeric_param(3, (int64_t)rlim.rlim_max);

/* Parameter 4: resource (type: PT_ENUMFLAGS8) */
evt_test->assert_numeric_param(4, (uint8_t)resource);

/*=============================== ASSERT PARAMETERS ===========================*/

evt_test->assert_num_params_pushed(4);
}
#endif

0 comments on commit db5f0cc

Please sign in to comment.