bpf samples: update tracex5 sample to use __seccomp_filter
seccomp_phase1() does not exist anymore. Instead, update sample to use __seccomp_filter(). While at it, set max locked memory to unlimited. Signed-off-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
2b064fff85
Коммит
973d94d8a8
|
@ -19,20 +19,18 @@ struct bpf_map_def SEC("maps") progs = {
|
|||
.max_entries = 1024,
|
||||
};
|
||||
|
||||
SEC("kprobe/seccomp_phase1")
|
||||
SEC("kprobe/__seccomp_filter")
|
||||
int bpf_prog1(struct pt_regs *ctx)
|
||||
{
|
||||
struct seccomp_data sd;
|
||||
|
||||
bpf_probe_read(&sd, sizeof(sd), (void *)PT_REGS_PARM1(ctx));
|
||||
int sc_nr = (int)PT_REGS_PARM1(ctx);
|
||||
|
||||
/* dispatch into next BPF program depending on syscall number */
|
||||
bpf_tail_call(ctx, &progs, sd.nr);
|
||||
bpf_tail_call(ctx, &progs, sc_nr);
|
||||
|
||||
/* fall through -> unknown syscall */
|
||||
if (sd.nr >= __NR_getuid && sd.nr <= __NR_getsid) {
|
||||
if (sc_nr >= __NR_getuid && sc_nr <= __NR_getsid) {
|
||||
char fmt[] = "syscall=%d (one of get/set uid/pid/gid)\n";
|
||||
bpf_trace_printk(fmt, sizeof(fmt), sd.nr);
|
||||
bpf_trace_printk(fmt, sizeof(fmt), sc_nr);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -42,7 +40,7 @@ PROG(__NR_write)(struct pt_regs *ctx)
|
|||
{
|
||||
struct seccomp_data sd;
|
||||
|
||||
bpf_probe_read(&sd, sizeof(sd), (void *)PT_REGS_PARM1(ctx));
|
||||
bpf_probe_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
|
||||
if (sd.args[2] == 512) {
|
||||
char fmt[] = "write(fd=%d, buf=%p, size=%d)\n";
|
||||
bpf_trace_printk(fmt, sizeof(fmt),
|
||||
|
@ -55,7 +53,7 @@ PROG(__NR_read)(struct pt_regs *ctx)
|
|||
{
|
||||
struct seccomp_data sd;
|
||||
|
||||
bpf_probe_read(&sd, sizeof(sd), (void *)PT_REGS_PARM1(ctx));
|
||||
bpf_probe_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
|
||||
if (sd.args[2] > 128 && sd.args[2] <= 1024) {
|
||||
char fmt[] = "read(fd=%d, buf=%p, size=%d)\n";
|
||||
bpf_trace_printk(fmt, sizeof(fmt),
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
#include <sys/prctl.h>
|
||||
#include "libbpf.h"
|
||||
#include "bpf_load.h"
|
||||
#include <sys/resource.h>
|
||||
|
||||
/* install fake seccomp program to enable seccomp code path inside the kernel,
|
||||
* so that our kprobe attached to seccomp_phase1() can be triggered
|
||||
|
@ -27,8 +28,10 @@ int main(int ac, char **argv)
|
|||
{
|
||||
FILE *f;
|
||||
char filename[256];
|
||||
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
|
||||
|
||||
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
||||
setrlimit(RLIMIT_MEMLOCK, &r);
|
||||
|
||||
if (load_bpf_file(filename)) {
|
||||
printf("%s", bpf_log_buf);
|
||||
|
|
Загрузка…
Ссылка в новой задаче