mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-10 19:43:29 +00:00
96ae522795
This allows user memory to be written to during the course of a kprobe. It shouldn't be used to implement any kind of security mechanism because of TOC-TOU attacks, but rather to debug, divert, and manipulate execution of semi-cooperative processes. Although it uses probe_kernel_write, we limit the address space the probe can write into by checking the space with access_ok. We do this as opposed to calling copy_to_user directly, in order to avoid sleeping. In addition we ensure the threads's current fs / segment is USER_DS and the thread isn't exiting nor a kernel thread. Given this feature is meant for experiments, and it has a risk of crashing the system, and running programs, we print a warning on when a proglet that attempts to use this helper is installed, along with the pid and process name. Signed-off-by: Sargun Dhillon <sargun@sargun.me> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
142 lines
5.1 KiB
C
142 lines
5.1 KiB
C
#ifndef __BPF_HELPERS_H
|
|
#define __BPF_HELPERS_H
|
|
|
|
/* helper macro to place programs, maps, license in
|
|
* different sections in elf_bpf file. Section names
|
|
* are interpreted by elf_bpf loader
|
|
*/
|
|
#define SEC(NAME) __attribute__((section(NAME), used))
|
|
|
|
/* helper functions called from eBPF programs written in C */
|
|
static void *(*bpf_map_lookup_elem)(void *map, void *key) =
|
|
(void *) BPF_FUNC_map_lookup_elem;
|
|
static int (*bpf_map_update_elem)(void *map, void *key, void *value,
|
|
unsigned long long flags) =
|
|
(void *) BPF_FUNC_map_update_elem;
|
|
static int (*bpf_map_delete_elem)(void *map, void *key) =
|
|
(void *) BPF_FUNC_map_delete_elem;
|
|
static int (*bpf_probe_read)(void *dst, int size, void *unsafe_ptr) =
|
|
(void *) BPF_FUNC_probe_read;
|
|
static unsigned long long (*bpf_ktime_get_ns)(void) =
|
|
(void *) BPF_FUNC_ktime_get_ns;
|
|
static int (*bpf_trace_printk)(const char *fmt, int fmt_size, ...) =
|
|
(void *) BPF_FUNC_trace_printk;
|
|
static void (*bpf_tail_call)(void *ctx, void *map, int index) =
|
|
(void *) BPF_FUNC_tail_call;
|
|
static unsigned long long (*bpf_get_smp_processor_id)(void) =
|
|
(void *) BPF_FUNC_get_smp_processor_id;
|
|
static unsigned long long (*bpf_get_current_pid_tgid)(void) =
|
|
(void *) BPF_FUNC_get_current_pid_tgid;
|
|
static unsigned long long (*bpf_get_current_uid_gid)(void) =
|
|
(void *) BPF_FUNC_get_current_uid_gid;
|
|
static int (*bpf_get_current_comm)(void *buf, int buf_size) =
|
|
(void *) BPF_FUNC_get_current_comm;
|
|
static int (*bpf_perf_event_read)(void *map, int index) =
|
|
(void *) BPF_FUNC_perf_event_read;
|
|
static int (*bpf_clone_redirect)(void *ctx, int ifindex, int flags) =
|
|
(void *) BPF_FUNC_clone_redirect;
|
|
static int (*bpf_redirect)(int ifindex, int flags) =
|
|
(void *) BPF_FUNC_redirect;
|
|
static int (*bpf_perf_event_output)(void *ctx, void *map, int index, void *data, int size) =
|
|
(void *) BPF_FUNC_perf_event_output;
|
|
static int (*bpf_get_stackid)(void *ctx, void *map, int flags) =
|
|
(void *) BPF_FUNC_get_stackid;
|
|
static int (*bpf_probe_write_user)(void *dst, void *src, int size) =
|
|
(void *) BPF_FUNC_probe_write_user;
|
|
|
|
/* llvm builtin functions that eBPF C program may use to
|
|
* emit BPF_LD_ABS and BPF_LD_IND instructions
|
|
*/
|
|
struct sk_buff;
|
|
unsigned long long load_byte(void *skb,
|
|
unsigned long long off) asm("llvm.bpf.load.byte");
|
|
unsigned long long load_half(void *skb,
|
|
unsigned long long off) asm("llvm.bpf.load.half");
|
|
unsigned long long load_word(void *skb,
|
|
unsigned long long off) asm("llvm.bpf.load.word");
|
|
|
|
/* a helper structure used by eBPF C program
|
|
* to describe map attributes to elf_bpf loader
|
|
*/
|
|
struct bpf_map_def {
|
|
unsigned int type;
|
|
unsigned int key_size;
|
|
unsigned int value_size;
|
|
unsigned int max_entries;
|
|
unsigned int map_flags;
|
|
};
|
|
|
|
static int (*bpf_skb_store_bytes)(void *ctx, int off, void *from, int len, int flags) =
|
|
(void *) BPF_FUNC_skb_store_bytes;
|
|
static int (*bpf_l3_csum_replace)(void *ctx, int off, int from, int to, int flags) =
|
|
(void *) BPF_FUNC_l3_csum_replace;
|
|
static int (*bpf_l4_csum_replace)(void *ctx, int off, int from, int to, int flags) =
|
|
(void *) BPF_FUNC_l4_csum_replace;
|
|
static int (*bpf_skb_in_cgroup)(void *ctx, void *map, int index) =
|
|
(void *) BPF_FUNC_skb_in_cgroup;
|
|
|
|
#if defined(__x86_64__)
|
|
|
|
#define PT_REGS_PARM1(x) ((x)->di)
|
|
#define PT_REGS_PARM2(x) ((x)->si)
|
|
#define PT_REGS_PARM3(x) ((x)->dx)
|
|
#define PT_REGS_PARM4(x) ((x)->cx)
|
|
#define PT_REGS_PARM5(x) ((x)->r8)
|
|
#define PT_REGS_RET(x) ((x)->sp)
|
|
#define PT_REGS_FP(x) ((x)->bp)
|
|
#define PT_REGS_RC(x) ((x)->ax)
|
|
#define PT_REGS_SP(x) ((x)->sp)
|
|
#define PT_REGS_IP(x) ((x)->ip)
|
|
|
|
#elif defined(__s390x__)
|
|
|
|
#define PT_REGS_PARM1(x) ((x)->gprs[2])
|
|
#define PT_REGS_PARM2(x) ((x)->gprs[3])
|
|
#define PT_REGS_PARM3(x) ((x)->gprs[4])
|
|
#define PT_REGS_PARM4(x) ((x)->gprs[5])
|
|
#define PT_REGS_PARM5(x) ((x)->gprs[6])
|
|
#define PT_REGS_RET(x) ((x)->gprs[14])
|
|
#define PT_REGS_FP(x) ((x)->gprs[11]) /* Works only with CONFIG_FRAME_POINTER */
|
|
#define PT_REGS_RC(x) ((x)->gprs[2])
|
|
#define PT_REGS_SP(x) ((x)->gprs[15])
|
|
#define PT_REGS_IP(x) ((x)->ip)
|
|
|
|
#elif defined(__aarch64__)
|
|
|
|
#define PT_REGS_PARM1(x) ((x)->regs[0])
|
|
#define PT_REGS_PARM2(x) ((x)->regs[1])
|
|
#define PT_REGS_PARM3(x) ((x)->regs[2])
|
|
#define PT_REGS_PARM4(x) ((x)->regs[3])
|
|
#define PT_REGS_PARM5(x) ((x)->regs[4])
|
|
#define PT_REGS_RET(x) ((x)->regs[30])
|
|
#define PT_REGS_FP(x) ((x)->regs[29]) /* Works only with CONFIG_FRAME_POINTER */
|
|
#define PT_REGS_RC(x) ((x)->regs[0])
|
|
#define PT_REGS_SP(x) ((x)->sp)
|
|
#define PT_REGS_IP(x) ((x)->pc)
|
|
|
|
#elif defined(__powerpc__)
|
|
|
|
#define PT_REGS_PARM1(x) ((x)->gpr[3])
|
|
#define PT_REGS_PARM2(x) ((x)->gpr[4])
|
|
#define PT_REGS_PARM3(x) ((x)->gpr[5])
|
|
#define PT_REGS_PARM4(x) ((x)->gpr[6])
|
|
#define PT_REGS_PARM5(x) ((x)->gpr[7])
|
|
#define PT_REGS_RC(x) ((x)->gpr[3])
|
|
#define PT_REGS_SP(x) ((x)->sp)
|
|
#define PT_REGS_IP(x) ((x)->nip)
|
|
|
|
#endif
|
|
|
|
#ifdef __powerpc__
|
|
#define BPF_KPROBE_READ_RET_IP(ip, ctx) ({ (ip) = (ctx)->link; })
|
|
#define BPF_KRETPROBE_READ_RET_IP BPF_KPROBE_READ_RET_IP
|
|
#else
|
|
#define BPF_KPROBE_READ_RET_IP(ip, ctx) ({ \
|
|
bpf_probe_read(&(ip), sizeof(ip), (void *)PT_REGS_RET(ctx)); })
|
|
#define BPF_KRETPROBE_READ_RET_IP(ip, ctx) ({ \
|
|
bpf_probe_read(&(ip), sizeof(ip), \
|
|
(void *)(PT_REGS_FP(ctx) + sizeof(ip))); })
|
|
#endif
|
|
|
|
#endif
|