lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri,  1 Apr 2022 09:40:46 +0800
From:   Song Chen <chensong_2000@....cn>
To:     ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
        kafai@...com, songliubraving@...com, yhs@...com,
        john.fastabend@...il.com, kpsingh@...nel.org,
        netdev@...r.kernel.org, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org
Cc:     Song Chen <chensong_2000@....cn>
Subject: [PATCH] sample: bpf: syscall_tp_kern: add dfd before filename

When i was writing my eBPF program, i copied some pieces of code from
syscall_tp, syscall_tp_kern only records how many files are opened, but
mine needs to print file name.I reused struct syscalls_enter_open_args,
which is defined as:

struct syscalls_enter_open_args {
	unsigned long long unused;
	long syscall_nr;
	long filename_ptr;
        long flags;
        long mode;
};

I tried to use filename_ptr, but it's not the pointer of filename, flags
turns out to be the pointer I'm looking for, there might be something
missed in the struct.

I read the ftrace log, found the missed one is dfd, which is supposed to be
placed in between syscall_nr and filename_ptr.

Actually syscall_tp has nothing to do with dfd, it can run anyway without
it, but it's better to have it to make it a better eBPF sample, especially
to new eBPF programmers, then i fixed it.

Signed-off-by: Song Chen <chensong_2000@....cn>
---
 samples/bpf/syscall_tp_kern.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/samples/bpf/syscall_tp_kern.c b/samples/bpf/syscall_tp_kern.c
index 50231c2eff9c..e4ac818aee57 100644
--- a/samples/bpf/syscall_tp_kern.c
+++ b/samples/bpf/syscall_tp_kern.c
@@ -7,6 +7,7 @@
 struct syscalls_enter_open_args {
 	unsigned long long unused;
 	long syscall_nr;
+	long dfd_ptr;
 	long filename_ptr;
 	long flags;
 	long mode;
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ