diff --git a/bpf/process/bpf_generic_kprobe.c b/bpf/process/bpf_generic_kprobe.c index f64e3d61362..a3341f7826d 100644 --- a/bpf/process/bpf_generic_kprobe.c +++ b/bpf/process/bpf_generic_kprobe.c @@ -137,7 +137,7 @@ generic_kprobe_actions(void *ctx) __attribute__((section("kprobe"), used)) int generic_kprobe_output(void *ctx) { - return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE); + return generic_output(ctx, MSG_OP_GENERIC_KPROBE); } __attribute__((section(OVERRIDE), used)) int diff --git a/bpf/process/bpf_generic_lsm_output.c b/bpf/process/bpf_generic_lsm_output.c index 3e90c5a58db..9f4b144fb3a 100644 --- a/bpf/process/bpf_generic_lsm_output.c +++ b/bpf/process/bpf_generic_lsm_output.c @@ -16,6 +16,9 @@ #include "types/basic.h" #include "generic_maps.h" +#include "generic_maps.h" +#include "generic_calls.h" + char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL"; __attribute__((section("lsm/generic_lsm_output"), used)) int @@ -43,6 +46,6 @@ generic_lsm_output(void *ctx) } #endif if (e->lsm.post) - generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_LSM); + generic_output(ctx, MSG_OP_GENERIC_LSM); return try_override(ctx, (struct bpf_map_def *)&override_tasks); } diff --git a/bpf/process/bpf_generic_retkprobe.c b/bpf/process/bpf_generic_retkprobe.c index 1ffbf44bbfa..b72dd7977df 100644 --- a/bpf/process/bpf_generic_retkprobe.c +++ b/bpf/process/bpf_generic_retkprobe.c @@ -10,7 +10,6 @@ #include "bpf_tracing.h" #include "bpf_event.h" #include "bpf_task.h" -#include "generic_maps.h" #include "retprobe_map.h" #include "types/basic.h" @@ -35,6 +34,9 @@ struct { }, }; +#include "generic_maps.h" +#include "generic_calls.h" + #ifdef __MULTI_KPROBE #define MAIN "kprobe.multi/generic_retkprobe" #else @@ -165,5 +167,5 @@ BPF_KRETPROBE(generic_retkprobe_actions) __attribute__((section("kprobe"), used)) int BPF_KRETPROBE(generic_retkprobe_output) { - return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE); + return generic_output(ctx, MSG_OP_GENERIC_KPROBE); } diff --git a/bpf/process/bpf_generic_tracepoint.c b/bpf/process/bpf_generic_tracepoint.c index e8cf195a9f2..21ea8d57955 100644 --- a/bpf/process/bpf_generic_tracepoint.c +++ b/bpf/process/bpf_generic_tracepoint.c @@ -266,7 +266,7 @@ generic_tracepoint_actions(void *ctx) __attribute__((section("tracepoint"), used)) int generic_tracepoint_output(void *ctx) { - return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_TRACEPOINT); + return generic_output(ctx, MSG_OP_GENERIC_TRACEPOINT); } char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL"; diff --git a/bpf/process/bpf_generic_uprobe.c b/bpf/process/bpf_generic_uprobe.c index 8b3ffa5ba94..636907dad9a 100644 --- a/bpf/process/bpf_generic_uprobe.c +++ b/bpf/process/bpf_generic_uprobe.c @@ -110,5 +110,5 @@ generic_uprobe_actions(void *ctx) __attribute__((section("uprobe"), used)) int generic_uprobe_output(void *ctx) { - return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_UPROBE); + return generic_output(ctx, MSG_OP_GENERIC_UPROBE); } diff --git a/bpf/process/generic_calls.h b/bpf/process/generic_calls.h index 31b997adf7d..d7a079d4682 100644 --- a/bpf/process/generic_calls.h +++ b/bpf/process/generic_calls.h @@ -216,4 +216,53 @@ generic_process_event_and_setup(struct pt_regs *ctx, struct bpf_map_def *tailcal return generic_process_event(ctx, tailcals); } +FUNC_INLINE long +generic_output(void *ctx, u8 op) +{ + struct msg_generic_kprobe *e; + int zero = 0; + size_t total; + + e = map_lookup_elem(&process_call_heap, &zero); + if (!e) + return 0; + +/* We don't need this data in return kprobe event */ +#ifndef GENERIC_KRETPROBE +#ifdef __NS_CHANGES_FILTER + /* update the namespaces if we matched a change on that */ + if (e->sel.match_ns) { + __u32 pid = (get_current_pid_tgid() >> 32); + struct task_struct *task = + (struct task_struct *)get_current_task(); + struct execve_map_value *enter = execve_map_get_noinit( + pid); // we don't want to init that if it does not exist + if (enter) + get_namespaces(&(enter->ns), task); + } +#endif +#ifdef __CAP_CHANGES_FILTER + /* update the capabilities if we matched a change on that */ + if (e->sel.match_cap) { + __u32 pid = (get_current_pid_tgid() >> 32); + struct task_struct *task = + (struct task_struct *)get_current_task(); + struct execve_map_value *enter = execve_map_get_noinit( + pid); // we don't want to init that if it does not exist + if (enter) + get_current_subj_caps(&enter->caps, task); + } +#endif +#endif // !GENERIC_KRETPROBE + + total = e->common.size + generic_kprobe_common_size(); + /* Code movement from clang forces us to inline bounds checks here */ + asm volatile("%[total] &= 0x7fff;\n" + "if %[total] < 9000 goto +1\n;" + "%[total] = 9000;\n" + : [total] "+r"(total)); + perf_event_output_metric(ctx, op, &tcpmon_map, BPF_F_CURRENT_CPU, e, total); + return 0; +} + #endif /* __GENERIC_CALLS_H__ */ diff --git a/bpf/process/types/basic.h b/bpf/process/types/basic.h index cd7fcb2abb6..d5aac285d3c 100644 --- a/bpf/process/types/basic.h +++ b/bpf/process/types/basic.h @@ -2394,55 +2394,6 @@ generic_actions(void *ctx, struct generic_maps *maps) return postit; } -FUNC_INLINE long -generic_output(void *ctx, struct bpf_map_def *heap, u8 op) -{ - struct msg_generic_kprobe *e; - int zero = 0; - size_t total; - - e = map_lookup_elem(heap, &zero); - if (!e) - return 0; - -/* We don't need this data in return kprobe event */ -#ifndef GENERIC_KRETPROBE -#ifdef __NS_CHANGES_FILTER - /* update the namespaces if we matched a change on that */ - if (e->sel.match_ns) { - __u32 pid = (get_current_pid_tgid() >> 32); - struct task_struct *task = - (struct task_struct *)get_current_task(); - struct execve_map_value *enter = execve_map_get_noinit( - pid); // we don't want to init that if it does not exist - if (enter) - get_namespaces(&(enter->ns), task); - } -#endif -#ifdef __CAP_CHANGES_FILTER - /* update the capabilities if we matched a change on that */ - if (e->sel.match_cap) { - __u32 pid = (get_current_pid_tgid() >> 32); - struct task_struct *task = - (struct task_struct *)get_current_task(); - struct execve_map_value *enter = execve_map_get_noinit( - pid); // we don't want to init that if it does not exist - if (enter) - get_current_subj_caps(&enter->caps, task); - } -#endif -#endif // !GENERIC_KRETPROBE - - total = e->common.size + generic_kprobe_common_size(); - /* Code movement from clang forces us to inline bounds checks here */ - asm volatile("%[total] &= 0x7fff;\n" - "if %[total] < 9000 goto +1\n;" - "%[total] = 9000;\n" - : [total] "+r"(total)); - perf_event_output_metric(ctx, op, &tcpmon_map, BPF_F_CURRENT_CPU, e, total); - return 0; -} - /** * Read a generic argument *