21 Aug, 2019
1 commit
-
For arm32 xdp sockets mmap2 is preferred, so use it if it's defined.
Declaration of __NR_mmap can be skipped and it breaks build.Signed-off-by: Ivan Khoronzhuk
Acked-by: Jonathan Lemon
Signed-off-by: Daniel Borkmann
15 Jun, 2017
1 commit
-
There are two problems:
1) In MIPS the __NR_* macros expand to an expression, this causes the
sections of the object file to be named like:.
.
.
[ 5] kprobe/(5000 + 1) PROGBITS 0000000000000000 000160 ...
[ 6] kprobe/(5000 + 0) PROGBITS 0000000000000000 000258 ...
[ 7] kprobe/(5000 + 9) PROGBITS 0000000000000000 000348 ...
.
.
.The fix here is to use the "asm_offsets" trick to evaluate the macros
in the C compiler and generate a header file with a usable form of the
macros.2) MIPS syscall numbers start at 5000, so we need a bigger map to hold
the sub-programs.Signed-off-by: David Daney
Acked-by: Daniel Borkmann
Signed-off-by: David S. Miller
14 Feb, 2017
1 commit
-
Include unistd.h to define __NR_getuid and __NR_getsid.
Signed-off-by: Mickaël Salaün
Acked-by: Joe Stringer
Acked-by: Wang Nan
Cc: Alexei Starovoitov
Cc: Daniel Borkmann
Cc: David S. Miller
Cc: netdev@vger.kernel.org
Link: http://lkml.kernel.org/r/20170208202744.16274-4-mic@digikod.net
Signed-off-by: Arnaldo Carvalho de Melo
27 Sep, 2016
1 commit
-
seccomp_phase1() does not exist anymore. Instead, update sample to use
__seccomp_filter(). While at it, set max locked memory to unlimited.Signed-off-by: Naveen N. Rao
Acked-by: Alexei Starovoitov
Signed-off-by: David S. Miller
15 Apr, 2016
1 commit
-
Remove the zero initialization in the sample programs where appropriate.
Note that this is an optimization which is now possible, old programs
still doing the zero initialization are just fine as well. Also, make
sure we don't have padding issues when we don't memset() the entire
struct anymore.Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
Signed-off-by: David S. Miller
09 Jul, 2015
1 commit
-
The trace bpf samples do not compile on s390x because they use x86
specific fields from the "pt_regs" structure.Fix this and access the fields via new PT_REGS macros.
Signed-off-by: Michael Holzheu
Acked-by: Alexei Starovoitov
Signed-off-by: David S. Miller
22 May, 2015
1 commit
-
kprobe example that demonstrates how future seccomp programs may look like.
It attaches to seccomp_phase1() function and tail-calls other BPF programs
depending on syscall number.Existing optimized classic BPF seccomp programs generated by Chrome look like:
if (sd.nr < 121) {
if (sd.nr < 57) {
if (sd.nr < 22) {
if (sd.nr < 7) {
if (sd.nr < 4) {
if (sd.nr < 1) {
check sys_read
} else {
if (sd.nr < 3) {
check sys_write and sys_open
} else {
check sys_close
}
}
} else {
} else {
} else {
} else {
} else {
}the future seccomp using native eBPF may look like:
bpf_tail_call(&sd, &syscall_jmp_table, sd.nr);
which is simpler, faster and leaves more room for per-syscall checks.Usage:
$ sudo ./tracex5
-366 [001] d... 4.870033: : read(fd=1, buf=00007f6d5bebf000, size=771)
-369 [003] d... 4.870066: : mmap
-369 [003] d... 4.870077: : syscall=110 (one of get/set uid/pid/gid)
-369 [003] d... 4.870089: : syscall=107 (one of get/set uid/pid/gid)
sh-369 [000] d... 4.891740: : read(fd=0, buf=00000000023d1000, size=512)
sh-369 [000] d... 4.891747: : write(fd=1, buf=00000000023d3000, size=512)
sh-369 [000] d... 4.891747: : read(fd=1, buf=00000000023d3000, size=512)Signed-off-by: Alexei Starovoitov
Signed-off-by: David S. Miller