From deb88d0b1fef10177ab197b066f434c720253f8d Mon Sep 17 00:00:00 2001 From: Serhei Makarov Date: Tue, 30 Oct 2018 17:29:46 -0400 Subject: [PATCH 16/32] tapset/bpf/context.stp :: add execname(), triage other functions * tapset/bpf/context.stp: Notes on other functions that could be added. (execname): New tapset function. * tapset/linux/context.stp: Move pexecname() to a more logical location. --- tapset/bpf/context.stp | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ tapset/linux/context.stp | 30 +++++++++++----------- 2 files changed, 81 insertions(+), 15 deletions(-) diff --git a/tapset/bpf/context.stp b/tapset/bpf/context.stp index 45dcd4d71..55e0f871b 100644 --- a/tapset/bpf/context.stp +++ b/tapset/bpf/context.stp @@ -6,6 +6,34 @@ // Public License (GPL); either version 2, or (at your option) any // later version. +/** + * sfunction execname - Returns the execname of a target process (or group of processes) + * + * Description: Returns the execname of a target process (or group of processes). + */ +function execname:string () +%{ /* bpf */ /* pure */ /* unprivileged */ /* stable */ + /* buf = bpf_stk_alloc(BPF_MAXSTRINGLEN); + buf[0] = 0x0; // guarantee NUL byte + rc = get_current_comm(buf, BPF_MAXSTRINGLEN); */ + alloc, $buf, BPF_MAXSTRINGLEN; + 0x62, $buf, -, -, 0x0; /* stw [$buf+0], 0x0 -- guarantee NUL byte */ + call, $rc, get_current_comm, $buf, BPF_MAXSTRINGLEN; + + /* if (rc < 0) return err_msg; + return buf; */ + 0xa5, $rc, 0, _err, -; /* jlt $rc, 0, _err */ + 0xbf, $$, $buf, -, -; /* mov $$, $buf */ + 0x05, -, -, _done, -; /* ja _done */ + + label, _err; + 0xbf, $$, "", -, -; /* mov $$, */ + + label, _done; +%} + +// TODO: pexecname () + /** * sfunction pid - Returns the ID of a thread group * @@ -20,6 +48,8 @@ function pid:long () 0x77, $$, 0, 0, 32 /* rshk $$, 32 */ %} +// TODO: ns_pid:long () + /** * sfunction tid - Returns the thread ID of a target process * @@ -33,6 +63,14 @@ function tid:long () 0xbc, $$, 0, 0, 0 /* movwx $$, r0 */ %} +// TODO: ns_tid:long () +// TODO: ppid:long () +// TODO: ns_ppid:long () +// TODO: pgrp:long () +// TODO: ns_pgrp:long () +// TODO: sid:long () +// TODO: ns_sid:long () + /** * sfunction gid - Returns the group ID of a target process * @@ -46,6 +84,10 @@ function gid:long () 0x77, $$, 0, 0, 32 /* rshk $$, 32 */ %} +// TODO: ns_gid:long () +// TODO: egid:long () +// TODO: ns_egid:long () + /** * sfunction uid - Returns the user ID of a target process * @@ -58,6 +100,12 @@ function uid:long () 0xbc, $$, 0, 0, 0 /* movwx $$, r0 */ %} +// TODO: ns_uid:long () +// TODO: euid:long () +// TODO: ns_euid:long () +// XXX: is_myproc () is only relevant for unprivileged use of eBPF (still theoretical). + +// TODO: Old systemtap-compat scripts should not be running on eBPF backend in the first place? /** * sfunction cpuid - Returns the current cpu number * @@ -82,3 +130,21 @@ function cpu:long () 0x85, 0, 0, 0, 8; /* call BPF_FUNC_get_smp_processor_id */ 0xbf, $$, 0, 0, 0 /* movx $$, r0 */ %} + +// TODO: registers_valid:long () +// TODO: user_mode:long () +// TODO: is_return:long () +// TODO: target:long () +// TODO: module_name:string () +// XXX: module_size:string () -- not clear if this should refer to the entire .bo or to just the current eBPF routine. +// TODO: stp_pid:long () +// XXX: remote_id:long (), remote_uri:string() -- pending an evaluation of remote eBPF execution. +// XXX: stack_size() -- not clear if this should be the eBPF stack size or the kernel stack size. +// XXX: stack_used(),stack_unused() probably a fairly ill-defined idea with the eBPF stack. +// TODO: Other context functions for info about things like eBPF maps. + +// TODO: addr:long () +// TODO: uaddr:long () +// XXX: cmdline_args:string(n:long, m:long, delim:string) -- requires string concatenation & loops. +// TODO: cmdline_arg:string(n:long) +// XXX: cmdline_string:string() -- requires string concatenation & loops. diff --git a/tapset/linux/context.stp b/tapset/linux/context.stp index 2bd405186..46b1f6b32 100644 --- a/tapset/linux/context.stp +++ b/tapset/linux/context.stp @@ -19,6 +19,21 @@ function execname:string () strlcpy (STAP_RETVALUE, current->comm, MAXSTRINGLEN); %} +/** + * sfunction pexecname - Returns the execname of a target process's parent process + * + * Description: This function returns the execname of a target + * process's parent procces. + */ +function pexecname:string () +%{ /* pure */ /* unprivileged */ /* stable */ +#if defined(STAPCONF_REAL_PARENT) + strlcpy (STAP_RETVALUE, current->real_parent->comm, MAXSTRINGLEN); +#else + strlcpy (STAP_RETVALUE, current->parent->comm, MAXSTRINGLEN); +#endif +%} + /** * sfunction pid - Returns the ID of a target process * @@ -153,21 +168,6 @@ function ns_sid:long () else STAP_RETURN (rc); %} -/** - * sfunction pexecname - Returns the execname of a target process's parent process - * - * Description: This function returns the execname of a target - * process's parent procces. - */ -function pexecname:string () -%{ /* pure */ /* unprivileged */ /* stable */ -#if defined(STAPCONF_REAL_PARENT) - strlcpy (STAP_RETVALUE, current->real_parent->comm, MAXSTRINGLEN); -#else - strlcpy (STAP_RETVALUE, current->parent->comm, MAXSTRINGLEN); -#endif -%} - /** * sfunction gid - Returns the group ID of a target process * -- 2.14.5