github.com/castai/kvisor@v1.7.1-0.20240516114728-b3572a2607b5/pkg/ebpftracer/c/headers/common/arch.h (about) 1 #ifndef __COMMON_ARCH_H__ 2 #define __COMMON_ARCH_H__ 3 4 #include <vmlinux.h> 5 6 #include <bpf/bpf_tracing.h> 7 8 #include <common/common.h> 9 10 // PROTOTYPES 11 12 statfunc bool is_x86_compat(struct task_struct *); 13 statfunc bool is_arm64_compat(struct task_struct *); 14 statfunc bool is_compat(struct task_struct *); 15 statfunc int get_syscall_id_from_regs(struct pt_regs *); 16 statfunc struct pt_regs *get_task_pt_regs(struct task_struct *); 17 statfunc bool has_syscall_fd_arg(uint); 18 statfunc uint get_syscall_fd_num_from_arg(uint syscall_id, args_t *); 19 20 // FUNCTIONS 21 22 statfunc bool is_x86_compat(struct task_struct *task) 23 { 24 #if defined(bpf_target_x86) 25 return BPF_CORE_READ(task, thread_info.status) & TS_COMPAT; 26 #else 27 return false; 28 #endif 29 } 30 31 statfunc bool is_arm64_compat(struct task_struct *task) 32 { 33 #if defined(bpf_target_arm64) 34 return BPF_CORE_READ(task, thread_info.flags) & _TIF_32BIT; 35 #else 36 return false; 37 #endif 38 } 39 40 statfunc bool is_compat(struct task_struct *task) 41 { 42 #if defined(bpf_target_x86) 43 return is_x86_compat(task); 44 #elif defined(bpf_target_arm64) 45 return is_arm64_compat(task); 46 #else 47 return false; 48 #endif 49 } 50 51 statfunc int get_syscall_id_from_regs(struct pt_regs *regs) 52 { 53 #if defined(bpf_target_x86) 54 int id = BPF_CORE_READ(regs, orig_ax); 55 #elif defined(bpf_target_arm64) 56 int id = BPF_CORE_READ(regs, syscallno); 57 #endif 58 return id; 59 } 60 61 statfunc struct pt_regs *get_task_pt_regs(struct task_struct *task) 62 { 63 // THREAD_SIZE here is statistically defined and assumed to work for 4k page sizes. 64 #if defined(bpf_target_x86) 65 void *__ptr = BPF_CORE_READ(task, stack) + THREAD_SIZE - TOP_OF_KERNEL_STACK_PADDING; 66 return ((struct pt_regs *) __ptr) - 1; 67 #elif defined(bpf_target_arm64) 68 return ((struct pt_regs *) (THREAD_SIZE + BPF_CORE_READ(task, stack)) - 1); 69 #endif 70 } 71 72 #define UNDEFINED_SYSCALL 1000 73 #define NO_SYSCALL -1 74 75 #if defined(bpf_target_x86) 76 #define SYSCALL_READ 0 77 #define SYSCALL_WRITE 1 78 #define SYSCALL_OPEN 2 79 #define SYSCALL_CLOSE 3 80 #define SYSCALL_FSTAT 5 81 #define SYSCALL_LSEEK 8 82 #define SYSCALL_MMAP 9 83 #define SYSCALL_MPROTECT 10 84 #define SYSCALL_RT_SIGRETURN 15 85 #define SYSCALL_IOCTL 16 86 #define SYSCALL_PREAD64 17 87 #define SYSCALL_PWRITE64 18 88 #define SYSCALL_READV 19 89 #define SYSCALL_WRITEV 20 90 #define SYSCALL_DUP 32 91 #define SYSCALL_DUP2 33 92 #define SYSCALL_SOCKET 41 93 #define SYSCALL_CONNECT 42 94 #define SYSCALL_ACCEPT 43 95 #define SYSCALL_SENDTO 44 96 #define SYSCALL_RECVFROM 45 97 #define SYSCALL_SENDMSG 46 98 #define SYSCALL_RECVMSG 47 99 #define SYSCALL_SHUTDOWN 48 100 #define SYSCALL_BIND 49 101 #define SYSCALL_LISTEN 50 102 #define SYSCALL_GETSOCKNAME 51 103 #define SYSCALL_GETPEERNAME 52 104 #define SYSCALL_SETSOCKOPT 54 105 #define SYSCALL_GETSOCKOPT 55 106 #define SYSCALL_EXECVE 59 107 #define SYSCALL_EXIT 60 108 #define SYSCALL_FCNTL 72 109 #define SYSCALL_FLOCK 73 110 #define SYSCALL_FSYNC 74 111 #define SYSCALL_FDATASYNC 75 112 #define SYSCALL_FTRUNCATE 77 113 #define SYSCALL_GETDENTS 78 114 #define SYSCALL_FCHDIR 81 115 #define SYSCALL_FCHMOD 91 116 #define SYSCALL_FCHOWN 93 117 #define SYSCALL_FSTATFS 138 118 #define SYSCALL_READAHEAD 187 119 #define SYSCALL_FSETXATTR 190 120 #define SYSCALL_FGETXATTR 193 121 #define SYSCALL_FLISTXATTR 196 122 #define SYSCALL_FREMOVEXATTR 199 123 #define SYSCALL_GETDENTS64 217 124 #define SYSCALL_FADVISE64 221 125 #define SYSCALL_EXIT_GROUP 231 126 #define SYSCALL_EPOLL_WAIT 232 127 #define SYSCALL_EPOLL_CTL 233 128 #define SYSCALL_INOTIFY_ADD_WATCH 254 129 #define SYSCALL_INOTIFY_RM_WATCH 255 130 #define SYSCALL_OPENAT 257 131 #define SYSCALL_MKDIRAT 258 132 #define SYSCALL_MKNODAT 259 133 #define SYSCALL_FCHOWNAT 260 134 #define SYSCALL_FUTIMESAT 261 135 #define SYSCALL_NEWFSTATAT 262 136 #define SYSCALL_UNLINKAT 263 137 #define SYSCALL_SYMLINKAT 266 138 #define SYSCALL_READLINKAT 267 139 #define SYSCALL_FCHMODAT 268 140 #define SYSCALL_FACCESSAT 269 141 #define SYSCALL_SYNC_FILE_RANGE 277 142 #define SYSCALL_VMSPLICE 278 143 #define SYSCALL_UTIMENSAT 280 144 #define SYSCALL_EPOLL_PWAIT 281 145 #define SYSCALL_SIGNALFD 282 146 #define SYSCALL_FALLOCATE 285 147 #define SYSCALL_TIMERFD_SETTIME 286 148 #define SYSCALL_TIMERFD_GETTIME 287 149 #define SYSCALL_ACCEPT4 288 150 #define SYSCALL_SIGNALFD4 289 151 #define SYSCALL_DUP3 292 152 #define SYSCALL_PREADV 295 153 #define SYSCALL_PWRITEV 296 154 #define SYSCALL_PERF_EVENT_OPEN 298 155 #define SYSCALL_RECVMMSG 299 156 #define SYSCALL_NAME_TO_HANDLE_AT 303 157 #define SYSCALL_OPEN_BY_HANDLE_AT 304 158 #define SYSCALL_SYNCFS 306 159 #define SYSCALL_SENDMMSG 307 160 #define SYSCALL_SETNS 308 161 #define SYSCALL_FINIT_MODULE 313 162 #define SYSCALL_EXECVEAT 322 163 #define SYSCALL_PREADV2 327 164 #define SYSCALL_PWRITEV2 328 165 #define SYSCALL_PKEY_MPROTECT 329 166 #define SYSCALL_STATX 332 167 #define SYSCALL_PIDFD_SEND_SIGNAL 424 168 #define SYSCALL_IO_URING_ENTER 426 169 #define SYSCALL_IO_URING_REGISTER 427 170 #define SYSCALL_OPEN_TREE 428 171 #define SYSCALL_FSCONFIG 431 172 #define SYSCALL_FSMOUNT 432 173 #define SYSCALL_FSPICK 433 174 #define SYSCALL_OPENAT2 437 175 #define SYSCALL_FACCESSAT2 439 176 #define SYSCALL_PROCESS_MADVISE 440 177 #define SYSCALL_EPOLL_PWAIT2 441 178 #define SYSCALL_MOUNT_SETATTR 442 179 #define SYSCALL_QUOTACTL_FD 443 180 #define SYSCALL_LANDLOCK_ADD_RULE 445 181 #define SYSCALL_LANDLOCK_RESTRICT_SELF 446 182 #define SYSCALL_PROCESS_MRELEASE 448 183 #define SYSCALL_SOCKETCALL 473 184 185 #elif defined(bpf_target_arm64) 186 #define SYSCALL_READ 63 187 #define SYSCALL_WRITE 64 188 #define SYSCALL_OPEN UNDEFINED_SYSCALL 189 #define SYSCALL_CLOSE 57 190 #define SYSCALL_FSTAT 80 191 #define SYSCALL_LSEEK 62 192 #define SYSCALL_MMAP 222 193 #define SYSCALL_MPROTECT 226 194 #define SYSCALL_RT_SIGRETURN 139 195 #define SYSCALL_IOCTL 29 196 #define SYSCALL_PREAD64 67 197 #define SYSCALL_PWRITE64 68 198 #define SYSCALL_READV 65 199 #define SYSCALL_WRITEV 66 200 #define SYSCALL_DUP 23 201 #define SYSCALL_DUP2 UNDEFINED_SYSCALL 202 #define SYSCALL_SOCKET 198 203 #define SYSCALL_CONNECT 203 204 #define SYSCALL_ACCEPT 202 205 #define SYSCALL_SENDTO 206 206 #define SYSCALL_RECVFROM 207 207 #define SYSCALL_SENDMSG 211 208 #define SYSCALL_RECVMSG 212 209 #define SYSCALL_SHUTDOWN 210 210 #define SYSCALL_BIND 200 211 #define SYSCALL_LISTEN 201 212 #define SYSCALL_GETSOCKNAME 204 213 #define SYSCALL_GETPEERNAME 205 214 #define SYSCALL_SETSOCKOPT 208 215 #define SYSCALL_GETSOCKOPT 209 216 #define SYSCALL_EXECVE 221 217 #define SYSCALL_EXIT 93 218 #define SYSCALL_FCNTL 25 219 #define SYSCALL_FLOCK 32 220 #define SYSCALL_FSYNC 82 221 #define SYSCALL_FDATASYNC 83 222 #define SYSCALL_FTRUNCATE 46 223 #define SYSCALL_GETDENTS UNDEFINED_SYSCALL 224 #define SYSCALL_FCHDIR 50 225 #define SYSCALL_FCHMOD 52 226 #define SYSCALL_FCHOWN 55 227 #define SYSCALL_FSTATFS 44 228 #define SYSCALL_READAHEAD 213 229 #define SYSCALL_FSETXATTR 7 230 #define SYSCALL_FGETXATTR 10 231 #define SYSCALL_FLISTXATTR 13 232 #define SYSCALL_FREMOVEXATTR 16 233 #define SYSCALL_GETDENTS64 61 234 #define SYSCALL_FADVISE64 223 235 #define SYSCALL_EXIT_GROUP 94 236 #define SYSCALL_EPOLL_WAIT UNDEFINED_SYSCALL 237 #define SYSCALL_EPOLL_CTL 21 238 #define SYSCALL_INOTIFY_ADD_WATCH 27 239 #define SYSCALL_INOTIFY_RM_WATCH 28 240 #define SYSCALL_OPENAT 56 241 #define SYSCALL_MKDIRAT 34 242 #define SYSCALL_MKNODAT 33 243 #define SYSCALL_FCHOWNAT 54 244 #define SYSCALL_FUTIMESAT UNDEFINED_SYSCALL 245 #define SYSCALL_NEWFSTATAT UNDEFINED_SYSCALL 246 #define SYSCALL_UNLINKAT 35 247 #define SYSCALL_SYMLINKAT 36 248 #define SYSCALL_READLINKAT 78 249 #define SYSCALL_FCHMODAT 53 250 #define SYSCALL_FACCESSAT 48 251 #define SYSCALL_SYNC_FILE_RANGE 84 252 #define SYSCALL_VMSPLICE 75 253 #define SYSCALL_UTIMENSAT 88 254 #define SYSCALL_EPOLL_PWAIT 22 255 #define SYSCALL_SIGNALFD UNDEFINED_SYSCALL 256 #define SYSCALL_FALLOCATE 47 257 #define SYSCALL_TIMERFD_SETTIME 86 258 #define SYSCALL_TIMERFD_GETTIME 87 259 #define SYSCALL_ACCEPT4 242 260 #define SYSCALL_SIGNALFD4 74 261 #define SYSCALL_DUP3 24 262 #define SYSCALL_PREADV 69 263 #define SYSCALL_PWRITEV 70 264 #define SYSCALL_PERF_EVENT_OPEN 241 265 #define SYSCALL_RECVMMSG 243 266 #define SYSCALL_NAME_TO_HANDLE_AT 264 267 #define SYSCALL_OPEN_BY_HANDLE_AT 265 268 #define SYSCALL_SYNCFS 267 269 #define SYSCALL_SENDMMSG 269 270 #define SYSCALL_SETNS 268 271 #define SYSCALL_FINIT_MODULE 273 272 #define SYSCALL_EXECVEAT 281 273 #define SYSCALL_PREADV2 286 274 #define SYSCALL_PWRITEV2 287 275 #define SYSCALL_PKEY_MPROTECT 288 276 #define SYSCALL_STATX 291 277 #define SYSCALL_PIDFD_SEND_SIGNAL 424 278 #define SYSCALL_IO_URING_ENTER 426 279 #define SYSCALL_IO_URING_REGISTER 427 280 #define SYSCALL_OPEN_TREE 428 281 #define SYSCALL_FSCONFIG 431 282 #define SYSCALL_FSMOUNT 432 283 #define SYSCALL_FSPICK 433 284 #define SYSCALL_OPENAT2 437 285 #define SYSCALL_FACCESSAT2 439 286 #define SYSCALL_PROCESS_MADVISE 440 287 #define SYSCALL_EPOLL_PWAIT2 441 288 #define SYSCALL_MOUNT_SETATTR 442 289 #define SYSCALL_QUOTACTL_FD 443 290 #define SYSCALL_LANDLOCK_ADD_RULE 445 291 #define SYSCALL_LANDLOCK_RESTRICT_SELF 446 292 #define SYSCALL_PROCESS_MRELEASE 448 293 #define SYSCALL_SOCKETCALL UNDEFINED_SYSCALL 294 #endif 295 296 statfunc bool has_syscall_fd_arg(uint syscall_id) 297 { 298 // Only syscalls with one fd argument so far 299 switch (syscall_id) { 300 case SYSCALL_READ: 301 case SYSCALL_WRITE: 302 case SYSCALL_CLOSE: 303 case SYSCALL_FSTAT: 304 case SYSCALL_LSEEK: 305 case SYSCALL_MMAP: 306 case SYSCALL_IOCTL: 307 case SYSCALL_PREAD64: 308 case SYSCALL_PWRITE64: 309 case SYSCALL_READV: 310 case SYSCALL_WRITEV: 311 case SYSCALL_DUP: 312 case SYSCALL_CONNECT: 313 case SYSCALL_ACCEPT: 314 case SYSCALL_SENDTO: 315 case SYSCALL_RECVFROM: 316 case SYSCALL_SENDMSG: 317 case SYSCALL_RECVMSG: 318 case SYSCALL_SHUTDOWN: 319 case SYSCALL_BIND: 320 case SYSCALL_LISTEN: 321 case SYSCALL_GETSOCKNAME: 322 case SYSCALL_GETPEERNAME: 323 case SYSCALL_SETSOCKOPT: 324 case SYSCALL_GETSOCKOPT: 325 case SYSCALL_FCNTL: 326 case SYSCALL_FLOCK: 327 case SYSCALL_FSYNC: 328 case SYSCALL_FDATASYNC: 329 case SYSCALL_FTRUNCATE: 330 case SYSCALL_FCHDIR: 331 case SYSCALL_FCHMOD: 332 case SYSCALL_FCHOWN: 333 case SYSCALL_FSTATFS: 334 case SYSCALL_READAHEAD: 335 case SYSCALL_FSETXATTR: 336 case SYSCALL_FGETXATTR: 337 case SYSCALL_FLISTXATTR: 338 case SYSCALL_FREMOVEXATTR: 339 case SYSCALL_GETDENTS64: 340 case SYSCALL_FADVISE64: 341 case SYSCALL_INOTIFY_ADD_WATCH: 342 case SYSCALL_INOTIFY_RM_WATCH: 343 case SYSCALL_OPENAT: 344 case SYSCALL_MKDIRAT: 345 case SYSCALL_MKNODAT: 346 case SYSCALL_FCHOWNAT: 347 case SYSCALL_UNLINKAT: 348 case SYSCALL_SYMLINKAT: 349 case SYSCALL_READLINKAT: 350 case SYSCALL_FCHMODAT: 351 case SYSCALL_FACCESSAT: 352 case SYSCALL_SYNC_FILE_RANGE: 353 case SYSCALL_VMSPLICE: 354 case SYSCALL_UTIMENSAT: 355 case SYSCALL_FALLOCATE: 356 case SYSCALL_TIMERFD_SETTIME: 357 case SYSCALL_TIMERFD_GETTIME: 358 case SYSCALL_ACCEPT4: 359 case SYSCALL_SIGNALFD4: 360 case SYSCALL_PREADV: 361 case SYSCALL_PWRITEV: 362 case SYSCALL_PERF_EVENT_OPEN: 363 case SYSCALL_RECVMMSG: 364 case SYSCALL_NAME_TO_HANDLE_AT: 365 case SYSCALL_OPEN_BY_HANDLE_AT: 366 case SYSCALL_SYNCFS: 367 case SYSCALL_SENDMMSG: 368 case SYSCALL_SETNS: 369 case SYSCALL_FINIT_MODULE: 370 case SYSCALL_EXECVEAT: 371 case SYSCALL_PREADV2: 372 case SYSCALL_PWRITEV2: 373 case SYSCALL_STATX: 374 case SYSCALL_PIDFD_SEND_SIGNAL: 375 case SYSCALL_IO_URING_ENTER: 376 case SYSCALL_IO_URING_REGISTER: 377 case SYSCALL_OPEN_TREE: 378 case SYSCALL_FSCONFIG: 379 case SYSCALL_FSMOUNT: 380 case SYSCALL_FSPICK: 381 case SYSCALL_OPENAT2: 382 case SYSCALL_FACCESSAT2: 383 case SYSCALL_PROCESS_MADVISE: 384 case SYSCALL_EPOLL_PWAIT2: 385 case SYSCALL_MOUNT_SETATTR: 386 case SYSCALL_QUOTACTL_FD: 387 case SYSCALL_LANDLOCK_ADD_RULE: 388 case SYSCALL_LANDLOCK_RESTRICT_SELF: 389 case SYSCALL_PROCESS_MRELEASE: 390 #if !defined(bpf_target_arm64) 391 case SYSCALL_GETDENTS: 392 case SYSCALL_EPOLL_WAIT: 393 case SYSCALL_FUTIMESAT: 394 case SYSCALL_NEWFSTATAT: 395 case SYSCALL_EPOLL_PWAIT: 396 case SYSCALL_SIGNALFD: 397 #endif 398 return true; 399 } 400 401 return false; 402 } 403 404 statfunc uint get_syscall_fd_num_from_arg(uint syscall_id, args_t *args) 405 { 406 switch (syscall_id) { 407 case SYSCALL_SYMLINKAT: 408 return args->args[1]; 409 case SYSCALL_PERF_EVENT_OPEN: 410 return args->args[3]; 411 case SYSCALL_MMAP: 412 return args->args[4]; 413 } 414 415 return args->args[0]; 416 } 417 418 #endif