Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rewriter: Init only the requested parameters #4601

Merged
merged 1 commit into from
May 5, 2023
Merged

rewriter: Init only the requested parameters #4601

merged 1 commit into from
May 5, 2023

Conversation

xmzzz
Copy link
Contributor

@xmzzz xmzzz commented Apr 30, 2023

Enable the rewriter initialize only the requested function parameters. After verification by the tools/execsnoop, the result is correct.

For example, In tools/execsnoop, the __envp parameter in the syscall_execve() function is not requested, so it is not initialized.

Before:

...
__attribute__((section(".bpf.fn.syscall__execve")))
int syscall__execve(struct pt_regs *ctx)
{
#if defined(CONFIG_ARCH_HAS_SYSCALL_WRAPPER)
 struct pt_regs * __ctx = (void *)ctx->di;
 const char __user *filename; bpf_probe_read(&filename, sizeof(filename), &__ctx->di);
 const char __user *const __user *__argv; bpf_probe_read(&__argv, sizeof(__argv), &__ctx->si);
 const char __user *const __user *__envp; bpf_probe_read(&__envp, sizeof(__envp), &__ctx->dx);
#else
 const char __user *filename = (const char *)ctx->di; const char __user *const __user *__argv = (const char *const *)ctx->si; const char __user *const __user *__envp = (const char *const *)ctx->dx;
#endif
...

After:

...
__attribute__((section(".bpf.fn.syscall__execve")))
int syscall__execve(struct pt_regs *ctx)
{
#if defined(CONFIG_ARCH_HAS_SYSCALL_WRAPPER)
 struct pt_regs * __ctx = (void *)ctx->di;
 const char __user *filename; bpf_probe_read(&filename, sizeof(filename), &__ctx->di);
 const char __user *const __user *__argv; bpf_probe_read(&__argv, sizeof(__argv), &__ctx->si);
#else
 const char __user *filename = (const char *)ctx->di; const char __user *const __user *__argv = (const char *const *)ctx->si;
#endif
...

@xmzzz
rewriter: Init only the requested parameters
41d0d56 
Enable the rewriter initialize only the requested function parameters,
and after verification by the tools/execsnoop, the result is correct.

Signed-off-by: Mingzheng Xing <xingmingzheng@iscas.ac.cn>
@yonghong-song yonghong-song merged commit 699799b into iovisor:master May 5, 2023
@xmzzz xmzzz deleted the clang_param_init branch May 6, 2023 02:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drzaeus77 drzaeus77 Awaiting requested review from drzaeus77 drzaeus77 is a code owner

@yonghong-song yonghong-song Awaiting requested review from yonghong-song yonghong-song is a code owner

@4ast 4ast Awaiting requested review from 4ast 4ast is a code owner

@davemarchevsky davemarchevsky Awaiting requested review from davemarchevsky davemarchevsky is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xmzzz @yonghong-song