Commit c2874823 authored by Hengqi Chen's avatar Hengqi Chen Committed by Andrii Nakryiko

selftests/bpf: Test BPF_KPROBE_SYSCALL macro

Add tests for the newly added BPF_KPROBE_SYSCALL macro.
Signed-off-by: default avatarHengqi Chen <hengqi.chen@gmail.com>
Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220207143134.2977852-3-hengqi.chen@gmail.com
parent 816ae109
...@@ -62,6 +62,12 @@ void test_bpf_syscall_macro(void) ...@@ -62,6 +62,12 @@ void test_bpf_syscall_macro(void)
ASSERT_EQ(skel->bss->arg4_core, exp_arg4, "syscall_arg4_core_variant"); ASSERT_EQ(skel->bss->arg4_core, exp_arg4, "syscall_arg4_core_variant");
ASSERT_EQ(skel->bss->arg5_core, exp_arg5, "syscall_arg5_core_variant"); ASSERT_EQ(skel->bss->arg5_core, exp_arg5, "syscall_arg5_core_variant");
ASSERT_EQ(skel->bss->option_syscall, exp_arg1, "BPF_KPROBE_SYSCALL_option");
ASSERT_EQ(skel->bss->arg2_syscall, exp_arg2, "BPF_KPROBE_SYSCALL_arg2");
ASSERT_EQ(skel->bss->arg3_syscall, exp_arg3, "BPF_KPROBE_SYSCALL_arg3");
ASSERT_EQ(skel->bss->arg4_syscall, exp_arg4, "BPF_KPROBE_SYSCALL_arg4");
ASSERT_EQ(skel->bss->arg5_syscall, exp_arg5, "BPF_KPROBE_SYSCALL_arg5");
cleanup: cleanup:
bpf_syscall_macro__destroy(skel); bpf_syscall_macro__destroy(skel);
} }
...@@ -21,6 +21,12 @@ unsigned long arg4_core_cx = 0; ...@@ -21,6 +21,12 @@ unsigned long arg4_core_cx = 0;
unsigned long arg4_core = 0; unsigned long arg4_core = 0;
unsigned long arg5_core = 0; unsigned long arg5_core = 0;
int option_syscall = 0;
unsigned long arg2_syscall = 0;
unsigned long arg3_syscall = 0;
unsigned long arg4_syscall = 0;
unsigned long arg5_syscall = 0;
const volatile pid_t filter_pid = 0; const volatile pid_t filter_pid = 0;
SEC("kprobe/" SYS_PREFIX "sys_prctl") SEC("kprobe/" SYS_PREFIX "sys_prctl")
...@@ -58,4 +64,21 @@ int BPF_KPROBE(handle_sys_prctl) ...@@ -58,4 +64,21 @@ int BPF_KPROBE(handle_sys_prctl)
return 0; return 0;
} }
SEC("kprobe/" SYS_PREFIX "sys_prctl")
int BPF_KPROBE_SYSCALL(prctl_enter, int option, unsigned long arg2,
unsigned long arg3, unsigned long arg4, unsigned long arg5)
{
pid_t pid = bpf_get_current_pid_tgid() >> 32;
if (pid != filter_pid)
return 0;
option_syscall = option;
arg2_syscall = arg2;
arg3_syscall = arg3;
arg4_syscall = arg4;
arg5_syscall = arg5;
return 0;
}
char _license[] SEC("license") = "GPL"; char _license[] SEC("license") = "GPL";
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment