update(modern_bpf): change signature of auxmap__store_charbuf_param…

… method

Signed-off-by: Andrea Terzolo <andrea.terzolo@polito.it>
Co-authored-by: Hendrik Brueckner <brueckner@de.ibm.com>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>

driver/modern_bpf/helpers/store/auxmap_store_params.h

@@ -10,23 +10,50 @@
 #include <helpers/base/push_data.h>
 #include <helpers/extract/extract_from_kernel.h>
 
-/* Right now a cgroup pathname can have at most 6 components. */
+/*=============================== FIXED CONSTRAINTS ===============================*/
+
+/* These are some of the constraints we want to impose during our
+ * store operations. One day these could become const global variables
+ * that could be set by the userspace.
+ */
+
+/* Right now a `cgroup` pathname can have at most 6 components. */
 #define MAX_CGROUP_PATH_POINTERS 6
 
 /* Right now a file path extracted from a file descriptor can
  * have at most `MAX_PATH_POINTERS` components.
  */
 #define MAX_PATH_POINTERS 8
 
-/* Maximum length of unix socket path.
- * We can have at maximum 108 characters plus the `\0` terminator.
+/* Maximum length of `unix` socket path.
+ * We can have a maximum of 108 characters plus the `\0` terminator.
  */
 #define MAX_UNIX_SOCKET_PATH 108 + 1
 
-/* Max number of iovec structure that we can analize. */
+/* Maximum number of `iovec` structures that we can analyze. */
 #define MAX_IOVCNT 32
 
-/* Conversion factors used in setsockopt val. */
+/* Maximum number of charbuf pointers that we assume an array can have. */
+#define MAX_CHARBUF_POINTERS 16
+
+/* Proc name */
+#define MAX_PROC_EXE 4096
+
+/* Proc arguments or environment variables.
+ * Must be always a power of 2 because we can also use it as a mask!
+ */
+#define MAX_PROC_ARG_ENV 4096
+
+/* PATH_MAX supported by the operating system: 4096 */
+#define MAX_PATH 4096
+
+/*=============================== FIXED CONSTRAINTS ===============================*/
+
+/*=============================== COMMON DEFINITIONS ===============================*/
+
+/* Some auxiliary definitions we use during our store operations */
+
+/* Conversion factors used in `setsockopt` val. */
 #define SEC_FACTOR 1000000000
 #define USEC_FACTOR 1000
 
@@ -46,11 +73,7 @@ enum connection_direction
 	INBOUND = 1,
 };
 
-/* Maximum number of charbuf pointers that we assume an array can have. */
-#define MAX_CHARBUF_POINTERS 16
-
-/* Maximum length of an `execve` arg. */
-#define MAX_EXECVE_ARG_LEN 4096
+/*=============================== COMMON DEFINITIONS ===============================*/
 
 /* Concept of auxamp (auxiliary map):
  *
@@ -303,18 +326,27 @@ static __always_inline void auxmap__store_u64_param(struct auxiliary_map *auxmap
 
 /**
  * @brief This helper stores the charbuf pointed by `charbuf_pointer`
- * into the auxmap. The charbuf can have a maximum length
- * of `MAX_PARAM_SIZE`. For more details, look at the underlying
+ * into the auxmap. We read until we find a `\0`, if the charbuf length
+ * is greater than `len_to_read`, we read up to `len_to_read-1` bytes
+ * and add the `\0`. For more details, look at the underlying
  * `push__charbuf` method
  *
  * @param auxmap pointer to the auxmap in which we are storing the param.
  * @param charbuf_pointer pointer to the charbuf to store.
+ * @param len_to_read upper bound limit.
  * @param mem from which memory we need to read: user-space or kernel-space.
  * @return number of bytes read.
  */
-static __always_inline u16 auxmap__store_charbuf_param(struct auxiliary_map *auxmap, unsigned long charbuf_pointer, enum read_memory mem)
+static __always_inline u16 auxmap__store_charbuf_param(struct auxiliary_map *auxmap, unsigned long charbuf_pointer, u16 len_to_read, enum read_memory mem)
 {
-	u16 charbuf_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, MAX_PARAM_SIZE, mem);
+	u16 charbuf_len = 0;
+	/* This check is just for performance reasons. Is useless to check
+	 * `len_to_read > 0` here, since `len_to_read` is just the upper bound.
+	 */
+	if(charbuf_pointer)
+	{
+		charbuf_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, len_to_read, mem);
+	}
 	/* If we are not able to push anything with `push__charbuf`
 	 * `charbuf_len` will be equal to `0` so we will send an
 	 * empty param to userspace.
@@ -335,10 +367,11 @@ static __always_inline u16 auxmap__store_charbuf_param(struct auxiliary_map *aux
  * @param mem from which memory we need to read: user-space or kernel-space.
  * @return number of bytes read.
  */
-static __always_inline u16 auxmap__store_bytebuf_param(struct auxiliary_map *auxmap, unsigned long bytebuf_pointer, unsigned long len_to_read, enum read_memory mem)
+static __always_inline u16 auxmap__store_bytebuf_param(struct auxiliary_map *auxmap, unsigned long bytebuf_pointer, u16 len_to_read, enum read_memory mem)
 {
 	u16 bytebuf_len = 0;
-	if (len_to_read > 0)
+	/* This check is just for performance reasons. */
+	if(bytebuf_pointer && len_to_read > 0)
 	{
 		bytebuf_len = push__bytebuf(auxmap->data, &auxmap->payload_pos, bytebuf_pointer, len_to_read, mem);
 	}
@@ -369,7 +402,7 @@ static __always_inline void auxmap__store_execve_exe(struct auxiliary_map *auxma
 		return;
 	}
 
-	exe_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, MAX_EXECVE_ARG_LEN, USER);
+	exe_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, MAX_PROC_EXE, USER);
 	push__param_len(auxmap->data, &auxmap->lengths_pos, exe_len);
 }
 
@@ -400,7 +433,7 @@ static __always_inline void auxmap__store_execve_args(struct auxiliary_map *auxm
 		{
 			break;
 		}
-		arg_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, MAX_EXECVE_ARG_LEN, USER);
+		arg_len = push__charbuf(auxmap->data, &auxmap->payload_pos, charbuf_pointer, MAX_PROC_ARG_ENV, USER);
 		if(!arg_len)
 		{
 			break;

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/chdir.bpf.c

@@ -58,7 +58,7 @@ int BPF_PROG(chdir_x,
 
 	/* Parameter 2: path (type: PT_CHARBUF) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/chmod.bpf.c

@@ -58,7 +58,7 @@ int BPF_PROG(chmod_x,
 
 	/* Parameter 2: filename (type: PT_FSPATH) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/* Parameter 3: mode (type: PT_MODE) */
 	unsigned long mode = extract__syscall_argument(regs, 1);

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/chroot.bpf.c

@@ -58,7 +58,7 @@ int BPF_PROG(chroot_x,
 
 	/* Parameter 2: path (type: PT_FSPATH) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/clone.bpf.c

@@ -78,15 +78,15 @@ int BPF_PROG(clone_x,
 		/* We need to extract the len of `exe` arg so we can understand
 		 * the overall length of the remaining args.
 		 */
-		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, USER);
+		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, MAX_PROC_EXE, USER);
 
 		/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 		/* Here we read all the array starting from the pointer to the first
 		 * element. We could also read the array element per element but
 		 * since we know the total len we read it as a `bytebuf`.
 		 * The `\0` after every argument are preserved.
 		 */
-		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, total_args_len - exe_arg_len, USER);
+		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, (total_args_len - exe_arg_len) & (MAX_PROC_ARG_ENV - 1), USER);
 	}
 	else
 	{
@@ -147,7 +147,7 @@ int BPF_PROG(clone_x,
 	auxmap__store_u32_param(auxmap, vm_swap);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
-	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, KERNEL);
+	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, MAX_PROC_EXE, KERNEL);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/clone3.bpf.c

@@ -78,15 +78,15 @@ int BPF_PROG(clone3_x,
 		/* We need to extract the len of `exe` arg so we can understand
 		 * the overall length of the remaining args.
 		 */
-		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, USER);
+		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, MAX_PROC_EXE, USER);
 
 		/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 		/* Here we read all the array starting from the pointer to the first
 		 * element. We could also read the array element per element but
 		 * since we know the total len we read it as a `bytebuf`.
 		 * The `\0` after every argument are preserved.
 		 */
-		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, total_args_len - exe_arg_len, USER);
+		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, (total_args_len - exe_arg_len) & (MAX_PROC_ARG_ENV - 1), USER);
 	}
 	else
 	{
@@ -147,7 +147,7 @@ int BPF_PROG(clone3_x,
 	auxmap__store_u32_param(auxmap, vm_swap);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
-	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, KERNEL);
+	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, MAX_PROC_EXE, KERNEL);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/creat.bpf.c

@@ -26,7 +26,7 @@ int BPF_PROG(creat_e,
 
 	/* Parameter 1: name (type: PT_FSPATH) */
 	unsigned long name_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, name_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, name_pointer, MAX_PATH, USER);
 
 	/* Parameter 2: mode (type: PT_UINT32) */
 	unsigned long mode = extract__syscall_argument(regs, 1);
@@ -65,7 +65,7 @@ int BPF_PROG(creat_x,
 
 	/* Parameter 2: name (type: PT_FSPATH) */
 	unsigned long name_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, name_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, name_pointer, MAX_PATH, USER);
 
 	/* Parameter 3: mode (type: PT_UINT32) */
 	unsigned long mode = extract__syscall_argument(regs, 1);

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execve.bpf.c

@@ -25,7 +25,7 @@ int BPF_PROG(execve_e,
 
 	/* Parameter 1: filename (type: PT_FSPATH) */
 	unsigned long filename_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, filename_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, filename_pointer, MAX_PATH, USER);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
@@ -79,15 +79,15 @@ int BPF_PROG(execve_x,
 		/* We need to extract the len of `exe` arg so we can undestand
 		 * the overall length of the remaining args.
 		 */
-		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, USER);
+		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, MAX_PROC_EXE, USER);
 
 		/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 		/* Here we read the whole array starting from the pointer to the first
 		 * element. We could also read the array element per element but
 		 * since we know the total len we read it as a `bytebuf`.
 		 * The `\0` after every argument are preserved.
 		 */
-		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, total_args_len - exe_arg_len, USER);
+		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, (total_args_len - exe_arg_len) & (MAX_PROC_ARG_ENV - 1), USER);
 	}
 	else
 	{
@@ -155,7 +155,7 @@ int BPF_PROG(execve_x,
 	auxmap__store_u32_param(auxmap, vm_swap);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
-	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, KERNEL);
+	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, MAX_PROC_EXE, KERNEL);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/execveat.bpf.c

@@ -33,7 +33,7 @@ int BPF_PROG(execveat_e,
 
 	/* Parameter 2: pathname (type: PT_FSRELPATH) */
 	unsigned long pathname_pointer = extract__syscall_argument(regs, 1);
-	auxmap__store_charbuf_param(auxmap, pathname_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, pathname_pointer, MAX_PATH, USER);
 
 	/* Parameter 3: flags (type: PT_FLAGS32) */
 	unsigned long flags = extract__syscall_argument(regs, 4);
@@ -136,7 +136,7 @@ int BPF_PROG(execveat_x,
 	auxmap__store_u32_param(auxmap, vm_swap);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
-	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, KERNEL);
+	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, MAX_PROC_EXE, KERNEL);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/fchmodat.bpf.c

@@ -66,7 +66,7 @@ int BPF_PROG(fchmodat_x,
 
 	/* Parameter 3: filename (type: PT_FSRELPATH) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 1);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/* Parameter 4: mode (type: PT_MODE) */
 	unsigned long mode = extract__syscall_argument(regs, 2);
@@ -81,5 +81,4 @@ int BPF_PROG(fchmodat_x,
 	return 0;
 }
 
-
 /*=============================== EXIT EVENT ===========================*/

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/fork.bpf.c

@@ -80,15 +80,15 @@ int BPF_PROG(fork_x,
 		/* We need to extract the len of `exe` arg so we can undestand
 		 * the overall length of the remaining args.
 		 */
-		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, USER);
+		u16 exe_arg_len = auxmap__store_charbuf_param(auxmap, arg_start_pointer, MAX_PROC_EXE, USER);
 
 		/* Parameter 3: args (type: PT_CHARBUFARRAY) */
 		/* Here we read all the array starting from the pointer to the first
 		 * element. We could also read the array element per element but
 		 * since we know the total len we read it as a `bytebuf`.
 		 * The `\0` after every argument are preserved.
 		 */
-		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, total_args_len - exe_arg_len, USER);
+		auxmap__store_bytebuf_param(auxmap, arg_start_pointer + exe_arg_len, (total_args_len - exe_arg_len) & (MAX_PROC_ARG_ENV - 1), USER);
 	}
 	else
 	{
@@ -149,7 +149,7 @@ int BPF_PROG(fork_x,
 	auxmap__store_u32_param(auxmap, vm_swap);
 
 	/* Parameter 14: comm (type: PT_CHARBUF) */
-	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, KERNEL);
+	auxmap__store_charbuf_param(auxmap, (unsigned long)task->comm, MAX_PROC_EXE, KERNEL);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/fsconfig.bpf.c

@@ -68,7 +68,7 @@ int BPF_PROG(fsconfig_x,
 
 	/* Parameter 4: key (type: PT_CHARBUF) */
 	unsigned long key_pointer = extract__syscall_argument(regs, 2);
-	auxmap__store_charbuf_param(auxmap, key_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, key_pointer, MAX_PARAM_SIZE, USER);
 
 	int aux = extract__syscall_argument(regs, 4);
 
@@ -114,7 +114,7 @@ int BPF_PROG(fsconfig_x,
 			auxmap__store_empty_param(auxmap);
 
 			/* Parameter 6: value_charbuf (type: PT_CHARBUF) */
-			auxmap__store_charbuf_param(auxmap, value_pointer, USER);
+			auxmap__store_charbuf_param(auxmap, value_pointer, MAX_PARAM_SIZE, USER);
 			break;
 
 		case PPM_FSCONFIG_SET_BINARY:

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/link.bpf.c

@@ -58,11 +58,11 @@ int BPF_PROG(link_x,
 
 	/* Parameter 2: oldpath (type: PT_FSPATH) */
 	unsigned long old_path_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, old_path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, old_path_pointer, MAX_PATH, USER);
 
 	/* Parameter 3: newpath (type: PT_FSPATH) */
 	unsigned long new_path_pointer = extract__syscall_argument(regs, 1);
-	auxmap__store_charbuf_param(auxmap, new_path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, new_path_pointer, MAX_PATH, USER);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/linkat.bpf.c

@@ -66,7 +66,7 @@ int BPF_PROG(linkat_x,
 
 	/* Parameter 3: oldpath (type: PT_FSRELPATH) */
 	unsigned long old_path_pointer = extract__syscall_argument(regs, 1);
-	auxmap__store_charbuf_param(auxmap, old_path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, old_path_pointer, MAX_PATH, USER);
 
 	/* Parameter 4: newdirfd (type: PT_FD) */
 	s32 newdirfd = (s32)extract__syscall_argument(regs, 2);
@@ -78,7 +78,7 @@ int BPF_PROG(linkat_x,
 
 	/* Parameter 5: newpath (type: PT_FSRELPATH) */
 	unsigned long new_path_pointer = extract__syscall_argument(regs, 3);
-	auxmap__store_charbuf_param(auxmap, new_path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, new_path_pointer, MAX_PATH, USER);
 
 	/* Parameter 6: flags (type: PT_FLAGS32) */
 	unsigned long flags = extract__syscall_argument(regs, 4);

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/mkdir.bpf.c

@@ -60,7 +60,7 @@ int BPF_PROG(mkdir_x,
 
 	/* Parameter 2: path (type: PT_FSPATH) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 0);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/mkdirat.bpf.c

@@ -66,7 +66,7 @@ int BPF_PROG(mkdirat_x,
 
 	/* Parameter 3: path (type: PT_FSRELPATH) */
 	unsigned long path_pointer = extract__syscall_argument(regs, 1);
-	auxmap__store_charbuf_param(auxmap, path_pointer, USER);
+	auxmap__store_charbuf_param(auxmap, path_pointer, MAX_PATH, USER);
 
 	/* Parameter 4: mode (type: PT_UINT32) */
 	u32 mode = (u32)extract__syscall_argument(regs, 2);