Skip to content

Commit

Permalink
bpf: Do not attempt to read blob_data if the length is 0
Browse files Browse the repository at this point in the history
Signed-off-by: Daiki Ueno <[email protected]>
  • Loading branch information
ueno committed Nov 13, 2023
1 parent 31c21b9 commit f6c4eb3
Showing 1 changed file with 28 additions and 10 deletions.
38 changes: 28 additions & 10 deletions agent/src/bpf/audit.bpf.c
Original file line number Diff line number Diff line change
Expand Up @@ -160,11 +160,18 @@ record_string_data (struct pt_regs *ctx, long context, const char *key_ptr,
}

static __always_inline int
record_blob_data (struct pt_regs *ctx, long context, const char *key_ptr,
void *value_ptr, size_t value_size)
record_blob_data (struct pt_regs *ctx, long context, const char *key_ptr)
{
int err;

long value_size;
err = bpf_usdt_arg (ctx, 3, &value_size);
if (err < 0)
{
DEBUG ("unable to determine value size: %ld\n", err);
return err;
}

struct audit_blob_data_event_st *event =
bpf_ringbuf_reserve (&ringbuf,
sizeof(struct audit_blob_data_event_st),
Expand All @@ -188,12 +195,24 @@ record_blob_data (struct pt_regs *ctx, long context, const char *key_ptr,
goto error;
}

value_size &= (VALUE_SIZE - 1);
err = bpf_probe_read_user (event->value, value_size, (void *)value_ptr);
if (err < 0)
if (value_size > 0)
{
DEBUG ("unable to read event data: %ld\n", err);
goto error;
long value_ptr;

err = bpf_usdt_arg (ctx, 2, &value_ptr);
if (err < 0)
{
DEBUG ("unable to read value: %ld\n", err);
goto error;
}

value_size &= (VALUE_SIZE - 1);
err = bpf_probe_read_user (event->value, value_size, (void *)value_ptr);
if (err < 0)
{
DEBUG ("unable to read event data: %ld\n", err);
goto error;
}
}

event->size = value_size;
Expand Down Expand Up @@ -230,10 +249,9 @@ BPF_USDT(string_data, long context, const char *key_ptr,

SEC("usdt")
int
BPF_USDT(blob_data, long context, const char *key_ptr,
void *value_ptr, size_t value_size)
BPF_USDT(blob_data, long context, const char *key_ptr)
{
return record_blob_data(ctx, context, key_ptr, value_ptr, value_size);
return record_blob_data(ctx, context, key_ptr);
}

char LICENSE[] SEC("license") = "GPL";

0 comments on commit f6c4eb3

Please sign in to comment.