AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 08:30:52 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
5bacd7805a
linux_dsm_epyc7002/samples
History
Alexei Starovoitov 5bacd7805a samples/bpf: bpf_tail_call example for tracing 
kprobe example that demonstrates how future seccomp programs may look like.
It attaches to seccomp_phase1() function and tail-calls other BPF programs
depending on syscall number.

Existing optimized classic BPF seccomp programs generated by Chrome look like:
if (sd.nr < 121) {
  if (sd.nr < 57) {
    if (sd.nr < 22) {
      if (sd.nr < 7) {
        if (sd.nr < 4) {
          if (sd.nr < 1) {
            check sys_read
          } else {
            if (sd.nr < 3) {
              check sys_write and sys_open
            } else {
              check sys_close
            }
          }
        } else {
      } else {
    } else {
  } else {
} else {
}

the future seccomp using native eBPF may look like:
  bpf_tail_call(&sd, &syscall_jmp_table, sd.nr);
which is simpler, faster and leaves more room for per-syscall checks.

Usage:
$ sudo ./tracex5
<...>-366   [001] d...     4.870033: : read(fd=1, buf=00007f6d5bebf000, size=771)
<...>-369   [003] d...     4.870066: : mmap
<...>-369   [003] d...     4.870077: : syscall=110 (one of get/set uid/pid/gid)
<...>-369   [003] d...     4.870089: : syscall=107 (one of get/set uid/pid/gid)
   sh-369   [000] d...     4.891740: : read(fd=0, buf=00000000023d1000, size=512)
   sh-369   [000] d...     4.891747: : write(fd=1, buf=00000000023d3000, size=512)
   sh-369   [000] d...     4.891747: : read(fd=1, buf=00000000023d3000, size=512)

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-05-21 17:07:59 -04:00
..
bpf samples/bpf: bpf_tail_call example for tracing 2015-05-21 17:07:59 -04:00
hidraw HID: samples/hidraw: make it possible to select device 2015-03-15 10:11:21 -04:00
hw_breakpoint perf: Add context field to perf_event 2011-07-01 11:06:38 +02:00
kdb kdb: Add kdb kernel module sample 2010-10-29 13:14:39 -05:00
kfifo kfifo API type safety 2013-11-15 09:32:23 +09:00
kobject samples/kobject: be explicit in the module license 2015-03-25 13:41:42 +01:00
kprobes kprobes: update jprobe_example.c for do_fork() change 2014-09-26 11:11:12 +02:00
livepatch livepatch: rename config to CONFIG_LIVEPATCH 2015-02-04 11:25:51 +01:00
pktgen samples/pktgen: Show the results rather than just commenting where they are 2015-02-23 22:04:25 -05:00
rpmsg misc: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
seccomp samples/seccomp: improve label helper 2015-02-17 14:34:55 -08:00
trace_events tracing/samples: Update the trace-event-sample.h with TRACE_DEFINE_ENUM() 2015-04-08 09:39:58 -04:00
uhid HID: uhid: improve uhid example client 2013-09-04 11:35:14 +02:00
Kconfig livepatch: rename config to CONFIG_LIVEPATCH 2015-02-04 11:25:51 +01:00
Makefile livepatch: samples: add sample live patching module 2014-12-22 15:40:49 +01:00