cilium · olsajiri · Nov 22, 2024 · Aug 19, 2024 · Nov 13, 2024 · Oct 15, 2024
@@ -19,4 +19,4 @@ jobs:
       - name: Run checkpatch.pl
         uses: docker://quay.io/cilium/cilium-checkpatch:2f0f4f512e795d5668ea4e7ef0ba85abc75eb225@sha256:f307bf0315954e8b8c31edc1864d949bf211b0c6522346359317d757b5a6cea0
         with:
-          args: "-- --ignore PREFER_DEFINED_ATTRIBUTE_MACRO,C99_COMMENTS,OPEN_ENDED_LINE,PREFER_KERNEL_TYPES,REPEATED_WORD,SPDX_LICENSE_TAG,LONG_LINE,LONG_LINE_STRING,LONG_LINE_COMMENT,TRACE_PRINTK"
+          args: "-- --ignore PREFER_DEFINED_ATTRIBUTE_MACRO,C99_COMMENTS,OPEN_ENDED_LINE,PREFER_KERNEL_TYPES,REPEATED_WORD,SPDX_LICENSE_TAG,LONG_LINE,LONG_LINE_STRING,LONG_LINE_COMMENT,TRACE_PRINTK,AVOID_EXTERNS"
@@ -62,4 +62,18 @@ struct bpf_map_def {
 #define DEBUG(__fmt, ...)
 #endif
 
+#ifdef __V611_BPF_PROG
+#define __arg_ctx      __attribute__((btf_decl_tag("arg:ctx")))
+#define __arg_nonnull  __attribute((btf_decl_tag("arg:nonnull")))
+#define __arg_nullable __attribute((btf_decl_tag("arg:nullable")))
+#define __arg_trusted  __attribute((btf_decl_tag("arg:trusted")))
+#define __arg_arena    __attribute((btf_decl_tag("arg:arena")))
+#else
+#define __arg_ctx
+#define __arg_nonnull
+#define __arg_nullable
+#define __arg_trusted
+#define __arg_arena
+#endif // __V611_BPF_PROG
+
 #endif // _MSG_COMMON__
@@ -15,12 +15,22 @@
 
 char _license[] __attribute__((section("license"), used)) = "Dual BSD/GPL";
 
+#ifndef OVERRIDE_TAILCALL
+int execve_rate(void *ctx);
+int execve_send(void *ctx);
+
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 2);
 	__uint(key_size, sizeof(__u32));
-	__uint(value_size, sizeof(__u32));
-} execve_calls SEC(".maps");
+	__array(values, int(void *));
+} execve_calls SEC(".maps") = {
+	.values = {
+		[0] = (void *)&execve_rate,
+		[1] = (void *)&execve_send,
+	},
+};
+#endif
 
 #include "data_event.h"
 
@@ -271,8 +281,8 @@ event_execve(struct trace_event_raw_sched_process_exec *ctx)
 	return 0;
 }
 
-__attribute__((section("tracepoint/0"), used)) int
-execve_rate(void *ctx)
+__attribute__((section("tracepoint"), used)) int
+execve_rate(void *ctx __arg_ctx)
 {
 	struct msg_execve_event *msg;
 	__u32 zero = 0;
@@ -316,8 +326,8 @@ void update_mb_bitset(struct binary *bin)
  * is to update the pid execve_map entry to reflect the new execve event that
  * has already been collected, then send it to the perf buffer.
  */
-__attribute__((section("tracepoint/1"), used)) int
-execve_send(void *ctx)
+__attribute__((section("tracepoint"), used)) int
+execve_send(void *ctx __arg_ctx)
 {
 	struct msg_execve_event *event;
 	struct execve_map_value *curr;

@@ -25,12 +25,28 @@ struct {
 	__type(value, struct msg_generic_kprobe);
 } process_call_heap SEC(".maps");
 
+int generic_kprobe_setup_event(void *ctx);
+int generic_kprobe_process_event(void *ctx);
+int generic_kprobe_process_filter(void *ctx);
+int generic_kprobe_filter_arg(void *ctx);
+int generic_kprobe_actions(void *ctx);
+int generic_kprobe_output(void *ctx);
+
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 13);
 	__uint(key_size, sizeof(__u32));
-	__uint(value_size, sizeof(__u32));
-} kprobe_calls SEC(".maps");
+	__array(values, int(void *));
+} kprobe_calls SEC(".maps") = {
+	.values = {
+		[0] = (void *)&generic_kprobe_setup_event,
+		[1] = (void *)&generic_kprobe_process_event,
+		[2] = (void *)&generic_kprobe_process_filter,
+		[3] = (void *)&generic_kprobe_filter_arg,
+		[4] = (void *)&generic_kprobe_actions,
+		[5] = (void *)&generic_kprobe_output,
+	},
+};
 
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
@@ -115,7 +131,7 @@ generic_kprobe_event(struct pt_regs *ctx)
 	return generic_start_process_filter(ctx, &maps);
 }
 
-__attribute__((section("kprobe/0"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_setup_event(void *ctx)
 {
 	return generic_process_event_and_setup(
@@ -125,7 +141,7 @@ generic_kprobe_setup_event(void *ctx)
 		(struct bpf_map_def *)data_heap_ptr);
 }
 
-__attribute__((section("kprobe/1"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_process_event(void *ctx)
 {
 	return generic_process_event(ctx,
@@ -135,7 +151,7 @@ generic_kprobe_process_event(void *ctx)
 				     (struct bpf_map_def *)data_heap_ptr);
 }
 
-__attribute__((section("kprobe/2"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_process_filter(void *ctx)
 {
 	int ret;
@@ -152,7 +168,7 @@ generic_kprobe_process_filter(void *ctx)
 	return PFILTER_REJECT;
 }
 
-__attribute__((section("kprobe/3"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_filter_arg(void *ctx)
 {
 	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
@@ -162,14 +178,14 @@ generic_kprobe_filter_arg(void *ctx)
 			       true);
 }
 
-__attribute__((section("kprobe/4"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_actions(void *ctx)
 {
 	generic_actions(ctx, &maps);
 	return 0;
 }
 
-__attribute__((section("kprobe/5"), used)) int
+__attribute__((section("kprobe"), used)) int
 generic_kprobe_output(void *ctx)
 {
 	return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE);

@@ -26,12 +26,26 @@ struct {
 	__type(value, struct msg_generic_kprobe);
 } process_call_heap SEC(".maps");
 
+int generic_lsm_setup_event(void *ctx);
+int generic_lsm_process_event(void *ctx);
+int generic_lsm_process_filter(void *ctx);
+int generic_lsm_filter_arg(void *ctx);
+int generic_lsm_actions(void *ctx);
+
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 13);
 	__uint(key_size, sizeof(__u32));
-	__uint(value_size, sizeof(__u32));
-} lsm_calls SEC(".maps");
+	__array(values, int(void *));
+} lsm_calls SEC(".maps") = {
+	.values = {
+		[0] = (void *)&generic_lsm_setup_event,
+		[1] = (void *)&generic_lsm_process_event,
+		[2] = (void *)&generic_lsm_process_filter,
+		[3] = (void *)&generic_lsm_filter_arg,
+		[4] = (void *)&generic_lsm_actions,
+	},
+};
 
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
@@ -87,7 +101,7 @@ generic_lsm_event(struct pt_regs *ctx)
 	return generic_start_process_filter(ctx, &maps);
 }
 
-__attribute__((section("lsm/0"), used)) int
+__attribute__((section("lsm"), used)) int
 generic_lsm_setup_event(void *ctx)
 {
 	return generic_process_event_and_setup(
@@ -97,7 +111,7 @@ generic_lsm_setup_event(void *ctx)
 		(struct bpf_map_def *)data_heap_ptr);
 }
 
-__attribute__((section("lsm/1"), used)) int
+__attribute__((section("lsm"), used)) int
 generic_lsm_process_event(void *ctx)
 {
 	return generic_process_event(ctx,
@@ -107,7 +121,7 @@ generic_lsm_process_event(void *ctx)
 				     (struct bpf_map_def *)data_heap_ptr);
 }
 
-__attribute__((section("lsm/2"), used)) int
+__attribute__((section("lsm"), used)) int
 generic_lsm_process_filter(void *ctx)
 {
 	int ret;
@@ -121,7 +135,7 @@ generic_lsm_process_filter(void *ctx)
 	return PFILTER_REJECT;
 }
 
-__attribute__((section("lsm/3"), used)) int
+__attribute__((section("lsm"), used)) int
 generic_lsm_filter_arg(void *ctx)
 {
 	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
@@ -131,7 +145,7 @@ generic_lsm_filter_arg(void *ctx)
 			       true);
 }
 
-__attribute__((section("lsm/4"), used)) int
+__attribute__((section("lsm"), used)) int
 generic_lsm_actions(void *ctx)
 {
 	bool postit = generic_actions(ctx, &maps);

@@ -24,12 +24,22 @@ struct {
 	__type(value, struct msg_generic_kprobe);
 } process_call_heap SEC(".maps");
 
+int generic_retkprobe_filter_arg(struct pt_regs *ctx);
+int generic_retkprobe_actions(struct pt_regs *ctx);
+int generic_retkprobe_output(struct pt_regs *ctx);
+
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 6);
 	__uint(key_size, sizeof(__u32));
-	__uint(value_size, sizeof(__u32));
-} retkprobe_calls SEC(".maps");
+	__array(values, int(struct pt_regs *));
+} retkprobe_calls SEC(".maps") = {
+	.values = {
+		[3] = (void *)&generic_retkprobe_filter_arg,
+		[4] = (void *)&generic_retkprobe_actions,
+		[5] = (void *)&generic_retkprobe_output,
+	},
+};
 
 struct filter_map_value {
 	unsigned char buf[FILTER_SIZE];
@@ -171,7 +181,7 @@ BPF_KRETPROBE(generic_retkprobe_event, unsigned long ret)
 	return 1;
 }
 
-__attribute__((section("kprobe/3"), used)) int
+__attribute__((section("kprobe"), used)) int
 BPF_KRETPROBE(generic_retkprobe_filter_arg)
 {
 	return filter_read_arg(ctx, (struct bpf_map_def *)&process_call_heap,
@@ -181,14 +191,14 @@ BPF_KRETPROBE(generic_retkprobe_filter_arg)
 			       false);
 }
 
-__attribute__((section("kprobe/4"), used)) int
+__attribute__((section("kprobe"), used)) int
 BPF_KRETPROBE(generic_retkprobe_actions)
 {
 	generic_actions(ctx, &maps);
 	return 0;
 }
 
-__attribute__((section("kprobe/5"), used)) int
+__attribute__((section("kprobe"), used)) int
 BPF_KRETPROBE(generic_retkprobe_output)
 {
 	return generic_output(ctx, (struct bpf_map_def *)&process_call_heap, MSG_OP_GENERIC_KPROBE);

@@ -18,12 +18,26 @@
 #include "policy_filter.h"
 #include "syscall64.h"
 
+int generic_tracepoint_process_event(void *ctx);
+int generic_tracepoint_filter(void *ctx);
+int generic_tracepoint_arg(void *ctx);
+int generic_tracepoint_actions(void *ctx);
+int generic_tracepoint_output(void *ctx);
+
 struct {
 	__uint(type, BPF_MAP_TYPE_PROG_ARRAY);
 	__uint(max_entries, 13);
 	__uint(key_size, sizeof(__u32));
-	__uint(value_size, sizeof(__u32));
-} tp_calls SEC(".maps");
+	__array(values, int(void *));
+} tp_calls SEC(".maps") = {
+	.values = {
+		[1] = (void *)&generic_tracepoint_process_event,
+		[2] = (void *)&generic_tracepoint_filter,
+		[3] = (void *)&generic_tracepoint_arg,
+		[4] = (void *)&generic_tracepoint_actions,
+		[5] = (void *)&generic_tracepoint_output,
+	},
+};
 
 struct {
 	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
@@ -233,15 +247,15 @@ generic_tracepoint_event(struct generic_tracepoint_event_arg *ctx)
 	return 0;
 }
 
-__attribute__((section("tracepoint/1"), used)) int
+__attribute__((section("tracepoint"), used)) int
 generic_tracepoint_process_event(void *ctx)
 {
 	return generic_process_event(ctx, (struct bpf_map_def *)&tp_heap,
 				     (struct bpf_map_def *)&tp_calls,
 				     (struct bpf_map_def *)&config_map, 0);
 }
 
-__attribute__((section("tracepoint/2"), used)) int
+__attribute__((section("tracepoint"), used)) int
 generic_tracepoint_filter(void *ctx)
 {
 	int ret;
@@ -258,7 +272,7 @@ generic_tracepoint_filter(void *ctx)
 	return PFILTER_REJECT;
 }
 
-__attribute__((section("tracepoint/3"), used)) int
+__attribute__((section("tracepoint"), used)) int
 generic_tracepoint_arg(void *ctx)
 {
 	return filter_read_arg(ctx, (struct bpf_map_def *)&tp_heap,
@@ -268,14 +282,14 @@ generic_tracepoint_arg(void *ctx)
 			       true);
 }
 
-__attribute__((section("tracepoint/4"), used)) int
+__attribute__((section("tracepoint"), used)) int
 generic_tracepoint_actions(void *ctx)
 {
 	generic_actions(ctx, &maps);
 	return 0;
 }
 
-__attribute__((section("tracepoint/5"), used)) int
+__attribute__((section("tracepoint"), used)) int
 generic_tracepoint_output(void *ctx)
 {
 	return generic_output(ctx, (struct bpf_map_def *)&tp_heap, MSG_OP_GENERIC_TRACEPOINT);