Resending with proper subject.
>>>>> On Thu, 27 Jul 2023 18:05:34 +0300, Yauheni Kaliuta wrote:
> bpf tracepoint program uses struct trace_event_raw_sys_enter as
> argument where trace_entry is the first field. Use the same instead
> of unsigned long long since if it's amended (for example by RT
> patch) it accesses data with wrong offset.
> Signed-off-by: Yauheni Kaliuta <ykaliuta@xxxxxxxxxx>
> ---
> kernel/trace/trace_syscalls.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)
> diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
> index 942ddbdace4a..07f4fa395e99 100644
> --- a/kernel/trace/trace_syscalls.c
> +++ b/kernel/trace/trace_syscalls.c
> @@ -555,12 +555,15 @@ static int perf_call_bpf_enter(struct trace_event_call *call, struct pt_regs *re
> struct syscall_trace_enter *rec)
> {
> struct syscall_tp_t {
> - unsigned long long regs;
> + struct trace_entry ent;
> unsigned long syscall_nr;
> unsigned long args[SYSCALL_DEFINE_MAXARGS];
> } param;
> int i;
> + BUILD_BUG_ON(sizeof(param.ent) < sizeof(void *));
> +
> + /* __bpf_prog_run() requires *regs as the first parameter */
> *(struct pt_regs **)¶m = regs;
> param.syscall_nr = rec->nr;
> for (i = 0; i < sys_data->nb_args; i++)
> @@ -657,11 +660,14 @@ static int perf_call_bpf_exit(struct trace_event_call *call, struct pt_regs *reg
> struct syscall_trace_exit *rec)
> {
> struct syscall_tp_t {
> - unsigned long long regs;
> + struct trace_entry ent;
> unsigned long syscall_nr;
> unsigned long ret;
> } param;
> + BUILD_BUG_ON(sizeof(param.ent) < sizeof(void *));
> +
> + /* __bpf_prog_run() requires *regs as the first parameter */
> *(struct pt_regs **)¶m = regs;
> param.syscall_nr = rec->nr;
> param.ret = rec->ret;
> --
> 2.41.0
--
WBR,
Yauheni Kaliuta
