Sindbad~EG File Manager

Current Path : /proc/2714585/root/usr/share/systemtap/tapset/bpf/
Upload File :
Current File : //proc/2714585/root/usr/share/systemtap/tapset/bpf/conversions.stp

// conversions tapset -- BPF version
// Copyright (C) 2018-2021 Red Hat Inc.
//
// This file is part of systemtap, and is free software.  You can
// redistribute it and/or modify it under the terms of the GNU General
// Public License (GPL); either version 2, or (at your option) any
// later version.

/**
 * sfunction kernel_string - Retrieves string from kernel memory
 * @addr: The kernel address to retrieve the string from
 *
 * Description: This function returns the null terminated C string
 * from a given kernel memory address. Reports an error on string
 * copy fault.
 */
function kernel_string:string (addr:long) {
  return kernel_string_n(addr, 64 /*TODO: define BPF_MAXSTRINGLEN*/)
}

// TODO kernel_string:string(addr:long, err_msg:string)
// TODO kernel_string2:string(addr:long, err_msg:string)

/**
 * sfunction kernel_string - Retrieves string from kernel memory with alternative error string
 * @addr: The kernel address to retrieve the string from
 * @err_msg: The error message to return when data isn't available
 *
 * Description: This function returns the null terminated C string
 * from a given kernel memory address. Reports the given error message
 * on string copy fault.
 */
function kernel_string:string (addr:long, err_msg:string)
%{ /* bpf */ /* pure */
  /* buf = bpf_stk_alloc(BPF_MAXSTRINGLEN);
     buf[0] = 0x0; // guarantee NUL byte
     rc = bpf_probe_read_str(buf, BPF_MAXSTRINGLEN, addr); */
  alloc, $buf, BPF_MAXSTRINGLEN;
  0x62, $buf, -, -, 0x0; /* stw [$buf+0], 0x0 -- guarantee NUL byte */
  /* TODO PR25168: probe_read_str is used for both kernel and user memory.
     BPF will soon deprecate these in favour of separate functions. */
  call, $rc, probe_read_str, $buf, BPF_MAXSTRINGLEN, $addr;
  /* call, $rc, probe_read_kernel_str, $buf, BPF_MAXSTRINGLEN, $addr; */

  /* if (rc < 0) return err_msg;
     return buf; */
  0xc5, $rc, -, _err, 0; /* jslt $rc, 0, _err */
  0xbf, $$, $buf, -, -; /* mov $$, $buf */
  0x05, -, -, _done, -; /* ja _done; */

  label, _err;
  0xbf, $$, $err_msg, -, -; /* mov $$, $err_msg */

  label, _done;
%}
function kernel_string2:string (addr:long, err_msg:string) {
  return kernel_string(addr, err_msg);
}

// TODO kernel_string_quoted:string(addr:long) -- requires pseudo-loop to quote unprintable chars

/**
 * sfunction kernel_string_n - Retrieves string of given length from kernel memory
 * @addr: The kernel address to retrieve the string from
 * @n: The maximum length of the string (if not null terminated)
 *
 * Description: Returns the C string of a maximum given length from a
 * given kernel memory address. Reports an error on string copy fault.
 */
function kernel_string_n:string (addr:long, n:long)
%{ /* bpf */ /* pure */
  /* if (n > BPF_MAXSTRINGLEN) n = BPF_MAXSTRINGLEN; */
  0xb5, $n, -, _skip, BPF_MAXSTRINGLEN; /* jle $n, BPF_MAXSTRINGLEN, _skip */
  0xb7, $n, -, -, BPF_MAXSTRINGLEN; /* mov $n, BPF_MAXSTRINGLEN */

  label, _skip;
  /* buf = bpf_stk_alloc(BPF_MAXSTRINGLEN);
     buf[0] = 0x0; // guarantee NUL byte
     rc = bpf_probe_read_str(buf, n, addr); */
  alloc, $buf, BPF_MAXSTRINGLEN;
  0x62, $buf, -, -, 0x0; /* stw [buf+0], 0 -- guarantee NUL byte */
  /* TODO PR25168: probe_read_str is used for both kernel and user memory.
     BPF will soon deprecate these in favour of separate functions. */
  call, $rc, probe_read_str, $buf, $n, $addr; /* TODO: should work if the helper is named bpf_probe_read_str() too */
  /* call, $rc, probe_read_kernel_str, $buf, $n, $addr; */
  /* TODO substitute probe_read_str automatically for older bpf? */

  /* if (rc < 0) error("...", addr); */
  0x75, $rc, -, _done, 0; /* jsge $rc, 0, _done */
  call, -, printf, "ERROR: string copy fault at %p [man error::fault]", $addr; /* TODO document stapbpf version of error::fault */
  call, -, exit;

  label, _done;
  /* return buf; */
  0xbf, $$, $buf, -, -; /* mov $$, buf */
%}

// TODO kernel_string_utf32:string(addr:long)
// TODO kernel_string_utf32:string(addr:long,err_msg:string)
// TODO kernel_string2_utf32:string(addr:long,err_msg:string)
// TODO kernel_string_quoted_utf32:string(addr:long)

// TODO kernel_string_utf16:string(addr:long)
// TODO kernel_string_utf16:string(addr:long,err_msg:string)
// TODO kernel_string2_utf16:string(addr:long,err_msg:string)
// TODO kernel_string_quoted_utf16:string(addr:long)

// TODO kernel_long:long(addr:long)
// TODO kernel_int:long(addr:long)
// TODO kernel_short:long(addr:long)
// TODO kernel_char:long(addr:long)

// TODO kernel_pointer:long(addr:long)

// TODO kernel_buffer_quoted:string(addr:long,inlen:long)
// TODO kernel_buffer_quoted:string(addr:long,inlen:long,outlen:long)
// TODO kernel_buffer_quoted_error:string(addr:long,inlen:long,outlen:long)

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists