feat: add RECVFROM_E params to RECVFROM_X

Add enter events parameters to `RECVFROM_X` event definition and
align all three kernel drivers to the new definition.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>

Author: ekoops

driver/SCHEMA_VERSION

@@ -1 +1 @@
-3.9.0
+3.10.0

driver/bpf/fillers.h

@@ -4073,42 +4073,6 @@ FILLER(sys_socket_bind_x, true) {
 	return bpf_push_s64_to_ring(data, (int64_t)fd);
 }
 
-static __always_inline int f_sys_recv_x_common(struct filler_data *data, long retval) {
-	unsigned long bufsize;
-	unsigned long val;
-	int res;
-
-	/*
-	 * res
-	 */
-	res = bpf_push_s64_to_ring(data, retval);
-	CHECK_RES(res);
-
-	/*
-	 * data
-	 */
-	if(retval < 0) {
-		/*
-		 * The operation failed, return an empty buffer
-		 */
-		val = 0;
-		bufsize = 0;
-	} else {
-		val = bpf_syscall_get_argument(data, 1);
-
-		/*
-		 * The return value can be lower than the value provided by the user,
-		 * and we take that into account.
-		 */
-		bufsize = retval;
-	}
-
-	data->fd = bpf_syscall_get_argument(data, 0);
-	res = __bpf_val_to_ring(data, val, bufsize, PT_BYTEBUF, -1, true, USER);
-
-	return res;
-}
-
 FILLER(sys_recv_x, true) {
 	/* Parameter 1: res (type: PT_ERRNO) */
 	long retval = bpf_syscall_get_retval(data->ctx);
@@ -4162,8 +4126,8 @@ FILLER(sys_recv_x, true) {
 
 FILLER(sys_recvfrom_e, true) {
 	/* Parameter 1: fd (type: PT_FD) */
-	int32_t fd = (int32_t)bpf_syscall_get_argument(data, 0);
-	int res = bpf_push_s64_to_ring(data, (int64_t)fd);
+	int64_t fd = (int32_t)bpf_syscall_get_argument(data, 0);
+	int res = bpf_push_s64_to_ring(data, fd);
 	CHECK_RES(res);
 
 	/* Parameter 2: size (type: PT_UINT32) */
@@ -4172,79 +4136,92 @@ FILLER(sys_recvfrom_e, true) {
 }
 
 FILLER(sys_recvfrom_x, true) {
-	struct sockaddr *usrsockaddr;
-	unsigned long val;
-	uint16_t size = 0;
-	long retval;
-	int addrlen = 0;
-	int err = 0;
-	int res;
-	int fd;
-	bool push = true;
-	bool from_usr = false;
-
-	/*
-	 * Push the common params to the ring
-	 */
-	retval = bpf_syscall_get_retval(data->ctx);
-	res = f_sys_recv_x_common(data, retval);
+	/* Parameter 1: res (type: PT_ERRNO) */
+	long retval = bpf_syscall_get_retval(data->ctx);
+	int res = bpf_push_s64_to_ring(data, retval);
 	CHECK_RES(res);
 
-	if(retval >= 0) {
-		/*
-		 * Get the fd
-		 */
-		fd = bpf_syscall_get_argument(data, 0);
+	/* Extract fd and size parameters */
+	int64_t fd = (int64_t)(int32_t)bpf_syscall_get_argument(data, 0);
+	uint32_t size = (uint32_t)bpf_syscall_get_argument(data, 2);
 
-		/*
-		 * Get the address
-		 */
-		usrsockaddr = (struct sockaddr *)bpf_syscall_get_argument(data, 4);
+	if(retval < 0) {
+		/* Parameter 2: data (type: PT_BYTEBUF) */
+		bpf_push_empty_param(data);
 
-		/*
-		 * Get the address len
-		 */
-		val = bpf_syscall_get_argument(data, 5);
+		/* Parameter 3: tuple (type: PT_SOCKTUPLE) */
+		bpf_push_empty_param(data);
 
-		if(usrsockaddr && val != 0) {
-			if(bpf_probe_read_user(&addrlen, sizeof(addrlen), (void *)val))
-				return PPM_FAILURE_INVALID_USER_MEMORY;
+		/* Parameter 4: fd (type: PT_FD) */
+		res = bpf_push_s64_to_ring(data, fd);
+		CHECK_RES(res);
 
-			/*
-			 * Copy the address
-			 */
-			err = bpf_addr_to_kernel(usrsockaddr, addrlen, (struct sockaddr *)data->tmp_scratch);
-			if(err >= 0) {
-				/*
-				 * Convert the fd into socket endpoint information
-				 */
-				from_usr = true;
-			} else {
-				// Do not send any socket endpoint info.
-				push = false;
-			}
+		/* Parameter 5: size (type: PT_UINT32) */
+		return bpf_push_u32_to_ring(data, size);
+	}
+
+	/* Handle successful system call path. */
+
+	/* Parameter 2: data (type: PT_BYTEBUF) */
+	const unsigned long bytes_to_read = retval;
+	const unsigned long received_data_pointer = bpf_syscall_get_argument(data, 1);
+	data->fd = fd;
+	res = __bpf_val_to_ring(data, received_data_pointer, bytes_to_read, PT_BYTEBUF, -1, true, USER);
+
+	/* Get the address */
+	struct sockaddr __user *usrsockaddr =
+	        (struct sockaddr __user *)bpf_syscall_get_argument(data, 4);
+
+	/* Get the address len pointer */
+	void *usrsockaddr_len_pointer = (void *)bpf_syscall_get_argument(data, 5);
+
+	/* Evaluate socktuple, leveraging the user-provided address if possible */
+	struct sockaddr *ksockaddr = (struct sockaddr *)data->tmp_scratch;
+	bool use_sockaddr_user_data = false;
+	bool push_socktuple = true;
+	unsigned long usrsockaddr_len = 0;
+	if(usrsockaddr != NULL && usrsockaddr_len_pointer != NULL) {
+		/* Copy address len into kernel memory */
+		if(bpf_probe_read_user(&usrsockaddr_len,
+		                       sizeof(usrsockaddr_len),
+		                       usrsockaddr_len_pointer)) {
+			return PPM_FAILURE_INVALID_USER_MEMORY;
 		}
-		if(push) {
-			/*
-			 * Get socket endpoint information from fd if the user-provided *sockaddr is NULL
-			 */
-			size = bpf_fd_to_socktuple(data,
-			                           fd,
-			                           (struct sockaddr *)data->tmp_scratch,
-			                           addrlen,
-			                           from_usr,
-			                           true,
-			                           data->tmp_scratch + sizeof(struct sockaddr_storage));
+
+		/* Copy the address into kernel memory */
+		res = bpf_addr_to_kernel(usrsockaddr, usrsockaddr_len, ksockaddr);
+		if(likely(res >= 0)) {
+			/* Convert the fd into socket endpoint information */
+			use_sockaddr_user_data = true;
+		} else {
+			/* Do not send any socket endpoint information */
+			push_socktuple = false;
 		}
 	}
 
-	/*
-	 * Copy the endpoint info into the ring
-	 */
+	uint32_t socktuple_size = 0;
+	if(push_socktuple) {
+		/* Convert the fd into socket endpoint information */
+		socktuple_size = bpf_fd_to_socktuple(data,
+		                                     fd,
+		                                     ksockaddr,
+		                                     usrsockaddr_len,
+		                                     use_sockaddr_user_data,
+		                                     true,
+		                                     data->tmp_scratch + sizeof(struct sockaddr_storage));
+	}
+
+	/* Parameter 3: tuple (type: PT_SOCKTUPLE) */
 	data->curarg_already_on_frame = true;
-	res = __bpf_val_to_ring(data, 0, size, PT_SOCKTUPLE, -1, false, KERNEL);
+	res = bpf_val_to_ring_len(data, 0, socktuple_size);
+	CHECK_RES(res);
 
-	return res;
+	/* Parameter 4: fd (type: PT_FD) */
+	res = bpf_push_s64_to_ring(data, fd);
+	CHECK_RES(res);
+
+	/* Parameter 5: size (type: PT_UINT32) */
+	return bpf_push_u32_to_ring(data, size);
 }
 
 FILLER(sys_shutdown_e, true) {

driver/event_table.c

@@ -265,16 +265,20 @@ const struct ppm_event_info g_event_info[] = {
                                  {"tuple", PT_SOCKTUPLE, PF_NA}}},
         [PPME_SOCKET_RECVFROM_E] = {"recvfrom",
                                     EC_IO_READ | EC_SYSCALL,
-                                    EF_USES_FD | EF_READS_FROM_FD | EF_MODIFIES_STATE,
+                                    EF_USES_FD | EF_READS_FROM_FD | EF_MODIFIES_STATE |
+                                            EF_TMP_CONVERTER_MANAGED,
                                     2,
                                     {{"fd", PT_FD, PF_DEC}, {"size", PT_UINT32, PF_DEC}}},
         [PPME_SOCKET_RECVFROM_X] = {"recvfrom",
                                     EC_IO_READ | EC_SYSCALL,
-                                    EF_USES_FD | EF_READS_FROM_FD | EF_MODIFIES_STATE,
-                                    3,
+                                    EF_USES_FD | EF_READS_FROM_FD | EF_MODIFIES_STATE |
+                                            EF_TMP_CONVERTER_MANAGED,
+                                    5,
                                     {{"res", PT_ERRNO, PF_DEC},
                                      {"data", PT_BYTEBUF, PF_NA},
-                                     {"tuple", PT_SOCKTUPLE, PF_NA}}},
+                                     {"tuple", PT_SOCKTUPLE, PF_NA},
+                                     {"fd", PT_FD, PF_DEC},
+                                     {"size", PT_UINT32, PF_DEC}}},
         [PPME_SOCKET_SHUTDOWN_E] = {"shutdown",
                                     EC_NET | EC_SYSCALL,
                                     EF_USES_FD | EF_MODIFIES_STATE,

driver/modern_bpf/programs/tail_called/events/syscall_dispatched_events/recvfrom.bpf.c

@@ -29,8 +29,8 @@ int BPF_PROG(recvfrom_e, struct pt_regs *regs, long id) {
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
 	/* Parameter 1: fd (type: PT_FD) */
-	int32_t socket_fd = (int32_t)args[0];
-	ringbuf__store_s64(&ringbuf, (int64_t)socket_fd);
+	int64_t socket_fd = (int32_t)args[0];
+	ringbuf__store_s64(&ringbuf, socket_fd);
 
 	/* Parameter 2: size (type: PT_UINT32) */
 	uint32_t size = (uint32_t)args[2];
@@ -61,6 +61,12 @@ int BPF_PROG(recvfrom_x, struct pt_regs *regs, long ret) {
 	/* Parameter 1: res (type: PT_ERRNO) */
 	auxmap__store_s64_param(auxmap, ret);
 
+	/* Collect parameters at the beginning to manage socketcalls */
+	unsigned long args[5] = {0};
+	extract__network_args(args, 5, regs);
+
+	uint32_t socket_fd = (uint32_t)args[0];
+
 	if(ret >= 0) {
 		/* We read the minimum between `snaplen` and what we really
 		 * have in the buffer.
@@ -75,17 +81,14 @@ int BPF_PROG(recvfrom_x, struct pt_regs *regs, long ret) {
 			snaplen = ret;
 		}
 
-		/* Collect parameters at the beginning to manage socketcalls */
-		unsigned long args[5] = {0};
-		extract__network_args(args, 5, regs);
-
 		/* Parameter 2: data (type: PT_BYTEBUF) */
 		unsigned long received_data_pointer = args[1];
 		auxmap__store_bytebuf_param(auxmap, received_data_pointer, snaplen, USER);
 
 		/* Parameter 3: tuple (type: PT_SOCKTUPLE) */
-		uint32_t socket_fd = (uint32_t)args[0];
 		struct sockaddr *usrsockaddr = (struct sockaddr *)args[4];
+		/* Notice: the following will push an empty parameter if something goes wrong (e.g.: fd not
+		 * valid) */
 		auxmap__store_socktuple_param(auxmap, socket_fd, INBOUND, usrsockaddr);
 	} else {
 		/* Parameter 2: data (type: PT_BYTEBUF) */
@@ -95,6 +98,13 @@ int BPF_PROG(recvfrom_x, struct pt_regs *regs, long ret) {
 		auxmap__store_empty_param(auxmap);
 	}
 
+	/* Parameter 4: fd (type: PT_FD) */
+	auxmap__store_s64_param(auxmap, socket_fd);
+
+	/* Parameter 5: size (type: PT_UINT32) */
+	uint32_t size = (uint32_t)args[2];
+	auxmap__store_u32_param(auxmap, size);
+
 	/*=============================== COLLECT PARAMETERS  ===========================*/
 
 	auxmap__finalize_event_header(auxmap);