From 8574af7fa8a073b9e42e2fa8d5165e413086c0b3 Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <mehmet@up9.com>
Date: Thu, 2 Jun 2022 06:15:59 +0300
Subject: [PATCH] Update `golang_crypto_tls_read_uprobe`

---
 tap/tlstapper/bpf/golang_uprobes.c |  19 +++++++++----------
 tap/tlstapper/tlstapper_bpfeb.o    | Bin 126008 -> 126008 bytes
 tap/tlstapper/tlstapper_bpfel.o    | Bin 126008 -> 126008 bytes
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/tap/tlstapper/bpf/golang_uprobes.c b/tap/tlstapper/bpf/golang_uprobes.c
index f473e9c54..f28c149dd 100644
--- a/tap/tlstapper/bpf/golang_uprobes.c
+++ b/tap/tlstapper/bpf/golang_uprobes.c
@@ -71,6 +71,15 @@ static __always_inline int golang_crypto_tls_write_uprobe(struct pt_regs *ctx) {
 
 SEC("uprobe/golang_crypto_tls_read")
 static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
+    void* stack_addr = (void*)ctx->rsp;
+    __u64 data_p;
+    // Address at ctx->rsp + 0xd8 holds the data
+    __u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
+    if (status < 0) {
+        bpf_printk("[golang_crypto_tls_read_uprobe] error reading data pointer: %d", status);
+        return 0;
+    }
+
     struct golang_read_write *b = NULL;
     b = bpf_ringbuf_reserve(&golang_read_writes, sizeof(struct golang_read_write), 0);
     if (!b) {
@@ -85,16 +94,6 @@ static __always_inline int golang_crypto_tls_read_uprobe(struct pt_regs *ctx) {
     b->len = ctx->rcx;
     b->cap = ctx->rcx; // no cap info
 
-    void* stack_addr = (void*)ctx->rsp;
-    __u64 data_p;
-    // Address at ctx->rsp + 0xd8 holds the data
-    __u32 status = bpf_probe_read(&data_p, sizeof(data_p), stack_addr + 0xd8);
-    if (status < 0) {
-        bpf_printk("[golang_crypto_tls_read_uprobe] error reading data pointer: %d", status);
-        bpf_ringbuf_discard(b, BPF_RB_FORCE_WAKEUP);
-        return 0;
-    }
-
     status = bpf_probe_read(&b->data, CHUNK_SIZE, (void*)(data_p));
     if (status < 0) {
         bpf_printk("[golang_crypto_tls_read_uprobe] error reading data: %d", status);
diff --git a/tap/tlstapper/tlstapper_bpfeb.o b/tap/tlstapper/tlstapper_bpfeb.o
index b6f21af74953752553f6baaf73ccc494434ecd95..1d128f91a3a5f24d30bf43d0abbbe962edaa3b16 100644
GIT binary patch
delta 1078
zcmZ9KKWI}?6vn@EQ5r$g{CjyRRNDr@G%8pKrKAqobSM~0u|<j~Eu~vi8u1kh2_)Js
zLg5YR;1F>M=uqg8K($G?4kAt^4x)oY5hte(fqG8wO?dRd<GkN@?z#7z@4iO6uhH(?
zT`jqXuPxVKj=N52?0F97kCj7EK3-|`ztnMf!Q|JYSQcqv6+Ve;4z5aMeNH0l0TUw<
z*VAXG5}UT0EDe#p_oVzN?T#OY-NEKP_rt+ccV&OTJ^nnn_on${sla>oKjgO#O5ETw
z-b*+<4NBc-9@flX`bl{5a$ZJra0-;Y!pvPueegYKM%dBZ{}Z$rWiFcfcc5h(C}7JY
z$Y9%MgJV!`fO*HmA?B)Ce*nsdnQNLu;~+<P*Tb@3!>s=f+7NCTJ_D5}`FtFCgb`lQ
z_OPG%M02PHs$K?&C7F=^fj%-s=2_rL<Pkmc0>o!RZcA7u|0I(qOuhv=y2gB0_$C*K
zaEpZr&jPuMjE5`!1Pv9w#8@^C2mXM*c^tMfpx<IZQI}b>pkLD0mf;o9iQJemxR>8C
z`AyJY*}r<BzG1kAICXCGf>uwU4)@<R&|-r+m9O0A82B7A^F}A3E^(i9J}(fRhVn5h
z!|bDqRj!YcJt9N*Y^y_ge@OcQRI2iLlwC;46cf4$c2`Y_yBW>)Tc{cNZL+4xS*WbI
zFlX}nQ1ce^vkQ4gGhc?v%k6Ys>(=k|@^O`y+p6{im6yhA9<D@_?1IC85Ban#E^LSk
c0nM>HP(|TW&Emp#eJM%7G-c|}BDFUE0|G3iaR2}S

delta 1085
zcmZ9KKWI}?6vn@EQ4*yjY5u&lP^~S3ZH&?`HKYz11UnRrrPwGUPb#H@phd(N5mHE{
zK@fx|B!fdihc`w#B%r2oa}aTml0{q`ia3Z<ajECz-o%G*x%c;-bM8IoyRX>^G&_O%
zS~;+W?&o^t>8rNhCu}5T_gG`-fnHB6+j>(>VpVp_HxZQe-YN!UWxXIP>k+fYWi6g_
zAC}J^EoKk)1$QhrRURd4``X6ktox^R!<~5_b6c(R?(5dDyZdfr`{~Ztl@cEjz61=;
zgVIO1ENA#7Xi9iabNCx5XEEnB#}+^rq<wBh>borM*`|IMG(XJDBXrLfjxygh`FBA1
z7*K+vh3E`ukp-;#SPrb1f+wJY@H5Tf2FO0iTr=@H==Mcs&%}ET*L`vEscrZGRGH=b
z@xdpIaYDz(A?7{JQ4jR$FhDHHMD!a}XNX^Cq5F_pkKYHqWl0`Q^2E8eI5%P9ZP3SK
z%u~Xr_y7@3vyky6$YePmS3?stTKYW1vT-o-1N22+$kAzu9B9vHU}6dMUHYn+I6MAR
z3@`@v<24iC1pSipw+#2{n}$7%E2KH0-4_(N|DJ&f4+_;!+~@QmzK6`b)+|(z`=su?
zfVBWMz^n|jk7}fPe3Fu5T=CDg22@&Hi0Iprb5NP;l}UCXBU5Cw%<ihZxSKO+FQ5wY
z-{nn{OHhlx|1|jq%1&_H{x9xm=EqQuyiU)xUVW_}A6JgN)>dCoj`ZpIxN4=?g-87N
kP*BU_!n(L%#u+*TwIRH(<Kn{e#!89?vlMAKx2V1O7xi(Yk^lez

diff --git a/tap/tlstapper/tlstapper_bpfel.o b/tap/tlstapper/tlstapper_bpfel.o
index 5acf8f0572b9e274f44db0d9a8da365c3f684f26..f7dceb125c32e04fe5cff7d8f353d0e0490b4752 100644
GIT binary patch
delta 1081
zcmZ9KL1+^}6o%g$ltdD1ZIW&Rt+5(#lPWY2inJbbQ?Otx6^j&UXqDXBV8j#(DI^*%
zLSYZ_;33jWKo5l;5~w!q$s9yHmFPte9*TJK)I*{Evz^@x4m&&hy*KlA=i6y@J*}>1
zGhep$UIZ+EC1w@N$*hO$7V@08$LF~Bp+7^vh`ylmE7=?fY<TVQN!4$UE7@6lTrm38
z7(9t@93IPucHT;qqnzJ*P`Nu{jqe4lq4o{y-OfX6X**)=e;nF+)&BmtB#YiTN7O`*
znM|^n<mmv>%@o_8BH3xCmJcGIRy>7WoXIdPE8dVi!&FrK12qO0nbs7)MSUa3C3>j^
z{5hs|#rr4_S!Q~z@c_84cn1Xn1*V4L@d0p=X;WiAxTW|T=KEKfb`>9kCo3hUjusfH
zFm*NV10N`E;034aOoU4s`70maGtI%ffjP3t_*3~GT1;NW_Rc>rnTmIjAMP-XNseQI
z42&XhU7HXCr#1F<YG+N3mOl3k|L%w3uRX)*5Cr_{8NLrTezGfg2^>7=33l?1;41Rr
zKRv-t-VxY9{_@qMo<SM70(JyS_8oEUi^&&~B*;{vCI|7Mrv!~Do|fzd3r%FWHXLVT
zBqm&MCnr+4C-N2~-%i!;#i1c3TwAu@DdF0BgK3c&K^bMw-bO~ytm19tLvw=W|H~H@
z+rOtETy4&JN0ZE78pVXVwjc&>XzVN0LJ5v0i`b5CVHMj^d@T$MYl03H+sA3W`6$7@
M2~Icji~Onj4+C(d`~Uy|

delta 1085
zcmYk4KWI}?6vofF)Ha$}WAm?p)>sXgq)}Rs5?Y50f&~jksTf5hr78|W4Mj{uNFmh*
zK@gr02ZurxGDbQipr&!sp@@T&;^N{^#6g^jOa1Q4c`q;Ia^LTK=l(h0J<aXD=5}8_
zU+xJJk@2Q{`f4ve@C)?n2+?DVevAhgM=|C_FXr!nz(JQeFFx^@b1|Pa=lP&lW`8HX
zXgn;RI#68O-P61=XC%rIo?E}Rd~wqF*ScX$eDoQu)*0h%D{O3i7+Qa}@%?s5?{VP}
z(ad3@{Yj>@@S5f^rfK0H$O)#IGQyX9M4_`x`Yw9CW)C<gyoL4Q875tW)-?}+?+Gs;
z-<RPM6(le*fWR!%l7l_qittl?K$hvba08o0b4)LV>(I~LWvU5V7p^;WKlHZn9`dIu
zC8p1gz(|E@+rj<d9pM@-xbHO+;jb(Dt3T^Z*I|F>B|Gu^`Z?Y+xn!Mrkv3CIxD9=H
zlW9zI92@DtC;}-*LKK{KuzRz5FvgM6*RF%Vym+B+Y#W#kz`&iZfmgtxpIrkN!2aJ|
z11;S$a0U9{AEs3~*3z58HR#8aq-+Ou-~`w*P_vs<^-GM8jQ1#tiBVHQT-2oq-PCCn
z%^t9F7&%lOj&o=vrflEL2Tm$NndY)-n0!7}y&Q)PDP_B5+M7|fTd$B7&MLc6%`#?{
z-Kg)N2Xe}8R7)?&G3N6Wl-+lhZrP;uW1~n|bu5U2YYui7s(}PY#vh>^rwdCcNBHC*
aTv%4LD{QvYi^i=4yC>P($lv5oEB^uP{-b9A