]>
Commit | Line | Data |
---|---|---|
249b812d AS |
1 | #include <stdio.h> |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <fcntl.h> | |
5 | #include <libelf.h> | |
6 | #include <gelf.h> | |
7 | #include <errno.h> | |
8 | #include <unistd.h> | |
9 | #include <string.h> | |
10 | #include <stdbool.h> | |
b896c4f9 | 11 | #include <stdlib.h> |
249b812d AS |
12 | #include <linux/bpf.h> |
13 | #include <linux/filter.h> | |
b896c4f9 AS |
14 | #include <linux/perf_event.h> |
15 | #include <sys/syscall.h> | |
16 | #include <sys/ioctl.h> | |
17 | #include <sys/mman.h> | |
18 | #include <poll.h> | |
5bacd780 | 19 | #include <ctype.h> |
249b812d AS |
20 | #include "libbpf.h" |
21 | #include "bpf_helpers.h" | |
22 | #include "bpf_load.h" | |
23 | ||
b896c4f9 AS |
24 | #define DEBUGFS "/sys/kernel/debug/tracing/" |
25 | ||
249b812d | 26 | static char license[128]; |
b896c4f9 | 27 | static int kern_version; |
249b812d AS |
28 | static bool processed_sec[128]; |
29 | int map_fd[MAX_MAPS]; | |
30 | int prog_fd[MAX_PROGS]; | |
b896c4f9 | 31 | int event_fd[MAX_PROGS]; |
249b812d | 32 | int prog_cnt; |
5bacd780 AS |
33 | int prog_array_fd = -1; |
34 | ||
35 | static int populate_prog_array(const char *event, int prog_fd) | |
36 | { | |
37 | int ind = atoi(event), err; | |
38 | ||
39 | err = bpf_update_elem(prog_array_fd, &ind, &prog_fd, BPF_ANY); | |
40 | if (err < 0) { | |
41 | printf("failed to store prog_fd in prog_array\n"); | |
42 | return -1; | |
43 | } | |
44 | return 0; | |
45 | } | |
249b812d AS |
46 | |
47 | static int load_and_attach(const char *event, struct bpf_insn *prog, int size) | |
48 | { | |
249b812d | 49 | bool is_socket = strncmp(event, "socket", 6) == 0; |
b896c4f9 AS |
50 | bool is_kprobe = strncmp(event, "kprobe/", 7) == 0; |
51 | bool is_kretprobe = strncmp(event, "kretprobe/", 10) == 0; | |
c0766040 | 52 | bool is_tracepoint = strncmp(event, "tracepoint/", 11) == 0; |
86af8b41 | 53 | bool is_xdp = strncmp(event, "xdp", 3) == 0; |
1c47910e | 54 | bool is_perf_event = strncmp(event, "perf_event", 10) == 0; |
4f2e7ae5 DA |
55 | bool is_cgroup_skb = strncmp(event, "cgroup/skb", 10) == 0; |
56 | bool is_cgroup_sk = strncmp(event, "cgroup/sock", 11) == 0; | |
b896c4f9 AS |
57 | enum bpf_prog_type prog_type; |
58 | char buf[256]; | |
59 | int fd, efd, err, id; | |
60 | struct perf_event_attr attr = {}; | |
61 | ||
62 | attr.type = PERF_TYPE_TRACEPOINT; | |
63 | attr.sample_type = PERF_SAMPLE_RAW; | |
64 | attr.sample_period = 1; | |
65 | attr.wakeup_events = 1; | |
66 | ||
67 | if (is_socket) { | |
68 | prog_type = BPF_PROG_TYPE_SOCKET_FILTER; | |
69 | } else if (is_kprobe || is_kretprobe) { | |
70 | prog_type = BPF_PROG_TYPE_KPROBE; | |
c0766040 AS |
71 | } else if (is_tracepoint) { |
72 | prog_type = BPF_PROG_TYPE_TRACEPOINT; | |
86af8b41 BB |
73 | } else if (is_xdp) { |
74 | prog_type = BPF_PROG_TYPE_XDP; | |
1c47910e AS |
75 | } else if (is_perf_event) { |
76 | prog_type = BPF_PROG_TYPE_PERF_EVENT; | |
4f2e7ae5 DA |
77 | } else if (is_cgroup_skb) { |
78 | prog_type = BPF_PROG_TYPE_CGROUP_SKB; | |
79 | } else if (is_cgroup_sk) { | |
80 | prog_type = BPF_PROG_TYPE_CGROUP_SOCK; | |
b896c4f9 AS |
81 | } else { |
82 | printf("Unknown event '%s'\n", event); | |
249b812d | 83 | return -1; |
b896c4f9 AS |
84 | } |
85 | ||
5bacd780 AS |
86 | fd = bpf_prog_load(prog_type, prog, size, license, kern_version); |
87 | if (fd < 0) { | |
88 | printf("bpf_prog_load() err=%d\n%s", errno, bpf_log_buf); | |
89 | return -1; | |
90 | } | |
91 | ||
92 | prog_fd[prog_cnt++] = fd; | |
93 | ||
4f2e7ae5 | 94 | if (is_xdp || is_perf_event || is_cgroup_skb || is_cgroup_sk) |
86af8b41 BB |
95 | return 0; |
96 | ||
5bacd780 AS |
97 | if (is_socket) { |
98 | event += 6; | |
99 | if (*event != '/') | |
100 | return 0; | |
101 | event++; | |
102 | if (!isdigit(*event)) { | |
103 | printf("invalid prog number\n"); | |
104 | return -1; | |
105 | } | |
106 | return populate_prog_array(event, fd); | |
107 | } | |
108 | ||
b896c4f9 AS |
109 | if (is_kprobe || is_kretprobe) { |
110 | if (is_kprobe) | |
111 | event += 7; | |
112 | else | |
113 | event += 10; | |
114 | ||
5bacd780 AS |
115 | if (*event == 0) { |
116 | printf("event name cannot be empty\n"); | |
117 | return -1; | |
118 | } | |
119 | ||
120 | if (isdigit(*event)) | |
121 | return populate_prog_array(event, fd); | |
122 | ||
b896c4f9 AS |
123 | snprintf(buf, sizeof(buf), |
124 | "echo '%c:%s %s' >> /sys/kernel/debug/tracing/kprobe_events", | |
125 | is_kprobe ? 'p' : 'r', event, event); | |
126 | err = system(buf); | |
127 | if (err < 0) { | |
128 | printf("failed to create kprobe '%s' error '%s'\n", | |
129 | event, strerror(errno)); | |
130 | return -1; | |
131 | } | |
249b812d | 132 | |
c0766040 AS |
133 | strcpy(buf, DEBUGFS); |
134 | strcat(buf, "events/kprobes/"); | |
135 | strcat(buf, event); | |
136 | strcat(buf, "/id"); | |
137 | } else if (is_tracepoint) { | |
138 | event += 11; | |
139 | ||
140 | if (*event == 0) { | |
141 | printf("event name cannot be empty\n"); | |
142 | return -1; | |
143 | } | |
144 | strcpy(buf, DEBUGFS); | |
145 | strcat(buf, "events/"); | |
146 | strcat(buf, event); | |
147 | strcat(buf, "/id"); | |
148 | } | |
b896c4f9 AS |
149 | |
150 | efd = open(buf, O_RDONLY, 0); | |
151 | if (efd < 0) { | |
152 | printf("failed to open event %s\n", event); | |
153 | return -1; | |
154 | } | |
155 | ||
156 | err = read(efd, buf, sizeof(buf)); | |
157 | if (err < 0 || err >= sizeof(buf)) { | |
158 | printf("read from '%s' failed '%s'\n", event, strerror(errno)); | |
159 | return -1; | |
160 | } | |
161 | ||
162 | close(efd); | |
163 | ||
164 | buf[err] = 0; | |
165 | id = atoi(buf); | |
166 | attr.config = id; | |
167 | ||
168 | efd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, -1/*group_fd*/, 0); | |
169 | if (efd < 0) { | |
170 | printf("event %d fd %d err %s\n", id, efd, strerror(errno)); | |
171 | return -1; | |
172 | } | |
173 | event_fd[prog_cnt - 1] = efd; | |
174 | ioctl(efd, PERF_EVENT_IOC_ENABLE, 0); | |
175 | ioctl(efd, PERF_EVENT_IOC_SET_BPF, fd); | |
176 | ||
249b812d AS |
177 | return 0; |
178 | } | |
179 | ||
180 | static int load_maps(struct bpf_map_def *maps, int len) | |
181 | { | |
182 | int i; | |
183 | ||
184 | for (i = 0; i < len / sizeof(struct bpf_map_def); i++) { | |
185 | ||
186 | map_fd[i] = bpf_create_map(maps[i].type, | |
187 | maps[i].key_size, | |
188 | maps[i].value_size, | |
89b97607 AS |
189 | maps[i].max_entries, |
190 | maps[i].map_flags); | |
618ec9a7 AS |
191 | if (map_fd[i] < 0) { |
192 | printf("failed to create a map: %d %s\n", | |
193 | errno, strerror(errno)); | |
249b812d | 194 | return 1; |
618ec9a7 | 195 | } |
5bacd780 AS |
196 | |
197 | if (maps[i].type == BPF_MAP_TYPE_PROG_ARRAY) | |
198 | prog_array_fd = map_fd[i]; | |
249b812d AS |
199 | } |
200 | return 0; | |
201 | } | |
202 | ||
203 | static int get_sec(Elf *elf, int i, GElf_Ehdr *ehdr, char **shname, | |
204 | GElf_Shdr *shdr, Elf_Data **data) | |
205 | { | |
206 | Elf_Scn *scn; | |
207 | ||
208 | scn = elf_getscn(elf, i); | |
209 | if (!scn) | |
210 | return 1; | |
211 | ||
212 | if (gelf_getshdr(scn, shdr) != shdr) | |
213 | return 2; | |
214 | ||
215 | *shname = elf_strptr(elf, ehdr->e_shstrndx, shdr->sh_name); | |
216 | if (!*shname || !shdr->sh_size) | |
217 | return 3; | |
218 | ||
219 | *data = elf_getdata(scn, 0); | |
220 | if (!*data || elf_getdata(scn, *data) != NULL) | |
221 | return 4; | |
222 | ||
223 | return 0; | |
224 | } | |
225 | ||
226 | static int parse_relo_and_apply(Elf_Data *data, Elf_Data *symbols, | |
227 | GElf_Shdr *shdr, struct bpf_insn *insn) | |
228 | { | |
229 | int i, nrels; | |
230 | ||
231 | nrels = shdr->sh_size / shdr->sh_entsize; | |
232 | ||
233 | for (i = 0; i < nrels; i++) { | |
234 | GElf_Sym sym; | |
235 | GElf_Rel rel; | |
236 | unsigned int insn_idx; | |
237 | ||
238 | gelf_getrel(data, i, &rel); | |
239 | ||
240 | insn_idx = rel.r_offset / sizeof(struct bpf_insn); | |
241 | ||
242 | gelf_getsym(symbols, GELF_R_SYM(rel.r_info), &sym); | |
243 | ||
244 | if (insn[insn_idx].code != (BPF_LD | BPF_IMM | BPF_DW)) { | |
245 | printf("invalid relo for insn[%d].code 0x%x\n", | |
246 | insn_idx, insn[insn_idx].code); | |
247 | return 1; | |
248 | } | |
249 | insn[insn_idx].src_reg = BPF_PSEUDO_MAP_FD; | |
250 | insn[insn_idx].imm = map_fd[sym.st_value / sizeof(struct bpf_map_def)]; | |
251 | } | |
252 | ||
253 | return 0; | |
254 | } | |
255 | ||
256 | int load_bpf_file(char *path) | |
257 | { | |
258 | int fd, i; | |
259 | Elf *elf; | |
260 | GElf_Ehdr ehdr; | |
261 | GElf_Shdr shdr, shdr_prog; | |
262 | Elf_Data *data, *data_prog, *symbols = NULL; | |
263 | char *shname, *shname_prog; | |
264 | ||
265 | if (elf_version(EV_CURRENT) == EV_NONE) | |
266 | return 1; | |
267 | ||
268 | fd = open(path, O_RDONLY, 0); | |
269 | if (fd < 0) | |
270 | return 1; | |
271 | ||
272 | elf = elf_begin(fd, ELF_C_READ, NULL); | |
273 | ||
274 | if (!elf) | |
275 | return 1; | |
276 | ||
277 | if (gelf_getehdr(elf, &ehdr) != &ehdr) | |
278 | return 1; | |
279 | ||
b896c4f9 AS |
280 | /* clear all kprobes */ |
281 | i = system("echo \"\" > /sys/kernel/debug/tracing/kprobe_events"); | |
282 | ||
249b812d AS |
283 | /* scan over all elf sections to get license and map info */ |
284 | for (i = 1; i < ehdr.e_shnum; i++) { | |
285 | ||
286 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
287 | continue; | |
288 | ||
289 | if (0) /* helpful for llvm debugging */ | |
290 | printf("section %d:%s data %p size %zd link %d flags %d\n", | |
291 | i, shname, data->d_buf, data->d_size, | |
292 | shdr.sh_link, (int) shdr.sh_flags); | |
293 | ||
294 | if (strcmp(shname, "license") == 0) { | |
295 | processed_sec[i] = true; | |
296 | memcpy(license, data->d_buf, data->d_size); | |
b896c4f9 AS |
297 | } else if (strcmp(shname, "version") == 0) { |
298 | processed_sec[i] = true; | |
299 | if (data->d_size != sizeof(int)) { | |
300 | printf("invalid size of version section %zd\n", | |
301 | data->d_size); | |
302 | return 1; | |
303 | } | |
304 | memcpy(&kern_version, data->d_buf, sizeof(int)); | |
249b812d AS |
305 | } else if (strcmp(shname, "maps") == 0) { |
306 | processed_sec[i] = true; | |
307 | if (load_maps(data->d_buf, data->d_size)) | |
308 | return 1; | |
309 | } else if (shdr.sh_type == SHT_SYMTAB) { | |
310 | symbols = data; | |
311 | } | |
312 | } | |
313 | ||
314 | /* load programs that need map fixup (relocations) */ | |
315 | for (i = 1; i < ehdr.e_shnum; i++) { | |
316 | ||
317 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
318 | continue; | |
319 | if (shdr.sh_type == SHT_REL) { | |
320 | struct bpf_insn *insns; | |
321 | ||
322 | if (get_sec(elf, shdr.sh_info, &ehdr, &shname_prog, | |
323 | &shdr_prog, &data_prog)) | |
324 | continue; | |
325 | ||
db6a71dd AS |
326 | if (shdr_prog.sh_type != SHT_PROGBITS || |
327 | !(shdr_prog.sh_flags & SHF_EXECINSTR)) | |
328 | continue; | |
329 | ||
249b812d AS |
330 | insns = (struct bpf_insn *) data_prog->d_buf; |
331 | ||
332 | processed_sec[shdr.sh_info] = true; | |
333 | processed_sec[i] = true; | |
334 | ||
335 | if (parse_relo_and_apply(data, symbols, &shdr, insns)) | |
336 | continue; | |
337 | ||
b896c4f9 AS |
338 | if (memcmp(shname_prog, "kprobe/", 7) == 0 || |
339 | memcmp(shname_prog, "kretprobe/", 10) == 0 || | |
c0766040 | 340 | memcmp(shname_prog, "tracepoint/", 11) == 0 || |
86af8b41 | 341 | memcmp(shname_prog, "xdp", 3) == 0 || |
1c47910e | 342 | memcmp(shname_prog, "perf_event", 10) == 0 || |
4f2e7ae5 DA |
343 | memcmp(shname_prog, "socket", 6) == 0 || |
344 | memcmp(shname_prog, "cgroup/", 7) == 0) | |
249b812d AS |
345 | load_and_attach(shname_prog, insns, data_prog->d_size); |
346 | } | |
347 | } | |
348 | ||
349 | /* load programs that don't use maps */ | |
350 | for (i = 1; i < ehdr.e_shnum; i++) { | |
351 | ||
352 | if (processed_sec[i]) | |
353 | continue; | |
354 | ||
355 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
356 | continue; | |
357 | ||
b896c4f9 AS |
358 | if (memcmp(shname, "kprobe/", 7) == 0 || |
359 | memcmp(shname, "kretprobe/", 10) == 0 || | |
c0766040 | 360 | memcmp(shname, "tracepoint/", 11) == 0 || |
86af8b41 | 361 | memcmp(shname, "xdp", 3) == 0 || |
1c47910e | 362 | memcmp(shname, "perf_event", 10) == 0 || |
4f2e7ae5 DA |
363 | memcmp(shname, "socket", 6) == 0 || |
364 | memcmp(shname, "cgroup/", 7) == 0) | |
249b812d AS |
365 | load_and_attach(shname, data->d_buf, data->d_size); |
366 | } | |
367 | ||
368 | close(fd); | |
369 | return 0; | |
370 | } | |
b896c4f9 AS |
371 | |
372 | void read_trace_pipe(void) | |
373 | { | |
374 | int trace_fd; | |
375 | ||
376 | trace_fd = open(DEBUGFS "trace_pipe", O_RDONLY, 0); | |
377 | if (trace_fd < 0) | |
378 | return; | |
379 | ||
380 | while (1) { | |
381 | static char buf[4096]; | |
382 | ssize_t sz; | |
383 | ||
384 | sz = read(trace_fd, buf, sizeof(buf)); | |
385 | if (sz > 0) { | |
386 | buf[sz] = 0; | |
387 | puts(buf); | |
388 | } | |
389 | } | |
390 | } | |
3622e7e4 AS |
391 | |
392 | #define MAX_SYMS 300000 | |
393 | static struct ksym syms[MAX_SYMS]; | |
394 | static int sym_cnt; | |
395 | ||
396 | static int ksym_cmp(const void *p1, const void *p2) | |
397 | { | |
398 | return ((struct ksym *)p1)->addr - ((struct ksym *)p2)->addr; | |
399 | } | |
400 | ||
401 | int load_kallsyms(void) | |
402 | { | |
403 | FILE *f = fopen("/proc/kallsyms", "r"); | |
404 | char func[256], buf[256]; | |
405 | char symbol; | |
406 | void *addr; | |
407 | int i = 0; | |
408 | ||
409 | if (!f) | |
410 | return -ENOENT; | |
411 | ||
412 | while (!feof(f)) { | |
413 | if (!fgets(buf, sizeof(buf), f)) | |
414 | break; | |
415 | if (sscanf(buf, "%p %c %s", &addr, &symbol, func) != 3) | |
416 | break; | |
417 | if (!addr) | |
418 | continue; | |
419 | syms[i].addr = (long) addr; | |
420 | syms[i].name = strdup(func); | |
421 | i++; | |
422 | } | |
423 | sym_cnt = i; | |
424 | qsort(syms, sym_cnt, sizeof(struct ksym), ksym_cmp); | |
425 | return 0; | |
426 | } | |
427 | ||
428 | struct ksym *ksym_search(long key) | |
429 | { | |
430 | int start = 0, end = sym_cnt; | |
431 | int result; | |
432 | ||
433 | while (start < end) { | |
434 | size_t mid = start + (end - start) / 2; | |
435 | ||
436 | result = key - syms[mid].addr; | |
437 | if (result < 0) | |
438 | end = mid; | |
439 | else if (result > 0) | |
440 | start = mid + 1; | |
441 | else | |
442 | return &syms[mid]; | |
443 | } | |
444 | ||
445 | if (start >= 1 && syms[start - 1].addr < key && | |
446 | key < syms[start].addr) | |
447 | /* valid ksym */ | |
448 | return &syms[start - 1]; | |
449 | ||
450 | /* out of range. return _stext */ | |
451 | return &syms[0]; | |
452 | } |