Commit | Line | Data |
---|---|---|
249b812d AS |
1 | #include <stdio.h> |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <fcntl.h> | |
5 | #include <libelf.h> | |
6 | #include <gelf.h> | |
7 | #include <errno.h> | |
8 | #include <unistd.h> | |
9 | #include <string.h> | |
10 | #include <stdbool.h> | |
b896c4f9 | 11 | #include <stdlib.h> |
249b812d AS |
12 | #include <linux/bpf.h> |
13 | #include <linux/filter.h> | |
b896c4f9 AS |
14 | #include <linux/perf_event.h> |
15 | #include <sys/syscall.h> | |
16 | #include <sys/ioctl.h> | |
17 | #include <sys/mman.h> | |
18 | #include <poll.h> | |
5bacd780 | 19 | #include <ctype.h> |
249b812d AS |
20 | #include "libbpf.h" |
21 | #include "bpf_helpers.h" | |
22 | #include "bpf_load.h" | |
23 | ||
b896c4f9 AS |
24 | #define DEBUGFS "/sys/kernel/debug/tracing/" |
25 | ||
249b812d | 26 | static char license[128]; |
b896c4f9 | 27 | static int kern_version; |
249b812d AS |
28 | static bool processed_sec[128]; |
29 | int map_fd[MAX_MAPS]; | |
30 | int prog_fd[MAX_PROGS]; | |
b896c4f9 | 31 | int event_fd[MAX_PROGS]; |
249b812d | 32 | int prog_cnt; |
5bacd780 AS |
33 | int prog_array_fd = -1; |
34 | ||
35 | static int populate_prog_array(const char *event, int prog_fd) | |
36 | { | |
37 | int ind = atoi(event), err; | |
38 | ||
39 | err = bpf_update_elem(prog_array_fd, &ind, &prog_fd, BPF_ANY); | |
40 | if (err < 0) { | |
41 | printf("failed to store prog_fd in prog_array\n"); | |
42 | return -1; | |
43 | } | |
44 | return 0; | |
45 | } | |
249b812d AS |
46 | |
47 | static int load_and_attach(const char *event, struct bpf_insn *prog, int size) | |
48 | { | |
249b812d | 49 | bool is_socket = strncmp(event, "socket", 6) == 0; |
b896c4f9 AS |
50 | bool is_kprobe = strncmp(event, "kprobe/", 7) == 0; |
51 | bool is_kretprobe = strncmp(event, "kretprobe/", 10) == 0; | |
c0766040 | 52 | bool is_tracepoint = strncmp(event, "tracepoint/", 11) == 0; |
86af8b41 | 53 | bool is_xdp = strncmp(event, "xdp", 3) == 0; |
b896c4f9 AS |
54 | enum bpf_prog_type prog_type; |
55 | char buf[256]; | |
56 | int fd, efd, err, id; | |
57 | struct perf_event_attr attr = {}; | |
58 | ||
59 | attr.type = PERF_TYPE_TRACEPOINT; | |
60 | attr.sample_type = PERF_SAMPLE_RAW; | |
61 | attr.sample_period = 1; | |
62 | attr.wakeup_events = 1; | |
63 | ||
64 | if (is_socket) { | |
65 | prog_type = BPF_PROG_TYPE_SOCKET_FILTER; | |
66 | } else if (is_kprobe || is_kretprobe) { | |
67 | prog_type = BPF_PROG_TYPE_KPROBE; | |
c0766040 AS |
68 | } else if (is_tracepoint) { |
69 | prog_type = BPF_PROG_TYPE_TRACEPOINT; | |
86af8b41 BB |
70 | } else if (is_xdp) { |
71 | prog_type = BPF_PROG_TYPE_XDP; | |
b896c4f9 AS |
72 | } else { |
73 | printf("Unknown event '%s'\n", event); | |
249b812d | 74 | return -1; |
b896c4f9 AS |
75 | } |
76 | ||
5bacd780 AS |
77 | fd = bpf_prog_load(prog_type, prog, size, license, kern_version); |
78 | if (fd < 0) { | |
79 | printf("bpf_prog_load() err=%d\n%s", errno, bpf_log_buf); | |
80 | return -1; | |
81 | } | |
82 | ||
83 | prog_fd[prog_cnt++] = fd; | |
84 | ||
86af8b41 BB |
85 | if (is_xdp) |
86 | return 0; | |
87 | ||
5bacd780 AS |
88 | if (is_socket) { |
89 | event += 6; | |
90 | if (*event != '/') | |
91 | return 0; | |
92 | event++; | |
93 | if (!isdigit(*event)) { | |
94 | printf("invalid prog number\n"); | |
95 | return -1; | |
96 | } | |
97 | return populate_prog_array(event, fd); | |
98 | } | |
99 | ||
b896c4f9 AS |
100 | if (is_kprobe || is_kretprobe) { |
101 | if (is_kprobe) | |
102 | event += 7; | |
103 | else | |
104 | event += 10; | |
105 | ||
5bacd780 AS |
106 | if (*event == 0) { |
107 | printf("event name cannot be empty\n"); | |
108 | return -1; | |
109 | } | |
110 | ||
111 | if (isdigit(*event)) | |
112 | return populate_prog_array(event, fd); | |
113 | ||
b896c4f9 AS |
114 | snprintf(buf, sizeof(buf), |
115 | "echo '%c:%s %s' >> /sys/kernel/debug/tracing/kprobe_events", | |
116 | is_kprobe ? 'p' : 'r', event, event); | |
117 | err = system(buf); | |
118 | if (err < 0) { | |
119 | printf("failed to create kprobe '%s' error '%s'\n", | |
120 | event, strerror(errno)); | |
121 | return -1; | |
122 | } | |
249b812d | 123 | |
c0766040 AS |
124 | strcpy(buf, DEBUGFS); |
125 | strcat(buf, "events/kprobes/"); | |
126 | strcat(buf, event); | |
127 | strcat(buf, "/id"); | |
128 | } else if (is_tracepoint) { | |
129 | event += 11; | |
130 | ||
131 | if (*event == 0) { | |
132 | printf("event name cannot be empty\n"); | |
133 | return -1; | |
134 | } | |
135 | strcpy(buf, DEBUGFS); | |
136 | strcat(buf, "events/"); | |
137 | strcat(buf, event); | |
138 | strcat(buf, "/id"); | |
139 | } | |
b896c4f9 AS |
140 | |
141 | efd = open(buf, O_RDONLY, 0); | |
142 | if (efd < 0) { | |
143 | printf("failed to open event %s\n", event); | |
144 | return -1; | |
145 | } | |
146 | ||
147 | err = read(efd, buf, sizeof(buf)); | |
148 | if (err < 0 || err >= sizeof(buf)) { | |
149 | printf("read from '%s' failed '%s'\n", event, strerror(errno)); | |
150 | return -1; | |
151 | } | |
152 | ||
153 | close(efd); | |
154 | ||
155 | buf[err] = 0; | |
156 | id = atoi(buf); | |
157 | attr.config = id; | |
158 | ||
159 | efd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, -1/*group_fd*/, 0); | |
160 | if (efd < 0) { | |
161 | printf("event %d fd %d err %s\n", id, efd, strerror(errno)); | |
162 | return -1; | |
163 | } | |
164 | event_fd[prog_cnt - 1] = efd; | |
165 | ioctl(efd, PERF_EVENT_IOC_ENABLE, 0); | |
166 | ioctl(efd, PERF_EVENT_IOC_SET_BPF, fd); | |
167 | ||
249b812d AS |
168 | return 0; |
169 | } | |
170 | ||
171 | static int load_maps(struct bpf_map_def *maps, int len) | |
172 | { | |
173 | int i; | |
174 | ||
175 | for (i = 0; i < len / sizeof(struct bpf_map_def); i++) { | |
176 | ||
177 | map_fd[i] = bpf_create_map(maps[i].type, | |
178 | maps[i].key_size, | |
179 | maps[i].value_size, | |
89b97607 AS |
180 | maps[i].max_entries, |
181 | maps[i].map_flags); | |
618ec9a7 AS |
182 | if (map_fd[i] < 0) { |
183 | printf("failed to create a map: %d %s\n", | |
184 | errno, strerror(errno)); | |
249b812d | 185 | return 1; |
618ec9a7 | 186 | } |
5bacd780 AS |
187 | |
188 | if (maps[i].type == BPF_MAP_TYPE_PROG_ARRAY) | |
189 | prog_array_fd = map_fd[i]; | |
249b812d AS |
190 | } |
191 | return 0; | |
192 | } | |
193 | ||
194 | static int get_sec(Elf *elf, int i, GElf_Ehdr *ehdr, char **shname, | |
195 | GElf_Shdr *shdr, Elf_Data **data) | |
196 | { | |
197 | Elf_Scn *scn; | |
198 | ||
199 | scn = elf_getscn(elf, i); | |
200 | if (!scn) | |
201 | return 1; | |
202 | ||
203 | if (gelf_getshdr(scn, shdr) != shdr) | |
204 | return 2; | |
205 | ||
206 | *shname = elf_strptr(elf, ehdr->e_shstrndx, shdr->sh_name); | |
207 | if (!*shname || !shdr->sh_size) | |
208 | return 3; | |
209 | ||
210 | *data = elf_getdata(scn, 0); | |
211 | if (!*data || elf_getdata(scn, *data) != NULL) | |
212 | return 4; | |
213 | ||
214 | return 0; | |
215 | } | |
216 | ||
217 | static int parse_relo_and_apply(Elf_Data *data, Elf_Data *symbols, | |
218 | GElf_Shdr *shdr, struct bpf_insn *insn) | |
219 | { | |
220 | int i, nrels; | |
221 | ||
222 | nrels = shdr->sh_size / shdr->sh_entsize; | |
223 | ||
224 | for (i = 0; i < nrels; i++) { | |
225 | GElf_Sym sym; | |
226 | GElf_Rel rel; | |
227 | unsigned int insn_idx; | |
228 | ||
229 | gelf_getrel(data, i, &rel); | |
230 | ||
231 | insn_idx = rel.r_offset / sizeof(struct bpf_insn); | |
232 | ||
233 | gelf_getsym(symbols, GELF_R_SYM(rel.r_info), &sym); | |
234 | ||
235 | if (insn[insn_idx].code != (BPF_LD | BPF_IMM | BPF_DW)) { | |
236 | printf("invalid relo for insn[%d].code 0x%x\n", | |
237 | insn_idx, insn[insn_idx].code); | |
238 | return 1; | |
239 | } | |
240 | insn[insn_idx].src_reg = BPF_PSEUDO_MAP_FD; | |
241 | insn[insn_idx].imm = map_fd[sym.st_value / sizeof(struct bpf_map_def)]; | |
242 | } | |
243 | ||
244 | return 0; | |
245 | } | |
246 | ||
247 | int load_bpf_file(char *path) | |
248 | { | |
249 | int fd, i; | |
250 | Elf *elf; | |
251 | GElf_Ehdr ehdr; | |
252 | GElf_Shdr shdr, shdr_prog; | |
253 | Elf_Data *data, *data_prog, *symbols = NULL; | |
254 | char *shname, *shname_prog; | |
255 | ||
256 | if (elf_version(EV_CURRENT) == EV_NONE) | |
257 | return 1; | |
258 | ||
259 | fd = open(path, O_RDONLY, 0); | |
260 | if (fd < 0) | |
261 | return 1; | |
262 | ||
263 | elf = elf_begin(fd, ELF_C_READ, NULL); | |
264 | ||
265 | if (!elf) | |
266 | return 1; | |
267 | ||
268 | if (gelf_getehdr(elf, &ehdr) != &ehdr) | |
269 | return 1; | |
270 | ||
b896c4f9 AS |
271 | /* clear all kprobes */ |
272 | i = system("echo \"\" > /sys/kernel/debug/tracing/kprobe_events"); | |
273 | ||
249b812d AS |
274 | /* scan over all elf sections to get license and map info */ |
275 | for (i = 1; i < ehdr.e_shnum; i++) { | |
276 | ||
277 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
278 | continue; | |
279 | ||
280 | if (0) /* helpful for llvm debugging */ | |
281 | printf("section %d:%s data %p size %zd link %d flags %d\n", | |
282 | i, shname, data->d_buf, data->d_size, | |
283 | shdr.sh_link, (int) shdr.sh_flags); | |
284 | ||
285 | if (strcmp(shname, "license") == 0) { | |
286 | processed_sec[i] = true; | |
287 | memcpy(license, data->d_buf, data->d_size); | |
b896c4f9 AS |
288 | } else if (strcmp(shname, "version") == 0) { |
289 | processed_sec[i] = true; | |
290 | if (data->d_size != sizeof(int)) { | |
291 | printf("invalid size of version section %zd\n", | |
292 | data->d_size); | |
293 | return 1; | |
294 | } | |
295 | memcpy(&kern_version, data->d_buf, sizeof(int)); | |
249b812d AS |
296 | } else if (strcmp(shname, "maps") == 0) { |
297 | processed_sec[i] = true; | |
298 | if (load_maps(data->d_buf, data->d_size)) | |
299 | return 1; | |
300 | } else if (shdr.sh_type == SHT_SYMTAB) { | |
301 | symbols = data; | |
302 | } | |
303 | } | |
304 | ||
305 | /* load programs that need map fixup (relocations) */ | |
306 | for (i = 1; i < ehdr.e_shnum; i++) { | |
307 | ||
308 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
309 | continue; | |
310 | if (shdr.sh_type == SHT_REL) { | |
311 | struct bpf_insn *insns; | |
312 | ||
313 | if (get_sec(elf, shdr.sh_info, &ehdr, &shname_prog, | |
314 | &shdr_prog, &data_prog)) | |
315 | continue; | |
316 | ||
317 | insns = (struct bpf_insn *) data_prog->d_buf; | |
318 | ||
319 | processed_sec[shdr.sh_info] = true; | |
320 | processed_sec[i] = true; | |
321 | ||
322 | if (parse_relo_and_apply(data, symbols, &shdr, insns)) | |
323 | continue; | |
324 | ||
b896c4f9 AS |
325 | if (memcmp(shname_prog, "kprobe/", 7) == 0 || |
326 | memcmp(shname_prog, "kretprobe/", 10) == 0 || | |
c0766040 | 327 | memcmp(shname_prog, "tracepoint/", 11) == 0 || |
86af8b41 | 328 | memcmp(shname_prog, "xdp", 3) == 0 || |
249b812d AS |
329 | memcmp(shname_prog, "socket", 6) == 0) |
330 | load_and_attach(shname_prog, insns, data_prog->d_size); | |
331 | } | |
332 | } | |
333 | ||
334 | /* load programs that don't use maps */ | |
335 | for (i = 1; i < ehdr.e_shnum; i++) { | |
336 | ||
337 | if (processed_sec[i]) | |
338 | continue; | |
339 | ||
340 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
341 | continue; | |
342 | ||
b896c4f9 AS |
343 | if (memcmp(shname, "kprobe/", 7) == 0 || |
344 | memcmp(shname, "kretprobe/", 10) == 0 || | |
c0766040 | 345 | memcmp(shname, "tracepoint/", 11) == 0 || |
86af8b41 | 346 | memcmp(shname, "xdp", 3) == 0 || |
249b812d AS |
347 | memcmp(shname, "socket", 6) == 0) |
348 | load_and_attach(shname, data->d_buf, data->d_size); | |
349 | } | |
350 | ||
351 | close(fd); | |
352 | return 0; | |
353 | } | |
b896c4f9 AS |
354 | |
355 | void read_trace_pipe(void) | |
356 | { | |
357 | int trace_fd; | |
358 | ||
359 | trace_fd = open(DEBUGFS "trace_pipe", O_RDONLY, 0); | |
360 | if (trace_fd < 0) | |
361 | return; | |
362 | ||
363 | while (1) { | |
364 | static char buf[4096]; | |
365 | ssize_t sz; | |
366 | ||
367 | sz = read(trace_fd, buf, sizeof(buf)); | |
368 | if (sz > 0) { | |
369 | buf[sz] = 0; | |
370 | puts(buf); | |
371 | } | |
372 | } | |
373 | } | |
3622e7e4 AS |
374 | |
375 | #define MAX_SYMS 300000 | |
376 | static struct ksym syms[MAX_SYMS]; | |
377 | static int sym_cnt; | |
378 | ||
379 | static int ksym_cmp(const void *p1, const void *p2) | |
380 | { | |
381 | return ((struct ksym *)p1)->addr - ((struct ksym *)p2)->addr; | |
382 | } | |
383 | ||
384 | int load_kallsyms(void) | |
385 | { | |
386 | FILE *f = fopen("/proc/kallsyms", "r"); | |
387 | char func[256], buf[256]; | |
388 | char symbol; | |
389 | void *addr; | |
390 | int i = 0; | |
391 | ||
392 | if (!f) | |
393 | return -ENOENT; | |
394 | ||
395 | while (!feof(f)) { | |
396 | if (!fgets(buf, sizeof(buf), f)) | |
397 | break; | |
398 | if (sscanf(buf, "%p %c %s", &addr, &symbol, func) != 3) | |
399 | break; | |
400 | if (!addr) | |
401 | continue; | |
402 | syms[i].addr = (long) addr; | |
403 | syms[i].name = strdup(func); | |
404 | i++; | |
405 | } | |
406 | sym_cnt = i; | |
407 | qsort(syms, sym_cnt, sizeof(struct ksym), ksym_cmp); | |
408 | return 0; | |
409 | } | |
410 | ||
411 | struct ksym *ksym_search(long key) | |
412 | { | |
413 | int start = 0, end = sym_cnt; | |
414 | int result; | |
415 | ||
416 | while (start < end) { | |
417 | size_t mid = start + (end - start) / 2; | |
418 | ||
419 | result = key - syms[mid].addr; | |
420 | if (result < 0) | |
421 | end = mid; | |
422 | else if (result > 0) | |
423 | start = mid + 1; | |
424 | else | |
425 | return &syms[mid]; | |
426 | } | |
427 | ||
428 | if (start >= 1 && syms[start - 1].addr < key && | |
429 | key < syms[start].addr) | |
430 | /* valid ksym */ | |
431 | return &syms[start - 1]; | |
432 | ||
433 | /* out of range. return _stext */ | |
434 | return &syms[0]; | |
435 | } |