Commit | Line | Data |
---|---|---|
249b812d AS |
1 | #include <stdio.h> |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <fcntl.h> | |
5 | #include <libelf.h> | |
6 | #include <gelf.h> | |
7 | #include <errno.h> | |
8 | #include <unistd.h> | |
9 | #include <string.h> | |
10 | #include <stdbool.h> | |
b896c4f9 | 11 | #include <stdlib.h> |
249b812d AS |
12 | #include <linux/bpf.h> |
13 | #include <linux/filter.h> | |
b896c4f9 AS |
14 | #include <linux/perf_event.h> |
15 | #include <sys/syscall.h> | |
16 | #include <sys/ioctl.h> | |
17 | #include <sys/mman.h> | |
18 | #include <poll.h> | |
5bacd780 | 19 | #include <ctype.h> |
249b812d AS |
20 | #include "libbpf.h" |
21 | #include "bpf_helpers.h" | |
22 | #include "bpf_load.h" | |
23 | ||
b896c4f9 AS |
24 | #define DEBUGFS "/sys/kernel/debug/tracing/" |
25 | ||
249b812d | 26 | static char license[128]; |
b896c4f9 | 27 | static int kern_version; |
249b812d AS |
28 | static bool processed_sec[128]; |
29 | int map_fd[MAX_MAPS]; | |
30 | int prog_fd[MAX_PROGS]; | |
b896c4f9 | 31 | int event_fd[MAX_PROGS]; |
249b812d | 32 | int prog_cnt; |
5bacd780 AS |
33 | int prog_array_fd = -1; |
34 | ||
35 | static int populate_prog_array(const char *event, int prog_fd) | |
36 | { | |
37 | int ind = atoi(event), err; | |
38 | ||
39 | err = bpf_update_elem(prog_array_fd, &ind, &prog_fd, BPF_ANY); | |
40 | if (err < 0) { | |
41 | printf("failed to store prog_fd in prog_array\n"); | |
42 | return -1; | |
43 | } | |
44 | return 0; | |
45 | } | |
249b812d AS |
46 | |
47 | static int load_and_attach(const char *event, struct bpf_insn *prog, int size) | |
48 | { | |
249b812d | 49 | bool is_socket = strncmp(event, "socket", 6) == 0; |
b896c4f9 AS |
50 | bool is_kprobe = strncmp(event, "kprobe/", 7) == 0; |
51 | bool is_kretprobe = strncmp(event, "kretprobe/", 10) == 0; | |
c0766040 | 52 | bool is_tracepoint = strncmp(event, "tracepoint/", 11) == 0; |
86af8b41 | 53 | bool is_xdp = strncmp(event, "xdp", 3) == 0; |
1c47910e | 54 | bool is_perf_event = strncmp(event, "perf_event", 10) == 0; |
b896c4f9 AS |
55 | enum bpf_prog_type prog_type; |
56 | char buf[256]; | |
57 | int fd, efd, err, id; | |
58 | struct perf_event_attr attr = {}; | |
59 | ||
60 | attr.type = PERF_TYPE_TRACEPOINT; | |
61 | attr.sample_type = PERF_SAMPLE_RAW; | |
62 | attr.sample_period = 1; | |
63 | attr.wakeup_events = 1; | |
64 | ||
65 | if (is_socket) { | |
66 | prog_type = BPF_PROG_TYPE_SOCKET_FILTER; | |
67 | } else if (is_kprobe || is_kretprobe) { | |
68 | prog_type = BPF_PROG_TYPE_KPROBE; | |
c0766040 AS |
69 | } else if (is_tracepoint) { |
70 | prog_type = BPF_PROG_TYPE_TRACEPOINT; | |
86af8b41 BB |
71 | } else if (is_xdp) { |
72 | prog_type = BPF_PROG_TYPE_XDP; | |
1c47910e AS |
73 | } else if (is_perf_event) { |
74 | prog_type = BPF_PROG_TYPE_PERF_EVENT; | |
b896c4f9 AS |
75 | } else { |
76 | printf("Unknown event '%s'\n", event); | |
249b812d | 77 | return -1; |
b896c4f9 AS |
78 | } |
79 | ||
5bacd780 AS |
80 | fd = bpf_prog_load(prog_type, prog, size, license, kern_version); |
81 | if (fd < 0) { | |
82 | printf("bpf_prog_load() err=%d\n%s", errno, bpf_log_buf); | |
83 | return -1; | |
84 | } | |
85 | ||
86 | prog_fd[prog_cnt++] = fd; | |
87 | ||
1c47910e | 88 | if (is_xdp || is_perf_event) |
86af8b41 BB |
89 | return 0; |
90 | ||
5bacd780 AS |
91 | if (is_socket) { |
92 | event += 6; | |
93 | if (*event != '/') | |
94 | return 0; | |
95 | event++; | |
96 | if (!isdigit(*event)) { | |
97 | printf("invalid prog number\n"); | |
98 | return -1; | |
99 | } | |
100 | return populate_prog_array(event, fd); | |
101 | } | |
102 | ||
b896c4f9 AS |
103 | if (is_kprobe || is_kretprobe) { |
104 | if (is_kprobe) | |
105 | event += 7; | |
106 | else | |
107 | event += 10; | |
108 | ||
5bacd780 AS |
109 | if (*event == 0) { |
110 | printf("event name cannot be empty\n"); | |
111 | return -1; | |
112 | } | |
113 | ||
114 | if (isdigit(*event)) | |
115 | return populate_prog_array(event, fd); | |
116 | ||
b896c4f9 AS |
117 | snprintf(buf, sizeof(buf), |
118 | "echo '%c:%s %s' >> /sys/kernel/debug/tracing/kprobe_events", | |
119 | is_kprobe ? 'p' : 'r', event, event); | |
120 | err = system(buf); | |
121 | if (err < 0) { | |
122 | printf("failed to create kprobe '%s' error '%s'\n", | |
123 | event, strerror(errno)); | |
124 | return -1; | |
125 | } | |
249b812d | 126 | |
c0766040 AS |
127 | strcpy(buf, DEBUGFS); |
128 | strcat(buf, "events/kprobes/"); | |
129 | strcat(buf, event); | |
130 | strcat(buf, "/id"); | |
131 | } else if (is_tracepoint) { | |
132 | event += 11; | |
133 | ||
134 | if (*event == 0) { | |
135 | printf("event name cannot be empty\n"); | |
136 | return -1; | |
137 | } | |
138 | strcpy(buf, DEBUGFS); | |
139 | strcat(buf, "events/"); | |
140 | strcat(buf, event); | |
141 | strcat(buf, "/id"); | |
142 | } | |
b896c4f9 AS |
143 | |
144 | efd = open(buf, O_RDONLY, 0); | |
145 | if (efd < 0) { | |
146 | printf("failed to open event %s\n", event); | |
147 | return -1; | |
148 | } | |
149 | ||
150 | err = read(efd, buf, sizeof(buf)); | |
151 | if (err < 0 || err >= sizeof(buf)) { | |
152 | printf("read from '%s' failed '%s'\n", event, strerror(errno)); | |
153 | return -1; | |
154 | } | |
155 | ||
156 | close(efd); | |
157 | ||
158 | buf[err] = 0; | |
159 | id = atoi(buf); | |
160 | attr.config = id; | |
161 | ||
162 | efd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, -1/*group_fd*/, 0); | |
163 | if (efd < 0) { | |
164 | printf("event %d fd %d err %s\n", id, efd, strerror(errno)); | |
165 | return -1; | |
166 | } | |
167 | event_fd[prog_cnt - 1] = efd; | |
168 | ioctl(efd, PERF_EVENT_IOC_ENABLE, 0); | |
169 | ioctl(efd, PERF_EVENT_IOC_SET_BPF, fd); | |
170 | ||
249b812d AS |
171 | return 0; |
172 | } | |
173 | ||
174 | static int load_maps(struct bpf_map_def *maps, int len) | |
175 | { | |
176 | int i; | |
177 | ||
178 | for (i = 0; i < len / sizeof(struct bpf_map_def); i++) { | |
179 | ||
180 | map_fd[i] = bpf_create_map(maps[i].type, | |
181 | maps[i].key_size, | |
182 | maps[i].value_size, | |
89b97607 AS |
183 | maps[i].max_entries, |
184 | maps[i].map_flags); | |
618ec9a7 AS |
185 | if (map_fd[i] < 0) { |
186 | printf("failed to create a map: %d %s\n", | |
187 | errno, strerror(errno)); | |
249b812d | 188 | return 1; |
618ec9a7 | 189 | } |
5bacd780 AS |
190 | |
191 | if (maps[i].type == BPF_MAP_TYPE_PROG_ARRAY) | |
192 | prog_array_fd = map_fd[i]; | |
249b812d AS |
193 | } |
194 | return 0; | |
195 | } | |
196 | ||
197 | static int get_sec(Elf *elf, int i, GElf_Ehdr *ehdr, char **shname, | |
198 | GElf_Shdr *shdr, Elf_Data **data) | |
199 | { | |
200 | Elf_Scn *scn; | |
201 | ||
202 | scn = elf_getscn(elf, i); | |
203 | if (!scn) | |
204 | return 1; | |
205 | ||
206 | if (gelf_getshdr(scn, shdr) != shdr) | |
207 | return 2; | |
208 | ||
209 | *shname = elf_strptr(elf, ehdr->e_shstrndx, shdr->sh_name); | |
210 | if (!*shname || !shdr->sh_size) | |
211 | return 3; | |
212 | ||
213 | *data = elf_getdata(scn, 0); | |
214 | if (!*data || elf_getdata(scn, *data) != NULL) | |
215 | return 4; | |
216 | ||
217 | return 0; | |
218 | } | |
219 | ||
220 | static int parse_relo_and_apply(Elf_Data *data, Elf_Data *symbols, | |
221 | GElf_Shdr *shdr, struct bpf_insn *insn) | |
222 | { | |
223 | int i, nrels; | |
224 | ||
225 | nrels = shdr->sh_size / shdr->sh_entsize; | |
226 | ||
227 | for (i = 0; i < nrels; i++) { | |
228 | GElf_Sym sym; | |
229 | GElf_Rel rel; | |
230 | unsigned int insn_idx; | |
231 | ||
232 | gelf_getrel(data, i, &rel); | |
233 | ||
234 | insn_idx = rel.r_offset / sizeof(struct bpf_insn); | |
235 | ||
236 | gelf_getsym(symbols, GELF_R_SYM(rel.r_info), &sym); | |
237 | ||
238 | if (insn[insn_idx].code != (BPF_LD | BPF_IMM | BPF_DW)) { | |
239 | printf("invalid relo for insn[%d].code 0x%x\n", | |
240 | insn_idx, insn[insn_idx].code); | |
241 | return 1; | |
242 | } | |
243 | insn[insn_idx].src_reg = BPF_PSEUDO_MAP_FD; | |
244 | insn[insn_idx].imm = map_fd[sym.st_value / sizeof(struct bpf_map_def)]; | |
245 | } | |
246 | ||
247 | return 0; | |
248 | } | |
249 | ||
250 | int load_bpf_file(char *path) | |
251 | { | |
252 | int fd, i; | |
253 | Elf *elf; | |
254 | GElf_Ehdr ehdr; | |
255 | GElf_Shdr shdr, shdr_prog; | |
256 | Elf_Data *data, *data_prog, *symbols = NULL; | |
257 | char *shname, *shname_prog; | |
258 | ||
259 | if (elf_version(EV_CURRENT) == EV_NONE) | |
260 | return 1; | |
261 | ||
262 | fd = open(path, O_RDONLY, 0); | |
263 | if (fd < 0) | |
264 | return 1; | |
265 | ||
266 | elf = elf_begin(fd, ELF_C_READ, NULL); | |
267 | ||
268 | if (!elf) | |
269 | return 1; | |
270 | ||
271 | if (gelf_getehdr(elf, &ehdr) != &ehdr) | |
272 | return 1; | |
273 | ||
b896c4f9 AS |
274 | /* clear all kprobes */ |
275 | i = system("echo \"\" > /sys/kernel/debug/tracing/kprobe_events"); | |
276 | ||
249b812d AS |
277 | /* scan over all elf sections to get license and map info */ |
278 | for (i = 1; i < ehdr.e_shnum; i++) { | |
279 | ||
280 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
281 | continue; | |
282 | ||
283 | if (0) /* helpful for llvm debugging */ | |
284 | printf("section %d:%s data %p size %zd link %d flags %d\n", | |
285 | i, shname, data->d_buf, data->d_size, | |
286 | shdr.sh_link, (int) shdr.sh_flags); | |
287 | ||
288 | if (strcmp(shname, "license") == 0) { | |
289 | processed_sec[i] = true; | |
290 | memcpy(license, data->d_buf, data->d_size); | |
b896c4f9 AS |
291 | } else if (strcmp(shname, "version") == 0) { |
292 | processed_sec[i] = true; | |
293 | if (data->d_size != sizeof(int)) { | |
294 | printf("invalid size of version section %zd\n", | |
295 | data->d_size); | |
296 | return 1; | |
297 | } | |
298 | memcpy(&kern_version, data->d_buf, sizeof(int)); | |
249b812d AS |
299 | } else if (strcmp(shname, "maps") == 0) { |
300 | processed_sec[i] = true; | |
301 | if (load_maps(data->d_buf, data->d_size)) | |
302 | return 1; | |
303 | } else if (shdr.sh_type == SHT_SYMTAB) { | |
304 | symbols = data; | |
305 | } | |
306 | } | |
307 | ||
308 | /* load programs that need map fixup (relocations) */ | |
309 | for (i = 1; i < ehdr.e_shnum; i++) { | |
310 | ||
311 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
312 | continue; | |
313 | if (shdr.sh_type == SHT_REL) { | |
314 | struct bpf_insn *insns; | |
315 | ||
316 | if (get_sec(elf, shdr.sh_info, &ehdr, &shname_prog, | |
317 | &shdr_prog, &data_prog)) | |
318 | continue; | |
319 | ||
db6a71dd AS |
320 | if (shdr_prog.sh_type != SHT_PROGBITS || |
321 | !(shdr_prog.sh_flags & SHF_EXECINSTR)) | |
322 | continue; | |
323 | ||
249b812d AS |
324 | insns = (struct bpf_insn *) data_prog->d_buf; |
325 | ||
326 | processed_sec[shdr.sh_info] = true; | |
327 | processed_sec[i] = true; | |
328 | ||
329 | if (parse_relo_and_apply(data, symbols, &shdr, insns)) | |
330 | continue; | |
331 | ||
b896c4f9 AS |
332 | if (memcmp(shname_prog, "kprobe/", 7) == 0 || |
333 | memcmp(shname_prog, "kretprobe/", 10) == 0 || | |
c0766040 | 334 | memcmp(shname_prog, "tracepoint/", 11) == 0 || |
86af8b41 | 335 | memcmp(shname_prog, "xdp", 3) == 0 || |
1c47910e | 336 | memcmp(shname_prog, "perf_event", 10) == 0 || |
249b812d AS |
337 | memcmp(shname_prog, "socket", 6) == 0) |
338 | load_and_attach(shname_prog, insns, data_prog->d_size); | |
339 | } | |
340 | } | |
341 | ||
342 | /* load programs that don't use maps */ | |
343 | for (i = 1; i < ehdr.e_shnum; i++) { | |
344 | ||
345 | if (processed_sec[i]) | |
346 | continue; | |
347 | ||
348 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
349 | continue; | |
350 | ||
b896c4f9 AS |
351 | if (memcmp(shname, "kprobe/", 7) == 0 || |
352 | memcmp(shname, "kretprobe/", 10) == 0 || | |
c0766040 | 353 | memcmp(shname, "tracepoint/", 11) == 0 || |
86af8b41 | 354 | memcmp(shname, "xdp", 3) == 0 || |
1c47910e | 355 | memcmp(shname, "perf_event", 10) == 0 || |
249b812d AS |
356 | memcmp(shname, "socket", 6) == 0) |
357 | load_and_attach(shname, data->d_buf, data->d_size); | |
358 | } | |
359 | ||
360 | close(fd); | |
361 | return 0; | |
362 | } | |
b896c4f9 AS |
363 | |
364 | void read_trace_pipe(void) | |
365 | { | |
366 | int trace_fd; | |
367 | ||
368 | trace_fd = open(DEBUGFS "trace_pipe", O_RDONLY, 0); | |
369 | if (trace_fd < 0) | |
370 | return; | |
371 | ||
372 | while (1) { | |
373 | static char buf[4096]; | |
374 | ssize_t sz; | |
375 | ||
376 | sz = read(trace_fd, buf, sizeof(buf)); | |
377 | if (sz > 0) { | |
378 | buf[sz] = 0; | |
379 | puts(buf); | |
380 | } | |
381 | } | |
382 | } | |
3622e7e4 AS |
383 | |
384 | #define MAX_SYMS 300000 | |
385 | static struct ksym syms[MAX_SYMS]; | |
386 | static int sym_cnt; | |
387 | ||
388 | static int ksym_cmp(const void *p1, const void *p2) | |
389 | { | |
390 | return ((struct ksym *)p1)->addr - ((struct ksym *)p2)->addr; | |
391 | } | |
392 | ||
393 | int load_kallsyms(void) | |
394 | { | |
395 | FILE *f = fopen("/proc/kallsyms", "r"); | |
396 | char func[256], buf[256]; | |
397 | char symbol; | |
398 | void *addr; | |
399 | int i = 0; | |
400 | ||
401 | if (!f) | |
402 | return -ENOENT; | |
403 | ||
404 | while (!feof(f)) { | |
405 | if (!fgets(buf, sizeof(buf), f)) | |
406 | break; | |
407 | if (sscanf(buf, "%p %c %s", &addr, &symbol, func) != 3) | |
408 | break; | |
409 | if (!addr) | |
410 | continue; | |
411 | syms[i].addr = (long) addr; | |
412 | syms[i].name = strdup(func); | |
413 | i++; | |
414 | } | |
415 | sym_cnt = i; | |
416 | qsort(syms, sym_cnt, sizeof(struct ksym), ksym_cmp); | |
417 | return 0; | |
418 | } | |
419 | ||
420 | struct ksym *ksym_search(long key) | |
421 | { | |
422 | int start = 0, end = sym_cnt; | |
423 | int result; | |
424 | ||
425 | while (start < end) { | |
426 | size_t mid = start + (end - start) / 2; | |
427 | ||
428 | result = key - syms[mid].addr; | |
429 | if (result < 0) | |
430 | end = mid; | |
431 | else if (result > 0) | |
432 | start = mid + 1; | |
433 | else | |
434 | return &syms[mid]; | |
435 | } | |
436 | ||
437 | if (start >= 1 && syms[start - 1].addr < key && | |
438 | key < syms[start].addr) | |
439 | /* valid ksym */ | |
440 | return &syms[start - 1]; | |
441 | ||
442 | /* out of range. return _stext */ | |
443 | return &syms[0]; | |
444 | } |