Commit | Line | Data |
---|---|---|
249b812d AS |
1 | #include <stdio.h> |
2 | #include <sys/types.h> | |
3 | #include <sys/stat.h> | |
4 | #include <fcntl.h> | |
5 | #include <libelf.h> | |
6 | #include <gelf.h> | |
7 | #include <errno.h> | |
8 | #include <unistd.h> | |
9 | #include <string.h> | |
10 | #include <stdbool.h> | |
b896c4f9 | 11 | #include <stdlib.h> |
249b812d AS |
12 | #include <linux/bpf.h> |
13 | #include <linux/filter.h> | |
b896c4f9 AS |
14 | #include <linux/perf_event.h> |
15 | #include <sys/syscall.h> | |
16 | #include <sys/ioctl.h> | |
17 | #include <sys/mman.h> | |
18 | #include <poll.h> | |
5bacd780 | 19 | #include <ctype.h> |
249b812d AS |
20 | #include "libbpf.h" |
21 | #include "bpf_helpers.h" | |
22 | #include "bpf_load.h" | |
23 | ||
b896c4f9 AS |
24 | #define DEBUGFS "/sys/kernel/debug/tracing/" |
25 | ||
249b812d | 26 | static char license[128]; |
b896c4f9 | 27 | static int kern_version; |
249b812d AS |
28 | static bool processed_sec[128]; |
29 | int map_fd[MAX_MAPS]; | |
30 | int prog_fd[MAX_PROGS]; | |
b896c4f9 | 31 | int event_fd[MAX_PROGS]; |
249b812d | 32 | int prog_cnt; |
5bacd780 AS |
33 | int prog_array_fd = -1; |
34 | ||
35 | static int populate_prog_array(const char *event, int prog_fd) | |
36 | { | |
37 | int ind = atoi(event), err; | |
38 | ||
39 | err = bpf_update_elem(prog_array_fd, &ind, &prog_fd, BPF_ANY); | |
40 | if (err < 0) { | |
41 | printf("failed to store prog_fd in prog_array\n"); | |
42 | return -1; | |
43 | } | |
44 | return 0; | |
45 | } | |
249b812d AS |
46 | |
47 | static int load_and_attach(const char *event, struct bpf_insn *prog, int size) | |
48 | { | |
249b812d | 49 | bool is_socket = strncmp(event, "socket", 6) == 0; |
b896c4f9 AS |
50 | bool is_kprobe = strncmp(event, "kprobe/", 7) == 0; |
51 | bool is_kretprobe = strncmp(event, "kretprobe/", 10) == 0; | |
52 | enum bpf_prog_type prog_type; | |
53 | char buf[256]; | |
54 | int fd, efd, err, id; | |
55 | struct perf_event_attr attr = {}; | |
56 | ||
57 | attr.type = PERF_TYPE_TRACEPOINT; | |
58 | attr.sample_type = PERF_SAMPLE_RAW; | |
59 | attr.sample_period = 1; | |
60 | attr.wakeup_events = 1; | |
61 | ||
62 | if (is_socket) { | |
63 | prog_type = BPF_PROG_TYPE_SOCKET_FILTER; | |
64 | } else if (is_kprobe || is_kretprobe) { | |
65 | prog_type = BPF_PROG_TYPE_KPROBE; | |
66 | } else { | |
67 | printf("Unknown event '%s'\n", event); | |
249b812d | 68 | return -1; |
b896c4f9 AS |
69 | } |
70 | ||
5bacd780 AS |
71 | fd = bpf_prog_load(prog_type, prog, size, license, kern_version); |
72 | if (fd < 0) { | |
73 | printf("bpf_prog_load() err=%d\n%s", errno, bpf_log_buf); | |
74 | return -1; | |
75 | } | |
76 | ||
77 | prog_fd[prog_cnt++] = fd; | |
78 | ||
79 | if (is_socket) { | |
80 | event += 6; | |
81 | if (*event != '/') | |
82 | return 0; | |
83 | event++; | |
84 | if (!isdigit(*event)) { | |
85 | printf("invalid prog number\n"); | |
86 | return -1; | |
87 | } | |
88 | return populate_prog_array(event, fd); | |
89 | } | |
90 | ||
b896c4f9 AS |
91 | if (is_kprobe || is_kretprobe) { |
92 | if (is_kprobe) | |
93 | event += 7; | |
94 | else | |
95 | event += 10; | |
96 | ||
5bacd780 AS |
97 | if (*event == 0) { |
98 | printf("event name cannot be empty\n"); | |
99 | return -1; | |
100 | } | |
101 | ||
102 | if (isdigit(*event)) | |
103 | return populate_prog_array(event, fd); | |
104 | ||
b896c4f9 AS |
105 | snprintf(buf, sizeof(buf), |
106 | "echo '%c:%s %s' >> /sys/kernel/debug/tracing/kprobe_events", | |
107 | is_kprobe ? 'p' : 'r', event, event); | |
108 | err = system(buf); | |
109 | if (err < 0) { | |
110 | printf("failed to create kprobe '%s' error '%s'\n", | |
111 | event, strerror(errno)); | |
112 | return -1; | |
113 | } | |
114 | } | |
249b812d | 115 | |
b896c4f9 AS |
116 | strcpy(buf, DEBUGFS); |
117 | strcat(buf, "events/kprobes/"); | |
118 | strcat(buf, event); | |
119 | strcat(buf, "/id"); | |
120 | ||
121 | efd = open(buf, O_RDONLY, 0); | |
122 | if (efd < 0) { | |
123 | printf("failed to open event %s\n", event); | |
124 | return -1; | |
125 | } | |
126 | ||
127 | err = read(efd, buf, sizeof(buf)); | |
128 | if (err < 0 || err >= sizeof(buf)) { | |
129 | printf("read from '%s' failed '%s'\n", event, strerror(errno)); | |
130 | return -1; | |
131 | } | |
132 | ||
133 | close(efd); | |
134 | ||
135 | buf[err] = 0; | |
136 | id = atoi(buf); | |
137 | attr.config = id; | |
138 | ||
139 | efd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, -1/*group_fd*/, 0); | |
140 | if (efd < 0) { | |
141 | printf("event %d fd %d err %s\n", id, efd, strerror(errno)); | |
142 | return -1; | |
143 | } | |
144 | event_fd[prog_cnt - 1] = efd; | |
145 | ioctl(efd, PERF_EVENT_IOC_ENABLE, 0); | |
146 | ioctl(efd, PERF_EVENT_IOC_SET_BPF, fd); | |
147 | ||
249b812d AS |
148 | return 0; |
149 | } | |
150 | ||
151 | static int load_maps(struct bpf_map_def *maps, int len) | |
152 | { | |
153 | int i; | |
154 | ||
155 | for (i = 0; i < len / sizeof(struct bpf_map_def); i++) { | |
156 | ||
157 | map_fd[i] = bpf_create_map(maps[i].type, | |
158 | maps[i].key_size, | |
159 | maps[i].value_size, | |
160 | maps[i].max_entries); | |
161 | if (map_fd[i] < 0) | |
162 | return 1; | |
5bacd780 AS |
163 | |
164 | if (maps[i].type == BPF_MAP_TYPE_PROG_ARRAY) | |
165 | prog_array_fd = map_fd[i]; | |
249b812d AS |
166 | } |
167 | return 0; | |
168 | } | |
169 | ||
170 | static int get_sec(Elf *elf, int i, GElf_Ehdr *ehdr, char **shname, | |
171 | GElf_Shdr *shdr, Elf_Data **data) | |
172 | { | |
173 | Elf_Scn *scn; | |
174 | ||
175 | scn = elf_getscn(elf, i); | |
176 | if (!scn) | |
177 | return 1; | |
178 | ||
179 | if (gelf_getshdr(scn, shdr) != shdr) | |
180 | return 2; | |
181 | ||
182 | *shname = elf_strptr(elf, ehdr->e_shstrndx, shdr->sh_name); | |
183 | if (!*shname || !shdr->sh_size) | |
184 | return 3; | |
185 | ||
186 | *data = elf_getdata(scn, 0); | |
187 | if (!*data || elf_getdata(scn, *data) != NULL) | |
188 | return 4; | |
189 | ||
190 | return 0; | |
191 | } | |
192 | ||
193 | static int parse_relo_and_apply(Elf_Data *data, Elf_Data *symbols, | |
194 | GElf_Shdr *shdr, struct bpf_insn *insn) | |
195 | { | |
196 | int i, nrels; | |
197 | ||
198 | nrels = shdr->sh_size / shdr->sh_entsize; | |
199 | ||
200 | for (i = 0; i < nrels; i++) { | |
201 | GElf_Sym sym; | |
202 | GElf_Rel rel; | |
203 | unsigned int insn_idx; | |
204 | ||
205 | gelf_getrel(data, i, &rel); | |
206 | ||
207 | insn_idx = rel.r_offset / sizeof(struct bpf_insn); | |
208 | ||
209 | gelf_getsym(symbols, GELF_R_SYM(rel.r_info), &sym); | |
210 | ||
211 | if (insn[insn_idx].code != (BPF_LD | BPF_IMM | BPF_DW)) { | |
212 | printf("invalid relo for insn[%d].code 0x%x\n", | |
213 | insn_idx, insn[insn_idx].code); | |
214 | return 1; | |
215 | } | |
216 | insn[insn_idx].src_reg = BPF_PSEUDO_MAP_FD; | |
217 | insn[insn_idx].imm = map_fd[sym.st_value / sizeof(struct bpf_map_def)]; | |
218 | } | |
219 | ||
220 | return 0; | |
221 | } | |
222 | ||
223 | int load_bpf_file(char *path) | |
224 | { | |
225 | int fd, i; | |
226 | Elf *elf; | |
227 | GElf_Ehdr ehdr; | |
228 | GElf_Shdr shdr, shdr_prog; | |
229 | Elf_Data *data, *data_prog, *symbols = NULL; | |
230 | char *shname, *shname_prog; | |
231 | ||
232 | if (elf_version(EV_CURRENT) == EV_NONE) | |
233 | return 1; | |
234 | ||
235 | fd = open(path, O_RDONLY, 0); | |
236 | if (fd < 0) | |
237 | return 1; | |
238 | ||
239 | elf = elf_begin(fd, ELF_C_READ, NULL); | |
240 | ||
241 | if (!elf) | |
242 | return 1; | |
243 | ||
244 | if (gelf_getehdr(elf, &ehdr) != &ehdr) | |
245 | return 1; | |
246 | ||
b896c4f9 AS |
247 | /* clear all kprobes */ |
248 | i = system("echo \"\" > /sys/kernel/debug/tracing/kprobe_events"); | |
249 | ||
249b812d AS |
250 | /* scan over all elf sections to get license and map info */ |
251 | for (i = 1; i < ehdr.e_shnum; i++) { | |
252 | ||
253 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
254 | continue; | |
255 | ||
256 | if (0) /* helpful for llvm debugging */ | |
257 | printf("section %d:%s data %p size %zd link %d flags %d\n", | |
258 | i, shname, data->d_buf, data->d_size, | |
259 | shdr.sh_link, (int) shdr.sh_flags); | |
260 | ||
261 | if (strcmp(shname, "license") == 0) { | |
262 | processed_sec[i] = true; | |
263 | memcpy(license, data->d_buf, data->d_size); | |
b896c4f9 AS |
264 | } else if (strcmp(shname, "version") == 0) { |
265 | processed_sec[i] = true; | |
266 | if (data->d_size != sizeof(int)) { | |
267 | printf("invalid size of version section %zd\n", | |
268 | data->d_size); | |
269 | return 1; | |
270 | } | |
271 | memcpy(&kern_version, data->d_buf, sizeof(int)); | |
249b812d AS |
272 | } else if (strcmp(shname, "maps") == 0) { |
273 | processed_sec[i] = true; | |
274 | if (load_maps(data->d_buf, data->d_size)) | |
275 | return 1; | |
276 | } else if (shdr.sh_type == SHT_SYMTAB) { | |
277 | symbols = data; | |
278 | } | |
279 | } | |
280 | ||
281 | /* load programs that need map fixup (relocations) */ | |
282 | for (i = 1; i < ehdr.e_shnum; i++) { | |
283 | ||
284 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
285 | continue; | |
286 | if (shdr.sh_type == SHT_REL) { | |
287 | struct bpf_insn *insns; | |
288 | ||
289 | if (get_sec(elf, shdr.sh_info, &ehdr, &shname_prog, | |
290 | &shdr_prog, &data_prog)) | |
291 | continue; | |
292 | ||
293 | insns = (struct bpf_insn *) data_prog->d_buf; | |
294 | ||
295 | processed_sec[shdr.sh_info] = true; | |
296 | processed_sec[i] = true; | |
297 | ||
298 | if (parse_relo_and_apply(data, symbols, &shdr, insns)) | |
299 | continue; | |
300 | ||
b896c4f9 AS |
301 | if (memcmp(shname_prog, "kprobe/", 7) == 0 || |
302 | memcmp(shname_prog, "kretprobe/", 10) == 0 || | |
249b812d AS |
303 | memcmp(shname_prog, "socket", 6) == 0) |
304 | load_and_attach(shname_prog, insns, data_prog->d_size); | |
305 | } | |
306 | } | |
307 | ||
308 | /* load programs that don't use maps */ | |
309 | for (i = 1; i < ehdr.e_shnum; i++) { | |
310 | ||
311 | if (processed_sec[i]) | |
312 | continue; | |
313 | ||
314 | if (get_sec(elf, i, &ehdr, &shname, &shdr, &data)) | |
315 | continue; | |
316 | ||
b896c4f9 AS |
317 | if (memcmp(shname, "kprobe/", 7) == 0 || |
318 | memcmp(shname, "kretprobe/", 10) == 0 || | |
249b812d AS |
319 | memcmp(shname, "socket", 6) == 0) |
320 | load_and_attach(shname, data->d_buf, data->d_size); | |
321 | } | |
322 | ||
323 | close(fd); | |
324 | return 0; | |
325 | } | |
b896c4f9 AS |
326 | |
327 | void read_trace_pipe(void) | |
328 | { | |
329 | int trace_fd; | |
330 | ||
331 | trace_fd = open(DEBUGFS "trace_pipe", O_RDONLY, 0); | |
332 | if (trace_fd < 0) | |
333 | return; | |
334 | ||
335 | while (1) { | |
336 | static char buf[4096]; | |
337 | ssize_t sz; | |
338 | ||
339 | sz = read(trace_fd, buf, sizeof(buf)); | |
340 | if (sz > 0) { | |
341 | buf[sz] = 0; | |
342 | puts(buf); | |
343 | } | |
344 | } | |
345 | } |