Skip to content

Commit

Permalink
runtime: fix mmap array maps
Browse files Browse the repository at this point in the history
  • Loading branch information
@yunwei37
yunwei37 committed Oct 26, 2023
1 parent 07295be commit 84e25ef
Show file tree
Hide file tree
Showing 57 changed files with 1,451 additions and 485 deletions.
5 changes: 4 additions & 1 deletion daemon/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,7 @@ target_link_libraries(bpftime_daemon PRIVATE libbpftime_daemon)

install(TARGETS bpftime_daemon CONFIGURATIONS Release Debug DESTINATION ~/.bpftime)

add_subdirectory(test)
if(BPFTIME_ENABLE_UNIT_TESTING)
add_subdirectory(test)
endif()

16 changes: 14 additions & 2 deletions daemon/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,21 @@ continue malloc...
malloc called from pid 12314
```

The other console will print the malloc calls in the target process.

```console
20:43:22
pid=113413 malloc calls: 9
20:43:23
pid=113413 malloc calls: 10
20:43:24
pid=113413 malloc calls: 10
20:43:25
pid=113413 malloc calls: 10
```

## Debug: use bpftimetool for dump states

The dump result example is in [daemon/test/malloc.json](test/malloc.json).
The dump result example is in [daemon/test/asserts/malloc.json](test/asserts/malloc.json).

See [tools/bpftimetool/README.md](../tools/bpftimetool/README.md) for how to load and replay it in the kernel.

33 changes: 31 additions & 2 deletions daemon/bpf_tracer_event.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
#define NAME_MAX 255
#define INVALID_UID ((uid_t)-1)

#define MAX_INSN_SIZE 16384
#define MAX_INSN_SIZE 128

#define BPF_OBJ_NAME_LEN 16U

Expand All @@ -19,6 +19,20 @@ enum event_type {
BPF_PROG_LOAD_EVENT,
};

enum bpf_fd_type {
BPF_FD_TYPE_OTHERS,
BPF_FD_TYPE_PERF,
BPF_FD_TYPE_PROG,
BPF_FD_TYPE_MAP,
BPF_FD_TYPE_MAX,
};

struct bpf_fd_data {
enum bpf_fd_type type;
// porg id or map id;
int kernel_id;
};

struct event {
enum event_type type;

Expand All @@ -32,6 +46,8 @@ struct event {
unsigned int bpf_cmd;
union bpf_attr attr;
unsigned int attr_size;
// additional field for getting map id
int map_id;
} bpf_data;

struct {
Expand All @@ -54,22 +70,35 @@ struct event {
unsigned int type;
unsigned int insn_cnt;
char prog_name[BPF_OBJ_NAME_LEN];
unsigned int insns[MAX_INSN_SIZE];
// used as key for later lookup in userspace
unsigned long long insns_ptr;
} bpf_loaded_prog;

struct {
int fd;
struct bpf_fd_data fd_data;
} close_data;

struct {
int fd;
unsigned long req;
int data;
int ret;

int bpf_prog_id;
} ioctl_data;
};
};

#define BPF_COMPLEXITY_LIMIT_INSNS 4096

struct bpf_insn_data {
unsigned char code[BPF_COMPLEXITY_LIMIT_INSNS * sizeof(struct bpf_insn)];
unsigned int code_len;
};

#define PID_MASK_FOR_PFD 0xffffffff00000000
#define FD_MASK_FOR_PFD 0x00000000ffffffff
#define MAKE_PFD(pid, fd) (((unsigned long long)pid << 32) | (unsigned long long)fd)

#endif /* __SYSCALL_TRACER_H */
169 changes: 85 additions & 84 deletions daemon/kernel/bpf_defs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,110 +3,111 @@

#include <vmlinux.h>


/* BPF has 10 general purpose 64-bit registers and stack frame. */
#define MAX_BPF_REG __MAX_BPF_REG
#define MAX_BPF_REG __MAX_BPF_REG

/* Extended instruction set based on top of classic BPF */

/* instruction classes */
#define BPF_JMP32 0x06 /* jmp mode in word width */
#define BPF_ALU64 0x07 /* alu mode in double word width */
#define BPF_JMP32 0x06 /* jmp mode in word width */
#define BPF_ALU64 0x07 /* alu mode in double word width */

/* ld/ldx fields */
#define BPF_DW 0x18 /* double word (64-bit) */
#define BPF_ATOMIC 0xc0 /* atomic memory ops - op type in immediate */
#define BPF_XADD 0xc0 /* exclusive add - legacy name */
#define BPF_DW 0x18 /* double word (64-bit) */
#define BPF_ATOMIC 0xc0 /* atomic memory ops - op type in immediate */
#define BPF_XADD 0xc0 /* exclusive add - legacy name */

/* alu/jmp fields */
#define BPF_MOV 0xb0 /* mov reg to reg */
#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */
#define BPF_MOV 0xb0 /* mov reg to reg */
#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */

/* change endianness of a register */
#define BPF_END 0xd0 /* flags for endianness conversion: */
#define BPF_TO_LE 0x00 /* convert to little-endian */
#define BPF_TO_BE 0x08 /* convert to big-endian */
#define BPF_FROM_LE BPF_TO_LE
#define BPF_FROM_BE BPF_TO_BE
#define BPF_END 0xd0 /* flags for endianness conversion: */
#define BPF_TO_LE 0x00 /* convert to little-endian */
#define BPF_TO_BE 0x08 /* convert to big-endian */
#define BPF_FROM_LE BPF_TO_LE
#define BPF_FROM_BE BPF_TO_BE

/* jmp encodings */
#define BPF_JNE 0x50 /* jump != */
#define BPF_JLT 0xa0 /* LT is unsigned, '<' */
#define BPF_JLE 0xb0 /* LE is unsigned, '<=' */
#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */
#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */
#define BPF_JSLT 0xc0 /* SLT is signed, '<' */
#define BPF_JSLE 0xd0 /* SLE is signed, '<=' */
#define BPF_CALL 0x80 /* function call */
#define BPF_EXIT 0x90 /* function return */
#define BPF_JNE 0x50 /* jump != */
#define BPF_JLT 0xa0 /* LT is unsigned, '<' */
#define BPF_JLE 0xb0 /* LE is unsigned, '<=' */
#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */
#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */
#define BPF_JSLT 0xc0 /* SLT is signed, '<' */
#define BPF_JSLE 0xd0 /* SLE is signed, '<=' */
#define BPF_CALL 0x80 /* function call */
#define BPF_EXIT 0x90 /* function return */

/* atomic op type fields (stored in immediate) */
#define BPF_FETCH 0x01 /* not an opcode on its own, used to build others */
#define BPF_XCHG (0xe0 | BPF_FETCH) /* atomic exchange */
#define BPF_CMPXCHG (0xf0 | BPF_FETCH) /* atomic compare-and-write */
#define BPF_FETCH 0x01 /* not an opcode on its own, used to build others */
#define BPF_XCHG (0xe0 | BPF_FETCH) /* atomic exchange */
#define BPF_CMPXCHG (0xf0 | BPF_FETCH) /* atomic compare-and-write */

/* Instruction classes */
#define BPF_CLASS(code) ((code) & 0x07)
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07
#define BPF_LD 0x00
#define BPF_LDX 0x01
#define BPF_ST 0x02
#define BPF_STX 0x03
#define BPF_ALU 0x04
#define BPF_JMP 0x05
#define BPF_RET 0x06
#define BPF_MISC 0x07

/* ld/ldx fields */
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00 /* 32-bit */
#define BPF_H 0x08 /* 16-bit */
#define BPF_B 0x10 /* 8-bit */
#define BPF_SIZE(code) ((code) & 0x18)
#define BPF_W 0x00 /* 32-bit */
#define BPF_H 0x08 /* 16-bit */
#define BPF_B 0x10 /* 8-bit */
/* eBPF BPF_DW 0x18 64-bit */
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0
#define BPF_MODE(code) ((code) & 0xe0)
#define BPF_IMM 0x00
#define BPF_ABS 0x20
#define BPF_IND 0x40
#define BPF_MEM 0x60
#define BPF_LEN 0x80
#define BPF_MSH 0xa0

/* alu/jmp fields */
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_MOD 0x90
#define BPF_XOR 0xa0

#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08

#define BPF_MOV64_IMM(DST, IMM) \
((struct bpf_insn) { \
.code = BPF_ALU64 | BPF_MOV | BPF_K, \
.dst_reg = DST, \
.src_reg = 0, \
.off = 0, \
.imm = IMM })

#define BPF_EXIT_INSN() \
((struct bpf_insn) { \
.code = BPF_JMP | BPF_EXIT, \
.dst_reg = 0, \
.src_reg = 0, \
.off = 0, \
.imm = 0 })

#endif //BPFTIME_BPF_DEFS_H
#define BPF_OP(code) ((code) & 0xf0)
#define BPF_ADD 0x00
#define BPF_SUB 0x10
#define BPF_MUL 0x20
#define BPF_DIV 0x30
#define BPF_OR 0x40
#define BPF_AND 0x50
#define BPF_LSH 0x60
#define BPF_RSH 0x70
#define BPF_NEG 0x80
#define BPF_MOD 0x90
#define BPF_XOR 0xa0

#define BPF_JA 0x00
#define BPF_JEQ 0x10
#define BPF_JGT 0x20
#define BPF_JGE 0x30
#define BPF_JSET 0x40
#define BPF_SRC(code) ((code) & 0x08)
#define BPF_K 0x00
#define BPF_X 0x08

#define BPF_MOV64_IMM(DST, IMM) \
((struct bpf_insn){ .code = BPF_ALU64 | BPF_MOV | BPF_K, \
.dst_reg = DST, \
.src_reg = 0, \
.off = 0, \
.imm = IMM })

#define BPF_EXIT_INSN() \
((struct bpf_insn){ .code = BPF_JMP | BPF_EXIT, \
.dst_reg = 0, \
.src_reg = 0, \
.off = 0, \
.imm = 0 })

#define PERF_EVENT_IOC_SET_BPF \
(((1U) << (((0 + 8) + 8) + 14)) | ((('$')) << (0 + 8)) | \
(((8)) << 0) | ((((sizeof(__u32)))) << ((0 + 8) + 8)))

#endif // BPFTIME_BPF_DEFS_H
29 changes: 29 additions & 0 deletions daemon/kernel/bpf_event_ringbuf.h
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#ifndef BPF_UTILS_H
#define BPF_UTILS_H

#include <vmlinux.h>
#include "bpf_defs.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>
#include "../bpf_tracer_event.h"
#include "bpf_kernel_config.h"
#include "bpf_pid_fd_map.h"

// print event to userspace
struct {
__uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, 256 * 1024);
} rb SEC(".maps");

static __always_inline struct event* fill_basic_event_info(void) {
struct event *event = bpf_ringbuf_reserve(&rb, sizeof(struct event), 0);
if (!event) {
return NULL;
}
event->pid = bpf_get_current_pid_tgid() >> 32;
bpf_get_current_comm(&event->comm, sizeof(event->comm));
return event;
}

#endif // BPF_UTILS_H
1 change: 1 addition & 0 deletions daemon/kernel/bpf_kernel_config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ const char new_uprobe_path[PATH_LENTH] = "\0";
const volatile int uprobe_perf_type = 0;
const volatile int kprobe_perf_type = 0;

const volatile bool submit_bpf_events = 0;

static __always_inline bool filter_target(void)
{
Expand Down
Loading

0 comments on commit 84e25ef

Please sign in to comment.