DragonOS-Community/DragonOS
1
1
Fork 0
mirror of https://github.com/DragonOS-Community/DragonOS.git synced 2025-06-08 10:15:03 +00:00
Code Issues Releases Wiki Activity

feat(ebpf): support Aya framework. (#1070)

Browse Source 
* feat(ebpf): support Aya framework.

1. fix the rbpf bug
2. use new Aya template
3. add kprobe related device files and attributes to sysfs

---
Signed-off-by: chenlinfeng <chenlinfeng25@outlook.com>
This commit is contained in:
linfeng 2024-12-07 16:41:37 +08:00 committed by GitHub
parent c09af909c5
commit 72423f90bb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
53 changed files with 849 additions and 511 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/crates/rbpf/src/interpreter.rs
View File

@ -660,9 +660,9 @@ pub fn execute_program(
// Save the callee saved registers
pre_stack.save_registers(&reg[6..=9]);
// Save the return address
pre_stack.save_return_address(insn_ptr as u16);
pre_stack.save_return_address(insn_ptr as u64);
// save the stack pointer
pre_stack.save_sp(reg[10] as u16);
pre_stack.save_sp(reg[10]);
let mut stack = StackFrame::new();
log::trace!("BPF TO BPF CALL: new pc: {} + {} = {}",insn_ptr ,insn.imm,insn_ptr + insn.imm as usize);
reg[10] = stack.as_ptr() as u64 + stack.len() as u64;
@ -695,7 +695,7 @@ pub fn execute_program(
// Restore the return address
insn_ptr = stack.get_return_address() as usize;
// Restore the stack pointer
reg[10] = stack.get_sp() as u64;
reg[10] = stack.get_sp();
log::trace!("EXIT: new pc: {}", insn_ptr);
}
}

12
kernel/crates/rbpf/src/stack.rs
View File

@ -1,9 +1,9 @@
use crate::{ebpf::STACK_SIZE, vec, Vec};
pub struct StackFrame {
return_address: u16,
return_address: u64,
saved_registers: [u64; 4],
sp: u16,
sp: u64,
frame: Vec<u8>,
}
@ -54,22 +54,22 @@ impl StackFrame {
}
/// Save the return address
pub fn save_return_address(&mut self, address: u16) {
pub fn save_return_address(&mut self, address: u64) {
self.return_address = address;
}
/// Get the return address
pub fn get_return_address(&self) -> u16 {
pub fn get_return_address(&self) -> u64 {
self.return_address
}
/// Save the stack pointer
pub fn save_sp(&mut self, sp: u16) {
pub fn save_sp(&mut self, sp: u64) {
self.sp = sp;
}
/// Get the stack pointer
pub fn get_sp(&self) -> u16 {
pub fn get_sp(&self) -> u64 {
self.sp
}
}

3
kernel/src/arch/x86_64/mm/fault.rs
View File

@ -267,9 +267,10 @@ impl X86_64MMArch {
});
} else {
log::error!(
"No mapped vma, error_code: {:#b}, address: {:#x}",
"No mapped vma, error_code: {:#b}, address: {:#x}, flags: {:?}",
error_code,
address.data(),
flags
);
let pid = ProcessManager::current_pid();
let mut info =

1
kernel/src/bpf/helper/consts.rs
View File

@ -1,6 +1,7 @@
pub const HELPER_MAP_LOOKUP_ELEM: u32 = 1;
pub const HELPER_MAP_UPDATE_ELEM: u32 = 2;
pub const HELPER_MAP_DELETE_ELEM: u32 = 3;
pub const HELPER_KTIME_GET_NS: u32 = 5;
pub const HELPER_MAP_FOR_EACH_ELEM: u32 = 164;
pub const HELPER_MAP_LOOKUP_PERCPU_ELEM: u32 = 195;
pub const HELPER_PERF_EVENT_OUTPUT: u32 = 25;

6
kernel/src/bpf/helper/mod.rs
View File

@ -6,6 +6,7 @@ use crate::bpf::map::{BpfCallBackFn, BpfMap};
use crate::include::bindings::linux_bpf::BPF_F_CURRENT_CPU;
use crate::libs::lazy_init::Lazy;
use crate::smp::core::smp_get_processor_id;
use crate::time::Instant;
use alloc::{collections::BTreeMap, sync::Arc};
use core::ffi::c_void;
use system_error::SystemError;
@ -300,6 +301,10 @@ pub fn map_peek_elem(map: &Arc<BpfMap>, value: &mut [u8]) -> Result<()> {
value
}
pub fn bpf_ktime_get_ns() -> u64 {
(Instant::now().total_micros() * 1000) as u64
}
pub static BPF_HELPER_FUN_SET: Lazy<BTreeMap<u32, RawBPFHelperFn>> = Lazy::new();
/// Initialize the helper functions.
@ -311,6 +316,7 @@ pub fn init_helper_functions() {
map.insert(HELPER_MAP_LOOKUP_ELEM, define_func!(raw_map_lookup_elem));
map.insert(HELPER_MAP_UPDATE_ELEM, define_func!(raw_map_update_elem));
map.insert(HELPER_MAP_DELETE_ELEM, define_func!(raw_map_delete_elem));
map.insert(HELPER_KTIME_GET_NS, define_func!(bpf_ktime_get_ns));
map.insert(
HELPER_MAP_FOR_EACH_ELEM,
define_func!(raw_map_for_each_elem),

2
kernel/src/bpf/mod.rs
View File

@ -33,7 +33,7 @@ pub fn bpf(cmd: bpf_cmd, attr: &bpf_attr) -> Result<usize> {
// Program related commands
bpf_cmd::BPF_PROG_LOAD => prog::bpf_prog_load(attr),
// Object creation commands
bpf_cmd::BPF_BTF_LOAD => {
bpf_cmd::BPF_BTF_LOAD | bpf_cmd::BPF_LINK_CREATE | bpf_cmd::BPF_OBJ_GET_INFO_BY_FD => {
error!("bpf cmd {:?} not implemented", cmd);
return Err(SystemError::ENOSYS);
}

1
kernel/src/driver/base/device/mod.rs
View File

@ -310,6 +310,7 @@ pub enum DeviceType {
PlatformDev,
Char,
Pci,
Other,
}
/// @brief: 设备标识符类型

1
kernel/src/driver/base/init.rs
View File

@ -21,7 +21,6 @@ pub fn driver_init() -> Result<(), SystemError> {
platform_bus_init()?;
serio_bus_init()?;
CpuDeviceManager::init()?;
// 至此,已完成设备驱动模型的初始化
return Ok(());
}

27
kernel/src/filesystem/procfs/mod.rs
View File

@ -394,7 +394,31 @@ impl ProcFS {
} else {
panic!("create ksmg error");
}
// 这个文件是用来欺骗Aya框架识别内核版本
/* On Ubuntu LINUX_VERSION_CODE doesn't correspond to info.release,
* but Ubuntu provides /proc/version_signature file, as described at
* https://ubuntu.com/kernel, with an example contents below, which we
* can use to get a proper LINUX_VERSION_CODE.
*
* Ubuntu 5.4.0-12.15-generic 5.4.8
*
* In the above, 5.4.8 is what kernel is actually expecting, while
* uname() call will return 5.4.0 in info.release.
*/
let binding = inode.create("version_signature", FileType::File, ModeType::S_IRUGO);
if let Ok(version_signature) = binding {
let version_signature = version_signature
.as_any_ref()
.downcast_ref::<LockedProcFSInode>()
.unwrap();
version_signature.0.lock().fdata.ftype = ProcFileType::Default;
version_signature.0.lock().data = "DragonOS 6.0.0-generic 6.0.0\n"
.to_string()
.as_bytes()
.to_vec();
} else {
panic!("create version_signature error");
}
return result;
}
@ -466,6 +490,7 @@ impl IndexNode for LockedProcFSInode {
let file_size = match inode.fdata.ftype {
ProcFileType::ProcStatus => inode.open_status(&mut private_data)?,
ProcFileType::ProcMeminfo => inode.open_meminfo(&mut private_data)?,
ProcFileType::Default => inode.data.len() as i64,
_ => {
todo!()
}

189
kernel/src/misc/events/kprobe/device.rs Normal file
View File

@ -0,0 +1,189 @@
use crate::driver::base::class::Class;
use crate::driver::base::device::bus::Bus;
use crate::driver::base::device::driver::Driver;
use crate::driver::base::device::{Device, DeviceCommonData, DeviceType, IdTable};
use crate::driver::base::kobject::{
KObjType, KObject, KObjectCommonData, KObjectState, LockedKObjectState,
};
use crate::driver::base::kset::KSet;
use crate::filesystem::kernfs::KernFSInode;
use crate::filesystem::sysfs::{Attribute, SysFSOpsSupport};
use crate::filesystem::vfs::syscall::ModeType;
use crate::libs::rwlock::{RwLockReadGuard, RwLockWriteGuard};
use crate::libs::spinlock::{SpinLock, SpinLockGuard};
use alloc::string::{String, ToString};
use alloc::sync::{Arc, Weak};
use core::fmt::Debug;
use system_error::SystemError;
#[derive(Debug)]
#[cast_to([sync] Device)]
pub struct KprobeDevice {
inner: SpinLock<InnerKprobeDevice>,
kobj_state: LockedKObjectState,
name: String,
}
#[derive(Debug)]
struct InnerKprobeDevice {
kobject_common: KObjectCommonData,
device_common: DeviceCommonData,
}
impl KprobeDevice {
pub fn new(parent: Option<Weak<dyn KObject>>) -> Arc<Self> {
let bus_device = Self {
inner: SpinLock::new(InnerKprobeDevice {
kobject_common: KObjectCommonData::default(),
device_common: DeviceCommonData::default(),
}),
kobj_state: LockedKObjectState::new(None),
name: "kprobe".to_string(),
};
bus_device.set_parent(parent);
return Arc::new(bus_device);
}
fn inner(&self) -> SpinLockGuard<InnerKprobeDevice> {
self.inner.lock()
}
}
impl KObject for KprobeDevice {
fn as_any_ref(&self) -> &dyn core::any::Any {
self
}
fn set_inode(&self, inode: Option<Arc<KernFSInode>>) {
self.inner().kobject_common.kern_inode = inode;
}
fn inode(&self) -> Option<Arc<KernFSInode>> {
self.inner().kobject_common.kern_inode.clone()
}
fn parent(&self) -> Option<Weak<dyn KObject>> {
self.inner().kobject_common.parent.clone()
}
fn set_parent(&self, parent: Option<Weak<dyn KObject>>) {
self.inner().kobject_common.parent = parent;
}
fn kset(&self) -> Option<Arc<KSet>> {
self.inner().kobject_common.kset.clone()
}
fn set_kset(&self, kset: Option<Arc<KSet>>) {
self.inner().kobject_common.kset = kset;
}
fn kobj_type(&self) -> Option<&'static dyn KObjType> {
self.inner().kobject_common.kobj_type
}
fn set_kobj_type(&self, ktype: Option<&'static dyn KObjType>) {
self.inner().kobject_common.kobj_type = ktype;
}
fn name(&self) -> String {
self.name.clone()
}
fn set_name(&self, _name: String) {}
fn kobj_state(&self) -> RwLockReadGuard<KObjectState> {
self.kobj_state.read()
}
fn kobj_state_mut(&self) -> RwLockWriteGuard<KObjectState> {
self.kobj_state.write()
}
fn set_kobj_state(&self, state: KObjectState) {
*self.kobj_state.write() = state;
}
}
impl Device for KprobeDevice {
#[inline]
#[allow(dead_code)]
fn dev_type(&self) -> DeviceType {
return DeviceType::Other;
}
#[inline]
fn id_table(&self) -> IdTable {
IdTable::new("kprobe".to_string(), None)
}
fn bus(&self) -> Option<Weak<dyn Bus>> {
self.inner().device_common.bus.clone()
}
fn set_bus(&self, bus: Option<Weak<dyn Bus>>) {
self.inner().device_common.bus = bus;
}
fn set_class(&self, class: Option<Weak<dyn Class>>) {
self.inner().device_common.class = class;
}
fn driver(&self) -> Option<Arc<dyn Driver>> {
self.inner().device_common.driver.clone()?.upgrade()
}
fn set_driver(&self, driver: Option<Weak<dyn Driver>>) {
self.inner().device_common.driver = driver;
}
#[inline]
fn is_dead(&self) -> bool {
false
}
fn can_match(&self) -> bool {
todo!()
}
fn set_can_match(&self, _can_match: bool) {
todo!()
}
fn state_synced(&self) -> bool {
todo!()
}
fn dev_parent(&self) -> Option<Weak<dyn Device>> {
self.inner().device_common.get_parent_weak_or_clear()
}
fn set_dev_parent(&self, dev_parent: Option<Weak<dyn Device>>) {
self.inner().device_common.parent = dev_parent;
}
}
#[derive(Debug)]
pub struct KprobeAttr;
impl Attribute for KprobeAttr {
fn name(&self) -> &str {
"type"
}
fn mode(&self) -> ModeType {
ModeType::S_IRUGO
}
fn support(&self) -> SysFSOpsSupport {
SysFSOpsSupport::ATTR_SHOW
}
fn show(&self, _kobj: Arc<dyn KObject>, buf: &mut [u8]) -> Result<usize, SystemError> {
if buf.is_empty() {
return Err(SystemError::EINVAL);
}
// perf_type_id::PERF_TYPE_MAX
buf[0] = b'6';
Ok(1)
}
}

31
kernel/src/misc/events/kprobe/mod.rs Normal file
View File

@ -0,0 +1,31 @@
use crate::driver::base::device::bus::Bus;
use crate::driver::base::device::{device_manager, device_register, sys_devices_kset, Device};
use crate::driver::base::kobject::KObject;
use crate::init::initcall::INITCALL_DEVICE;
use crate::misc::events::get_event_source_bus;
use crate::misc::events::kprobe::device::{KprobeAttr, KprobeDevice};
use alloc::sync::Arc;
use system_error::SystemError;
use unified_init::macros::unified_init;
pub mod device;
static mut KPROBE_DEVICE: Option<Arc<KprobeDevice>> = None;
#[unified_init(INITCALL_DEVICE)]
pub fn kprobe_subsys_init() -> Result<(), SystemError> {
let kprobe_device = KprobeDevice::new(Some(Arc::downgrade(
&(sys_devices_kset() as Arc<dyn KObject>),
)));
let event_source_bus = get_event_source_bus().ok_or(SystemError::EINVAL)?;
kprobe_device.set_bus(Some(Arc::downgrade(&(event_source_bus as Arc<dyn Bus>))));
// 注册到/sys/devices下
device_register(kprobe_device.clone())?;
unsafe {
KPROBE_DEVICE = Some(kprobe_device.clone());
}
device_manager().create_file(&(kprobe_device as Arc<dyn Device>), &KprobeAttr)?;
Ok(())
}

28
kernel/src/misc/events/mod.rs Normal file
View File

@ -0,0 +1,28 @@
use crate::driver::base::device::bus::{bus_register, Bus};
use crate::init::initcall::INITCALL_SUBSYS;
use crate::misc::events::subsys::EventSourceBus;
use alloc::sync::Arc;
use system_error::SystemError;
use unified_init::macros::unified_init;
mod kprobe;
mod subsys;
static mut EVENT_SOURCE_BUS: Option<Arc<EventSourceBus>> = None;
fn get_event_source_bus() -> Option<Arc<EventSourceBus>> {
unsafe { EVENT_SOURCE_BUS.clone() }
}
#[unified_init(INITCALL_SUBSYS)]
pub fn init_event_source_bus() -> Result<(), SystemError> {
let event_source_bus = EventSourceBus::new();
let r = bus_register(event_source_bus.clone() as Arc<dyn Bus>);
if r.is_err() {
unsafe { EVENT_SOURCE_BUS = None };
return r;
}
unsafe { EVENT_SOURCE_BUS = Some(event_source_bus.clone()) };
// kprobe::kprobe_subsys_init()?;
Ok(())
}

52
kernel/src/misc/events/subsys.rs Normal file
View File

@ -0,0 +1,52 @@
use crate::driver::base::device::bus::Bus;
use crate::driver::base::device::Device;
use crate::driver::base::subsys::SubSysPrivate;
use alloc::string::{String, ToString};
use alloc::sync::{Arc, Weak};
use system_error::SystemError;
#[derive(Debug)]
pub struct EventSourceBus {
private: SubSysPrivate,
}
impl EventSourceBus {
pub fn new() -> Arc<Self> {
let w: Weak<Self> = Weak::new();
let private = SubSysPrivate::new("event_source".to_string(), Some(w), None, &[]);
let bus = Arc::new(Self { private });
bus.subsystem()
.set_bus(Some(Arc::downgrade(&(bus.clone() as Arc<dyn Bus>))));
return bus;
}
}
impl Bus for EventSourceBus {
fn name(&self) -> String {
"event_source".to_string()
}
fn dev_name(&self) -> String {
self.name()
}
fn root_device(&self) -> Option<Weak<dyn Device>> {
None
}
fn remove(&self, _device: &Arc<dyn Device>) -> Result<(), SystemError> {
todo!()
}
fn shutdown(&self, _device: &Arc<dyn Device>) {
todo!()
}
fn resume(&self, _device: &Arc<dyn Device>) -> Result<(), SystemError> {
todo!()
}
fn subsystem(&self) -> &SubSysPrivate {
&self.private
}
}

1
kernel/src/misc/mod.rs
View File

@ -1 +1,2 @@
pub mod events;
pub mod ksysfs;

100
kernel/src/perf/bpf.rs
View File

@ -79,54 +79,28 @@ impl RingPage {
}
}
#[inline]
fn can_write(&self, data_size: usize, data_tail: usize, data_head: usize) -> bool {
if (data_head + 1) % self.data_region_size == data_tail {
// The buffer is full
return false;
}
let capacity = if data_head >= data_tail {
self.data_region_size - data_head + data_tail
} else {
data_tail - data_head
};
let capacity = self.data_region_size - data_head + data_tail;
data_size <= capacity
}
pub fn write_event(&mut self, data: &[u8]) -> Result<()> {
let data_tail = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_tail };
let data_head = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_head };
// data_tail..data_head is the region that can be written
// check if there is enough space to write the event
let sample_size = PerfSample::calculate_size(data.len());
let can_write_sample =
self.can_write(sample_size, *data_tail as usize, *data_head as usize);
// log::error!(
// "can_write_sample: {}, data_tail: {}, data_head: {}, data.len(): {}, region_size: {}",
// can_write_sample,
// *data_tail,
// *data_head,
// data.len(),
// self.data_region_size
// );
if !can_write_sample {
//we need record it to the lost record
self.lost += 1;
// log::error!(
// "Lost record: {}, data_tail: {}, data_head: {}",
// self.lost,
// *data_tail,
// *data_head
// );
Ok(())
} else {
// we can write the sample to the page
// If the lost record is not zero, we need to write the lost record first.
// user lib will update the tail after read the data,but it will not % data_region_size
let perf_header_size = size_of::<perf_event_header>();
let can_write_perf_header =
self.can_write(perf_header_size, *data_tail as usize, *data_head as usize);
if can_write_perf_header {
let can_write_lost_record = self.can_write(
size_of::<LostSamples>(),
*data_tail as usize,
*data_head as usize,
);
// if there is lost record, we need to write the lost record first
if self.lost > 0 && can_write_lost_record {
let new_data_head = self.write_lost(*data_head as usize)?;
*data_head = new_data_head as u64;
@ -137,8 +111,21 @@ impl RingPage {
// *data_head
// );
self.lost = 0;
self.write_event(data)
} else {
// try to write the event again
return self.write_event(data);
}
let sample_size = PerfSample::calculate_size(data.len());
let can_write_sample =
self.can_write(sample_size, *data_tail as usize, *data_head as usize);
// log::error!(
// "can_write_sample: {}, data_tail: {}, data_head: {}, data.len(): {}, region_size: {}",
// can_write_sample,
// *data_tail,
// *data_head,
// data.len(),
// self.data_region_size
// );
if can_write_sample {
let new_data_head = self.write_sample(data, *data_head as usize)?;
*data_head = new_data_head as u64;
// log::info!(
@ -146,20 +133,24 @@ impl RingPage {
// *data_tail,
// *data_head
// );
Ok(())
} else {
self.lost += 1;
}
} else {
self.lost += 1;
}
Ok(())
}
/// Write any data to the page.
///
/// Return the new data_head
fn write_any(&mut self, data: &[u8], data_head: usize) -> Result<usize> {
fn write_any(&mut self, data: &[u8], data_head: usize) -> Result<()> {
let data_region_len = self.data_region_size;
let data_region = self.as_mut_slice()[PAGE_SIZE..].as_mut();
let data_len = data.len();
let start = data_head % data_region_len;
let end = (data_head + data_len) % data_region_len;
let start = data_head;
if start < end {
data_region[start..end].copy_from_slice(data);
} else {
@ -167,40 +158,57 @@ impl RingPage {
data_region[start..start + first_len].copy_from_slice(&data[..first_len]);
data_region[0..end].copy_from_slice(&data[first_len..]);
}
Ok(end)
Ok(())
}
#[inline]
fn fill_size(&self, data_head_mod: usize) -> usize {
if self.data_region_size - data_head_mod < size_of::<perf_event_header>() {
// The remaining space is not enough to write the perf_event_header
// We need to fill the remaining space with 0
self.data_region_size - data_head_mod
} else {
0
}
}
/// Write a sample to the page.
fn write_sample(&mut self, data: &[u8], data_head: usize) -> Result<usize> {
let sample_size = PerfSample::calculate_size(data.len());
let maybe_end = (data_head + sample_size) % self.data_region_size;
let fill_size = self.fill_size(maybe_end);
let perf_sample = PerfSample {
s_hdr: SampleHeader {
header: perf_event_header {
type_: perf_event_type::PERF_RECORD_SAMPLE as u32,
misc: 0,
size: size_of::<SampleHeader>() as u16 + data.len() as u16,
size: size_of::<SampleHeader>() as u16 + data.len() as u16 + fill_size as u16,
},
size: data.len() as u32,
},
value: data,
};
let new_head = self.write_any(perf_sample.s_hdr.as_bytes(), data_head)?;
self.write_any(perf_sample.value, new_head)
self.write_any(perf_sample.s_hdr.as_bytes(), data_head)?;
self.write_any(perf_sample.value, data_head + size_of::<SampleHeader>())?;
Ok(data_head + sample_size + fill_size)
}
/// Write a lost record to the page.
///
/// Return the new data_head
fn write_lost(&mut self, data_head: usize) -> Result<usize> {
let maybe_end = (data_head + size_of::<LostSamples>()) % self.data_region_size;
let fill_size = self.fill_size(maybe_end);
let lost = LostSamples {
header: perf_event_header {
type_: perf_event_type::PERF_RECORD_LOST as u32,
misc: 0,
size: size_of::<LostSamples>() as u16,
size: size_of::<LostSamples>() as u16 + fill_size as u16,
},
id: 0,
count: self.lost as u64,
};
self.write_any(lost.as_bytes(), data_head)
self.write_any(lost.as_bytes(), data_head)?;
Ok(data_head + size_of::<LostSamples>() + fill_size)
}
pub fn readable(&self) -> bool {

14
kernel/src/perf/kprobe.rs
View File

@ -39,8 +39,10 @@ impl KprobePerfEvent {
.downcast_arc::<BpfProg>()
.ok_or(SystemError::EINVAL)?;
let prog_slice = file.insns();
let mut vm =
EbpfVmRawOwned::new(Some(prog_slice.to_vec())).map_err(|_| SystemError::EINVAL)?;
let mut vm = EbpfVmRawOwned::new(Some(prog_slice.to_vec())).map_err(|e| {
log::error!("create ebpf vm failed: {:?}", e);
SystemError::EINVAL
})?;
vm.register_helper_set(BPF_HELPER_FUN_SET.get())
.map_err(|_| SystemError::EINVAL)?;
// create a callback to execute the ebpf prog
@ -75,10 +77,10 @@ impl CallBackFunc for KprobePerfCallBack {
size_of::<KProbeContext>(),
)
};
let _res = self
.vm
.execute_program(probe_context)
.map_err(|_| SystemError::EINVAL);
let res = self.vm.execute_program(probe_context);
if res.is_err() {
log::error!("kprobe callback error: {:?}", res);
}
}
}

1
kernel/src/syscall/mod.rs
View File

@ -1216,6 +1216,7 @@ impl Syscall {
let flags = args[4] as u32;
Self::sys_perf_event_open(attr, pid, cpu, group_fd, flags)
}
SYS_SETRLIMIT => Ok(0),
_ => panic!("Unsupported syscall ID: {}", syscall_num),
};

1
user/apps/test_ebpf/syscall_ebpf/.gitignore → user/apps/syscall_ebpf/.gitignore vendored
View File

@ -7,3 +7,4 @@ target/
# These are backup files generated by rustfmt
**/*.rs.bk
/install/

31
user/apps/syscall_ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,31 @@
[workspace]
resolver = "2"
members = ["syscall_ebpf", "syscall_ebpf-common", "syscall_ebpf-ebpf"]
default-members = ["syscall_ebpf", "syscall_ebpf-common"]
[workspace.dependencies]
aya = { version = "0.13.0", default-features = false }
aya-ebpf = { version = "0.1.1", default-features = false }
aya-log = { version = "0.2.1", default-features = false }
aya-log-ebpf = { version = "0.1.1", default-features = false }
anyhow = { version = "1", default-features = false }
cargo_metadata = { version = "0.18.0", default-features = false }
# `std` feature is currently required to build `clap`.
#
# See https://github.com/clap-rs/clap/blob/61f5ee5/clap_builder/src/lib.rs#L15.
clap = { version = "4.5.20", default-features = false, features = ["std"] }
env_logger = { version = "0.11.5", default-features = false }
libc = { version = "0.2.159", default-features = false }
log = { version = "0.4.22", default-features = false }
tokio = { version = "1.40.0", default-features = false }
which = { version = "6.0.0", default-features = false }
[profile.dev]
panic = "abort"
[profile.release]
panic = "abort"
[profile.release.package.syscall_ebpf-ebpf]
debug = 2
codegen-units = 1

16
user/apps/test_ebpf/Makefile → user/apps/syscall_ebpf/Makefile
View File

@ -21,10 +21,10 @@ endif
run:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
build:build-ebpf
build:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
clean:clean-ebpf
clean:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
test:
@ -42,20 +42,16 @@ fmt-check:
run-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
build-release:build-ebpf
build-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
clean-release:clean-ebpf
clean-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
test-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
build-ebpf:
cd ./syscall_ebpf && RUST_LOG=debug cargo xtask build --release
clean-ebpf:
cd ./syscall_ebpf && cargo clean
.PHONY: install
install:build-ebpf
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path . --no-track --root $(INSTALL_DIR) --force
install:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path ./syscall_ebpf --no-track --root $(INSTALL_DIR) --force

33
user/apps/syscall_ebpf/README.md Normal file
View File

@ -0,0 +1,33 @@
# syscall_ebpf
## Prerequisites
1. stable rust toolchains: `rustup toolchain install stable`
1. nightly rust toolchains: `rustup toolchain install nightly --component rust-src`
1. (if cross-compiling) rustup target: `rustup target add ${ARCH}-unknown-linux-musl`
1. (if cross-compiling) LLVM: (e.g.) `brew install llvm` (on macOS)
1. (if cross-compiling) C toolchain: (e.g.) [`brew install filosottile/musl-cross/musl-cross`](https://github.com/FiloSottile/homebrew-musl-cross) (on macOS)
1. bpf-linker: `cargo install bpf-linker` (`--no-default-features` on macOS)
## Build & Run
Use `cargo build`, `cargo check`, etc. as normal. Run your program with:
```shell
cargo run --release --config 'target."cfg(all())".runner="sudo -E"'
```
Cargo build scripts are used to automatically build the eBPF correctly and include it in the
program.
## Cross-compiling on macOS
Cross compilation should work on both Intel and Apple Silicon Macs.
```shell
CC=${ARCH}-linux-musl-gcc cargo build --package syscall_ebpf --release \
--target=${ARCH}-unknown-linux-musl \
--config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"
```
The cross-compiled program `target/${ARCH}-unknown-linux-musl/release/syscall_ebpf` can be
copied to a Linux server or VM and run there.

4
user/apps/syscall_ebpf/rustfmt.toml Normal file
View File

@ -0,0 +1,4 @@
group_imports = "StdExternalCrate"
imports_granularity = "Crate"
reorder_imports = true
unstable_features = true

2
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-common/Cargo.toml → user/apps/syscall_ebpf/syscall_ebpf-common/Cargo.toml
View File

@ -8,7 +8,7 @@ default = []
user = ["aya"]
[dependencies]
aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13", optional = true }
aya = { workspace = true, optional = true }
[lib]
path = "src/lib.rs"

0
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-common/src/lib.rs → user/apps/syscall_ebpf/syscall_ebpf-common/src/lib.rs
View File

12
user/apps/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml Normal file
View File

@ -0,0 +1,12 @@
# We have this so that one doesn't need to manually pass
# --target=bpfel-unknown-none -Z build-std=core when running cargo
# check/build/doc etc.
#
# NB: this file gets loaded only if you run cargo from this directory, it's
# ignored if you run from the workspace root. See
# https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
[build]
target = ["bpfeb-unknown-none", "bpfel-unknown-none"]
[unstable]
build-std = ["core"]

17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,17 @@
[package]
name = "syscall_ebpf-ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
syscall_ebpf-common = { path = "../syscall_ebpf-common" }
aya-ebpf = { workspace = true }
aya-log-ebpf = { workspace = true }
[build-dependencies]
which = { workspace = true }
[[bin]]
name = "syscall_ebpf"
path = "src/main.rs"

17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/build.rs Normal file
View File

@ -0,0 +1,17 @@
use which::which;
/// Building this crate has an undeclared dependency on the `bpf-linker` binary. This would be
/// better expressed by [artifact-dependencies][bindeps] but issues such as
/// https://github.com/rust-lang/cargo/issues/12385 make their use impractical for the time being.
///
/// This file implements an imperfect solution: it causes cargo to rebuild the crate whenever the
/// mtime of `which bpf-linker` changes. Note that possibility that a new bpf-linker is added to
/// $PATH ahead of the one used as the cache key still exists. Solving this in the general case
/// would require rebuild-if-changed-env=PATH *and* rebuild-if-changed={every-directory-in-PATH}
/// which would likely mean far too much cache invalidation.
///
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
fn main() {
let bpf_linker = which("bpf-linker").unwrap();
println!("cargo:rerun-if-changed={}", bpf_linker.to_str().unwrap());
}

3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/rust-toolchain.toml Normal file
View File

@ -0,0 +1,3 @@
[toolchain]
channel = "nightly"
components = ["rust-src"]

3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/lib.rs Normal file
View File

@ -0,0 +1,3 @@
#![no_std]
// This file exists to enable the library target.

50
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs Normal file
View File

@ -0,0 +1,50 @@
#![no_std]
#![no_main]
use aya_ebpf::{
helpers::bpf_ktime_get_ns,
macros::{kprobe, map},
maps::HashMap,
programs::ProbeContext,
};
use aya_log_ebpf::info;
#[kprobe]
pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
}
fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
let pt_regs = unsafe { &*ctx.regs };
// first arg -> rdi
// second arg -> rsi
// third arg -> rdx
// four arg -> rcx
let syscall_num = pt_regs.rsi as usize;
if syscall_num != 1 {
unsafe {
if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)) {
let new_v = *v + 1;
SYSCALL_LIST
.insert(&(syscall_num as u32), &new_v, 0)
.unwrap();
} else {
SYSCALL_LIST.insert(&(syscall_num as u32), &1, 0).unwrap();
}
}
let time = unsafe { bpf_ktime_get_ns() };
info!(&ctx, "[{}] invoke syscall {}", time, syscall_num);
}
Ok(0)
}
#[map]
static SYSCALL_LIST: HashMap<u32, u32> = HashMap::<u32, u32>::with_max_entries(1024, 0);
#[cfg(not(test))]
#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
// we need use this because the verifier will forbid loop
unsafe { core::hint::unreachable_unchecked() }
// loop{}
}

35
user/apps/syscall_ebpf/syscall_ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,35 @@
[package]
name = "syscall_ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
syscall_ebpf-common = { path = "../syscall_ebpf-common", features = ["user"] }
anyhow = { workspace = true, default-features = true }
aya = { workspace = true }
aya-log = { workspace = true }
env_logger = { workspace = true }
libc = { workspace = true }
log = { workspace = true }
tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
[build-dependencies]
cargo_metadata = { workspace = true }
# TODO(https://github.com/rust-lang/cargo/issues/12375): this should be an artifact dependency, but
# it's not possible to tell cargo to use `-Z build-std` to build it. We cargo-in-cargo in the build
# script to build this, but we want to teach cargo about the dependecy so that cache invalidation
# works properly.
#
# Note also that https://github.com/rust-lang/cargo/issues/10593 occurs when `target = ...` is added
# to an artifact dependency; it seems possible to work around that by setting `resolver = "1"` in
# Cargo.toml in the workspace root.
#
# Finally note that *any* usage of `artifact = ...` in *any* Cargo.toml in the workspace breaks
# workflows with stable cargo; stable cargo outright refuses to load manifests that use unstable
# features.
syscall_ebpf-ebpf = { path = "../syscall_ebpf-ebpf" }
[[bin]]
name = "syscall_ebpf"
path = "src/main.rs"

150
user/apps/syscall_ebpf/syscall_ebpf/build.rs Normal file
View File

@ -0,0 +1,150 @@
use std::{
env, fs,
io::{BufRead as _, BufReader},
path::PathBuf,
process::{Child, Command, Stdio},
};
use cargo_metadata::{
Artifact, CompilerMessage, Message, Metadata, MetadataCommand, Package, Target,
};
/// This crate has a runtime dependency on artifacts produced by the `syscall_ebpf-ebpf` crate.
/// This would be better expressed as one or more [artifact-dependencies][bindeps] but issues such
/// as:
///
/// * https://github.com/rust-lang/cargo/issues/12374
/// * https://github.com/rust-lang/cargo/issues/12375
/// * https://github.com/rust-lang/cargo/issues/12385
///
/// prevent their use for the time being.
///
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
fn main() {
let Metadata { packages, .. } = MetadataCommand::new().no_deps().exec().unwrap();
let ebpf_package = packages
.into_iter()
.find(|Package { name, .. }| name == "syscall_ebpf-ebpf")
.unwrap();
let out_dir = env::var_os("OUT_DIR").unwrap();
let out_dir = PathBuf::from(out_dir);
let endian = env::var_os("CARGO_CFG_TARGET_ENDIAN").unwrap();
let target = if endian == "big" {
"bpfeb"
} else if endian == "little" {
"bpfel"
} else {
panic!("unsupported endian={:?}", endian)
};
// TODO(https://github.com/rust-lang/cargo/issues/4001): Make this `false` if we can determine
// we're in a check build.
let build_ebpf = true;
if build_ebpf {
let arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
let target = format!("{target}-unknown-none");
let Package { manifest_path, .. } = ebpf_package;
let ebpf_dir = manifest_path.parent().unwrap();
// We have a build-dependency on `syscall_ebpf-ebpf`, so cargo will automatically rebuild us
// if `syscall_ebpf-ebpf`'s *library* target or any of its dependencies change. Since we
// depend on `syscall_ebpf-ebpf`'s *binary* targets, that only gets us half of the way. This
// stanza ensures cargo will rebuild us on changes to the binaries too, which gets us the
// rest of the way.
println!("cargo:rerun-if-changed={}", ebpf_dir.as_str());
let mut cmd = Command::new("cargo");
cmd.args([
"build",
"-Z",
"build-std=core",
"--bins",
"--message-format=json",
"--release",
"--target",
&target,
]);
cmd.env("CARGO_CFG_BPF_TARGET_ARCH", arch);
// Workaround to make sure that the rust-toolchain.toml is respected.
for key in ["RUSTUP_TOOLCHAIN", "RUSTC", "RUSTC_WORKSPACE_WRAPPER"] {
cmd.env_remove(key);
}
cmd.current_dir(ebpf_dir);
// Workaround for https://github.com/rust-lang/cargo/issues/6412 where cargo flocks itself.
let ebpf_target_dir = out_dir.join("../syscall_ebpf-ebpf");
cmd.arg("--target-dir").arg(&ebpf_target_dir);
let mut child = cmd
.stdout(Stdio::piped())
.stderr(Stdio::piped())
.spawn()
.unwrap_or_else(|err| panic!("failed to spawn {cmd:?}: {err}"));
let Child { stdout, stderr, .. } = &mut child;
// Trampoline stdout to cargo warnings.
let stderr = stderr.take().unwrap();
let stderr = BufReader::new(stderr);
let stderr = std::thread::spawn(move || {
for line in stderr.lines() {
let line = line.unwrap();
println!("cargo:warning={line}");
}
});
let stdout = stdout.take().unwrap();
let stdout = BufReader::new(stdout);
let mut executables = Vec::new();
for message in Message::parse_stream(stdout) {
#[allow(clippy::collapsible_match)]
match message.expect("valid JSON") {
Message::CompilerArtifact(Artifact {
executable,
target: Target { name, .. },
..
}) => {
if let Some(executable) = executable {
executables.push((name, executable.into_std_path_buf()));
}
}
Message::CompilerMessage(CompilerMessage { message, .. }) => {
for line in message.rendered.unwrap_or_default().split('\n') {
println!("cargo:warning={line}");
}
}
Message::TextLine(line) => {
println!("cargo:warning={line}");
}
_ => {}
}
}
let status = child
.wait()
.unwrap_or_else(|err| panic!("failed to wait for {cmd:?}: {err}"));
assert_eq!(status.code(), Some(0), "{cmd:?} failed: {status:?}");
stderr.join().map_err(std::panic::resume_unwind).unwrap();
for (name, binary) in executables {
let dst = out_dir.join(name);
let _: u64 = fs::copy(&binary, &dst)
.unwrap_or_else(|err| panic!("failed to copy {binary:?} to {dst:?}: {err}"));
}
} else {
let Package { targets, .. } = ebpf_package;
for Target { name, kind, .. } in targets {
if *kind != ["bin"] {
continue;
}
let dst = out_dir.join(name);
fs::write(&dst, []).unwrap_or_else(|err| panic!("failed to create {dst:?}: {err}"));
}
}
}

74
user/apps/syscall_ebpf/syscall_ebpf/src/main.rs Normal file
View File

@ -0,0 +1,74 @@
use aya::{maps::HashMap, programs::KProbe};
#[rustfmt::skip]
use log::{debug, warn};
use tokio::{signal, task::yield_now, time};
extern crate libc;
#[tokio::main(flavor = "current_thread")]
async fn main() -> anyhow::Result<()> {
// env_logger::init();
env_logger::builder()
.filter_level(log::LevelFilter::Warn)
.format_timestamp(None)
.init();
// Bump the memlock rlimit. This is needed for older kernels that don't use the
// new memcg based accounting, see https://lwn.net/Articles/837122/
let rlim = libc::rlimit {
rlim_cur: libc::RLIM_INFINITY,
rlim_max: libc::RLIM_INFINITY,
};
let ret = unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) };
if ret != 0 {
debug!("remove limit on locked memory failed, ret is: {}", ret);
}
// This will include your eBPF object file as raw bytes at compile-time and load it at
// runtime. This approach is recommended for most real-world use cases. If you would
// like to specify the eBPF program at runtime rather than at compile-time, you can
// reach for `Bpf::load_file` instead.
let mut ebpf = aya::Ebpf::load(aya::include_bytes_aligned!(concat!(
env!("OUT_DIR"),
"/syscall_ebpf"
)))?;
if let Err(e) = aya_log::EbpfLogger::init(&mut ebpf) {
// This can happen if you remove all log statements from your eBPF program.
warn!("failed to initialize eBPF logger: {}", e);
}
let program: &mut KProbe = ebpf.program_mut("syscall_ebpf").unwrap().try_into()?;
program.load()?;
program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
// println!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
// print the value of the blocklist per 5 seconds
tokio::spawn(async move {
let blocklist: HashMap<_, u32, u32> =
HashMap::try_from(ebpf.map("SYSCALL_LIST").unwrap()).unwrap();
let mut now = time::Instant::now();
loop {
let new_now = time::Instant::now();
let duration = new_now.duration_since(now);
if duration.as_secs() >= 5 {
println!("------------SYSCALL_LIST----------------");
let iter = blocklist.iter();
for item in iter {
if let Ok((key, value)) = item {
println!("syscall: {:?}, count: {:?}", key, value);
}
}
println!("----------------------------------------");
now = new_now;
}
yield_now().await;
}
});
let ctrl_c = signal::ctrl_c();
println!("Waiting for Ctrl-C...");
ctrl_c.await?;
println!("Exiting...");
Ok(())
}

3
user/apps/test_ebpf/.gitignore vendored
View File

@ -1,3 +0,0 @@
/target
Cargo.lock
/install/

16
user/apps/test_ebpf/Cargo.toml
View File

@ -1,16 +0,0 @@
[package]
name = "test_ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
aya-log = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
log = "0.4.22"
env_logger = "0.11.5"
tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
[profile.release]
lto = true
strip = true

60
user/apps/test_ebpf/src/main.rs
View File

@ -1,60 +0,0 @@
use aya::maps::HashMap;
use aya::programs::KProbe;
use aya::{include_bytes_aligned, Ebpf};
use aya_log::EbpfLogger;
use log::{info, warn};
use std::error::Error;
use tokio::task::yield_now;
use tokio::{signal, time};
#[tokio::main(flavor = "current_thread")]
async fn main() -> Result<(), Box<dyn Error>> {
env_logger::builder()
.filter_level(log::LevelFilter::Warn)
.format_timestamp(None)
.init();
let mut bpf = Ebpf::load(include_bytes_aligned!(
"../syscall_ebpf/target/bpfel-unknown-none/release/syscall_ebpf"
))?;
// create a async task to read the log
if let Err(e) = EbpfLogger::init(&mut bpf) {
// This can happen if you remove all log statements from your eBPF program.
warn!("failed to initialize eBPF logger: {}", e);
}
let program: &mut KProbe = bpf.program_mut("syscall_ebpf").unwrap().try_into()?;
program.load()?;
program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
info!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
// print the value of the blocklist per 5 seconds
tokio::spawn(async move {
let blocklist: HashMap<_, u32, u32> =
HashMap::try_from(bpf.map("SYSCALL_LIST").unwrap()).unwrap();
let mut now = time::Instant::now();
loop {
let new_now = time::Instant::now();
let duration = new_now.duration_since(now);
if duration.as_secs() >= 5 {
println!("------------SYSCALL_LIST----------------");
let iter = blocklist.iter();
for item in iter {
if let Ok((key, value)) = item {
println!("syscall: {:?}, count: {:?}", key, value);
}
}
println!("----------------------------------------");
now = new_now;
}
yield_now().await;
}
});
info!("Waiting for Ctrl-C...");
signal::ctrl_c().await?;
info!("Exiting...");
Ok(())
}

2
user/apps/test_ebpf/syscall_ebpf/.cargo/config.toml
View File

@ -1,2 +0,0 @@
[alias]
xtask = "run --package xtask --"

3
user/apps/test_ebpf/syscall_ebpf/.vscode/settings.json vendored
View File

@ -1,3 +0,0 @@
{
"rust-analyzer.linkedProjects": ["Cargo.toml", "syscall_ebpf-ebpf/Cargo.toml"]
}

3
user/apps/test_ebpf/syscall_ebpf/Cargo.toml
View File

@ -1,3 +0,0 @@
[workspace]
resolver = "2"
members = ["xtask", "syscall_ebpf-common"]

32
user/apps/test_ebpf/syscall_ebpf/README.md
View File

@ -1,32 +0,0 @@
# syscall_ebpf
## Prerequisites
1. Install bpf-linker: `cargo install bpf-linker`
## Build eBPF
```bash
cargo xtask build-ebpf
```
To perform a release build you can use the `--release` flag.
You may also change the target architecture with the `--target` flag.
## Build Userspace
```bash
cargo build
```
## Build eBPF and Userspace
```bash
cargo xtask build
```
## Run
```bash
RUST_LOG=info cargo xtask run
```

6
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml
View File

@ -1,6 +0,0 @@
[build]
target-dir = "../target"
target = "bpfel-unknown-none"
[unstable]
build-std = ["core"]

2
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.helix/config.toml
View File

@ -1,2 +0,0 @@
[editor]
workspace-lsp-roots = []

4
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.vim/coc-settings.json
View File

@ -1,4 +0,0 @@
{
"rust-analyzer.cargo.target": "bpfel-unknown-none",
"rust-analyzer.checkOnSave.allTargets": false
}

4
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.vscode/settings.json vendored
View File

@ -1,4 +0,0 @@
{
"rust-analyzer.cargo.target": "bpfel-unknown-none",
"rust-analyzer.checkOnSave.allTargets": false
}

33
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml
View File

@ -1,33 +0,0 @@
[package]
name = "syscall_ebpf-ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
aya-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
aya-log-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
syscall_ebpf-common = { path = "../syscall_ebpf-common" }
[[bin]]
name = "syscall_ebpf"
path = "src/main.rs"
[profile.dev]
opt-level = 3
debug = false
debug-assertions = false
overflow-checks = false
lto = true
panic = "abort"
incremental = false
codegen-units = 1
rpath = false
[profile.release]
lto = true
panic = "abort"
codegen-units = 1
[workspace]
members = []

13
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/rust-toolchain.toml
View File

@ -1,13 +0,0 @@
[toolchain]
channel = "nightly-2024-11-05"
# The source code of rustc, provided by the rust-src component, is needed for
# building eBPF programs.
components = [
"cargo",
"clippy",
"rust-docs",
"rust-src",
"rust-std",
"rustc",
"rustfmt",
]

44
user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs
View File

@ -1,44 +0,0 @@
#![no_std]
#![no_main]
use aya_ebpf::{macros::kprobe, programs::ProbeContext};
use aya_ebpf::macros::map;
use aya_ebpf::maps::HashMap;
use aya_log_ebpf::info;
#[kprobe]
pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
}
fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
let pt_regs = unsafe {
&*ctx.regs
};
// first arg -> rdi
// second arg -> rsi
// third arg -> rdx
// four arg -> rcx
let syscall_num = pt_regs.rsi as usize;
if syscall_num != 1 {
unsafe {
if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)){
let new_v = *v + 1;
SYSCALL_LIST.insert(&(syscall_num as u32), &new_v,0).unwrap();
}else {
SYSCALL_LIST.insert(&(syscall_num as u32), &1,0).unwrap();
}
}
info!(&ctx, "invoke syscall {}", syscall_num);
}
Ok(0)
}
#[map] //
static SYSCALL_LIST: HashMap<u32, u32> =
HashMap::<u32, u32>::with_max_entries(1024, 0);
#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
unsafe { core::hint::unreachable_unchecked() }
}

8
user/apps/test_ebpf/syscall_ebpf/xtask/Cargo.toml
View File

@ -1,8 +0,0 @@
[package]
name = "xtask"
version = "0.1.0"
edition = "2021"
[dependencies]
anyhow = "1"
clap = { version = "4.1", features = ["derive"] }

42
user/apps/test_ebpf/syscall_ebpf/xtask/src/build.rs
View File

@ -1,42 +0,0 @@
use std::process::Command;
use anyhow::Context as _;
use clap::Parser;
use crate::build_ebpf::{build_ebpf, Architecture, Options as BuildOptions};
#[derive(Debug, Parser)]
pub struct Options {
/// Set the endianness of the BPF target
#[clap(default_value = "bpfel-unknown-none", long)]
pub bpf_target: Architecture,
/// Build and run the release target
#[clap(long)]
pub release: bool,
}
/// Build the project
fn build_project(opts: &Options) -> Result<(), anyhow::Error> {
let mut args = vec!["build"];
if opts.release {
args.push("--release")
}
let status = Command::new("cargo")
.args(&args)
.status()
.expect("failed to build userspace");
assert!(status.success());
Ok(())
}
/// Build our ebpf program and the project
pub fn build(opts: Options) -> Result<(), anyhow::Error> {
// build our ebpf program followed by our application
build_ebpf(BuildOptions {
target: opts.bpf_target,
release: opts.release,
})
.context("Error while building eBPF program")?;
build_project(&opts).context("Error while building userspace application")?;
Ok(())
}

67
user/apps/test_ebpf/syscall_ebpf/xtask/src/build_ebpf.rs
View File

@ -1,67 +0,0 @@
use std::{path::PathBuf, process::Command};
use clap::Parser;
#[derive(Debug, Copy, Clone)]
pub enum Architecture {
BpfEl,
BpfEb,
}
impl std::str::FromStr for Architecture {
type Err = String;
fn from_str(s: &str) -> Result<Self, Self::Err> {
Ok(match s {
"bpfel-unknown-none" => Architecture::BpfEl,
"bpfeb-unknown-none" => Architecture::BpfEb,
_ => return Err("invalid target".to_owned()),
})
}
}
impl std::fmt::Display for Architecture {
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
f.write_str(match self {
Architecture::BpfEl => "bpfel-unknown-none",
Architecture::BpfEb => "bpfeb-unknown-none",
})
}
}
#[derive(Debug, Parser)]
pub struct Options {
/// Set the endianness of the BPF target
#[clap(default_value = "bpfel-unknown-none", long)]
pub target: Architecture,
/// Build the release target
#[clap(long)]
pub release: bool,
}
pub fn build_ebpf(opts: Options) -> Result<(), anyhow::Error> {
let dir = PathBuf::from("syscall_ebpf-ebpf");
let target = format!("--target={}", opts.target);
let mut args = vec![
"build",
target.as_str(),
"-Z",
"build-std=core",
];
if opts.release {
args.push("--release")
}
// Command::new creates a child process which inherits all env variables. This means env
// vars set by the cargo xtask command are also inherited. RUSTUP_TOOLCHAIN is removed
// so the rust-toolchain.toml file in the -ebpf folder is honored.
let status = Command::new("cargo")
.current_dir(dir)
.env_remove("RUSTUP_TOOLCHAIN")
.args(&args)
.status()
.expect("failed to build bpf program");
assert!(status.success());
Ok(())
}

36
user/apps/test_ebpf/syscall_ebpf/xtask/src/main.rs
View File

@ -1,36 +0,0 @@
mod build_ebpf;
mod build;
mod run;
use std::process::exit;
use clap::Parser;
#[derive(Debug, Parser)]
pub struct Options {
#[clap(subcommand)]
command: Command,
}
#[derive(Debug, Parser)]
enum Command {
BuildEbpf(build_ebpf::Options),
Build(build::Options),
Run(run::Options),
}
fn main() {
let opts = Options::parse();
use Command::*;
let ret = match opts.command {
BuildEbpf(opts) => build_ebpf::build_ebpf(opts),
Run(opts) => run::run(opts),
Build(opts) => build::build(opts),
};
if let Err(e) = ret {
eprintln!("{e:#}");
exit(1);
}
}

55
user/apps/test_ebpf/syscall_ebpf/xtask/src/run.rs
View File

@ -1,55 +0,0 @@
use std::process::Command;
use anyhow::Context as _;
use clap::Parser;
use crate::{build::{build, Options as BuildOptions}, build_ebpf::Architecture};
#[derive(Debug, Parser)]
pub struct Options {
/// Set the endianness of the BPF target
#[clap(default_value = "bpfel-unknown-none", long)]
pub bpf_target: Architecture,
/// Build and run the release target
#[clap(long)]
pub release: bool,
/// The command used to wrap your application
#[clap(short, long, default_value = "sudo -E")]
pub runner: String,
/// Arguments to pass to your application
#[clap(name = "args", last = true)]
pub run_args: Vec<String>,
}
/// Build and run the project
pub fn run(opts: Options) -> Result<(), anyhow::Error> {
// Build our ebpf program and the project
build(BuildOptions{
bpf_target: opts.bpf_target,
release: opts.release,
}).context("Error while building project")?;
// profile we are building (release or debug)
let profile = if opts.release { "release" } else { "debug" };
let bin_path = format!("target/{profile}/syscall_ebpf");
// arguments to pass to the application
let mut run_args: Vec<_> = opts.run_args.iter().map(String::as_str).collect();
// configure args
let mut args: Vec<_> = opts.runner.trim().split_terminator(' ').collect();
args.push(bin_path.as_str());
args.append(&mut run_args);
// run the command
let status = Command::new(args.first().expect("No first argument"))
.args(args.iter().skip(1))
.status()
.expect("failed to run the command");
if !status.success() {
anyhow::bail!("Failed to run `{}`", args.join(" "));
}
Ok(())
}

4
user/dadk/config/test_ebpf_0_1_0.toml → user/dadk/config/syscall_ebpf_0_1_0.toml
View File

@ -1,5 +1,5 @@
# 用户程序名称
name = "test_ebpf"
name = "test_ebpf_new"
# 版本号
version = "0.1.0"
# 用户程序描述信息
@ -21,7 +21,7 @@ type = "build-from-source"
# "install_from_prebuilt" 可选值:"local", "archive"
source = "local"
# 路径或URL
source-path = "user/apps/test_ebpf"
source-path = "user/apps/syscall_ebpf"
# 构建相关信息
[build]
# (可选)构建命令