DragonOS-Community/DragonOS
4
1
Fork 0
mirror of https://github.com/DragonOS-Community/DragonOS.git synced 2025-06-19 00:46:31 +00:00
Code Issues Releases Wiki Activity

feat(ebpf): support Aya framework. (#1070)

Browse Source 
* feat(ebpf): support Aya framework.

1. fix the rbpf bug
2. use new Aya template
3. add kprobe related device files and attributes to sysfs

---
Signed-off-by: chenlinfeng <chenlinfeng25@outlook.com>
This commit is contained in:
linfeng
2024-12-07 16:41:37 +08:00
committed by GitHub
parent c09af909c5
commit 72423f90bb
53 changed files with 849 additions and 511 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
user/apps/syscall_ebpf/.gitignore vendored Normal file
View File

@ -0,0 +1,10 @@
### https://raw.github.com/github/gitignore/master/Rust.gitignore
# Generated by Cargo
# will have compiled files and executables
debug/
target/
# These are backup files generated by rustfmt
**/*.rs.bk
/install/

31
user/apps/syscall_ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,31 @@
[workspace]
resolver = "2"
members = ["syscall_ebpf", "syscall_ebpf-common", "syscall_ebpf-ebpf"]
default-members = ["syscall_ebpf", "syscall_ebpf-common"]
[workspace.dependencies]
aya = { version = "0.13.0", default-features = false }
aya-ebpf = { version = "0.1.1", default-features = false }
aya-log = { version = "0.2.1", default-features = false }
aya-log-ebpf = { version = "0.1.1", default-features = false }
anyhow = { version = "1", default-features = false }
cargo_metadata = { version = "0.18.0", default-features = false }
# `std` feature is currently required to build `clap`.
#
# See https://github.com/clap-rs/clap/blob/61f5ee5/clap_builder/src/lib.rs#L15.
clap = { version = "4.5.20", default-features = false, features = ["std"] }
env_logger = { version = "0.11.5", default-features = false }
libc = { version = "0.2.159", default-features = false }
log = { version = "0.4.22", default-features = false }
tokio = { version = "1.40.0", default-features = false }
which = { version = "6.0.0", default-features = false }
[profile.dev]
panic = "abort"
[profile.release]
panic = "abort"
[profile.release.package.syscall_ebpf-ebpf]
debug = 2
codegen-units = 1

57
user/apps/syscall_ebpf/Makefile Normal file
View File

@ -0,0 +1,57 @@
TOOLCHAIN="+nightly-2024-11-05-x86_64-unknown-linux-gnu"
RUSTFLAGS+=""
ifdef DADK_CURRENT_BUILD_DIR
# 如果是在dadk中编译那么安装到dadk的安装目录中
INSTALL_DIR = $(DADK_CURRENT_BUILD_DIR)
else
# 如果是在本地编译那么安装到当前目录下的install目录中
INSTALL_DIR = ./install
endif
ifeq ($(ARCH), x86_64)
export RUST_TARGET=x86_64-unknown-linux-musl
else ifeq ($(ARCH), riscv64)
export RUST_TARGET=riscv64gc-unknown-linux-gnu
else
# 默认为x86_86用于本地编译
export RUST_TARGET=x86_64-unknown-linux-musl
endif
run:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
build:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
clean:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
test:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET)
doc:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) doc --target $(RUST_TARGET)
fmt:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt
fmt-check:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt --check
run-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
build-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
clean-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
test-release:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
.PHONY: install
install:
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path ./syscall_ebpf --no-track --root $(INSTALL_DIR) --force

33
user/apps/syscall_ebpf/README.md Normal file
View File

@ -0,0 +1,33 @@
# syscall_ebpf
## Prerequisites
1. stable rust toolchains: `rustup toolchain install stable`
1. nightly rust toolchains: `rustup toolchain install nightly --component rust-src`
1. (if cross-compiling) rustup target: `rustup target add ${ARCH}-unknown-linux-musl`
1. (if cross-compiling) LLVM: (e.g.) `brew install llvm` (on macOS)
1. (if cross-compiling) C toolchain: (e.g.) [`brew install filosottile/musl-cross/musl-cross`](https://github.com/FiloSottile/homebrew-musl-cross) (on macOS)
1. bpf-linker: `cargo install bpf-linker` (`--no-default-features` on macOS)
## Build & Run
Use `cargo build`, `cargo check`, etc. as normal. Run your program with:
```shell
cargo run --release --config 'target."cfg(all())".runner="sudo -E"'
```
Cargo build scripts are used to automatically build the eBPF correctly and include it in the
program.
## Cross-compiling on macOS
Cross compilation should work on both Intel and Apple Silicon Macs.
```shell
CC=${ARCH}-linux-musl-gcc cargo build --package syscall_ebpf --release \
--target=${ARCH}-unknown-linux-musl \
--config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"
```
The cross-compiled program `target/${ARCH}-unknown-linux-musl/release/syscall_ebpf` can be
copied to a Linux server or VM and run there.

4
user/apps/syscall_ebpf/rustfmt.toml Normal file
View File

@ -0,0 +1,4 @@
group_imports = "StdExternalCrate"
imports_granularity = "Crate"
reorder_imports = true
unstable_features = true

14
user/apps/syscall_ebpf/syscall_ebpf-common/Cargo.toml Normal file
View File

@ -0,0 +1,14 @@
[package]
name = "syscall_ebpf-common"
version = "0.1.0"
edition = "2021"
[features]
default = []
user = ["aya"]
[dependencies]
aya = { workspace = true, optional = true }
[lib]
path = "src/lib.rs"

1
user/apps/syscall_ebpf/syscall_ebpf-common/src/lib.rs Normal file
View File

@ -0,0 +1 @@
#![no_std]

12
user/apps/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml Normal file
View File

@ -0,0 +1,12 @@
# We have this so that one doesn't need to manually pass
# --target=bpfel-unknown-none -Z build-std=core when running cargo
# check/build/doc etc.
#
# NB: this file gets loaded only if you run cargo from this directory, it's
# ignored if you run from the workspace root. See
# https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
[build]
target = ["bpfeb-unknown-none", "bpfel-unknown-none"]
[unstable]
build-std = ["core"]

17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,17 @@
[package]
name = "syscall_ebpf-ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
syscall_ebpf-common = { path = "../syscall_ebpf-common" }
aya-ebpf = { workspace = true }
aya-log-ebpf = { workspace = true }
[build-dependencies]
which = { workspace = true }
[[bin]]
name = "syscall_ebpf"
path = "src/main.rs"

17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/build.rs Normal file
View File

@ -0,0 +1,17 @@
use which::which;
/// Building this crate has an undeclared dependency on the `bpf-linker` binary. This would be
/// better expressed by [artifact-dependencies][bindeps] but issues such as
/// https://github.com/rust-lang/cargo/issues/12385 make their use impractical for the time being.
///
/// This file implements an imperfect solution: it causes cargo to rebuild the crate whenever the
/// mtime of `which bpf-linker` changes. Note that possibility that a new bpf-linker is added to
/// $PATH ahead of the one used as the cache key still exists. Solving this in the general case
/// would require rebuild-if-changed-env=PATH *and* rebuild-if-changed={every-directory-in-PATH}
/// which would likely mean far too much cache invalidation.
///
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
fn main() {
let bpf_linker = which("bpf-linker").unwrap();
println!("cargo:rerun-if-changed={}", bpf_linker.to_str().unwrap());
}

3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/rust-toolchain.toml Normal file
View File

@ -0,0 +1,3 @@
[toolchain]
channel = "nightly"
components = ["rust-src"]

3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/lib.rs Normal file
View File

@ -0,0 +1,3 @@
#![no_std]
// This file exists to enable the library target.

50
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs Normal file
View File

@ -0,0 +1,50 @@
#![no_std]
#![no_main]
use aya_ebpf::{
helpers::bpf_ktime_get_ns,
macros::{kprobe, map},
maps::HashMap,
programs::ProbeContext,
};
use aya_log_ebpf::info;
#[kprobe]
pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
}
fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
let pt_regs = unsafe { &*ctx.regs };
// first arg -> rdi
// second arg -> rsi
// third arg -> rdx
// four arg -> rcx
let syscall_num = pt_regs.rsi as usize;
if syscall_num != 1 {
unsafe {
if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)) {
let new_v = *v + 1;
SYSCALL_LIST
.insert(&(syscall_num as u32), &new_v, 0)
.unwrap();
} else {
SYSCALL_LIST.insert(&(syscall_num as u32), &1, 0).unwrap();
}
}
let time = unsafe { bpf_ktime_get_ns() };
info!(&ctx, "[{}] invoke syscall {}", time, syscall_num);
}
Ok(0)
}
#[map]
static SYSCALL_LIST: HashMap<u32, u32> = HashMap::<u32, u32>::with_max_entries(1024, 0);
#[cfg(not(test))]
#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
// we need use this because the verifier will forbid loop
unsafe { core::hint::unreachable_unchecked() }
// loop{}
}

35
user/apps/syscall_ebpf/syscall_ebpf/Cargo.toml Normal file
View File

@ -0,0 +1,35 @@
[package]
name = "syscall_ebpf"
version = "0.1.0"
edition = "2021"
[dependencies]
syscall_ebpf-common = { path = "../syscall_ebpf-common", features = ["user"] }
anyhow = { workspace = true, default-features = true }
aya = { workspace = true }
aya-log = { workspace = true }
env_logger = { workspace = true }
libc = { workspace = true }
log = { workspace = true }
tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
[build-dependencies]
cargo_metadata = { workspace = true }
# TODO(https://github.com/rust-lang/cargo/issues/12375): this should be an artifact dependency, but
# it's not possible to tell cargo to use `-Z build-std` to build it. We cargo-in-cargo in the build
# script to build this, but we want to teach cargo about the dependecy so that cache invalidation
# works properly.
#
# Note also that https://github.com/rust-lang/cargo/issues/10593 occurs when `target = ...` is added
# to an artifact dependency; it seems possible to work around that by setting `resolver = "1"` in
# Cargo.toml in the workspace root.
#
# Finally note that *any* usage of `artifact = ...` in *any* Cargo.toml in the workspace breaks
# workflows with stable cargo; stable cargo outright refuses to load manifests that use unstable
# features.
syscall_ebpf-ebpf = { path = "../syscall_ebpf-ebpf" }
[[bin]]
name = "syscall_ebpf"
path = "src/main.rs"

150
user/apps/syscall_ebpf/syscall_ebpf/build.rs Normal file
View File

@ -0,0 +1,150 @@
use std::{
env, fs,
io::{BufRead as _, BufReader},
path::PathBuf,
process::{Child, Command, Stdio},
};
use cargo_metadata::{
Artifact, CompilerMessage, Message, Metadata, MetadataCommand, Package, Target,
};
/// This crate has a runtime dependency on artifacts produced by the `syscall_ebpf-ebpf` crate.
/// This would be better expressed as one or more [artifact-dependencies][bindeps] but issues such
/// as:
///
/// * https://github.com/rust-lang/cargo/issues/12374
/// * https://github.com/rust-lang/cargo/issues/12375
/// * https://github.com/rust-lang/cargo/issues/12385
///
/// prevent their use for the time being.
///
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
fn main() {
let Metadata { packages, .. } = MetadataCommand::new().no_deps().exec().unwrap();
let ebpf_package = packages
.into_iter()
.find(|Package { name, .. }| name == "syscall_ebpf-ebpf")
.unwrap();
let out_dir = env::var_os("OUT_DIR").unwrap();
let out_dir = PathBuf::from(out_dir);
let endian = env::var_os("CARGO_CFG_TARGET_ENDIAN").unwrap();
let target = if endian == "big" {
"bpfeb"
} else if endian == "little" {
"bpfel"
} else {
panic!("unsupported endian={:?}", endian)
};
// TODO(https://github.com/rust-lang/cargo/issues/4001): Make this `false` if we can determine
// we're in a check build.
let build_ebpf = true;
if build_ebpf {
let arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
let target = format!("{target}-unknown-none");
let Package { manifest_path, .. } = ebpf_package;
let ebpf_dir = manifest_path.parent().unwrap();
// We have a build-dependency on `syscall_ebpf-ebpf`, so cargo will automatically rebuild us
// if `syscall_ebpf-ebpf`'s *library* target or any of its dependencies change. Since we
// depend on `syscall_ebpf-ebpf`'s *binary* targets, that only gets us half of the way. This
// stanza ensures cargo will rebuild us on changes to the binaries too, which gets us the
// rest of the way.
println!("cargo:rerun-if-changed={}", ebpf_dir.as_str());
let mut cmd = Command::new("cargo");
cmd.args([
"build",
"-Z",
"build-std=core",
"--bins",
"--message-format=json",
"--release",
"--target",
&target,
]);
cmd.env("CARGO_CFG_BPF_TARGET_ARCH", arch);
// Workaround to make sure that the rust-toolchain.toml is respected.
for key in ["RUSTUP_TOOLCHAIN", "RUSTC", "RUSTC_WORKSPACE_WRAPPER"] {
cmd.env_remove(key);
}
cmd.current_dir(ebpf_dir);
// Workaround for https://github.com/rust-lang/cargo/issues/6412 where cargo flocks itself.
let ebpf_target_dir = out_dir.join("../syscall_ebpf-ebpf");
cmd.arg("--target-dir").arg(&ebpf_target_dir);
let mut child = cmd
.stdout(Stdio::piped())
.stderr(Stdio::piped())
.spawn()
.unwrap_or_else(|err| panic!("failed to spawn {cmd:?}: {err}"));
let Child { stdout, stderr, .. } = &mut child;
// Trampoline stdout to cargo warnings.
let stderr = stderr.take().unwrap();
let stderr = BufReader::new(stderr);
let stderr = std::thread::spawn(move || {
for line in stderr.lines() {
let line = line.unwrap();
println!("cargo:warning={line}");
}
});
let stdout = stdout.take().unwrap();
let stdout = BufReader::new(stdout);
let mut executables = Vec::new();
for message in Message::parse_stream(stdout) {
#[allow(clippy::collapsible_match)]
match message.expect("valid JSON") {
Message::CompilerArtifact(Artifact {
executable,
target: Target { name, .. },
..
}) => {
if let Some(executable) = executable {
executables.push((name, executable.into_std_path_buf()));
}
}
Message::CompilerMessage(CompilerMessage { message, .. }) => {
for line in message.rendered.unwrap_or_default().split('\n') {
println!("cargo:warning={line}");
}
}
Message::TextLine(line) => {
println!("cargo:warning={line}");
}
_ => {}
}
}
let status = child
.wait()
.unwrap_or_else(|err| panic!("failed to wait for {cmd:?}: {err}"));
assert_eq!(status.code(), Some(0), "{cmd:?} failed: {status:?}");
stderr.join().map_err(std::panic::resume_unwind).unwrap();
for (name, binary) in executables {
let dst = out_dir.join(name);
let _: u64 = fs::copy(&binary, &dst)
.unwrap_or_else(|err| panic!("failed to copy {binary:?} to {dst:?}: {err}"));
}
} else {
let Package { targets, .. } = ebpf_package;
for Target { name, kind, .. } in targets {
if *kind != ["bin"] {
continue;
}
let dst = out_dir.join(name);
fs::write(&dst, []).unwrap_or_else(|err| panic!("failed to create {dst:?}: {err}"));
}
}
}

74
user/apps/syscall_ebpf/syscall_ebpf/src/main.rs Normal file
View File

@ -0,0 +1,74 @@
use aya::{maps::HashMap, programs::KProbe};
#[rustfmt::skip]
use log::{debug, warn};
use tokio::{signal, task::yield_now, time};
extern crate libc;
#[tokio::main(flavor = "current_thread")]
async fn main() -> anyhow::Result<()> {
// env_logger::init();
env_logger::builder()
.filter_level(log::LevelFilter::Warn)
.format_timestamp(None)
.init();
// Bump the memlock rlimit. This is needed for older kernels that don't use the
// new memcg based accounting, see https://lwn.net/Articles/837122/
let rlim = libc::rlimit {
rlim_cur: libc::RLIM_INFINITY,
rlim_max: libc::RLIM_INFINITY,
};
let ret = unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) };
if ret != 0 {
debug!("remove limit on locked memory failed, ret is: {}", ret);
}
// This will include your eBPF object file as raw bytes at compile-time and load it at
// runtime. This approach is recommended for most real-world use cases. If you would
// like to specify the eBPF program at runtime rather than at compile-time, you can
// reach for `Bpf::load_file` instead.
let mut ebpf = aya::Ebpf::load(aya::include_bytes_aligned!(concat!(
env!("OUT_DIR"),
"/syscall_ebpf"
)))?;
if let Err(e) = aya_log::EbpfLogger::init(&mut ebpf) {
// This can happen if you remove all log statements from your eBPF program.
warn!("failed to initialize eBPF logger: {}", e);
}
let program: &mut KProbe = ebpf.program_mut("syscall_ebpf").unwrap().try_into()?;
program.load()?;
program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
// println!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
// print the value of the blocklist per 5 seconds
tokio::spawn(async move {
let blocklist: HashMap<_, u32, u32> =
HashMap::try_from(ebpf.map("SYSCALL_LIST").unwrap()).unwrap();
let mut now = time::Instant::now();
loop {
let new_now = time::Instant::now();
let duration = new_now.duration_since(now);
if duration.as_secs() >= 5 {
println!("------------SYSCALL_LIST----------------");
let iter = blocklist.iter();
for item in iter {
if let Ok((key, value)) = item {
println!("syscall: {:?}, count: {:?}", key, value);
}
}
println!("----------------------------------------");
now = new_now;
}
yield_now().await;
}
});
let ctrl_c = signal::ctrl_c();
println!("Waiting for Ctrl-C...");
ctrl_c.await?;
println!("Exiting...");
Ok(())
}