mirror of
https://github.com/DragonOS-Community/DragonOS.git
synced 2025-06-09 11:16:47 +00:00
feat(ebpf): support Aya framework. (#1070)
* feat(ebpf): support Aya framework. 1. fix the rbpf bug 2. use new Aya template 3. add kprobe related device files and attributes to sysfs --- Signed-off-by: chenlinfeng <chenlinfeng25@outlook.com>
This commit is contained in:
parent
c09af909c5
commit
72423f90bb
@ -660,9 +660,9 @@ pub fn execute_program(
|
|||||||
// Save the callee saved registers
|
// Save the callee saved registers
|
||||||
pre_stack.save_registers(®[6..=9]);
|
pre_stack.save_registers(®[6..=9]);
|
||||||
// Save the return address
|
// Save the return address
|
||||||
pre_stack.save_return_address(insn_ptr as u16);
|
pre_stack.save_return_address(insn_ptr as u64);
|
||||||
// save the stack pointer
|
// save the stack pointer
|
||||||
pre_stack.save_sp(reg[10] as u16);
|
pre_stack.save_sp(reg[10]);
|
||||||
let mut stack = StackFrame::new();
|
let mut stack = StackFrame::new();
|
||||||
log::trace!("BPF TO BPF CALL: new pc: {} + {} = {}",insn_ptr ,insn.imm,insn_ptr + insn.imm as usize);
|
log::trace!("BPF TO BPF CALL: new pc: {} + {} = {}",insn_ptr ,insn.imm,insn_ptr + insn.imm as usize);
|
||||||
reg[10] = stack.as_ptr() as u64 + stack.len() as u64;
|
reg[10] = stack.as_ptr() as u64 + stack.len() as u64;
|
||||||
@ -695,7 +695,7 @@ pub fn execute_program(
|
|||||||
// Restore the return address
|
// Restore the return address
|
||||||
insn_ptr = stack.get_return_address() as usize;
|
insn_ptr = stack.get_return_address() as usize;
|
||||||
// Restore the stack pointer
|
// Restore the stack pointer
|
||||||
reg[10] = stack.get_sp() as u64;
|
reg[10] = stack.get_sp();
|
||||||
log::trace!("EXIT: new pc: {}", insn_ptr);
|
log::trace!("EXIT: new pc: {}", insn_ptr);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
use crate::{ebpf::STACK_SIZE, vec, Vec};
|
use crate::{ebpf::STACK_SIZE, vec, Vec};
|
||||||
|
|
||||||
pub struct StackFrame {
|
pub struct StackFrame {
|
||||||
return_address: u16,
|
return_address: u64,
|
||||||
saved_registers: [u64; 4],
|
saved_registers: [u64; 4],
|
||||||
sp: u16,
|
sp: u64,
|
||||||
frame: Vec<u8>,
|
frame: Vec<u8>,
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -54,22 +54,22 @@ impl StackFrame {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/// Save the return address
|
/// Save the return address
|
||||||
pub fn save_return_address(&mut self, address: u16) {
|
pub fn save_return_address(&mut self, address: u64) {
|
||||||
self.return_address = address;
|
self.return_address = address;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get the return address
|
/// Get the return address
|
||||||
pub fn get_return_address(&self) -> u16 {
|
pub fn get_return_address(&self) -> u64 {
|
||||||
self.return_address
|
self.return_address
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Save the stack pointer
|
/// Save the stack pointer
|
||||||
pub fn save_sp(&mut self, sp: u16) {
|
pub fn save_sp(&mut self, sp: u64) {
|
||||||
self.sp = sp;
|
self.sp = sp;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Get the stack pointer
|
/// Get the stack pointer
|
||||||
pub fn get_sp(&self) -> u16 {
|
pub fn get_sp(&self) -> u64 {
|
||||||
self.sp
|
self.sp
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -267,9 +267,10 @@ impl X86_64MMArch {
|
|||||||
});
|
});
|
||||||
} else {
|
} else {
|
||||||
log::error!(
|
log::error!(
|
||||||
"No mapped vma, error_code: {:#b}, address: {:#x}",
|
"No mapped vma, error_code: {:#b}, address: {:#x}, flags: {:?}",
|
||||||
error_code,
|
error_code,
|
||||||
address.data(),
|
address.data(),
|
||||||
|
flags
|
||||||
);
|
);
|
||||||
let pid = ProcessManager::current_pid();
|
let pid = ProcessManager::current_pid();
|
||||||
let mut info =
|
let mut info =
|
||||||
|
@ -1,6 +1,7 @@
|
|||||||
pub const HELPER_MAP_LOOKUP_ELEM: u32 = 1;
|
pub const HELPER_MAP_LOOKUP_ELEM: u32 = 1;
|
||||||
pub const HELPER_MAP_UPDATE_ELEM: u32 = 2;
|
pub const HELPER_MAP_UPDATE_ELEM: u32 = 2;
|
||||||
pub const HELPER_MAP_DELETE_ELEM: u32 = 3;
|
pub const HELPER_MAP_DELETE_ELEM: u32 = 3;
|
||||||
|
pub const HELPER_KTIME_GET_NS: u32 = 5;
|
||||||
pub const HELPER_MAP_FOR_EACH_ELEM: u32 = 164;
|
pub const HELPER_MAP_FOR_EACH_ELEM: u32 = 164;
|
||||||
pub const HELPER_MAP_LOOKUP_PERCPU_ELEM: u32 = 195;
|
pub const HELPER_MAP_LOOKUP_PERCPU_ELEM: u32 = 195;
|
||||||
pub const HELPER_PERF_EVENT_OUTPUT: u32 = 25;
|
pub const HELPER_PERF_EVENT_OUTPUT: u32 = 25;
|
||||||
|
@ -6,6 +6,7 @@ use crate::bpf::map::{BpfCallBackFn, BpfMap};
|
|||||||
use crate::include::bindings::linux_bpf::BPF_F_CURRENT_CPU;
|
use crate::include::bindings::linux_bpf::BPF_F_CURRENT_CPU;
|
||||||
use crate::libs::lazy_init::Lazy;
|
use crate::libs::lazy_init::Lazy;
|
||||||
use crate::smp::core::smp_get_processor_id;
|
use crate::smp::core::smp_get_processor_id;
|
||||||
|
use crate::time::Instant;
|
||||||
use alloc::{collections::BTreeMap, sync::Arc};
|
use alloc::{collections::BTreeMap, sync::Arc};
|
||||||
use core::ffi::c_void;
|
use core::ffi::c_void;
|
||||||
use system_error::SystemError;
|
use system_error::SystemError;
|
||||||
@ -300,6 +301,10 @@ pub fn map_peek_elem(map: &Arc<BpfMap>, value: &mut [u8]) -> Result<()> {
|
|||||||
value
|
value
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pub fn bpf_ktime_get_ns() -> u64 {
|
||||||
|
(Instant::now().total_micros() * 1000) as u64
|
||||||
|
}
|
||||||
|
|
||||||
pub static BPF_HELPER_FUN_SET: Lazy<BTreeMap<u32, RawBPFHelperFn>> = Lazy::new();
|
pub static BPF_HELPER_FUN_SET: Lazy<BTreeMap<u32, RawBPFHelperFn>> = Lazy::new();
|
||||||
|
|
||||||
/// Initialize the helper functions.
|
/// Initialize the helper functions.
|
||||||
@ -311,6 +316,7 @@ pub fn init_helper_functions() {
|
|||||||
map.insert(HELPER_MAP_LOOKUP_ELEM, define_func!(raw_map_lookup_elem));
|
map.insert(HELPER_MAP_LOOKUP_ELEM, define_func!(raw_map_lookup_elem));
|
||||||
map.insert(HELPER_MAP_UPDATE_ELEM, define_func!(raw_map_update_elem));
|
map.insert(HELPER_MAP_UPDATE_ELEM, define_func!(raw_map_update_elem));
|
||||||
map.insert(HELPER_MAP_DELETE_ELEM, define_func!(raw_map_delete_elem));
|
map.insert(HELPER_MAP_DELETE_ELEM, define_func!(raw_map_delete_elem));
|
||||||
|
map.insert(HELPER_KTIME_GET_NS, define_func!(bpf_ktime_get_ns));
|
||||||
map.insert(
|
map.insert(
|
||||||
HELPER_MAP_FOR_EACH_ELEM,
|
HELPER_MAP_FOR_EACH_ELEM,
|
||||||
define_func!(raw_map_for_each_elem),
|
define_func!(raw_map_for_each_elem),
|
||||||
|
@ -33,7 +33,7 @@ pub fn bpf(cmd: bpf_cmd, attr: &bpf_attr) -> Result<usize> {
|
|||||||
// Program related commands
|
// Program related commands
|
||||||
bpf_cmd::BPF_PROG_LOAD => prog::bpf_prog_load(attr),
|
bpf_cmd::BPF_PROG_LOAD => prog::bpf_prog_load(attr),
|
||||||
// Object creation commands
|
// Object creation commands
|
||||||
bpf_cmd::BPF_BTF_LOAD => {
|
bpf_cmd::BPF_BTF_LOAD | bpf_cmd::BPF_LINK_CREATE | bpf_cmd::BPF_OBJ_GET_INFO_BY_FD => {
|
||||||
error!("bpf cmd {:?} not implemented", cmd);
|
error!("bpf cmd {:?} not implemented", cmd);
|
||||||
return Err(SystemError::ENOSYS);
|
return Err(SystemError::ENOSYS);
|
||||||
}
|
}
|
||||||
|
@ -310,6 +310,7 @@ pub enum DeviceType {
|
|||||||
PlatformDev,
|
PlatformDev,
|
||||||
Char,
|
Char,
|
||||||
Pci,
|
Pci,
|
||||||
|
Other,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// @brief: 设备标识符类型
|
/// @brief: 设备标识符类型
|
||||||
|
@ -21,7 +21,6 @@ pub fn driver_init() -> Result<(), SystemError> {
|
|||||||
platform_bus_init()?;
|
platform_bus_init()?;
|
||||||
serio_bus_init()?;
|
serio_bus_init()?;
|
||||||
CpuDeviceManager::init()?;
|
CpuDeviceManager::init()?;
|
||||||
|
|
||||||
// 至此,已完成设备驱动模型的初始化
|
// 至此,已完成设备驱动模型的初始化
|
||||||
return Ok(());
|
return Ok(());
|
||||||
}
|
}
|
||||||
|
@ -394,7 +394,31 @@ impl ProcFS {
|
|||||||
} else {
|
} else {
|
||||||
panic!("create ksmg error");
|
panic!("create ksmg error");
|
||||||
}
|
}
|
||||||
|
// 这个文件是用来欺骗Aya框架识别内核版本
|
||||||
|
/* On Ubuntu LINUX_VERSION_CODE doesn't correspond to info.release,
|
||||||
|
* but Ubuntu provides /proc/version_signature file, as described at
|
||||||
|
* https://ubuntu.com/kernel, with an example contents below, which we
|
||||||
|
* can use to get a proper LINUX_VERSION_CODE.
|
||||||
|
*
|
||||||
|
* Ubuntu 5.4.0-12.15-generic 5.4.8
|
||||||
|
*
|
||||||
|
* In the above, 5.4.8 is what kernel is actually expecting, while
|
||||||
|
* uname() call will return 5.4.0 in info.release.
|
||||||
|
*/
|
||||||
|
let binding = inode.create("version_signature", FileType::File, ModeType::S_IRUGO);
|
||||||
|
if let Ok(version_signature) = binding {
|
||||||
|
let version_signature = version_signature
|
||||||
|
.as_any_ref()
|
||||||
|
.downcast_ref::<LockedProcFSInode>()
|
||||||
|
.unwrap();
|
||||||
|
version_signature.0.lock().fdata.ftype = ProcFileType::Default;
|
||||||
|
version_signature.0.lock().data = "DragonOS 6.0.0-generic 6.0.0\n"
|
||||||
|
.to_string()
|
||||||
|
.as_bytes()
|
||||||
|
.to_vec();
|
||||||
|
} else {
|
||||||
|
panic!("create version_signature error");
|
||||||
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -466,6 +490,7 @@ impl IndexNode for LockedProcFSInode {
|
|||||||
let file_size = match inode.fdata.ftype {
|
let file_size = match inode.fdata.ftype {
|
||||||
ProcFileType::ProcStatus => inode.open_status(&mut private_data)?,
|
ProcFileType::ProcStatus => inode.open_status(&mut private_data)?,
|
||||||
ProcFileType::ProcMeminfo => inode.open_meminfo(&mut private_data)?,
|
ProcFileType::ProcMeminfo => inode.open_meminfo(&mut private_data)?,
|
||||||
|
ProcFileType::Default => inode.data.len() as i64,
|
||||||
_ => {
|
_ => {
|
||||||
todo!()
|
todo!()
|
||||||
}
|
}
|
||||||
|
189
kernel/src/misc/events/kprobe/device.rs
Normal file
189
kernel/src/misc/events/kprobe/device.rs
Normal file
@ -0,0 +1,189 @@
|
|||||||
|
use crate::driver::base::class::Class;
|
||||||
|
use crate::driver::base::device::bus::Bus;
|
||||||
|
use crate::driver::base::device::driver::Driver;
|
||||||
|
use crate::driver::base::device::{Device, DeviceCommonData, DeviceType, IdTable};
|
||||||
|
use crate::driver::base::kobject::{
|
||||||
|
KObjType, KObject, KObjectCommonData, KObjectState, LockedKObjectState,
|
||||||
|
};
|
||||||
|
use crate::driver::base::kset::KSet;
|
||||||
|
use crate::filesystem::kernfs::KernFSInode;
|
||||||
|
use crate::filesystem::sysfs::{Attribute, SysFSOpsSupport};
|
||||||
|
use crate::filesystem::vfs::syscall::ModeType;
|
||||||
|
use crate::libs::rwlock::{RwLockReadGuard, RwLockWriteGuard};
|
||||||
|
use crate::libs::spinlock::{SpinLock, SpinLockGuard};
|
||||||
|
use alloc::string::{String, ToString};
|
||||||
|
use alloc::sync::{Arc, Weak};
|
||||||
|
use core::fmt::Debug;
|
||||||
|
use system_error::SystemError;
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
#[cast_to([sync] Device)]
|
||||||
|
pub struct KprobeDevice {
|
||||||
|
inner: SpinLock<InnerKprobeDevice>,
|
||||||
|
kobj_state: LockedKObjectState,
|
||||||
|
name: String,
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
struct InnerKprobeDevice {
|
||||||
|
kobject_common: KObjectCommonData,
|
||||||
|
device_common: DeviceCommonData,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl KprobeDevice {
|
||||||
|
pub fn new(parent: Option<Weak<dyn KObject>>) -> Arc<Self> {
|
||||||
|
let bus_device = Self {
|
||||||
|
inner: SpinLock::new(InnerKprobeDevice {
|
||||||
|
kobject_common: KObjectCommonData::default(),
|
||||||
|
device_common: DeviceCommonData::default(),
|
||||||
|
}),
|
||||||
|
kobj_state: LockedKObjectState::new(None),
|
||||||
|
name: "kprobe".to_string(),
|
||||||
|
};
|
||||||
|
bus_device.set_parent(parent);
|
||||||
|
return Arc::new(bus_device);
|
||||||
|
}
|
||||||
|
|
||||||
|
fn inner(&self) -> SpinLockGuard<InnerKprobeDevice> {
|
||||||
|
self.inner.lock()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl KObject for KprobeDevice {
|
||||||
|
fn as_any_ref(&self) -> &dyn core::any::Any {
|
||||||
|
self
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_inode(&self, inode: Option<Arc<KernFSInode>>) {
|
||||||
|
self.inner().kobject_common.kern_inode = inode;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn inode(&self) -> Option<Arc<KernFSInode>> {
|
||||||
|
self.inner().kobject_common.kern_inode.clone()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn parent(&self) -> Option<Weak<dyn KObject>> {
|
||||||
|
self.inner().kobject_common.parent.clone()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_parent(&self, parent: Option<Weak<dyn KObject>>) {
|
||||||
|
self.inner().kobject_common.parent = parent;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn kset(&self) -> Option<Arc<KSet>> {
|
||||||
|
self.inner().kobject_common.kset.clone()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_kset(&self, kset: Option<Arc<KSet>>) {
|
||||||
|
self.inner().kobject_common.kset = kset;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn kobj_type(&self) -> Option<&'static dyn KObjType> {
|
||||||
|
self.inner().kobject_common.kobj_type
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_kobj_type(&self, ktype: Option<&'static dyn KObjType>) {
|
||||||
|
self.inner().kobject_common.kobj_type = ktype;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn name(&self) -> String {
|
||||||
|
self.name.clone()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_name(&self, _name: String) {}
|
||||||
|
|
||||||
|
fn kobj_state(&self) -> RwLockReadGuard<KObjectState> {
|
||||||
|
self.kobj_state.read()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn kobj_state_mut(&self) -> RwLockWriteGuard<KObjectState> {
|
||||||
|
self.kobj_state.write()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_kobj_state(&self, state: KObjectState) {
|
||||||
|
*self.kobj_state.write() = state;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Device for KprobeDevice {
|
||||||
|
#[inline]
|
||||||
|
#[allow(dead_code)]
|
||||||
|
fn dev_type(&self) -> DeviceType {
|
||||||
|
return DeviceType::Other;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn id_table(&self) -> IdTable {
|
||||||
|
IdTable::new("kprobe".to_string(), None)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn bus(&self) -> Option<Weak<dyn Bus>> {
|
||||||
|
self.inner().device_common.bus.clone()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_bus(&self, bus: Option<Weak<dyn Bus>>) {
|
||||||
|
self.inner().device_common.bus = bus;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_class(&self, class: Option<Weak<dyn Class>>) {
|
||||||
|
self.inner().device_common.class = class;
|
||||||
|
}
|
||||||
|
|
||||||
|
fn driver(&self) -> Option<Arc<dyn Driver>> {
|
||||||
|
self.inner().device_common.driver.clone()?.upgrade()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_driver(&self, driver: Option<Weak<dyn Driver>>) {
|
||||||
|
self.inner().device_common.driver = driver;
|
||||||
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn is_dead(&self) -> bool {
|
||||||
|
false
|
||||||
|
}
|
||||||
|
|
||||||
|
fn can_match(&self) -> bool {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_can_match(&self, _can_match: bool) {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn state_synced(&self) -> bool {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn dev_parent(&self) -> Option<Weak<dyn Device>> {
|
||||||
|
self.inner().device_common.get_parent_weak_or_clear()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn set_dev_parent(&self, dev_parent: Option<Weak<dyn Device>>) {
|
||||||
|
self.inner().device_common.parent = dev_parent;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct KprobeAttr;
|
||||||
|
|
||||||
|
impl Attribute for KprobeAttr {
|
||||||
|
fn name(&self) -> &str {
|
||||||
|
"type"
|
||||||
|
}
|
||||||
|
|
||||||
|
fn mode(&self) -> ModeType {
|
||||||
|
ModeType::S_IRUGO
|
||||||
|
}
|
||||||
|
|
||||||
|
fn support(&self) -> SysFSOpsSupport {
|
||||||
|
SysFSOpsSupport::ATTR_SHOW
|
||||||
|
}
|
||||||
|
fn show(&self, _kobj: Arc<dyn KObject>, buf: &mut [u8]) -> Result<usize, SystemError> {
|
||||||
|
if buf.is_empty() {
|
||||||
|
return Err(SystemError::EINVAL);
|
||||||
|
}
|
||||||
|
// perf_type_id::PERF_TYPE_MAX
|
||||||
|
buf[0] = b'6';
|
||||||
|
Ok(1)
|
||||||
|
}
|
||||||
|
}
|
31
kernel/src/misc/events/kprobe/mod.rs
Normal file
31
kernel/src/misc/events/kprobe/mod.rs
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
use crate::driver::base::device::bus::Bus;
|
||||||
|
use crate::driver::base::device::{device_manager, device_register, sys_devices_kset, Device};
|
||||||
|
use crate::driver::base::kobject::KObject;
|
||||||
|
use crate::init::initcall::INITCALL_DEVICE;
|
||||||
|
use crate::misc::events::get_event_source_bus;
|
||||||
|
use crate::misc::events::kprobe::device::{KprobeAttr, KprobeDevice};
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use system_error::SystemError;
|
||||||
|
use unified_init::macros::unified_init;
|
||||||
|
|
||||||
|
pub mod device;
|
||||||
|
static mut KPROBE_DEVICE: Option<Arc<KprobeDevice>> = None;
|
||||||
|
|
||||||
|
#[unified_init(INITCALL_DEVICE)]
|
||||||
|
pub fn kprobe_subsys_init() -> Result<(), SystemError> {
|
||||||
|
let kprobe_device = KprobeDevice::new(Some(Arc::downgrade(
|
||||||
|
&(sys_devices_kset() as Arc<dyn KObject>),
|
||||||
|
)));
|
||||||
|
|
||||||
|
let event_source_bus = get_event_source_bus().ok_or(SystemError::EINVAL)?;
|
||||||
|
kprobe_device.set_bus(Some(Arc::downgrade(&(event_source_bus as Arc<dyn Bus>))));
|
||||||
|
|
||||||
|
// 注册到/sys/devices下
|
||||||
|
device_register(kprobe_device.clone())?;
|
||||||
|
unsafe {
|
||||||
|
KPROBE_DEVICE = Some(kprobe_device.clone());
|
||||||
|
}
|
||||||
|
|
||||||
|
device_manager().create_file(&(kprobe_device as Arc<dyn Device>), &KprobeAttr)?;
|
||||||
|
Ok(())
|
||||||
|
}
|
28
kernel/src/misc/events/mod.rs
Normal file
28
kernel/src/misc/events/mod.rs
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
use crate::driver::base::device::bus::{bus_register, Bus};
|
||||||
|
use crate::init::initcall::INITCALL_SUBSYS;
|
||||||
|
use crate::misc::events::subsys::EventSourceBus;
|
||||||
|
use alloc::sync::Arc;
|
||||||
|
use system_error::SystemError;
|
||||||
|
use unified_init::macros::unified_init;
|
||||||
|
|
||||||
|
mod kprobe;
|
||||||
|
mod subsys;
|
||||||
|
|
||||||
|
static mut EVENT_SOURCE_BUS: Option<Arc<EventSourceBus>> = None;
|
||||||
|
|
||||||
|
fn get_event_source_bus() -> Option<Arc<EventSourceBus>> {
|
||||||
|
unsafe { EVENT_SOURCE_BUS.clone() }
|
||||||
|
}
|
||||||
|
|
||||||
|
#[unified_init(INITCALL_SUBSYS)]
|
||||||
|
pub fn init_event_source_bus() -> Result<(), SystemError> {
|
||||||
|
let event_source_bus = EventSourceBus::new();
|
||||||
|
let r = bus_register(event_source_bus.clone() as Arc<dyn Bus>);
|
||||||
|
if r.is_err() {
|
||||||
|
unsafe { EVENT_SOURCE_BUS = None };
|
||||||
|
return r;
|
||||||
|
}
|
||||||
|
unsafe { EVENT_SOURCE_BUS = Some(event_source_bus.clone()) };
|
||||||
|
// kprobe::kprobe_subsys_init()?;
|
||||||
|
Ok(())
|
||||||
|
}
|
52
kernel/src/misc/events/subsys.rs
Normal file
52
kernel/src/misc/events/subsys.rs
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
use crate::driver::base::device::bus::Bus;
|
||||||
|
use crate::driver::base::device::Device;
|
||||||
|
use crate::driver::base::subsys::SubSysPrivate;
|
||||||
|
use alloc::string::{String, ToString};
|
||||||
|
use alloc::sync::{Arc, Weak};
|
||||||
|
use system_error::SystemError;
|
||||||
|
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub struct EventSourceBus {
|
||||||
|
private: SubSysPrivate,
|
||||||
|
}
|
||||||
|
|
||||||
|
impl EventSourceBus {
|
||||||
|
pub fn new() -> Arc<Self> {
|
||||||
|
let w: Weak<Self> = Weak::new();
|
||||||
|
let private = SubSysPrivate::new("event_source".to_string(), Some(w), None, &[]);
|
||||||
|
let bus = Arc::new(Self { private });
|
||||||
|
bus.subsystem()
|
||||||
|
.set_bus(Some(Arc::downgrade(&(bus.clone() as Arc<dyn Bus>))));
|
||||||
|
return bus;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl Bus for EventSourceBus {
|
||||||
|
fn name(&self) -> String {
|
||||||
|
"event_source".to_string()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn dev_name(&self) -> String {
|
||||||
|
self.name()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn root_device(&self) -> Option<Weak<dyn Device>> {
|
||||||
|
None
|
||||||
|
}
|
||||||
|
|
||||||
|
fn remove(&self, _device: &Arc<dyn Device>) -> Result<(), SystemError> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn shutdown(&self, _device: &Arc<dyn Device>) {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn resume(&self, _device: &Arc<dyn Device>) -> Result<(), SystemError> {
|
||||||
|
todo!()
|
||||||
|
}
|
||||||
|
|
||||||
|
fn subsystem(&self) -> &SubSysPrivate {
|
||||||
|
&self.private
|
||||||
|
}
|
||||||
|
}
|
@ -1 +1,2 @@
|
|||||||
|
pub mod events;
|
||||||
pub mod ksysfs;
|
pub mod ksysfs;
|
||||||
|
@ -79,54 +79,28 @@ impl RingPage {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
fn can_write(&self, data_size: usize, data_tail: usize, data_head: usize) -> bool {
|
fn can_write(&self, data_size: usize, data_tail: usize, data_head: usize) -> bool {
|
||||||
if (data_head + 1) % self.data_region_size == data_tail {
|
let capacity = self.data_region_size - data_head + data_tail;
|
||||||
// The buffer is full
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
let capacity = if data_head >= data_tail {
|
|
||||||
self.data_region_size - data_head + data_tail
|
|
||||||
} else {
|
|
||||||
data_tail - data_head
|
|
||||||
};
|
|
||||||
data_size <= capacity
|
data_size <= capacity
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn write_event(&mut self, data: &[u8]) -> Result<()> {
|
pub fn write_event(&mut self, data: &[u8]) -> Result<()> {
|
||||||
let data_tail = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_tail };
|
let data_tail = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_tail };
|
||||||
let data_head = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_head };
|
let data_head = unsafe { &mut (*(self.ptr as *mut perf_event_mmap_page)).data_head };
|
||||||
// data_tail..data_head is the region that can be written
|
|
||||||
// check if there is enough space to write the event
|
|
||||||
let sample_size = PerfSample::calculate_size(data.len());
|
|
||||||
|
|
||||||
let can_write_sample =
|
// user lib will update the tail after read the data,but it will not % data_region_size
|
||||||
self.can_write(sample_size, *data_tail as usize, *data_head as usize);
|
let perf_header_size = size_of::<perf_event_header>();
|
||||||
// log::error!(
|
let can_write_perf_header =
|
||||||
// "can_write_sample: {}, data_tail: {}, data_head: {}, data.len(): {}, region_size: {}",
|
self.can_write(perf_header_size, *data_tail as usize, *data_head as usize);
|
||||||
// can_write_sample,
|
|
||||||
// *data_tail,
|
if can_write_perf_header {
|
||||||
// *data_head,
|
|
||||||
// data.len(),
|
|
||||||
// self.data_region_size
|
|
||||||
// );
|
|
||||||
if !can_write_sample {
|
|
||||||
//we need record it to the lost record
|
|
||||||
self.lost += 1;
|
|
||||||
// log::error!(
|
|
||||||
// "Lost record: {}, data_tail: {}, data_head: {}",
|
|
||||||
// self.lost,
|
|
||||||
// *data_tail,
|
|
||||||
// *data_head
|
|
||||||
// );
|
|
||||||
Ok(())
|
|
||||||
} else {
|
|
||||||
// we can write the sample to the page
|
|
||||||
// If the lost record is not zero, we need to write the lost record first.
|
|
||||||
let can_write_lost_record = self.can_write(
|
let can_write_lost_record = self.can_write(
|
||||||
size_of::<LostSamples>(),
|
size_of::<LostSamples>(),
|
||||||
*data_tail as usize,
|
*data_tail as usize,
|
||||||
*data_head as usize,
|
*data_head as usize,
|
||||||
);
|
);
|
||||||
|
// if there is lost record, we need to write the lost record first
|
||||||
if self.lost > 0 && can_write_lost_record {
|
if self.lost > 0 && can_write_lost_record {
|
||||||
let new_data_head = self.write_lost(*data_head as usize)?;
|
let new_data_head = self.write_lost(*data_head as usize)?;
|
||||||
*data_head = new_data_head as u64;
|
*data_head = new_data_head as u64;
|
||||||
@ -137,8 +111,21 @@ impl RingPage {
|
|||||||
// *data_head
|
// *data_head
|
||||||
// );
|
// );
|
||||||
self.lost = 0;
|
self.lost = 0;
|
||||||
self.write_event(data)
|
// try to write the event again
|
||||||
} else {
|
return self.write_event(data);
|
||||||
|
}
|
||||||
|
let sample_size = PerfSample::calculate_size(data.len());
|
||||||
|
let can_write_sample =
|
||||||
|
self.can_write(sample_size, *data_tail as usize, *data_head as usize);
|
||||||
|
// log::error!(
|
||||||
|
// "can_write_sample: {}, data_tail: {}, data_head: {}, data.len(): {}, region_size: {}",
|
||||||
|
// can_write_sample,
|
||||||
|
// *data_tail,
|
||||||
|
// *data_head,
|
||||||
|
// data.len(),
|
||||||
|
// self.data_region_size
|
||||||
|
// );
|
||||||
|
if can_write_sample {
|
||||||
let new_data_head = self.write_sample(data, *data_head as usize)?;
|
let new_data_head = self.write_sample(data, *data_head as usize)?;
|
||||||
*data_head = new_data_head as u64;
|
*data_head = new_data_head as u64;
|
||||||
// log::info!(
|
// log::info!(
|
||||||
@ -146,20 +133,24 @@ impl RingPage {
|
|||||||
// *data_tail,
|
// *data_tail,
|
||||||
// *data_head
|
// *data_head
|
||||||
// );
|
// );
|
||||||
|
} else {
|
||||||
|
self.lost += 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
self.lost += 1;
|
||||||
|
}
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Write any data to the page.
|
/// Write any data to the page.
|
||||||
///
|
///
|
||||||
/// Return the new data_head
|
/// Return the new data_head
|
||||||
fn write_any(&mut self, data: &[u8], data_head: usize) -> Result<usize> {
|
fn write_any(&mut self, data: &[u8], data_head: usize) -> Result<()> {
|
||||||
let data_region_len = self.data_region_size;
|
let data_region_len = self.data_region_size;
|
||||||
let data_region = self.as_mut_slice()[PAGE_SIZE..].as_mut();
|
let data_region = self.as_mut_slice()[PAGE_SIZE..].as_mut();
|
||||||
let data_len = data.len();
|
let data_len = data.len();
|
||||||
|
let start = data_head % data_region_len;
|
||||||
let end = (data_head + data_len) % data_region_len;
|
let end = (data_head + data_len) % data_region_len;
|
||||||
let start = data_head;
|
|
||||||
if start < end {
|
if start < end {
|
||||||
data_region[start..end].copy_from_slice(data);
|
data_region[start..end].copy_from_slice(data);
|
||||||
} else {
|
} else {
|
||||||
@ -167,40 +158,57 @@ impl RingPage {
|
|||||||
data_region[start..start + first_len].copy_from_slice(&data[..first_len]);
|
data_region[start..start + first_len].copy_from_slice(&data[..first_len]);
|
||||||
data_region[0..end].copy_from_slice(&data[first_len..]);
|
data_region[0..end].copy_from_slice(&data[first_len..]);
|
||||||
}
|
}
|
||||||
Ok(end)
|
Ok(())
|
||||||
|
}
|
||||||
|
#[inline]
|
||||||
|
fn fill_size(&self, data_head_mod: usize) -> usize {
|
||||||
|
if self.data_region_size - data_head_mod < size_of::<perf_event_header>() {
|
||||||
|
// The remaining space is not enough to write the perf_event_header
|
||||||
|
// We need to fill the remaining space with 0
|
||||||
|
self.data_region_size - data_head_mod
|
||||||
|
} else {
|
||||||
|
0
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Write a sample to the page.
|
/// Write a sample to the page.
|
||||||
fn write_sample(&mut self, data: &[u8], data_head: usize) -> Result<usize> {
|
fn write_sample(&mut self, data: &[u8], data_head: usize) -> Result<usize> {
|
||||||
|
let sample_size = PerfSample::calculate_size(data.len());
|
||||||
|
let maybe_end = (data_head + sample_size) % self.data_region_size;
|
||||||
|
let fill_size = self.fill_size(maybe_end);
|
||||||
let perf_sample = PerfSample {
|
let perf_sample = PerfSample {
|
||||||
s_hdr: SampleHeader {
|
s_hdr: SampleHeader {
|
||||||
header: perf_event_header {
|
header: perf_event_header {
|
||||||
type_: perf_event_type::PERF_RECORD_SAMPLE as u32,
|
type_: perf_event_type::PERF_RECORD_SAMPLE as u32,
|
||||||
misc: 0,
|
misc: 0,
|
||||||
size: size_of::<SampleHeader>() as u16 + data.len() as u16,
|
size: size_of::<SampleHeader>() as u16 + data.len() as u16 + fill_size as u16,
|
||||||
},
|
},
|
||||||
size: data.len() as u32,
|
size: data.len() as u32,
|
||||||
},
|
},
|
||||||
value: data,
|
value: data,
|
||||||
};
|
};
|
||||||
let new_head = self.write_any(perf_sample.s_hdr.as_bytes(), data_head)?;
|
self.write_any(perf_sample.s_hdr.as_bytes(), data_head)?;
|
||||||
self.write_any(perf_sample.value, new_head)
|
self.write_any(perf_sample.value, data_head + size_of::<SampleHeader>())?;
|
||||||
|
Ok(data_head + sample_size + fill_size)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Write a lost record to the page.
|
/// Write a lost record to the page.
|
||||||
///
|
///
|
||||||
/// Return the new data_head
|
/// Return the new data_head
|
||||||
fn write_lost(&mut self, data_head: usize) -> Result<usize> {
|
fn write_lost(&mut self, data_head: usize) -> Result<usize> {
|
||||||
|
let maybe_end = (data_head + size_of::<LostSamples>()) % self.data_region_size;
|
||||||
|
let fill_size = self.fill_size(maybe_end);
|
||||||
let lost = LostSamples {
|
let lost = LostSamples {
|
||||||
header: perf_event_header {
|
header: perf_event_header {
|
||||||
type_: perf_event_type::PERF_RECORD_LOST as u32,
|
type_: perf_event_type::PERF_RECORD_LOST as u32,
|
||||||
misc: 0,
|
misc: 0,
|
||||||
size: size_of::<LostSamples>() as u16,
|
size: size_of::<LostSamples>() as u16 + fill_size as u16,
|
||||||
},
|
},
|
||||||
id: 0,
|
id: 0,
|
||||||
count: self.lost as u64,
|
count: self.lost as u64,
|
||||||
};
|
};
|
||||||
self.write_any(lost.as_bytes(), data_head)
|
self.write_any(lost.as_bytes(), data_head)?;
|
||||||
|
Ok(data_head + size_of::<LostSamples>() + fill_size)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn readable(&self) -> bool {
|
pub fn readable(&self) -> bool {
|
||||||
|
@ -39,8 +39,10 @@ impl KprobePerfEvent {
|
|||||||
.downcast_arc::<BpfProg>()
|
.downcast_arc::<BpfProg>()
|
||||||
.ok_or(SystemError::EINVAL)?;
|
.ok_or(SystemError::EINVAL)?;
|
||||||
let prog_slice = file.insns();
|
let prog_slice = file.insns();
|
||||||
let mut vm =
|
let mut vm = EbpfVmRawOwned::new(Some(prog_slice.to_vec())).map_err(|e| {
|
||||||
EbpfVmRawOwned::new(Some(prog_slice.to_vec())).map_err(|_| SystemError::EINVAL)?;
|
log::error!("create ebpf vm failed: {:?}", e);
|
||||||
|
SystemError::EINVAL
|
||||||
|
})?;
|
||||||
vm.register_helper_set(BPF_HELPER_FUN_SET.get())
|
vm.register_helper_set(BPF_HELPER_FUN_SET.get())
|
||||||
.map_err(|_| SystemError::EINVAL)?;
|
.map_err(|_| SystemError::EINVAL)?;
|
||||||
// create a callback to execute the ebpf prog
|
// create a callback to execute the ebpf prog
|
||||||
@ -75,10 +77,10 @@ impl CallBackFunc for KprobePerfCallBack {
|
|||||||
size_of::<KProbeContext>(),
|
size_of::<KProbeContext>(),
|
||||||
)
|
)
|
||||||
};
|
};
|
||||||
let _res = self
|
let res = self.vm.execute_program(probe_context);
|
||||||
.vm
|
if res.is_err() {
|
||||||
.execute_program(probe_context)
|
log::error!("kprobe callback error: {:?}", res);
|
||||||
.map_err(|_| SystemError::EINVAL);
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1216,6 +1216,7 @@ impl Syscall {
|
|||||||
let flags = args[4] as u32;
|
let flags = args[4] as u32;
|
||||||
Self::sys_perf_event_open(attr, pid, cpu, group_fd, flags)
|
Self::sys_perf_event_open(attr, pid, cpu, group_fd, flags)
|
||||||
}
|
}
|
||||||
|
SYS_SETRLIMIT => Ok(0),
|
||||||
_ => panic!("Unsupported syscall ID: {}", syscall_num),
|
_ => panic!("Unsupported syscall ID: {}", syscall_num),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -7,3 +7,4 @@ target/
|
|||||||
|
|
||||||
# These are backup files generated by rustfmt
|
# These are backup files generated by rustfmt
|
||||||
**/*.rs.bk
|
**/*.rs.bk
|
||||||
|
/install/
|
31
user/apps/syscall_ebpf/Cargo.toml
Normal file
31
user/apps/syscall_ebpf/Cargo.toml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
[workspace]
|
||||||
|
resolver = "2"
|
||||||
|
members = ["syscall_ebpf", "syscall_ebpf-common", "syscall_ebpf-ebpf"]
|
||||||
|
default-members = ["syscall_ebpf", "syscall_ebpf-common"]
|
||||||
|
|
||||||
|
[workspace.dependencies]
|
||||||
|
aya = { version = "0.13.0", default-features = false }
|
||||||
|
aya-ebpf = { version = "0.1.1", default-features = false }
|
||||||
|
aya-log = { version = "0.2.1", default-features = false }
|
||||||
|
aya-log-ebpf = { version = "0.1.1", default-features = false }
|
||||||
|
anyhow = { version = "1", default-features = false }
|
||||||
|
cargo_metadata = { version = "0.18.0", default-features = false }
|
||||||
|
# `std` feature is currently required to build `clap`.
|
||||||
|
#
|
||||||
|
# See https://github.com/clap-rs/clap/blob/61f5ee5/clap_builder/src/lib.rs#L15.
|
||||||
|
clap = { version = "4.5.20", default-features = false, features = ["std"] }
|
||||||
|
env_logger = { version = "0.11.5", default-features = false }
|
||||||
|
libc = { version = "0.2.159", default-features = false }
|
||||||
|
log = { version = "0.4.22", default-features = false }
|
||||||
|
tokio = { version = "1.40.0", default-features = false }
|
||||||
|
which = { version = "6.0.0", default-features = false }
|
||||||
|
|
||||||
|
[profile.dev]
|
||||||
|
panic = "abort"
|
||||||
|
|
||||||
|
[profile.release]
|
||||||
|
panic = "abort"
|
||||||
|
|
||||||
|
[profile.release.package.syscall_ebpf-ebpf]
|
||||||
|
debug = 2
|
||||||
|
codegen-units = 1
|
@ -21,10 +21,10 @@ endif
|
|||||||
run:
|
run:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
|
||||||
|
|
||||||
build:build-ebpf
|
build:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
|
||||||
|
|
||||||
clean:clean-ebpf
|
clean:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
|
||||||
|
|
||||||
test:
|
test:
|
||||||
@ -42,20 +42,16 @@ fmt-check:
|
|||||||
run-release:
|
run-release:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
|
||||||
|
|
||||||
build-release:build-ebpf
|
build-release:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
|
||||||
|
|
||||||
clean-release:clean-ebpf
|
clean-release:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
|
||||||
|
|
||||||
test-release:
|
test-release:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
|
||||||
|
|
||||||
build-ebpf:
|
|
||||||
cd ./syscall_ebpf && RUST_LOG=debug cargo xtask build --release
|
|
||||||
clean-ebpf:
|
|
||||||
cd ./syscall_ebpf && cargo clean
|
|
||||||
|
|
||||||
.PHONY: install
|
.PHONY: install
|
||||||
install:build-ebpf
|
install:
|
||||||
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path . --no-track --root $(INSTALL_DIR) --force
|
RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path ./syscall_ebpf --no-track --root $(INSTALL_DIR) --force
|
33
user/apps/syscall_ebpf/README.md
Normal file
33
user/apps/syscall_ebpf/README.md
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
# syscall_ebpf
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
1. stable rust toolchains: `rustup toolchain install stable`
|
||||||
|
1. nightly rust toolchains: `rustup toolchain install nightly --component rust-src`
|
||||||
|
1. (if cross-compiling) rustup target: `rustup target add ${ARCH}-unknown-linux-musl`
|
||||||
|
1. (if cross-compiling) LLVM: (e.g.) `brew install llvm` (on macOS)
|
||||||
|
1. (if cross-compiling) C toolchain: (e.g.) [`brew install filosottile/musl-cross/musl-cross`](https://github.com/FiloSottile/homebrew-musl-cross) (on macOS)
|
||||||
|
1. bpf-linker: `cargo install bpf-linker` (`--no-default-features` on macOS)
|
||||||
|
|
||||||
|
## Build & Run
|
||||||
|
|
||||||
|
Use `cargo build`, `cargo check`, etc. as normal. Run your program with:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
cargo run --release --config 'target."cfg(all())".runner="sudo -E"'
|
||||||
|
```
|
||||||
|
|
||||||
|
Cargo build scripts are used to automatically build the eBPF correctly and include it in the
|
||||||
|
program.
|
||||||
|
|
||||||
|
## Cross-compiling on macOS
|
||||||
|
|
||||||
|
Cross compilation should work on both Intel and Apple Silicon Macs.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
CC=${ARCH}-linux-musl-gcc cargo build --package syscall_ebpf --release \
|
||||||
|
--target=${ARCH}-unknown-linux-musl \
|
||||||
|
--config=target.${ARCH}-unknown-linux-musl.linker=\"${ARCH}-linux-musl-gcc\"
|
||||||
|
```
|
||||||
|
The cross-compiled program `target/${ARCH}-unknown-linux-musl/release/syscall_ebpf` can be
|
||||||
|
copied to a Linux server or VM and run there.
|
4
user/apps/syscall_ebpf/rustfmt.toml
Normal file
4
user/apps/syscall_ebpf/rustfmt.toml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
group_imports = "StdExternalCrate"
|
||||||
|
imports_granularity = "Crate"
|
||||||
|
reorder_imports = true
|
||||||
|
unstable_features = true
|
@ -8,7 +8,7 @@ default = []
|
|||||||
user = ["aya"]
|
user = ["aya"]
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13", optional = true }
|
aya = { workspace = true, optional = true }
|
||||||
|
|
||||||
[lib]
|
[lib]
|
||||||
path = "src/lib.rs"
|
path = "src/lib.rs"
|
12
user/apps/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml
Normal file
12
user/apps/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# We have this so that one doesn't need to manually pass
|
||||||
|
# --target=bpfel-unknown-none -Z build-std=core when running cargo
|
||||||
|
# check/build/doc etc.
|
||||||
|
#
|
||||||
|
# NB: this file gets loaded only if you run cargo from this directory, it's
|
||||||
|
# ignored if you run from the workspace root. See
|
||||||
|
# https://doc.rust-lang.org/cargo/reference/config.html#hierarchical-structure
|
||||||
|
[build]
|
||||||
|
target = ["bpfeb-unknown-none", "bpfel-unknown-none"]
|
||||||
|
|
||||||
|
[unstable]
|
||||||
|
build-std = ["core"]
|
17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml
Normal file
17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
[package]
|
||||||
|
name = "syscall_ebpf-ebpf"
|
||||||
|
version = "0.1.0"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
syscall_ebpf-common = { path = "../syscall_ebpf-common" }
|
||||||
|
|
||||||
|
aya-ebpf = { workspace = true }
|
||||||
|
aya-log-ebpf = { workspace = true }
|
||||||
|
|
||||||
|
[build-dependencies]
|
||||||
|
which = { workspace = true }
|
||||||
|
|
||||||
|
[[bin]]
|
||||||
|
name = "syscall_ebpf"
|
||||||
|
path = "src/main.rs"
|
17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/build.rs
Normal file
17
user/apps/syscall_ebpf/syscall_ebpf-ebpf/build.rs
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
use which::which;
|
||||||
|
|
||||||
|
/// Building this crate has an undeclared dependency on the `bpf-linker` binary. This would be
|
||||||
|
/// better expressed by [artifact-dependencies][bindeps] but issues such as
|
||||||
|
/// https://github.com/rust-lang/cargo/issues/12385 make their use impractical for the time being.
|
||||||
|
///
|
||||||
|
/// This file implements an imperfect solution: it causes cargo to rebuild the crate whenever the
|
||||||
|
/// mtime of `which bpf-linker` changes. Note that possibility that a new bpf-linker is added to
|
||||||
|
/// $PATH ahead of the one used as the cache key still exists. Solving this in the general case
|
||||||
|
/// would require rebuild-if-changed-env=PATH *and* rebuild-if-changed={every-directory-in-PATH}
|
||||||
|
/// which would likely mean far too much cache invalidation.
|
||||||
|
///
|
||||||
|
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
|
||||||
|
fn main() {
|
||||||
|
let bpf_linker = which("bpf-linker").unwrap();
|
||||||
|
println!("cargo:rerun-if-changed={}", bpf_linker.to_str().unwrap());
|
||||||
|
}
|
@ -0,0 +1,3 @@
|
|||||||
|
[toolchain]
|
||||||
|
channel = "nightly"
|
||||||
|
components = ["rust-src"]
|
3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/lib.rs
Normal file
3
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/lib.rs
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
#![no_std]
|
||||||
|
|
||||||
|
// This file exists to enable the library target.
|
50
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs
Normal file
50
user/apps/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
#![no_std]
|
||||||
|
#![no_main]
|
||||||
|
|
||||||
|
use aya_ebpf::{
|
||||||
|
helpers::bpf_ktime_get_ns,
|
||||||
|
macros::{kprobe, map},
|
||||||
|
maps::HashMap,
|
||||||
|
programs::ProbeContext,
|
||||||
|
};
|
||||||
|
use aya_log_ebpf::info;
|
||||||
|
|
||||||
|
#[kprobe]
|
||||||
|
pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
|
||||||
|
try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
|
||||||
|
}
|
||||||
|
|
||||||
|
fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
|
||||||
|
let pt_regs = unsafe { &*ctx.regs };
|
||||||
|
// first arg -> rdi
|
||||||
|
// second arg -> rsi
|
||||||
|
// third arg -> rdx
|
||||||
|
// four arg -> rcx
|
||||||
|
let syscall_num = pt_regs.rsi as usize;
|
||||||
|
if syscall_num != 1 {
|
||||||
|
unsafe {
|
||||||
|
if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)) {
|
||||||
|
let new_v = *v + 1;
|
||||||
|
SYSCALL_LIST
|
||||||
|
.insert(&(syscall_num as u32), &new_v, 0)
|
||||||
|
.unwrap();
|
||||||
|
} else {
|
||||||
|
SYSCALL_LIST.insert(&(syscall_num as u32), &1, 0).unwrap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let time = unsafe { bpf_ktime_get_ns() };
|
||||||
|
info!(&ctx, "[{}] invoke syscall {}", time, syscall_num);
|
||||||
|
}
|
||||||
|
Ok(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[map]
|
||||||
|
static SYSCALL_LIST: HashMap<u32, u32> = HashMap::<u32, u32>::with_max_entries(1024, 0);
|
||||||
|
|
||||||
|
#[cfg(not(test))]
|
||||||
|
#[panic_handler]
|
||||||
|
fn panic(_info: &core::panic::PanicInfo) -> ! {
|
||||||
|
// we need use this because the verifier will forbid loop
|
||||||
|
unsafe { core::hint::unreachable_unchecked() }
|
||||||
|
// loop{}
|
||||||
|
}
|
35
user/apps/syscall_ebpf/syscall_ebpf/Cargo.toml
Normal file
35
user/apps/syscall_ebpf/syscall_ebpf/Cargo.toml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
[package]
|
||||||
|
name = "syscall_ebpf"
|
||||||
|
version = "0.1.0"
|
||||||
|
edition = "2021"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
syscall_ebpf-common = { path = "../syscall_ebpf-common", features = ["user"] }
|
||||||
|
|
||||||
|
anyhow = { workspace = true, default-features = true }
|
||||||
|
aya = { workspace = true }
|
||||||
|
aya-log = { workspace = true }
|
||||||
|
env_logger = { workspace = true }
|
||||||
|
libc = { workspace = true }
|
||||||
|
log = { workspace = true }
|
||||||
|
tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
|
||||||
|
|
||||||
|
[build-dependencies]
|
||||||
|
cargo_metadata = { workspace = true }
|
||||||
|
# TODO(https://github.com/rust-lang/cargo/issues/12375): this should be an artifact dependency, but
|
||||||
|
# it's not possible to tell cargo to use `-Z build-std` to build it. We cargo-in-cargo in the build
|
||||||
|
# script to build this, but we want to teach cargo about the dependecy so that cache invalidation
|
||||||
|
# works properly.
|
||||||
|
#
|
||||||
|
# Note also that https://github.com/rust-lang/cargo/issues/10593 occurs when `target = ...` is added
|
||||||
|
# to an artifact dependency; it seems possible to work around that by setting `resolver = "1"` in
|
||||||
|
# Cargo.toml in the workspace root.
|
||||||
|
#
|
||||||
|
# Finally note that *any* usage of `artifact = ...` in *any* Cargo.toml in the workspace breaks
|
||||||
|
# workflows with stable cargo; stable cargo outright refuses to load manifests that use unstable
|
||||||
|
# features.
|
||||||
|
syscall_ebpf-ebpf = { path = "../syscall_ebpf-ebpf" }
|
||||||
|
|
||||||
|
[[bin]]
|
||||||
|
name = "syscall_ebpf"
|
||||||
|
path = "src/main.rs"
|
150
user/apps/syscall_ebpf/syscall_ebpf/build.rs
Normal file
150
user/apps/syscall_ebpf/syscall_ebpf/build.rs
Normal file
@ -0,0 +1,150 @@
|
|||||||
|
use std::{
|
||||||
|
env, fs,
|
||||||
|
io::{BufRead as _, BufReader},
|
||||||
|
path::PathBuf,
|
||||||
|
process::{Child, Command, Stdio},
|
||||||
|
};
|
||||||
|
|
||||||
|
use cargo_metadata::{
|
||||||
|
Artifact, CompilerMessage, Message, Metadata, MetadataCommand, Package, Target,
|
||||||
|
};
|
||||||
|
|
||||||
|
/// This crate has a runtime dependency on artifacts produced by the `syscall_ebpf-ebpf` crate.
|
||||||
|
/// This would be better expressed as one or more [artifact-dependencies][bindeps] but issues such
|
||||||
|
/// as:
|
||||||
|
///
|
||||||
|
/// * https://github.com/rust-lang/cargo/issues/12374
|
||||||
|
/// * https://github.com/rust-lang/cargo/issues/12375
|
||||||
|
/// * https://github.com/rust-lang/cargo/issues/12385
|
||||||
|
///
|
||||||
|
/// prevent their use for the time being.
|
||||||
|
///
|
||||||
|
/// [bindeps]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html?highlight=feature#artifact-dependencies
|
||||||
|
fn main() {
|
||||||
|
let Metadata { packages, .. } = MetadataCommand::new().no_deps().exec().unwrap();
|
||||||
|
let ebpf_package = packages
|
||||||
|
.into_iter()
|
||||||
|
.find(|Package { name, .. }| name == "syscall_ebpf-ebpf")
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
let out_dir = env::var_os("OUT_DIR").unwrap();
|
||||||
|
let out_dir = PathBuf::from(out_dir);
|
||||||
|
|
||||||
|
let endian = env::var_os("CARGO_CFG_TARGET_ENDIAN").unwrap();
|
||||||
|
let target = if endian == "big" {
|
||||||
|
"bpfeb"
|
||||||
|
} else if endian == "little" {
|
||||||
|
"bpfel"
|
||||||
|
} else {
|
||||||
|
panic!("unsupported endian={:?}", endian)
|
||||||
|
};
|
||||||
|
|
||||||
|
// TODO(https://github.com/rust-lang/cargo/issues/4001): Make this `false` if we can determine
|
||||||
|
// we're in a check build.
|
||||||
|
let build_ebpf = true;
|
||||||
|
if build_ebpf {
|
||||||
|
let arch = env::var_os("CARGO_CFG_TARGET_ARCH").unwrap();
|
||||||
|
|
||||||
|
let target = format!("{target}-unknown-none");
|
||||||
|
|
||||||
|
let Package { manifest_path, .. } = ebpf_package;
|
||||||
|
let ebpf_dir = manifest_path.parent().unwrap();
|
||||||
|
|
||||||
|
// We have a build-dependency on `syscall_ebpf-ebpf`, so cargo will automatically rebuild us
|
||||||
|
// if `syscall_ebpf-ebpf`'s *library* target or any of its dependencies change. Since we
|
||||||
|
// depend on `syscall_ebpf-ebpf`'s *binary* targets, that only gets us half of the way. This
|
||||||
|
// stanza ensures cargo will rebuild us on changes to the binaries too, which gets us the
|
||||||
|
// rest of the way.
|
||||||
|
println!("cargo:rerun-if-changed={}", ebpf_dir.as_str());
|
||||||
|
|
||||||
|
let mut cmd = Command::new("cargo");
|
||||||
|
cmd.args([
|
||||||
|
"build",
|
||||||
|
"-Z",
|
||||||
|
"build-std=core",
|
||||||
|
"--bins",
|
||||||
|
"--message-format=json",
|
||||||
|
"--release",
|
||||||
|
"--target",
|
||||||
|
&target,
|
||||||
|
]);
|
||||||
|
|
||||||
|
cmd.env("CARGO_CFG_BPF_TARGET_ARCH", arch);
|
||||||
|
|
||||||
|
// Workaround to make sure that the rust-toolchain.toml is respected.
|
||||||
|
for key in ["RUSTUP_TOOLCHAIN", "RUSTC", "RUSTC_WORKSPACE_WRAPPER"] {
|
||||||
|
cmd.env_remove(key);
|
||||||
|
}
|
||||||
|
cmd.current_dir(ebpf_dir);
|
||||||
|
|
||||||
|
// Workaround for https://github.com/rust-lang/cargo/issues/6412 where cargo flocks itself.
|
||||||
|
let ebpf_target_dir = out_dir.join("../syscall_ebpf-ebpf");
|
||||||
|
cmd.arg("--target-dir").arg(&ebpf_target_dir);
|
||||||
|
|
||||||
|
let mut child = cmd
|
||||||
|
.stdout(Stdio::piped())
|
||||||
|
.stderr(Stdio::piped())
|
||||||
|
.spawn()
|
||||||
|
.unwrap_or_else(|err| panic!("failed to spawn {cmd:?}: {err}"));
|
||||||
|
let Child { stdout, stderr, .. } = &mut child;
|
||||||
|
|
||||||
|
// Trampoline stdout to cargo warnings.
|
||||||
|
let stderr = stderr.take().unwrap();
|
||||||
|
let stderr = BufReader::new(stderr);
|
||||||
|
let stderr = std::thread::spawn(move || {
|
||||||
|
for line in stderr.lines() {
|
||||||
|
let line = line.unwrap();
|
||||||
|
println!("cargo:warning={line}");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
let stdout = stdout.take().unwrap();
|
||||||
|
let stdout = BufReader::new(stdout);
|
||||||
|
let mut executables = Vec::new();
|
||||||
|
for message in Message::parse_stream(stdout) {
|
||||||
|
#[allow(clippy::collapsible_match)]
|
||||||
|
match message.expect("valid JSON") {
|
||||||
|
Message::CompilerArtifact(Artifact {
|
||||||
|
executable,
|
||||||
|
target: Target { name, .. },
|
||||||
|
..
|
||||||
|
}) => {
|
||||||
|
if let Some(executable) = executable {
|
||||||
|
executables.push((name, executable.into_std_path_buf()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Message::CompilerMessage(CompilerMessage { message, .. }) => {
|
||||||
|
for line in message.rendered.unwrap_or_default().split('\n') {
|
||||||
|
println!("cargo:warning={line}");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Message::TextLine(line) => {
|
||||||
|
println!("cargo:warning={line}");
|
||||||
|
}
|
||||||
|
_ => {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let status = child
|
||||||
|
.wait()
|
||||||
|
.unwrap_or_else(|err| panic!("failed to wait for {cmd:?}: {err}"));
|
||||||
|
assert_eq!(status.code(), Some(0), "{cmd:?} failed: {status:?}");
|
||||||
|
|
||||||
|
stderr.join().map_err(std::panic::resume_unwind).unwrap();
|
||||||
|
|
||||||
|
for (name, binary) in executables {
|
||||||
|
let dst = out_dir.join(name);
|
||||||
|
let _: u64 = fs::copy(&binary, &dst)
|
||||||
|
.unwrap_or_else(|err| panic!("failed to copy {binary:?} to {dst:?}: {err}"));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
let Package { targets, .. } = ebpf_package;
|
||||||
|
for Target { name, kind, .. } in targets {
|
||||||
|
if *kind != ["bin"] {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
let dst = out_dir.join(name);
|
||||||
|
fs::write(&dst, []).unwrap_or_else(|err| panic!("failed to create {dst:?}: {err}"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
74
user/apps/syscall_ebpf/syscall_ebpf/src/main.rs
Normal file
74
user/apps/syscall_ebpf/syscall_ebpf/src/main.rs
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
use aya::{maps::HashMap, programs::KProbe};
|
||||||
|
#[rustfmt::skip]
|
||||||
|
use log::{debug, warn};
|
||||||
|
use tokio::{signal, task::yield_now, time};
|
||||||
|
|
||||||
|
extern crate libc;
|
||||||
|
|
||||||
|
#[tokio::main(flavor = "current_thread")]
|
||||||
|
async fn main() -> anyhow::Result<()> {
|
||||||
|
// env_logger::init();
|
||||||
|
env_logger::builder()
|
||||||
|
.filter_level(log::LevelFilter::Warn)
|
||||||
|
.format_timestamp(None)
|
||||||
|
.init();
|
||||||
|
|
||||||
|
// Bump the memlock rlimit. This is needed for older kernels that don't use the
|
||||||
|
// new memcg based accounting, see https://lwn.net/Articles/837122/
|
||||||
|
let rlim = libc::rlimit {
|
||||||
|
rlim_cur: libc::RLIM_INFINITY,
|
||||||
|
rlim_max: libc::RLIM_INFINITY,
|
||||||
|
};
|
||||||
|
let ret = unsafe { libc::setrlimit(libc::RLIMIT_MEMLOCK, &rlim) };
|
||||||
|
if ret != 0 {
|
||||||
|
debug!("remove limit on locked memory failed, ret is: {}", ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
// This will include your eBPF object file as raw bytes at compile-time and load it at
|
||||||
|
// runtime. This approach is recommended for most real-world use cases. If you would
|
||||||
|
// like to specify the eBPF program at runtime rather than at compile-time, you can
|
||||||
|
// reach for `Bpf::load_file` instead.
|
||||||
|
let mut ebpf = aya::Ebpf::load(aya::include_bytes_aligned!(concat!(
|
||||||
|
env!("OUT_DIR"),
|
||||||
|
"/syscall_ebpf"
|
||||||
|
)))?;
|
||||||
|
if let Err(e) = aya_log::EbpfLogger::init(&mut ebpf) {
|
||||||
|
// This can happen if you remove all log statements from your eBPF program.
|
||||||
|
warn!("failed to initialize eBPF logger: {}", e);
|
||||||
|
}
|
||||||
|
|
||||||
|
let program: &mut KProbe = ebpf.program_mut("syscall_ebpf").unwrap().try_into()?;
|
||||||
|
program.load()?;
|
||||||
|
program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
|
||||||
|
// println!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
|
||||||
|
|
||||||
|
// print the value of the blocklist per 5 seconds
|
||||||
|
tokio::spawn(async move {
|
||||||
|
let blocklist: HashMap<_, u32, u32> =
|
||||||
|
HashMap::try_from(ebpf.map("SYSCALL_LIST").unwrap()).unwrap();
|
||||||
|
let mut now = time::Instant::now();
|
||||||
|
loop {
|
||||||
|
let new_now = time::Instant::now();
|
||||||
|
let duration = new_now.duration_since(now);
|
||||||
|
if duration.as_secs() >= 5 {
|
||||||
|
println!("------------SYSCALL_LIST----------------");
|
||||||
|
let iter = blocklist.iter();
|
||||||
|
for item in iter {
|
||||||
|
if let Ok((key, value)) = item {
|
||||||
|
println!("syscall: {:?}, count: {:?}", key, value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
println!("----------------------------------------");
|
||||||
|
now = new_now;
|
||||||
|
}
|
||||||
|
yield_now().await;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
let ctrl_c = signal::ctrl_c();
|
||||||
|
println!("Waiting for Ctrl-C...");
|
||||||
|
ctrl_c.await?;
|
||||||
|
println!("Exiting...");
|
||||||
|
|
||||||
|
Ok(())
|
||||||
|
}
|
3
user/apps/test_ebpf/.gitignore
vendored
3
user/apps/test_ebpf/.gitignore
vendored
@ -1,3 +0,0 @@
|
|||||||
/target
|
|
||||||
Cargo.lock
|
|
||||||
/install/
|
|
@ -1,16 +0,0 @@
|
|||||||
[package]
|
|
||||||
name = "test_ebpf"
|
|
||||||
version = "0.1.0"
|
|
||||||
edition = "2021"
|
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
|
|
||||||
aya-log = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
|
|
||||||
|
|
||||||
log = "0.4.22"
|
|
||||||
env_logger = "0.11.5"
|
|
||||||
tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
|
|
||||||
|
|
||||||
[profile.release]
|
|
||||||
lto = true
|
|
||||||
strip = true
|
|
@ -1,60 +0,0 @@
|
|||||||
use aya::maps::HashMap;
|
|
||||||
use aya::programs::KProbe;
|
|
||||||
use aya::{include_bytes_aligned, Ebpf};
|
|
||||||
use aya_log::EbpfLogger;
|
|
||||||
use log::{info, warn};
|
|
||||||
use std::error::Error;
|
|
||||||
use tokio::task::yield_now;
|
|
||||||
use tokio::{signal, time};
|
|
||||||
|
|
||||||
#[tokio::main(flavor = "current_thread")]
|
|
||||||
async fn main() -> Result<(), Box<dyn Error>> {
|
|
||||||
env_logger::builder()
|
|
||||||
.filter_level(log::LevelFilter::Warn)
|
|
||||||
.format_timestamp(None)
|
|
||||||
.init();
|
|
||||||
|
|
||||||
let mut bpf = Ebpf::load(include_bytes_aligned!(
|
|
||||||
"../syscall_ebpf/target/bpfel-unknown-none/release/syscall_ebpf"
|
|
||||||
))?;
|
|
||||||
|
|
||||||
// create a async task to read the log
|
|
||||||
if let Err(e) = EbpfLogger::init(&mut bpf) {
|
|
||||||
// This can happen if you remove all log statements from your eBPF program.
|
|
||||||
warn!("failed to initialize eBPF logger: {}", e);
|
|
||||||
}
|
|
||||||
|
|
||||||
let program: &mut KProbe = bpf.program_mut("syscall_ebpf").unwrap().try_into()?;
|
|
||||||
program.load()?;
|
|
||||||
program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
|
|
||||||
|
|
||||||
info!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
|
|
||||||
|
|
||||||
// print the value of the blocklist per 5 seconds
|
|
||||||
tokio::spawn(async move {
|
|
||||||
let blocklist: HashMap<_, u32, u32> =
|
|
||||||
HashMap::try_from(bpf.map("SYSCALL_LIST").unwrap()).unwrap();
|
|
||||||
let mut now = time::Instant::now();
|
|
||||||
loop {
|
|
||||||
let new_now = time::Instant::now();
|
|
||||||
let duration = new_now.duration_since(now);
|
|
||||||
if duration.as_secs() >= 5 {
|
|
||||||
println!("------------SYSCALL_LIST----------------");
|
|
||||||
let iter = blocklist.iter();
|
|
||||||
for item in iter {
|
|
||||||
if let Ok((key, value)) = item {
|
|
||||||
println!("syscall: {:?}, count: {:?}", key, value);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
println!("----------------------------------------");
|
|
||||||
now = new_now;
|
|
||||||
}
|
|
||||||
yield_now().await;
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
info!("Waiting for Ctrl-C...");
|
|
||||||
signal::ctrl_c().await?;
|
|
||||||
info!("Exiting...");
|
|
||||||
Ok(())
|
|
||||||
}
|
|
@ -1,2 +0,0 @@
|
|||||||
[alias]
|
|
||||||
xtask = "run --package xtask --"
|
|
@ -1,3 +0,0 @@
|
|||||||
{
|
|
||||||
"rust-analyzer.linkedProjects": ["Cargo.toml", "syscall_ebpf-ebpf/Cargo.toml"]
|
|
||||||
}
|
|
@ -1,3 +0,0 @@
|
|||||||
[workspace]
|
|
||||||
resolver = "2"
|
|
||||||
members = ["xtask", "syscall_ebpf-common"]
|
|
@ -1,32 +0,0 @@
|
|||||||
# syscall_ebpf
|
|
||||||
|
|
||||||
## Prerequisites
|
|
||||||
|
|
||||||
1. Install bpf-linker: `cargo install bpf-linker`
|
|
||||||
|
|
||||||
## Build eBPF
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cargo xtask build-ebpf
|
|
||||||
```
|
|
||||||
|
|
||||||
To perform a release build you can use the `--release` flag.
|
|
||||||
You may also change the target architecture with the `--target` flag.
|
|
||||||
|
|
||||||
## Build Userspace
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cargo build
|
|
||||||
```
|
|
||||||
|
|
||||||
## Build eBPF and Userspace
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cargo xtask build
|
|
||||||
```
|
|
||||||
|
|
||||||
## Run
|
|
||||||
|
|
||||||
```bash
|
|
||||||
RUST_LOG=info cargo xtask run
|
|
||||||
```
|
|
@ -1,6 +0,0 @@
|
|||||||
[build]
|
|
||||||
target-dir = "../target"
|
|
||||||
target = "bpfel-unknown-none"
|
|
||||||
|
|
||||||
[unstable]
|
|
||||||
build-std = ["core"]
|
|
@ -1,2 +0,0 @@
|
|||||||
[editor]
|
|
||||||
workspace-lsp-roots = []
|
|
@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"rust-analyzer.cargo.target": "bpfel-unknown-none",
|
|
||||||
"rust-analyzer.checkOnSave.allTargets": false
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
{
|
|
||||||
"rust-analyzer.cargo.target": "bpfel-unknown-none",
|
|
||||||
"rust-analyzer.checkOnSave.allTargets": false
|
|
||||||
}
|
|
@ -1,33 +0,0 @@
|
|||||||
[package]
|
|
||||||
name = "syscall_ebpf-ebpf"
|
|
||||||
version = "0.1.0"
|
|
||||||
edition = "2021"
|
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
aya-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
|
|
||||||
aya-log-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
|
|
||||||
|
|
||||||
syscall_ebpf-common = { path = "../syscall_ebpf-common" }
|
|
||||||
|
|
||||||
[[bin]]
|
|
||||||
name = "syscall_ebpf"
|
|
||||||
path = "src/main.rs"
|
|
||||||
|
|
||||||
[profile.dev]
|
|
||||||
opt-level = 3
|
|
||||||
debug = false
|
|
||||||
debug-assertions = false
|
|
||||||
overflow-checks = false
|
|
||||||
lto = true
|
|
||||||
panic = "abort"
|
|
||||||
incremental = false
|
|
||||||
codegen-units = 1
|
|
||||||
rpath = false
|
|
||||||
|
|
||||||
[profile.release]
|
|
||||||
lto = true
|
|
||||||
panic = "abort"
|
|
||||||
codegen-units = 1
|
|
||||||
|
|
||||||
[workspace]
|
|
||||||
members = []
|
|
@ -1,13 +0,0 @@
|
|||||||
[toolchain]
|
|
||||||
channel = "nightly-2024-11-05"
|
|
||||||
# The source code of rustc, provided by the rust-src component, is needed for
|
|
||||||
# building eBPF programs.
|
|
||||||
components = [
|
|
||||||
"cargo",
|
|
||||||
"clippy",
|
|
||||||
"rust-docs",
|
|
||||||
"rust-src",
|
|
||||||
"rust-std",
|
|
||||||
"rustc",
|
|
||||||
"rustfmt",
|
|
||||||
]
|
|
@ -1,44 +0,0 @@
|
|||||||
#![no_std]
|
|
||||||
#![no_main]
|
|
||||||
|
|
||||||
use aya_ebpf::{macros::kprobe, programs::ProbeContext};
|
|
||||||
use aya_ebpf::macros::map;
|
|
||||||
use aya_ebpf::maps::HashMap;
|
|
||||||
use aya_log_ebpf::info;
|
|
||||||
|
|
||||||
#[kprobe]
|
|
||||||
pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
|
|
||||||
try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
|
|
||||||
}
|
|
||||||
|
|
||||||
fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
|
|
||||||
let pt_regs = unsafe {
|
|
||||||
&*ctx.regs
|
|
||||||
};
|
|
||||||
// first arg -> rdi
|
|
||||||
// second arg -> rsi
|
|
||||||
// third arg -> rdx
|
|
||||||
// four arg -> rcx
|
|
||||||
let syscall_num = pt_regs.rsi as usize;
|
|
||||||
if syscall_num != 1 {
|
|
||||||
unsafe {
|
|
||||||
if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)){
|
|
||||||
let new_v = *v + 1;
|
|
||||||
SYSCALL_LIST.insert(&(syscall_num as u32), &new_v,0).unwrap();
|
|
||||||
}else {
|
|
||||||
SYSCALL_LIST.insert(&(syscall_num as u32), &1,0).unwrap();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
info!(&ctx, "invoke syscall {}", syscall_num);
|
|
||||||
}
|
|
||||||
Ok(0)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[map] //
|
|
||||||
static SYSCALL_LIST: HashMap<u32, u32> =
|
|
||||||
HashMap::<u32, u32>::with_max_entries(1024, 0);
|
|
||||||
|
|
||||||
#[panic_handler]
|
|
||||||
fn panic(_info: &core::panic::PanicInfo) -> ! {
|
|
||||||
unsafe { core::hint::unreachable_unchecked() }
|
|
||||||
}
|
|
@ -1,8 +0,0 @@
|
|||||||
[package]
|
|
||||||
name = "xtask"
|
|
||||||
version = "0.1.0"
|
|
||||||
edition = "2021"
|
|
||||||
|
|
||||||
[dependencies]
|
|
||||||
anyhow = "1"
|
|
||||||
clap = { version = "4.1", features = ["derive"] }
|
|
@ -1,42 +0,0 @@
|
|||||||
use std::process::Command;
|
|
||||||
|
|
||||||
use anyhow::Context as _;
|
|
||||||
use clap::Parser;
|
|
||||||
|
|
||||||
use crate::build_ebpf::{build_ebpf, Architecture, Options as BuildOptions};
|
|
||||||
|
|
||||||
#[derive(Debug, Parser)]
|
|
||||||
pub struct Options {
|
|
||||||
/// Set the endianness of the BPF target
|
|
||||||
#[clap(default_value = "bpfel-unknown-none", long)]
|
|
||||||
pub bpf_target: Architecture,
|
|
||||||
/// Build and run the release target
|
|
||||||
#[clap(long)]
|
|
||||||
pub release: bool,
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Build the project
|
|
||||||
fn build_project(opts: &Options) -> Result<(), anyhow::Error> {
|
|
||||||
let mut args = vec!["build"];
|
|
||||||
if opts.release {
|
|
||||||
args.push("--release")
|
|
||||||
}
|
|
||||||
let status = Command::new("cargo")
|
|
||||||
.args(&args)
|
|
||||||
.status()
|
|
||||||
.expect("failed to build userspace");
|
|
||||||
assert!(status.success());
|
|
||||||
Ok(())
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Build our ebpf program and the project
|
|
||||||
pub fn build(opts: Options) -> Result<(), anyhow::Error> {
|
|
||||||
// build our ebpf program followed by our application
|
|
||||||
build_ebpf(BuildOptions {
|
|
||||||
target: opts.bpf_target,
|
|
||||||
release: opts.release,
|
|
||||||
})
|
|
||||||
.context("Error while building eBPF program")?;
|
|
||||||
build_project(&opts).context("Error while building userspace application")?;
|
|
||||||
Ok(())
|
|
||||||
}
|
|
@ -1,67 +0,0 @@
|
|||||||
use std::{path::PathBuf, process::Command};
|
|
||||||
|
|
||||||
use clap::Parser;
|
|
||||||
|
|
||||||
#[derive(Debug, Copy, Clone)]
|
|
||||||
pub enum Architecture {
|
|
||||||
BpfEl,
|
|
||||||
BpfEb,
|
|
||||||
}
|
|
||||||
|
|
||||||
impl std::str::FromStr for Architecture {
|
|
||||||
type Err = String;
|
|
||||||
|
|
||||||
fn from_str(s: &str) -> Result<Self, Self::Err> {
|
|
||||||
Ok(match s {
|
|
||||||
"bpfel-unknown-none" => Architecture::BpfEl,
|
|
||||||
"bpfeb-unknown-none" => Architecture::BpfEb,
|
|
||||||
_ => return Err("invalid target".to_owned()),
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
impl std::fmt::Display for Architecture {
|
|
||||||
fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
|
|
||||||
f.write_str(match self {
|
|
||||||
Architecture::BpfEl => "bpfel-unknown-none",
|
|
||||||
Architecture::BpfEb => "bpfeb-unknown-none",
|
|
||||||
})
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, Parser)]
|
|
||||||
pub struct Options {
|
|
||||||
/// Set the endianness of the BPF target
|
|
||||||
#[clap(default_value = "bpfel-unknown-none", long)]
|
|
||||||
pub target: Architecture,
|
|
||||||
/// Build the release target
|
|
||||||
#[clap(long)]
|
|
||||||
pub release: bool,
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn build_ebpf(opts: Options) -> Result<(), anyhow::Error> {
|
|
||||||
let dir = PathBuf::from("syscall_ebpf-ebpf");
|
|
||||||
let target = format!("--target={}", opts.target);
|
|
||||||
let mut args = vec![
|
|
||||||
"build",
|
|
||||||
target.as_str(),
|
|
||||||
"-Z",
|
|
||||||
"build-std=core",
|
|
||||||
];
|
|
||||||
if opts.release {
|
|
||||||
args.push("--release")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Command::new creates a child process which inherits all env variables. This means env
|
|
||||||
// vars set by the cargo xtask command are also inherited. RUSTUP_TOOLCHAIN is removed
|
|
||||||
// so the rust-toolchain.toml file in the -ebpf folder is honored.
|
|
||||||
|
|
||||||
let status = Command::new("cargo")
|
|
||||||
.current_dir(dir)
|
|
||||||
.env_remove("RUSTUP_TOOLCHAIN")
|
|
||||||
.args(&args)
|
|
||||||
.status()
|
|
||||||
.expect("failed to build bpf program");
|
|
||||||
assert!(status.success());
|
|
||||||
Ok(())
|
|
||||||
}
|
|
@ -1,36 +0,0 @@
|
|||||||
mod build_ebpf;
|
|
||||||
mod build;
|
|
||||||
mod run;
|
|
||||||
|
|
||||||
use std::process::exit;
|
|
||||||
|
|
||||||
use clap::Parser;
|
|
||||||
|
|
||||||
#[derive(Debug, Parser)]
|
|
||||||
pub struct Options {
|
|
||||||
#[clap(subcommand)]
|
|
||||||
command: Command,
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Debug, Parser)]
|
|
||||||
enum Command {
|
|
||||||
BuildEbpf(build_ebpf::Options),
|
|
||||||
Build(build::Options),
|
|
||||||
Run(run::Options),
|
|
||||||
}
|
|
||||||
|
|
||||||
fn main() {
|
|
||||||
let opts = Options::parse();
|
|
||||||
|
|
||||||
use Command::*;
|
|
||||||
let ret = match opts.command {
|
|
||||||
BuildEbpf(opts) => build_ebpf::build_ebpf(opts),
|
|
||||||
Run(opts) => run::run(opts),
|
|
||||||
Build(opts) => build::build(opts),
|
|
||||||
};
|
|
||||||
|
|
||||||
if let Err(e) = ret {
|
|
||||||
eprintln!("{e:#}");
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,55 +0,0 @@
|
|||||||
use std::process::Command;
|
|
||||||
|
|
||||||
use anyhow::Context as _;
|
|
||||||
use clap::Parser;
|
|
||||||
|
|
||||||
use crate::{build::{build, Options as BuildOptions}, build_ebpf::Architecture};
|
|
||||||
|
|
||||||
#[derive(Debug, Parser)]
|
|
||||||
pub struct Options {
|
|
||||||
/// Set the endianness of the BPF target
|
|
||||||
#[clap(default_value = "bpfel-unknown-none", long)]
|
|
||||||
pub bpf_target: Architecture,
|
|
||||||
/// Build and run the release target
|
|
||||||
#[clap(long)]
|
|
||||||
pub release: bool,
|
|
||||||
/// The command used to wrap your application
|
|
||||||
#[clap(short, long, default_value = "sudo -E")]
|
|
||||||
pub runner: String,
|
|
||||||
/// Arguments to pass to your application
|
|
||||||
#[clap(name = "args", last = true)]
|
|
||||||
pub run_args: Vec<String>,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/// Build and run the project
|
|
||||||
pub fn run(opts: Options) -> Result<(), anyhow::Error> {
|
|
||||||
// Build our ebpf program and the project
|
|
||||||
build(BuildOptions{
|
|
||||||
bpf_target: opts.bpf_target,
|
|
||||||
release: opts.release,
|
|
||||||
}).context("Error while building project")?;
|
|
||||||
|
|
||||||
// profile we are building (release or debug)
|
|
||||||
let profile = if opts.release { "release" } else { "debug" };
|
|
||||||
let bin_path = format!("target/{profile}/syscall_ebpf");
|
|
||||||
|
|
||||||
// arguments to pass to the application
|
|
||||||
let mut run_args: Vec<_> = opts.run_args.iter().map(String::as_str).collect();
|
|
||||||
|
|
||||||
// configure args
|
|
||||||
let mut args: Vec<_> = opts.runner.trim().split_terminator(' ').collect();
|
|
||||||
args.push(bin_path.as_str());
|
|
||||||
args.append(&mut run_args);
|
|
||||||
|
|
||||||
// run the command
|
|
||||||
let status = Command::new(args.first().expect("No first argument"))
|
|
||||||
.args(args.iter().skip(1))
|
|
||||||
.status()
|
|
||||||
.expect("failed to run the command");
|
|
||||||
|
|
||||||
if !status.success() {
|
|
||||||
anyhow::bail!("Failed to run `{}`", args.join(" "));
|
|
||||||
}
|
|
||||||
Ok(())
|
|
||||||
}
|
|
@ -1,5 +1,5 @@
|
|||||||
# 用户程序名称
|
# 用户程序名称
|
||||||
name = "test_ebpf"
|
name = "test_ebpf_new"
|
||||||
# 版本号
|
# 版本号
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
# 用户程序描述信息
|
# 用户程序描述信息
|
||||||
@ -21,7 +21,7 @@ type = "build-from-source"
|
|||||||
# "install_from_prebuilt" 可选值:"local", "archive"
|
# "install_from_prebuilt" 可选值:"local", "archive"
|
||||||
source = "local"
|
source = "local"
|
||||||
# 路径或URL
|
# 路径或URL
|
||||||
source-path = "user/apps/test_ebpf"
|
source-path = "user/apps/syscall_ebpf"
|
||||||
# 构建相关信息
|
# 构建相关信息
|
||||||
[build]
|
[build]
|
||||||
# (可选)构建命令
|
# (可选)构建命令
|
Loading…
x
Reference in New Issue
Block a user