feat(ebpf):[WIP] add eBPF support (#948)

* feat(kprobe): Add basic kprobe support for x86_64

* feat: add ebpf support (#912)

- 实现bpf()一部分命令，包括几种基本map，相关的helper函数
- 实现部分perf相关的数据结构
- 暂时为文件实现简单mmap
- 实现一个使用kprobe统计syscall 调用次数的ebpf程序

对eBPF支持程度(基本)：

- 简单的eBPF程序(没有指定特殊的Map)
- 使用内核已经实现的Map的eBPF程序
- 可以和kprobe配合使用
- 内核Map相关的接口定义已经实现，添加新的Map较为简单

不支持的功能:
- 区分不同的eBPF程序类型(Network/Cgroup)并限定可调用的helper函数集
- 与内核其它跟踪机制配合(tracepoint)
- 其它helper和Map


todo

- [ ]  修改mmap，需要讨论，因为这个和块缓存层相关
- [x]  添加文档
- [x]  修复可能的错误
- [x] 增加rbpf版本信息

* feat: add /sys/devices/system/cpu/possible file

* feat: add /sys/devices/system/cpu/online

user/apps/test_ebpf/.gitignore

@@ -0,0 +1,3 @@
+/target
+Cargo.lock
+/install/

user/apps/test_ebpf/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "test_ebpf"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
+aya-log = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13" }
+
+log = "0.4.22"
+env_logger = "0.11.5"
+tokio = { version = "1.25", features = ["macros", "rt", "rt-multi-thread", "net", "signal", "time"] }
+
+[profile.release]
+lto = true
+strip = true

user/apps/test_ebpf/Makefile

@@ -0,0 +1,61 @@
+TOOLCHAIN="+nightly-2024-07-23-x86_64-unknown-linux-gnu"
+RUSTFLAGS+=""
+
+ifdef DADK_CURRENT_BUILD_DIR
+# 如果是在dadk中编译，那么安装到dadk的安装目录中
+	INSTALL_DIR = $(DADK_CURRENT_BUILD_DIR)
+else
+# 如果是在本地编译，那么安装到当前目录下的install目录中
+	INSTALL_DIR = ./install
+endif
+
+ifeq ($(ARCH), x86_64)
+	export RUST_TARGET=x86_64-unknown-linux-musl
+else ifeq ($(ARCH), riscv64)
+	export RUST_TARGET=riscv64gc-unknown-linux-gnu
+else 
+# 默认为x86_86，用于本地编译
+	export RUST_TARGET=x86_64-unknown-linux-musl
+endif
+
+run:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET)
+
+build:build-ebpf
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET)
+
+clean:clean-ebpf
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET)
+
+test:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET)
+
+doc:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) doc --target $(RUST_TARGET)
+
+fmt:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt
+
+fmt-check:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) fmt --check
+
+run-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) run --target $(RUST_TARGET) --release
+
+build-release:build-ebpf
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) build --target $(RUST_TARGET) --release
+
+clean-release:clean-ebpf
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) clean --target $(RUST_TARGET) --release
+
+test-release:
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) test --target $(RUST_TARGET) --release
+
+build-ebpf:
+	cd ./syscall_ebpf && RUST_LOG=debug cargo xtask build --release
+clean-ebpf:
+	cd ./syscall_ebpf && cargo clean
+
+.PHONY: install
+install:build-ebpf
+	RUSTFLAGS=$(RUSTFLAGS) cargo $(TOOLCHAIN) install --target $(RUST_TARGET) --path . --no-track --root $(INSTALL_DIR) --force

user/apps/test_ebpf/src/main.rs

@@ -0,0 +1,60 @@
+use aya::maps::HashMap;
+use aya::programs::KProbe;
+use aya::{include_bytes_aligned, Ebpf};
+use aya_log::EbpfLogger;
+use log::{info, warn};
+use std::error::Error;
+use tokio::task::yield_now;
+use tokio::{signal, time};
+
+#[tokio::main(flavor = "current_thread")]
+async fn main() -> Result<(), Box<dyn Error>> {
+    env_logger::builder()
+        .filter_level(log::LevelFilter::Warn)
+        .format_timestamp(None)
+        .init();
+
+    let mut bpf = Ebpf::load(include_bytes_aligned!(
+        "../syscall_ebpf/target/bpfel-unknown-none/release/syscall_ebpf"
+    ))?;
+
+    // create a async task to read the log
+    if let Err(e) = EbpfLogger::init(&mut bpf) {
+        // This can happen if you remove all log statements from your eBPF program.
+        warn!("failed to initialize eBPF logger: {}", e);
+    }
+
+    let program: &mut KProbe = bpf.program_mut("syscall_ebpf").unwrap().try_into()?;
+    program.load()?;
+    program.attach("dragonos_kernel::syscall::Syscall::handle", 0)?;
+
+    info!("attacch the kprobe to dragonos_kernel::syscall::Syscall::handle");
+
+    // print the value of the blocklist per 5 seconds
+    tokio::spawn(async move {
+        let blocklist: HashMap<_, u32, u32> =
+            HashMap::try_from(bpf.map("SYSCALL_LIST").unwrap()).unwrap();
+        let mut now = time::Instant::now();
+        loop {
+            let new_now = time::Instant::now();
+            let duration = new_now.duration_since(now);
+            if duration.as_secs() >= 5 {
+                println!("------------SYSCALL_LIST----------------");
+                let iter = blocklist.iter();
+                for item in iter {
+                    if let Ok((key, value)) = item {
+                        println!("syscall: {:?}, count: {:?}", key, value);
+                    }
+                }
+                println!("----------------------------------------");
+                now = new_now;
+            }
+            yield_now().await;
+        }
+    });
+
+    info!("Waiting for Ctrl-C...");
+    signal::ctrl_c().await?;
+    info!("Exiting...");
+    Ok(())
+}

user/apps/test_ebpf/syscall_ebpf/.cargo/config.toml

@@ -0,0 +1,2 @@
+[alias]
+xtask = "run --package xtask --"

user/apps/test_ebpf/syscall_ebpf/.gitignore

@@ -0,0 +1,9 @@
+### https://raw.github.com/github/gitignore/master/Rust.gitignore
+
+# Generated by Cargo
+# will have compiled files and executables
+debug/
+target/
+
+# These are backup files generated by rustfmt
+**/*.rs.bk

user/apps/test_ebpf/syscall_ebpf/.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+  "rust-analyzer.linkedProjects": ["Cargo.toml", "syscall_ebpf-ebpf/Cargo.toml"]
+}

user/apps/test_ebpf/syscall_ebpf/Cargo.toml

@@ -0,0 +1,3 @@
+[workspace]
+resolver = "2"
+members = ["xtask", "syscall_ebpf-common"]

user/apps/test_ebpf/syscall_ebpf/README.md

@@ -0,0 +1,32 @@
+# syscall_ebpf
+
+## Prerequisites
+
+1. Install bpf-linker: `cargo install bpf-linker`
+
+## Build eBPF
+
+```bash
+cargo xtask build-ebpf
+```
+
+To perform a release build you can use the `--release` flag.
+You may also change the target architecture with the `--target` flag.
+
+## Build Userspace
+
+```bash
+cargo build
+```
+
+## Build eBPF and Userspace
+
+```bash
+cargo xtask build
+```
+
+## Run
+
+```bash
+RUST_LOG=info cargo xtask run
+```

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-common/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "syscall_ebpf-common"
+version = "0.1.0"
+edition = "2021"
+
+[features]
+default = []
+user = ["aya"]
+
+[dependencies]
+aya = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/tiny-aya.git", rev = "0689f13", optional = true }
+
+[lib]
+path = "src/lib.rs"

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-common/src/lib.rs

@@ -0,0 +1 @@
+#![no_std]

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.cargo/config.toml

@@ -0,0 +1,6 @@
+[build]
+target-dir = "../target"
+target = "bpfel-unknown-none"
+
+[unstable]
+build-std = ["core"]

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.helix/config.toml

@@ -0,0 +1,2 @@
+[editor]
+workspace-lsp-roots = []

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.vim/coc-settings.json

@@ -0,0 +1,4 @@
+{
+    "rust-analyzer.cargo.target": "bpfel-unknown-none",
+    "rust-analyzer.checkOnSave.allTargets": false
+}

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/.vscode/settings.json

@@ -0,0 +1,4 @@
+{
+    "rust-analyzer.cargo.target": "bpfel-unknown-none",
+    "rust-analyzer.checkOnSave.allTargets": false
+}

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/Cargo.toml

@@ -0,0 +1,33 @@
+[package]
+name = "syscall_ebpf-ebpf"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+aya-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
+aya-log-ebpf = { git = "https://git.mirrors.dragonos.org.cn/DragonOS-Community/aya.git", rev = "3d57d35" }
+
+syscall_ebpf-common = { path = "../syscall_ebpf-common" }
+
+[[bin]]
+name = "syscall_ebpf"
+path = "src/main.rs"
+
+[profile.dev]
+opt-level = 3
+debug = false
+debug-assertions = false
+overflow-checks = false
+lto = true
+panic = "abort"
+incremental = false
+codegen-units = 1
+rpath = false
+
+[profile.release]
+lto = true
+panic = "abort"
+codegen-units = 1
+
+[workspace]
+members = []

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/rust-toolchain.toml

@@ -0,0 +1,13 @@
+[toolchain]
+channel = "nightly-2024-07-23"
+# The source code of rustc, provided by the rust-src component, is needed for
+# building eBPF programs.
+components = [
+    "cargo",
+    "clippy",
+    "rust-docs",
+    "rust-src",
+    "rust-std",
+    "rustc",
+    "rustfmt",
+]

user/apps/test_ebpf/syscall_ebpf/syscall_ebpf-ebpf/src/main.rs

@@ -0,0 +1,44 @@
+#![no_std]
+#![no_main]
+
+use aya_ebpf::{macros::kprobe, programs::ProbeContext};
+use aya_ebpf::macros::map;
+use aya_ebpf::maps::HashMap;
+use aya_log_ebpf::info;
+
+#[kprobe]
+pub fn syscall_ebpf(ctx: ProbeContext) -> u32 {
+    try_syscall_ebpf(ctx).unwrap_or_else(|ret| ret)
+}
+
+fn try_syscall_ebpf(ctx: ProbeContext) -> Result<u32, u32> {
+    let pt_regs = unsafe {
+        &*ctx.regs
+    };
+    // first arg -> rdi
+    // second arg -> rsi
+    // third arg -> rdx
+    // four arg -> rcx
+    let syscall_num  = pt_regs.rsi as usize;
+    if syscall_num != 1 {
+        unsafe {
+            if let Some(v) = SYSCALL_LIST.get(&(syscall_num as u32)){
+                let new_v = *v + 1;
+                SYSCALL_LIST.insert(&(syscall_num as u32), &new_v,0).unwrap();
+            }else {
+                SYSCALL_LIST.insert(&(syscall_num as u32), &1,0).unwrap();
+            }
+        }
+        info!(&ctx, "invoke syscall {}", syscall_num);
+    }
+    Ok(0)
+}
+
+#[map] //
+static SYSCALL_LIST: HashMap<u32, u32> =
+    HashMap::<u32, u32>::with_max_entries(1024, 0);
+
+#[panic_handler]
+fn panic(_info: &core::panic::PanicInfo) -> ! {
+    unsafe { core::hint::unreachable_unchecked() }
+}

user/apps/test_ebpf/syscall_ebpf/xtask/Cargo.toml

@@ -0,0 +1,8 @@
+[package]
+name = "xtask"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+anyhow = "1"
+clap = { version = "4.1", features = ["derive"] }

user/apps/test_ebpf/syscall_ebpf/xtask/src/build.rs

@@ -0,0 +1,42 @@
+use std::process::Command;
+
+use anyhow::Context as _;
+use clap::Parser;
+
+use crate::build_ebpf::{build_ebpf, Architecture, Options as BuildOptions};
+
+#[derive(Debug, Parser)]
+pub struct Options {
+    /// Set the endianness of the BPF target
+    #[clap(default_value = "bpfel-unknown-none", long)]
+    pub bpf_target: Architecture,
+    /// Build and run the release target
+    #[clap(long)]
+    pub release: bool,
+}
+
+/// Build the project
+fn build_project(opts: &Options) -> Result<(), anyhow::Error> {
+    let mut args = vec!["build"];
+    if opts.release {
+        args.push("--release")
+    }
+    let status = Command::new("cargo")
+        .args(&args)
+        .status()
+        .expect("failed to build userspace");
+    assert!(status.success());
+    Ok(())
+}
+
+/// Build our ebpf program and the project
+pub fn build(opts: Options) -> Result<(), anyhow::Error> {
+    // build our ebpf program followed by our application
+    build_ebpf(BuildOptions {
+        target: opts.bpf_target,
+        release: opts.release,
+    })
+    .context("Error while building eBPF program")?;
+    build_project(&opts).context("Error while building userspace application")?;
+    Ok(())
+}

user/apps/test_ebpf/syscall_ebpf/xtask/src/build_ebpf.rs

@@ -0,0 +1,67 @@
+use std::{path::PathBuf, process::Command};
+
+use clap::Parser;
+
+#[derive(Debug, Copy, Clone)]
+pub enum Architecture {
+    BpfEl,
+    BpfEb,
+}
+
+impl std::str::FromStr for Architecture {
+    type Err = String;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(match s {
+            "bpfel-unknown-none" => Architecture::BpfEl,
+            "bpfeb-unknown-none" => Architecture::BpfEb,
+            _ => return Err("invalid target".to_owned()),
+        })
+    }
+}
+
+impl std::fmt::Display for Architecture {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.write_str(match self {
+            Architecture::BpfEl => "bpfel-unknown-none",
+            Architecture::BpfEb => "bpfeb-unknown-none",
+        })
+    }
+}
+
+#[derive(Debug, Parser)]
+pub struct Options {
+    /// Set the endianness of the BPF target
+    #[clap(default_value = "bpfel-unknown-none", long)]
+    pub target: Architecture,
+    /// Build the release target
+    #[clap(long)]
+    pub release: bool,
+}
+
+pub fn build_ebpf(opts: Options) -> Result<(), anyhow::Error> {
+    let dir = PathBuf::from("syscall_ebpf-ebpf");
+    let target = format!("--target={}", opts.target);
+    let mut args = vec![
+        "build",
+        target.as_str(),
+        "-Z",
+        "build-std=core",
+    ];
+    if opts.release {
+        args.push("--release")
+    }
+
+    // Command::new creates a child process which inherits all env variables. This means env
+    // vars set by the cargo xtask command are also inherited. RUSTUP_TOOLCHAIN is removed
+    // so the rust-toolchain.toml file in the -ebpf folder is honored.
+
+    let status = Command::new("cargo")
+        .current_dir(dir)
+        .env_remove("RUSTUP_TOOLCHAIN")
+        .args(&args)
+        .status()
+        .expect("failed to build bpf program");
+    assert!(status.success());
+    Ok(())
+}

user/apps/test_ebpf/syscall_ebpf/xtask/src/main.rs

@@ -0,0 +1,36 @@
+mod build_ebpf;
+mod build;
+mod run;
+
+use std::process::exit;
+
+use clap::Parser;
+
+#[derive(Debug, Parser)]
+pub struct Options {
+    #[clap(subcommand)]
+    command: Command,
+}
+
+#[derive(Debug, Parser)]
+enum Command {
+    BuildEbpf(build_ebpf::Options),
+    Build(build::Options),
+    Run(run::Options),
+}
+
+fn main() {
+    let opts = Options::parse();
+
+    use Command::*;
+    let ret = match opts.command {
+        BuildEbpf(opts) => build_ebpf::build_ebpf(opts),
+        Run(opts) => run::run(opts),
+        Build(opts) => build::build(opts),
+    };
+
+    if let Err(e) = ret {
+        eprintln!("{e:#}");
+        exit(1);
+    }
+}

user/apps/test_ebpf/syscall_ebpf/xtask/src/run.rs

@@ -0,0 +1,55 @@
+use std::process::Command;
+
+use anyhow::Context as _;
+use clap::Parser;
+
+use crate::{build::{build, Options as BuildOptions}, build_ebpf::Architecture};
+
+#[derive(Debug, Parser)]
+pub struct Options {
+    /// Set the endianness of the BPF target
+    #[clap(default_value = "bpfel-unknown-none", long)]
+    pub bpf_target: Architecture,
+    /// Build and run the release target
+    #[clap(long)]
+    pub release: bool,
+    /// The command used to wrap your application
+    #[clap(short, long, default_value = "sudo -E")]
+    pub runner: String,
+    /// Arguments to pass to your application
+    #[clap(name = "args", last = true)]
+    pub run_args: Vec<String>,
+}
+
+
+/// Build and run the project
+pub fn run(opts: Options) -> Result<(), anyhow::Error> {
+    // Build our ebpf program and the project
+    build(BuildOptions{
+        bpf_target: opts.bpf_target,
+        release: opts.release,
+    }).context("Error while building project")?;
+    
+    // profile we are building (release or debug)
+    let profile = if opts.release { "release" } else { "debug" };
+    let bin_path = format!("target/{profile}/syscall_ebpf");
+
+    // arguments to pass to the application
+    let mut run_args: Vec<_> = opts.run_args.iter().map(String::as_str).collect();
+
+    // configure args
+    let mut args: Vec<_> = opts.runner.trim().split_terminator(' ').collect();
+    args.push(bin_path.as_str());
+    args.append(&mut run_args);
+
+    // run the command
+    let status = Command::new(args.first().expect("No first argument"))
+        .args(args.iter().skip(1))
+        .status()
+        .expect("failed to run the command");
+
+    if !status.success() {
+        anyhow::bail!("Failed to run `{}`", args.join(" "));
+    }
+    Ok(())
+}

user/apps/test_tokio/src/main.rs

@@ -1,5 +1,3 @@
-use tokio::signal;
-
 async fn say_world() {
     println!("world");
 }

user/dadk/config/test_ebpf_0_1_0.dadk

@@ -0,0 +1,23 @@
+{
+  "name": "test_ebpf",
+  "version": "0.1.0",
+  "description": "to test eBPF",
+  "task_type": {
+    "BuildFromSource": {
+      "Local": {
+        "path": "apps/test_ebpf"
+      }
+    }
+  },
+  "depends": [],
+  "build": {
+    "build_command": "make install"
+  },
+  "install": {
+    "in_dragonos_path": "/"
+  },
+  "clean": {
+    "clean_command": "make clean"
+  },
+  "target_arch": ["x86_64"]
+}