• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) Huawei Technologies Co., Ltd. 2022. All rights reserved.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <cerrno>
17 #include <chrono>
18 #include <csignal>
19 #include <cstdio>
20 #include <cstdlib>
21 #include <cstring>
22 #include <ctime>
23 #include <iomanip>
24 #include <iostream>
25 #include <memory>
26 #include <mutex>
27 
28 #include <fcntl.h>
29 #include <unistd.h>
30 #include <linux/bpf.h>
31 #include <linux/perf_event.h>
32 #include <sys/resource.h>
33 
34 #include "bpf.h"
35 #include "elf_file.h"
36 #include "libbpf_logger.h"
37 #include "bpf_controller.h"
38 
39 namespace {
40 std::unique_ptr<LIBBPFLogger> libbpfLogger {nullptr};
41 const std::string THIRD_PARTY_MUSL_ADDR = "/system/lib/ld-musl-aarch64.so.1";
42 constexpr int32_t SYM_32_VALUE_OFFSET = 4;
43 constexpr int32_t SYM_64_VALUE_OFFSET = 8;
44 constexpr int32_t WIDE_SIXTEEN = 16;
45 } // namespace
46 
LIBBPFPrintFunc(enum libbpf_print_level level,const char * format,va_list args)47 int BPFController::LIBBPFPrintFunc(enum libbpf_print_level level, const char *format, va_list args)
48 {
49     if (libbpfLogger) {
50         return libbpfLogger->Printf(level, format, args);
51     }
52     return 0;
53 }
54 
~BPFController()55 BPFController::~BPFController()
56 {
57     Stop();
58     if (rb_) {
59         // release bpf ringbuffer
60         ring_buffer__free(rb_);
61         rb_ = nullptr;
62     }
63     if (ips_) {
64         delete[] ips_;
65         ips_ = nullptr;
66     }
67     if (skel_) {
68         hiebpf_bpf__destroy(skel_);
69         skel_ = nullptr;
70     }
71 
72     for (size_t k = 0; k < receivers_.size(); ++k) {
73         receivers_[k]->Stop();
74     }
75     if (bpfLogReader_) {
76         bpfLogReader_->Stop();
77     }
78 }
79 
MakeUnique(const BPFConfig & config)80 std::unique_ptr<BPFController> BPFController::MakeUnique(const BPFConfig& config)
81 {
82     std::unique_ptr<BPFController> bpfctlr {new(std::nothrow) BPFController {config}};
83     CHECK_NOTNULL(bpfctlr, nullptr, "failed to instantiate BPFController");
84     HHLOGI(true, "BPFController instantiated");
85 
86     CHECK_TRUE(bpfctlr->VerifyConfigurations() == 0, nullptr, "failed to verify config");
87     HHLOGI(true, "BPFConfig verified");
88 
89     CHECK_TRUE(bpfctlr->SetUpBPF() == 0, nullptr, "failed to set up BPF");
90     HHLOGI(true, "BPF setup done");
91 
92     return bpfctlr;
93 }
94 
VerifyDumpEvents(const __u32 nr)95 static inline int VerifyDumpEvents(const __u32 nr)
96 {
97     CHECK_TRUE(nr <= BPFController::DUMP_EVENTS_LIMIT, -1, "dump events exceeds limit");
98     return 0;
99 }
100 
VerifyTraceDuration(const __u32 duration)101 static inline int VerifyTraceDuration(const __u32 duration)
102 {
103     CHECK_TRUE(duration <= BPFController::TRACE_DURATION_LIMIT, -1, "trace duration exceeds limit");
104     return 0;
105 }
106 
VerifyMaxStackDepth(const __u32 depth)107 static inline int VerifyMaxStackDepth(const __u32 depth)
108 {
109     CHECK_TRUE(depth <= MAX_STACK_LIMIT, -1, "max stack depth exceeds limit");
110     return 0;
111 }
112 
VerifySelectEventGroups(const std::set<HiebpfEventGroup> & selectEventGroups)113 int BPFController::VerifySelectEventGroups(const std::set<HiebpfEventGroup> &selectEventGroups)
114 {
115     CHECK_TRUE(!selectEventGroups.empty(), -1, "VerifySelectEventGroups() failed: event group list is empty");
116     selectEventGroups_ = selectEventGroups;
117     return 0;
118 }
119 
VerifyConfigurations()120 int BPFController::VerifyConfigurations()
121 {
122     CHECK_TRUE(VerifySelectEventGroups(config_.selectEventGroups_) == 0, -1, "VerifySelectEventGroups fail");
123     HHLOGI(true, "VerifySelectEventGroups() done");
124     CHECK_TRUE(VerifyDumpEvents(config_.dumpEvents_) == 0, -1,
125                "VerifyDumpEvents() failed: dump events = %u", config_.dumpEvents_);
126     HHLOGI(true, "VerifyDumpEents() done");
127     CHECK_TRUE(VerifyTraceDuration(config_.traceDuration_) == 0, -1,
128                "VerifyTraceDuration() failed: duration = %u", config_.traceDuration_);
129     HHLOGI(true, "VerifyTraceDuration() done");
130     CHECK_TRUE(VerifyMaxStackDepth(config_.maxStackDepth_) == 0, -1,
131                "VerifyMaxStackDepth() failed: max stack depth = %u", config_.maxStackDepth_);
132     HHLOGI(true, "VerifyMaxStackDepth() done");
133     return 0;
134 }
135 
SetUpBPF()136 int BPFController::SetUpBPF()
137 {
138     CHECK_TRUE(ConfigLIBBPFLogger() == 0, -1, "failed to configure LIBBPF logger");
139     HHLOGI(true, "ConfigLIBBPFLogger() done");
140 
141     // set up libbpf deubug level
142     libbpf_set_strict_mode(LIBBPF_STRICT_ALL);
143     // set RLIMIT_MEMLOCK
144     struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
145     setrlimit(RLIMIT_MEMLOCK, &r);
146 
147     skel_ = hiebpf_bpf__open();
148     int err = libbpf_get_error(skel_);
149     CHECK_TRUE(!err, err, "failed to open BPF skeleton: %s", strerror(-err));
150     HHLOGI(true, "BPF skeleton opened");
151     if (config_.unwindStack_) {
152         ips_ = new(std::nothrow) __u64[config_.maxStackDepth_];
153         CHECK_NOTNULL(ips_, -1, "failed to allocate memory for ips");
154     }
155     HHLOGI(true, "allocate ips buffer done");
156     dataFile_ = HiebpfDataFile::MakeShared(config_.cmd_, config_.outputFile_);
157     CHECK_NOTNULL(dataFile_, -1, "failed to make hiebpf data file");
158     CHECK_TRUE(FilterProgByEvents() == 0, -1, "failed to load BPF objects");
159     HHLOGI(true, "make HiebpfDataFile done");
160     skel_->rodata->g_stack_limit = config_.maxStackDepth_;
161     err = hiebpf_bpf__load(skel_);
162     CHECK_TRUE(!err, err, "failed to load BPF skeleton: %s", strerror(-err));
163     CHECK_TRUE(ConfigureBPF() == 0, -1, "failed to configure BPF");
164     HHLOGI(true, "BPF configuration done");
165 
166     return 0;
167 }
168 
FilterProgByEvents()169 int BPFController::FilterProgByEvents()
170 {
171     // check each one hiebpf_bpf.progs in hiebpf.skel.h
172     // hiebpf_bpf.progs is autoload by default
173     FilterFsGroup();
174 
175     if (selectEventGroups_.find(MEM_GROUP_ALL) == selectEventGroups_.end()) {
176         bpf_program__set_autoload(skel_->progs.__do_fault_entry, false);
177         bpf_program__set_autoload(skel_->progs.__do_fault_exit, false);
178 
179         bpf_program__set_autoload(skel_->progs.do_swap_page_entry, false);
180         bpf_program__set_autoload(skel_->progs.do_swap_page_exit, false);
181 
182         bpf_program__set_autoload(skel_->progs.do_wp_page_entry, false);
183         bpf_program__set_autoload(skel_->progs.do_wp_page_exit, false);
184     }
185     if (selectEventGroups_.find(BIO_GROUP_ALL) == selectEventGroups_.end()) {
186         bpf_program__set_autoload(skel_->progs.block_issue, false);
187         bpf_program__set_autoload(skel_->progs.blk_update_request, false);
188     } else {
189         dataFile_->WriteKernelSymbol();
190     }
191     return 0;
192 }
193 
FilterFsGroup()194 void BPFController::FilterFsGroup()
195 {
196     if (selectEventGroups_.find(FS_GROUP_ALL) != selectEventGroups_.end()) {
197         return;
198     }
199 
200     if (selectEventGroups_.find(FS_GROUP_OPEN) == selectEventGroups_.end()) {
201         bpf_program__set_autoload(skel_->progs.do_sys_openat2_entry, false);
202         bpf_program__set_autoload(skel_->progs.do_sys_openat2_exit, false);
203     }
204     if (selectEventGroups_.find(FS_GROUP_READ) == selectEventGroups_.end()) {
205         bpf_program__set_autoload(skel_->progs.do_readv_entry, false);
206         bpf_program__set_autoload(skel_->progs.do_readv_exit, false);
207 
208         bpf_program__set_autoload(skel_->progs.do_preadv_entry, false);
209         bpf_program__set_autoload(skel_->progs.do_preadv_exit, false);
210 
211         bpf_program__set_autoload(skel_->progs.ksys_read_entry, false);
212         bpf_program__set_autoload(skel_->progs.ksys_read_exit, false);
213 
214         bpf_program__set_autoload(skel_->progs.ksys_pread64_entry, false);
215         bpf_program__set_autoload(skel_->progs.ksys_pread64_exit, false);
216     }
217     if (selectEventGroups_.find(FS_GROUP_WRITE) == selectEventGroups_.end()) {
218         bpf_program__set_autoload(skel_->progs.do_writev_entry, false);
219         bpf_program__set_autoload(skel_->progs.do_writev_exit, false);
220 
221         bpf_program__set_autoload(skel_->progs.__arm64_sys_pwritev_entry, false);
222         bpf_program__set_autoload(skel_->progs.__arm64_sys_pwritev_exit, false);
223         bpf_program__set_autoload(skel_->progs.__arm64_sys_pwritev2_entry, false);
224         bpf_program__set_autoload(skel_->progs.__arm64_sys_pwritev2_exit, false);
225         bpf_program__set_autoload(skel_->progs.__arm64_compat_sys_pwritev_entry, false);
226         bpf_program__set_autoload(skel_->progs.__arm64_compat_sys_pwritev_exit, false);
227         bpf_program__set_autoload(skel_->progs.__arm64_compat_sys_pwritev2_entry, false);
228         bpf_program__set_autoload(skel_->progs.__arm64_compat_sys_pwritev2_exit, false);
229 
230         bpf_program__set_autoload(skel_->progs.ksys_write_entry, false);
231         bpf_program__set_autoload(skel_->progs.ksys_write_exit, false);
232 
233         bpf_program__set_autoload(skel_->progs.ksys_pwrite64_entry, false);
234         bpf_program__set_autoload(skel_->progs.ksys_pwrite64_exit, false);
235     }
236     if (selectEventGroups_.find(FS_GROUP_CLOSE) == selectEventGroups_.end()) {
237         bpf_program__set_autoload(skel_->progs.__close_fd_entry, false);
238         bpf_program__set_autoload(skel_->progs.__close_fd_exit, false);
239     }
240 }
241 
InitTracerPid(const int fd,bool excludeTracer)242 static int InitTracerPid(const int fd, bool excludeTracer)
243 {
244     int32_t pid = -1;
245     if (excludeTracer) {
246         /* we write the tracer pid into BPF map to notify BPF progs
247          * to exclude the tracer itself
248         */
249         pid = static_cast<int32_t>(getpid());
250         CHECK_TRUE(pid >= 0, -1, "failed to get current pid");
251     }
252     constexpr __u32 pididx {TRACER_PID_INDEX};
253     int err = bpf_map_update_elem(fd, &pididx, &pid, BPF_ANY);
254     CHECK_TRUE(!err, -1, "failed to update tracer pid %d in config_var_map", pid);
255     return 0;
256 }
257 
InitBPFLogLevel(const int fd,const __u32 level)258 static inline int InitBPFLogLevel(const int fd, const __u32 level)
259 {
260     if (level == BPF_LOG_NONE) {
261         HHLOGD(true, "bpf log level is NONE!");
262         return 0;
263     }
264     constexpr __u32 levelidx {BPF_LOG_LEVEL_INDEX};
265     int err = bpf_map_update_elem(fd, &levelidx, &level, BPF_ANY);
266     CHECK_TRUE(!err, -1, "failed to set bpf log level in config_var_map");
267     return 0;
268 }
269 
InitUnwindFlag(const int fd,bool unwind)270 static inline int InitUnwindFlag(const int fd, bool unwind)
271 {
272     constexpr __u32 uflagidx {UNWIND_FLAG_INDEX};
273     __u32 uflag {0};
274     if (unwind) {
275         uflag = 1;
276     }
277     int err = bpf_map_update_elem(fd, &uflagidx, &uflag, BPF_ANY);
278     CHECK_TRUE(!err, -1, "failed to set unwind stack flag in config_var_map");
279     return 0;
280 }
281 
InitBPFVariables() const282 int BPFController::InitBPFVariables() const
283 {
284     int fd = bpf_map__fd(skel_->maps.config_var_map);
285     CHECK_TRUE(fd >= 0, -1, "failed to get fd of config_var_map");
286     HHLOGI(true, "InitBPFVariables() done");
287     CHECK_TRUE(InitTracerPid(fd, config_.excludeTracer_) == 0, -1,
288                "failed to init tracer pid in config_var_map");
289     HHLOGI(true, "InitTracerPid() done");
290     CHECK_TRUE(InitBPFLogLevel(fd, config_.BPFLogLevel_) == 0, -1,
291                "failed to init BPF log level in config_var_map");
292     HHLOGI(true, "InitBPFLogLevel() done");
293     CHECK_TRUE(InitUnwindFlag(fd, config_.unwindStack_) == 0, -1,
294                "failed to init unwind stack flag in config_var_map");
295     HHLOGI(true, "InitUnwindFlag() done");
296     return 0;
297 }
298 
FillTargetPidMap() const299 int BPFController::FillTargetPidMap() const
300 {
301     int fd = bpf_map__fd(skel_->maps.target_pid_map);
302     CHECK_TRUE(fd >= 0, -1, "failed to get fd of target_pid_map");
303     int index {0};
304     uint32_t val {1}; // target_pid_Map[0] = 1 means tracing all processes
305     int err {0};
306     int numPids {config_.targetPids_.size()};
307     HHLOGD(true, "target pid num = %d", numPids);
308     if (numPids == 0) {
309         // no target pid specified, trace all processes
310         err = bpf_map_update_elem(fd, &index, &val, BPF_ANY);
311         CHECK_TRUE(!err, -1, "failed to set target pid = %u", val);
312         return 0;
313     }
314     if (numPids > MAX_TARGET_PIDS) {
315         HHLOGW(true, "BPFController WARN: number of target pids exceeds the maximum limit");
316         numPids = MAX_TARGET_PIDS;
317     }
318     for (index = 1; index <= numPids; ++index) {
319         val = static_cast<uint32_t>(config_.targetPids_[index - 1]);
320         HHLOGD(true, "target pid = %u", val);
321         std::cout << "target pid = " << val << std::endl;
322         err = bpf_map_update_elem(fd, &index, &val, BPF_ANY);
323         CHECK_TRUE(!err, -1, "failed to set target pid = %d", val);
324     }
325     return 0;
326 }
327 
ConfigBPFLogger()328 inline int BPFController::ConfigBPFLogger()
329 {
330     if (config_.BPFLogLevel_ == BPF_LOG_NONE) {
331         HHLOGD(true, "bpf log level is NONE!");
332         return 0;
333     }
334 #if defined(BPF_LOGGER_DEBUG) || defined(BPF_LOGGER_INFO) || defined(BPF_LOGGER_WARN) ||    \
335     defined(BPF_LOGGER_ERROR) || defined(BPF_LOGGER_FATAL)
336     bpfLogReader_ = BPFLogReader::MakeUnique(config_.BPFLogFile_);
337     CHECK_NOTNULL(bpfLogReader_, -1, "failed to initialize BPFLogReader");
338 #endif
339     return 0;
340 }
341 
ConfigLIBBPFLogger() const342 inline int BPFController::ConfigLIBBPFLogger() const
343 {
344     // set up libbpf print callback
345     HHLOGI(true, "libbpf logger: file = %s, level = %d", config_.LIBBPFLogFile_.c_str(), config_.LIBBPFLogLevel_);
346     libbpf_set_print(BPFController::LIBBPFPrintFunc);
347     if (config_.LIBBPFLogLevel_ == LIBBPF_NONE) {
348         HHLOGD(true, "libbpf log level is NONE!");
349         return 0;
350     }
351     libbpfLogger = LIBBPFLogger::MakeUnique(config_.LIBBPFLogFile_, config_.LIBBPFLogLevel_);
352     CHECK_NOTNULL(libbpfLogger, -1, "libbpfLogger is nullptr");
353     return 0;
354 }
355 
ConfigReceivers()356 int BPFController::ConfigReceivers()
357 {
358     if (config_.dumpEvents_ == 0) {
359         rb_ = ring_buffer__new(
360             bpf_map__fd(skel_->maps.bpf_ringbuf_map),
361             BPFController::HandleEvent,
362             this, nullptr);
363         int err = libbpf_get_error(rb_);
364         CHECK_TRUE(!err, err, "failed to make BPF ring buffer: %s", strerror(-err));
365         if (config_.pipelines_ == 0) {
366             config_.pipelines_ = MIN_PIPELINES_LIMIT;
367         }
368         for (__u32 cnt = config_.pipelines_; cnt != 0; --cnt) {
369             receivers_.push_back(BPFEventReceiver::MakeShared(dataFile_));
370         }
371         CHECK_TRUE(receivers_.size() == config_.pipelines_, -1, "failed to make BPF event receivers");
372         last_ = 0;
373     } else {
374         rb_ = ring_buffer__new(
375             bpf_map__fd(skel_->maps.bpf_ringbuf_map),
376             BPFController::DumpEvent,
377             this, nullptr);
378         int err = libbpf_get_error(rb_);
379         CHECK_TRUE(!err, err, "failed to make BPF ring buffer: %s", strerror(-err));
380     }
381     return 0;
382 }
383 
GetSymOffset(const std::string & path,const std::string & symbol)384 uint64_t BPFController::GetSymOffset(const std::string &path, const std::string &symbol)
385 {
386     CHECK_TRUE(access(path.c_str(), F_OK) == 0, 0, "the file does not exist");
387     using namespace OHOS::Developtools::Hiebpf;
388     std::unique_ptr<ElfFile> elfFile = ElfFile::MakeUnique(path);
389     CHECK_NOTNULL(elfFile, 0, "ELF file open failed");
390     const std::string dynsym {".dynsym"};
391     CHECK_TRUE(elfFile->shdrs_.find(dynsym) != elfFile->shdrs_.end(), 0, "section dynsym failed to obtain data");
392     const auto &sym = elfFile->shdrs_[dynsym];
393     const uint8_t *symData = elfFile->GetSectionData(sym->secIndex_);
394 
395     const std::string dynstr {".dynstr"};
396     CHECK_TRUE(elfFile->shdrs_.find(dynstr) != elfFile->shdrs_.end(), 0, "section dynstr failed to obtain data");
397     const auto &str = elfFile->shdrs_[dynstr];
398     const uint8_t *strData = elfFile->GetSectionData(str->secIndex_);
399 
400     uint32_t st_name = 0;
401     uint64_t stepLength = 0;
402     uint64_t vaddr = 0;
403     while (stepLength < sym->secSize_) {
404         int ret = memcpy_s(&st_name, sizeof(uint32_t), symData + stepLength, sizeof(uint32_t));
405         CHECK_TRUE(ret == EOK, 0, "failed to memcpy symData");
406         auto name = const_cast<uint8_t*>(strData + st_name);
407         if (name != nullptr && std::string(reinterpret_cast<char*>(name)).compare(symbol) == 0) {
408             int32_t valueOffset = sym->secEntrySize_ == sizeof(Elf64_Sym) ? SYM_64_VALUE_OFFSET : SYM_32_VALUE_OFFSET;
409             int32_t valueSize = valueOffset == SYM_64_VALUE_OFFSET ? sizeof(uint64_t) : sizeof(uint32_t);
410             ret = memcpy_s(&vaddr, sizeof(uint64_t), symData + stepLength + valueOffset, valueSize);
411             CHECK_TRUE(ret == EOK, 0, "failed to memcpy symData");
412             break;
413         }
414         stepLength += sym->secEntrySize_;
415     }
416     CHECK_TRUE(vaddr != 0, 0, "get vaddr failed");
417 
418     const std::string text {".text"};
419     CHECK_TRUE(elfFile->shdrs_.find(text) != elfFile->shdrs_.end(), 0, "section text failed to obtain data");
420     const auto &textPtr = elfFile->shdrs_[text];
421     return vaddr - textPtr->secVaddr_ + textPtr->fileOffset_;
422 }
423 
ConfigDlopenBPFProg()424 int32_t BPFController::ConfigDlopenBPFProg()
425 {
426     uint64_t symOffset = GetSymOffset(THIRD_PARTY_MUSL_ADDR, "dlopen");
427     CHECK_TRUE(symOffset != 0, -1, "get symOffset failed");
428     skel_->links.uretprobe_dlopen = bpf_program__attach_uprobe(skel_->progs.uretprobe_dlopen,
429                                                                true,
430                                                                -1,
431                                                                THIRD_PARTY_MUSL_ADDR.c_str(),
432                                                                symOffset);
433     CHECK_TRUE(skel_->links.uretprobe_dlopen, -1, "failed to attach uretprobe_dlopen");
434     return 0;
435 }
436 
ConfigureBPF()437 int BPFController::ConfigureBPF()
438 {
439     CHECK_TRUE(InitBPFVariables() == 0, -1, "failed to fill config_var_map");
440     HHLOGI(true, "InitBPFVariables() done");
441     CHECK_TRUE(FillTargetPidMap() == 0, -1, "failed to fill target_pid_map");
442     HHLOGI(true, "FillTargetPidMap() done");
443     CHECK_TRUE(ConfigBPFLogger() == 0, -1, "failed to configure BPF logger");
444     HHLOGI(true, "ConfigBPFLogger() done");
445     CHECK_TRUE(ConfigReceivers() == 0, -1, "failed to configure BPF ringbuffer");
446     HHLOGI(true, "ConfigReceivers() done");
447     CHECK_TRUE(ConfigDlopenBPFProg() == 0, -1, "failed to configure user BPF prog");
448     return 0;
449 }
450 
Start()451 int BPFController::Start()
452 {
453 #if defined(BPF_LOGGER_DEBUG) || defined(BPF_LOGGER_INFO) || defined(BPF_LOGGER_WARN) ||    \
454     defined(BPF_LOGGER_ERROR) || defined(BPF_LOGGER_FATAL)
455     CHECK_TRUE(StartBPFLogReader() == 0, -1, "failed to start BPF log reader");
456 #endif
457     HHLOGI(true, "BPF log reader started");
458     CHECK_TRUE(StartReceivers() == 0, -1, "failed to start receivers");
459     HHLOGI(true, "receivers started");
460     // activate events
461     int err = hiebpf_bpf__attach(skel_);
462     CHECK_TRUE(!err, -1, "failed to attach bpf object: %s", strerror(-err));
463     HHLOGI(true, "BPF events activated");
464 
465     const auto endTime = std::chrono::steady_clock::now() + std::chrono::seconds(config_.traceDuration_);
466     while (!loopStop_) {
467         if (BPFEventLoopOnce() != 0) {
468             printf("libbpf error occured, hiebpf exit\n");
469             err = -1;
470             break;
471         }
472         if (std::chrono::steady_clock::now() >= endTime) {
473             printf("timeout(%us), hiebpf exit\n", config_.traceDuration_);
474             break;
475         }
476     }
477     // receivers_ must stop after BPFEventLoopOnce();
478     for (size_t k = 0; k < receivers_.size(); ++k) {
479         receivers_[k]->Stop();
480     }
481     if (bpfLogReader_) {
482         bpfLogReader_->Stop();
483     }
484 
485     HHLOGI(true, "hiebpf stopped");
486 
487     return err;
488 }
489 
Stop()490 void BPFController::Stop()
491 {
492     loopStop_ = true;
493 }
494 
HandleEvent(void * ctx,void * data,size_t dataSize)495 int BPFController::HandleEvent(void *ctx, void *data, size_t dataSize)
496 {
497     // get the next running receiver
498     BPFController *bpfctlr = static_cast<BPFController *>(ctx);
499     auto wrecv = bpfctlr->NextActiveReceiver();
500     auto receiver = wrecv.lock();
501     if (receiver == nullptr) {
502         HHLOGF(true, "all receivers have stopped, will stop BPF event loop");
503         bpfctlr->Stop();
504         return -1;
505     }
506 
507     // move data and notify receiver
508     int ret = receiver->Put(data, dataSize);
509     HHLOGE((ret < 0), "event lost: failed to move data to receiver"); // try other receivers ?
510     HHLOGF(
511         (0 <= ret and ret < static_cast<int>(dataSize)),
512         "incomplete data movement: this should never happen");
513     return ret;
514 }
515 
DumpOpenat2Args(const struct fstrace_cmplt_event_t & cmpltEvent)516 static int DumpOpenat2Args(const struct fstrace_cmplt_event_t &cmpltEvent)
517 {
518     std::cout << "\nArgs:";
519     std::cout << "\n    dfd = " << cmpltEvent.start_event.openat2_args.dfd;
520     std::cout << "\n    filename = " << cmpltEvent.start_event.openat2_args.filename;
521     std::cout << "\n    how = " << cmpltEvent.start_event.openat2_args.how;
522     return 0;
523 }
524 
DumpReadvArgs(const struct fstrace_cmplt_event_t & cmpltEvent)525 static int DumpReadvArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
526 {
527     std::cout << "\nArgs:";
528     std::cout << "\n    fd = " << cmpltEvent.start_event.readv_args.fd;
529     std::cout << "\n    vec = " << cmpltEvent.start_event.readv_args.vec;
530     std::cout << "\n    vlen = " << cmpltEvent.start_event.readv_args.vlen;
531     std::cout << "\n    flags = " << cmpltEvent.start_event.readv_args.flags;
532     return 0;
533 }
534 
DumpPreadvArgs(const struct fstrace_cmplt_event_t & cmpltEvent)535 static int DumpPreadvArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
536 {
537     std::cout << "\nArgs:";
538     std::cout << "\n    fd = " << cmpltEvent.start_event.preadv_args.fd;
539     std::cout << "\n    vec = " << cmpltEvent.start_event.preadv_args.vec;
540     std::cout << "\n    vlen = " << cmpltEvent.start_event.preadv_args.vlen;
541     std::cout << "\n    pos = " << cmpltEvent.start_event.preadv_args.pos;
542     std::cout << "\n    flags = " << cmpltEvent.start_event.preadv_args.flags;
543     return 0;
544 }
545 
DumpReadArgs(const struct fstrace_cmplt_event_t & cmpltEvent)546 static int DumpReadArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
547 {
548     std::cout << "\nArgs:";
549     std::cout << "\n    fd = " << cmpltEvent.start_event.read_args.fd;
550     std::cout << "\n    buf = " << cmpltEvent.start_event.read_args.buf;
551     std::cout << "\n    count = " << cmpltEvent.start_event.read_args.count;
552     return 0;
553 }
554 
DumpPread64Args(const struct fstrace_cmplt_event_t & cmpltEvent)555 static int DumpPread64Args(const struct fstrace_cmplt_event_t &cmpltEvent)
556 {
557     std::cout << "\nArgs:";
558     std::cout << "\n    fd = " << cmpltEvent.start_event.pread64_args.fd;
559     std::cout << "\n    buf = " << cmpltEvent.start_event.pread64_args.buf;
560     std::cout << "\n    count = " << cmpltEvent.start_event.pread64_args.count;
561     std::cout << "\n    pos = " << cmpltEvent.start_event.pread64_args.pos;
562     return 0;
563 }
564 
DumpWritevArgs(const struct fstrace_cmplt_event_t & cmpltEvent)565 static int DumpWritevArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
566 {
567     std::cout << "\nArgs:";
568     std::cout << "\n    fd = " << cmpltEvent.start_event.writev_args.fd;
569     std::cout << "\n    vec = " << cmpltEvent.start_event.writev_args.vec;
570     std::cout << "\n    vlen = " << cmpltEvent.start_event.writev_args.vlen;
571     std::cout << "\n    flags = " << cmpltEvent.start_event.writev_args.flags;
572     return 0;
573 }
574 
DumpPwritevArgs(const struct fstrace_cmplt_event_t & cmpltEvent)575 static int DumpPwritevArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
576 {
577     std::cout << "\nArgs:";
578     std::cout << "\n    fd = " << cmpltEvent.start_event.pwritev_args.fd;
579     std::cout << "\n    vec = " << cmpltEvent.start_event.pwritev_args.vec;
580     std::cout << "\n    vlen = " << cmpltEvent.start_event.pwritev_args.vlen;
581     std::cout << "\n    pos = " << cmpltEvent.start_event.pwritev_args.pos;
582     std::cout << "\n    flags = " << cmpltEvent.start_event.pwritev_args.flags;
583     return 0;
584 }
585 
DumpWriteArgs(const struct fstrace_cmplt_event_t & cmpltEvent)586 static int DumpWriteArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
587 {
588     std::cout << "\nArgs:";
589     std::cout << "\n    fd = " << cmpltEvent.start_event.write_args.fd;
590     std::cout << "\n    buf = " << cmpltEvent.start_event.write_args.buf;
591     std::cout << "\n    count = " << cmpltEvent.start_event.write_args.count;
592     return 0;
593 }
594 
DumpPwrite64Args(const struct fstrace_cmplt_event_t & cmpltEvent)595 static int DumpPwrite64Args(const struct fstrace_cmplt_event_t &cmpltEvent)
596 {
597     std::cout << "\nArgs:";
598     std::cout << "\n    fd = " << cmpltEvent.start_event.pwrite64_args.fd;
599     std::cout << "\n    buf = " << cmpltEvent.start_event.pwrite64_args.buf;
600     std::cout << "\n    count = " << cmpltEvent.start_event.pwrite64_args.count;
601     std::cout << "\n    pos = " << cmpltEvent.start_event.pwrite64_args.pos;
602     return 0;
603 }
604 
DumpCloseArgs(const struct fstrace_cmplt_event_t & cmpltEvent)605 static int DumpCloseArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
606 {
607     std::cout << "\nArgs:";
608     std::cout << "\n    files = " << cmpltEvent.start_event.close_args.files;
609     std::cout << "\n    fd = " << cmpltEvent.start_event.close_args.fd;
610     return 0;
611 }
612 
DumpTypeAndArgs(const struct fstrace_cmplt_event_t & cmpltEvent)613 static int DumpTypeAndArgs(const struct fstrace_cmplt_event_t &cmpltEvent)
614 {
615     std::cout << "\nevent type:     ";
616     switch (cmpltEvent.start_event.type) {
617         case SYS_OPENAT2: std::cout << "openat2"; return DumpOpenat2Args(cmpltEvent);
618 
619         case SYS_READV: std::cout << "readv"; return DumpReadvArgs(cmpltEvent);
620         case SYS_PREADV: std::cout << "preadv"; return DumpPreadvArgs(cmpltEvent);
621         case SYS_READ: std::cout << "read"; return DumpReadArgs(cmpltEvent);
622         case SYS_PREAD64: std::cout << "pread64"; return DumpPread64Args(cmpltEvent);
623 
624         case SYS_WRITEV: std::cout << "writev"; return DumpWritevArgs(cmpltEvent);
625         case SYS_PWRITEV: std::cout << "pwritev"; return DumpPwritevArgs(cmpltEvent);
626         case SYS_WRITE: std::cout << "write"; return DumpWriteArgs(cmpltEvent);
627         case SYS_PWRITE64: std::cout << "pwrite64"; return DumpPwrite64Args(cmpltEvent);
628 
629         case SYS_CLOSE: std::cout << "close"; return DumpCloseArgs(cmpltEvent);
630     }
631     HHLOGE(true, "unreognized fstrace event type = %d", cmpltEvent.start_event.type);
632     return -1;
633 }
634 
DumpFSTraceEvent(BPFController * bpfctlr,void * data,size_t dataSize)635 int BPFController::DumpFSTraceEvent(BPFController *bpfctlr, void *data, size_t dataSize)
636 {
637     if (dataSize != sizeof(fstrace_cmplt_event_t)) {
638         std::cout << "DumpFSTraceEvent ERROR: size dismatch:"
639                   << " data size = " << dataSize
640                   << " fstrace event size = " << sizeof(fstrace_cmplt_event_t)
641                   << std::endl;
642         return -1;
643     }
644     struct fstrace_cmplt_event_t cmpltEvent {};
645     if (memcpy_s(&cmpltEvent, sizeof(fstrace_cmplt_event_t), data, dataSize) != EOK) {
646         std::cout << "failed to copy data to fstrace_cmplt_event_t" << std::endl;
647         return -1;
648     }
649     std::cout << "\nFSTrace Event:"
650               << "\ndata size:      " << dataSize;
651     DumpTypeAndArgs(cmpltEvent);
652     std::cout << "\nretval:         " << cmpltEvent.retval
653               << "\nstart time:     " << cmpltEvent.start_event.stime
654               << "\nexit time:      " << cmpltEvent.ctime
655               << "\npid:            " << cmpltEvent.pid
656               << "\ntgid:           " << cmpltEvent.tgid
657               << "\ncomm:           " << cmpltEvent.comm
658               << "\nips:            " << cmpltEvent.nips
659               << "\nips:"
660               << std::setw(WIDE_SIXTEEN) << std::hex;
661     for (uint32_t i = 0; i < cmpltEvent.nips; ++i) {
662         std::cout << "\n    " << cmpltEvent.ips[i];
663     }
664     std::cout << std::dec << std::endl;
665     return 0;
666 }
667 
DumpPFTraceEvent(BPFController * bpfctlr,void * data,size_t dataSize)668 int BPFController::DumpPFTraceEvent(BPFController *bpfctlr, void *data, size_t dataSize)
669 {
670     if (dataSize != sizeof(pftrace_cmplt_event_t)) {
671         std::cout << "DumpPFTraceEvent ERROR: size dismatch:"
672                   << " data size = " << dataSize
673                   << " pftrace event size = " << sizeof(pftrace_cmplt_event_t)
674                   << std::endl;
675         return -1;
676     }
677     struct pftrace_cmplt_event_t cmpltEvent {};
678     if (memcpy_s(&cmpltEvent, sizeof(pftrace_cmplt_event_t), data, dataSize) != EOK) {
679         std::cout << "failed to copy data to pftrace_cmplt_event_t" << std::endl;
680         return -1;
681     }
682     std::cout << "PFTrace Event:"
683               << "\ndata size:      " << dataSize
684               << "\nevent type:     ";
685     switch (cmpltEvent.start_event.type) {
686         case PF_COPY_ON_WRITE:  std::cout << "Copy On  Write"; break;
687         case PF_FAKE_ZERO_PAGE: std::cout << "Zero FAKE Page"; break;
688         case PF_FILE_BACKED_IN: std::cout << "File Backed In"; break;
689         case PF_PAGE_CACHE_HIT: std::cout << "Page Cache Hit"; break;
690         case PF_SWAP_FROM_DISK: std::cout << "Swap From Disk"; break;
691         case PF_SWAP_FROM_ZRAM: std::cout << "Swap From Zram"; break;
692         case PF_ZERO_FILL_PAGE: std::cout << "Zero Fill Page"; break;
693         default: std::cout << cmpltEvent.start_event.type;
694     }
695     std::cout << "\naddress:        " << cmpltEvent.start_event.addr
696               << "\nsize:           " << cmpltEvent.size
697               << "\nstart time:     " << cmpltEvent.start_event.stime
698               << "\nexit time:      " << cmpltEvent.ctime
699               << "\npid:            " << cmpltEvent.pid
700               << "\ntgid:           " << cmpltEvent.tgid
701               << "\ncomm:           " << cmpltEvent.comm
702               << "\nips:            " << cmpltEvent.nips
703               << std::setw(WIDE_SIXTEEN) << std::hex;
704     for (uint32_t i = 0; i < cmpltEvent.nips; ++i) {
705         std::cout << "\n    " << cmpltEvent.ips[i];
706     }
707     std::cout << std::dec << std::endl;
708     return 0;
709 }
710 
DumpBIOTraceEvent(BPFController * bpfctlr,void * data,size_t dataSize)711 int BPFController::DumpBIOTraceEvent(BPFController *bpfctlr, void *data, size_t dataSize)
712 {
713     if (dataSize != sizeof(biotrace_cmplt_event_t)) {
714         std::cout << "DumpBIOTraceEvent ERROR: size dismatch:"
715                   << " data size = " << dataSize
716                   << " biotrace event size = " << sizeof(biotrace_cmplt_event_t)
717                   << std::endl;
718         return -1;
719     }
720     struct biotrace_cmplt_event_t cmpltEvent {};
721     if (memcpy_s(&cmpltEvent, sizeof(biotrace_cmplt_event_t), data, dataSize) != EOK) {
722         std::cout << "failed to copy data to biotrace_cmplt_event_t" << std::endl;
723         return -1;
724     }
725     std::cout << "BIOTrace Event:"
726               << "\ndata size:      " << dataSize
727               << "\nevent type:     ";
728     switch (cmpltEvent.start_event.type) {
729         case BIO_DATA_READ: std::cout << "DATA_READ"; break;
730         case BIO_DATA_WRITE: std::cout << "DATA_WRITE"; break;
731         case BIO_METADATA_READ: std::cout << "METADATA_READ"; break;
732         case BIO_METADATA_WRITE: std::cout << "METADATA_WRITE"; break;
733         case BIO_PAGE_IN: std::cout << "PAGE_IN"; break;
734         case BIO_PAGE_OUT: std::cout << "PAGE_OUT"; break;
735         default: std::cout << cmpltEvent.start_event.type;
736     }
737 
738     std::cout << "\nstart time:     " << cmpltEvent.start_event.stime
739               << "\nexit time:      " << cmpltEvent.ctime
740               << "\npid:            " << cmpltEvent.start_event.pid
741               << "\ntgid:           " << cmpltEvent.start_event.tgid
742               << "\ncomm:           " << cmpltEvent.start_event.comm
743               << "\nprio:           " << cmpltEvent.prio
744               << "\nsize:           " << cmpltEvent.start_event.size
745               << "\nblkcnt:         " << cmpltEvent.blkcnt
746               << "\nips:            " << cmpltEvent.nips
747               << std::setw(WIDE_SIXTEEN) << std::hex;
748     for (uint32_t i = 0; i < cmpltEvent.nips; ++i) {
749         std::cout << "\n    " << cmpltEvent.ips[i];
750     }
751     std::cout << std::dec << std::endl;
752     return 0;
753 }
754 
DumpSTRTraceEvent(void * data,size_t dataSize)755 int BPFController::DumpSTRTraceEvent(void *data, size_t dataSize)
756 {
757     if (dataSize != sizeof(strtrace_cmplt_event_t)) {
758         std::cout << "DumpSTRTraceEvent ERROR: size dismatch:"
759                   << " data size = " << dataSize
760                   << " strtrace event size = " << sizeof(strtrace_cmplt_event_t)
761                   << std::endl;
762         return -1;
763     }
764     struct strtrace_cmplt_event_t cmpltEvent {};
765     if (memcpy_s(&cmpltEvent, sizeof(strtrace_cmplt_event_t), data, dataSize) != EOK) {
766         std::cout << "failed to copy data to strtrace_cmplt_event_t" << std::endl;
767         return -1;
768     }
769     std::cout << "STRTrace Event:"
770               << "\ndata size:      " << dataSize
771               << "\ntracer:         " << cmpltEvent.start_event.stracer
772               << "\ntype:           " << cmpltEvent.start_event.type
773               << "\naddress:        " << cmpltEvent.start_event.addr
774               << "\nstart time:     " << cmpltEvent.start_event.stime
775               << "\npid:            " << cmpltEvent.pid
776               << "\ntgid:           " << cmpltEvent.tgid
777               << "\nfilename len:   " << cmpltEvent.len
778               << "\nfilename:       " << cmpltEvent.filename
779               << std::endl;
780     return 0;
781 }
782 
DumpEvent(void * ctx,void * data,size_t dataSize)783 int BPFController::DumpEvent(void *ctx, void *data, size_t dataSize)
784 {
785     const __u32 *tracer = static_cast<const __u32 *>(data);
786     BPFController *bpfctlr = static_cast<BPFController *>(ctx);
787     if (bpfctlr->config_.dumpEvents_) {
788         --bpfctlr->config_.dumpEvents_;
789         static __u32 counter {0};
790         std::cout << "\ncounter = " << ++counter;
791         switch (*tracer) {
792             case FSTRACE: return DumpFSTraceEvent(bpfctlr, data, dataSize);
793             case PFTRACE: return DumpPFTraceEvent(bpfctlr, data, dataSize);
794             case BIOTRACE: return DumpBIOTraceEvent(bpfctlr, data, dataSize);
795             case STRTRACE: return DumpSTRTraceEvent(data, dataSize);
796         }
797         std::cout << "DumpEvent ERROR: bad tracer type = " << (*tracer) << std::endl;
798     }
799     return 0;
800 }
801 
NextActiveReceiver()802 std::weak_ptr<BPFEventReceiver> BPFController::NextActiveReceiver()
803 {
804     __u32 next = last_ + 1;
805     __u32 total = receivers_.size();
806     for (;;) {
807         if (next >= total) {
808             next -= total;
809         }
810         if (receivers_[next]->Running() or next == last_) {
811             break;
812         }
813         ++next;
814     }
815     if (receivers_[next]->Running()) {
816         last_ = next;
817         return receivers_[last_];
818     }
819     return std::weak_ptr<BPFEventReceiver>();
820 }