forked from luck/tmp_suning_uos_patched
63841bc083
Currently, the kprobe BPF program attachment method for bpf_load is quite old. The implementation of bpf_load "directly" controls and manages(create, delete) the kprobe events of DEBUGFS. On the other hand, using using the libbpf automatically manages the kprobe event. (under bpf_link interface) By calling bpf_program__attach(_kprobe) in libbpf, the corresponding kprobe is created and the BPF program will be attached to this kprobe. To remove this, by simply invoking bpf_link__destroy will clean up the event. This commit refactors kprobe tracing programs (tracex{1~7}_user.c) with libbpf using bpf_link interface and bpf_program__attach. tracex2_kern.c, which tracks system calls (sys_*), has been modified to append prefix depending on architecture. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20200516040608.1377876-3-danieltimlee@gmail.com
104 lines
2.2 KiB
C
104 lines
2.2 KiB
C
// SPDX-License-Identifier: GPL-2.0-only
|
|
/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com
|
|
*/
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <signal.h>
|
|
#include <unistd.h>
|
|
#include <stdbool.h>
|
|
#include <string.h>
|
|
#include <time.h>
|
|
#include <sys/resource.h>
|
|
|
|
#include <bpf/bpf.h>
|
|
#include <bpf/libbpf.h>
|
|
|
|
struct pair {
|
|
long long val;
|
|
__u64 ip;
|
|
};
|
|
|
|
static __u64 time_get_ns(void)
|
|
{
|
|
struct timespec ts;
|
|
|
|
clock_gettime(CLOCK_MONOTONIC, &ts);
|
|
return ts.tv_sec * 1000000000ull + ts.tv_nsec;
|
|
}
|
|
|
|
static void print_old_objects(int fd)
|
|
{
|
|
long long val = time_get_ns();
|
|
__u64 key, next_key;
|
|
struct pair v;
|
|
|
|
key = write(1, "\e[1;1H\e[2J", 12); /* clear screen */
|
|
|
|
key = -1;
|
|
while (bpf_map_get_next_key(fd, &key, &next_key) == 0) {
|
|
bpf_map_lookup_elem(fd, &next_key, &v);
|
|
key = next_key;
|
|
if (val - v.val < 1000000000ll)
|
|
/* object was allocated more then 1 sec ago */
|
|
continue;
|
|
printf("obj 0x%llx is %2lldsec old was allocated at ip %llx\n",
|
|
next_key, (val - v.val) / 1000000000ll, v.ip);
|
|
}
|
|
}
|
|
|
|
int main(int ac, char **argv)
|
|
{
|
|
struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
|
|
struct bpf_link *links[2];
|
|
struct bpf_program *prog;
|
|
struct bpf_object *obj;
|
|
char filename[256];
|
|
int map_fd, i, j = 0;
|
|
|
|
if (setrlimit(RLIMIT_MEMLOCK, &r)) {
|
|
perror("setrlimit(RLIMIT_MEMLOCK, RLIM_INFINITY)");
|
|
return 1;
|
|
}
|
|
|
|
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
|
obj = bpf_object__open_file(filename, NULL);
|
|
if (libbpf_get_error(obj)) {
|
|
fprintf(stderr, "ERROR: opening BPF object file failed\n");
|
|
return 0;
|
|
}
|
|
|
|
/* load BPF program */
|
|
if (bpf_object__load(obj)) {
|
|
fprintf(stderr, "ERROR: loading BPF object file failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
map_fd = bpf_object__find_map_fd_by_name(obj, "my_map");
|
|
if (map_fd < 0) {
|
|
fprintf(stderr, "ERROR: finding a map in obj file failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
bpf_object__for_each_program(prog, obj) {
|
|
links[j] = bpf_program__attach(prog);
|
|
if (libbpf_get_error(links[j])) {
|
|
fprintf(stderr, "ERROR: bpf_program__attach failed\n");
|
|
links[j] = NULL;
|
|
goto cleanup;
|
|
}
|
|
j++;
|
|
}
|
|
|
|
for (i = 0; ; i++) {
|
|
print_old_objects(map_fd);
|
|
sleep(1);
|
|
}
|
|
|
|
cleanup:
|
|
for (j--; j >= 0; j--)
|
|
bpf_link__destroy(links[j]);
|
|
|
|
bpf_object__close(obj);
|
|
return 0;
|
|
}
|