ebpf.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526
  1. // SPDX-License-Identifier: GPL-3.0-or-later
  2. #include <sys/types.h>
  3. #include <sys/stat.h>
  4. #include <fcntl.h>
  5. #include <dlfcn.h>
  6. #include <sys/utsname.h>
  7. #include "../libnetdata.h"
  8. char *ebpf_user_config_dir = CONFIG_DIR;
  9. char *ebpf_stock_config_dir = LIBCONFIG_DIR;
  10. /*
  11. static int clean_kprobe_event(FILE *out, char *filename, char *father_pid, netdata_ebpf_events_t *ptr)
  12. {
  13. int fd = open(filename, O_WRONLY | O_APPEND, 0);
  14. if (fd < 0) {
  15. if (out) {
  16. fprintf(out, "Cannot open %s : %s\n", filename, strerror(errno));
  17. }
  18. return 1;
  19. }
  20. char cmd[1024];
  21. int length = snprintf(cmd, 1023, "-:kprobes/%c_netdata_%s_%s", ptr->type, ptr->name, father_pid);
  22. int ret = 0;
  23. if (length > 0) {
  24. ssize_t written = write(fd, cmd, strlen(cmd));
  25. if (written < 0) {
  26. if (out) {
  27. fprintf(
  28. out, "Cannot remove the event (%d, %d) '%s' from %s : %s\n", getppid(), getpid(), cmd, filename,
  29. strerror((int)errno));
  30. }
  31. ret = 1;
  32. }
  33. }
  34. close(fd);
  35. return ret;
  36. }
  37. int clean_kprobe_events(FILE *out, int pid, netdata_ebpf_events_t *ptr)
  38. {
  39. debug(D_EXIT, "Cleaning parent process events.");
  40. char filename[FILENAME_MAX + 1];
  41. snprintf(filename, FILENAME_MAX, "%s%s", NETDATA_DEBUGFS, "kprobe_events");
  42. char removeme[16];
  43. snprintf(removeme, 15, "%d", pid);
  44. int i;
  45. for (i = 0; ptr[i].name; i++) {
  46. if (clean_kprobe_event(out, filename, removeme, &ptr[i])) {
  47. break;
  48. }
  49. }
  50. return 0;
  51. }
  52. */
  53. //----------------------------------------------------------------------------------------------------------------------
  54. int get_kernel_version(char *out, int size)
  55. {
  56. char major[16], minor[16], patch[16];
  57. char ver[VERSION_STRING_LEN];
  58. char *version = ver;
  59. out[0] = '\0';
  60. int fd = open("/proc/sys/kernel/osrelease", O_RDONLY);
  61. if (fd < 0)
  62. return -1;
  63. ssize_t len = read(fd, ver, sizeof(ver));
  64. if (len < 0) {
  65. close(fd);
  66. return -1;
  67. }
  68. close(fd);
  69. char *move = major;
  70. while (*version && *version != '.')
  71. *move++ = *version++;
  72. *move = '\0';
  73. version++;
  74. move = minor;
  75. while (*version && *version != '.')
  76. *move++ = *version++;
  77. *move = '\0';
  78. if (*version)
  79. version++;
  80. else
  81. return -1;
  82. move = patch;
  83. while (*version && *version != '\n' && *version != '-')
  84. *move++ = *version++;
  85. *move = '\0';
  86. fd = snprintf(out, (size_t)size, "%s.%s.%s", major, minor, patch);
  87. if (fd > size)
  88. error("The buffer to store kernel version is not smaller than necessary.");
  89. return ((int)(str2l(major) * 65536) + (int)(str2l(minor) * 256) + (int)str2l(patch));
  90. }
  91. int get_redhat_release()
  92. {
  93. char buffer[VERSION_STRING_LEN + 1];
  94. int major, minor;
  95. FILE *fp = fopen("/etc/redhat-release", "r");
  96. if (fp) {
  97. major = 0;
  98. minor = -1;
  99. size_t length = fread(buffer, sizeof(char), VERSION_STRING_LEN, fp);
  100. if (length > 4) {
  101. buffer[length] = '\0';
  102. char *end = strchr(buffer, '.');
  103. char *start;
  104. if (end) {
  105. *end = 0x0;
  106. if (end > buffer) {
  107. start = end - 1;
  108. major = strtol(start, NULL, 10);
  109. start = ++end;
  110. end++;
  111. if (end) {
  112. end = 0x00;
  113. minor = strtol(start, NULL, 10);
  114. } else {
  115. minor = -1;
  116. }
  117. }
  118. }
  119. }
  120. fclose(fp);
  121. return ((major * 256) + minor);
  122. } else {
  123. return -1;
  124. }
  125. }
  126. /**
  127. * Check if the kernel is in a list of rejected ones
  128. *
  129. * @return Returns 1 if the kernel is rejected, 0 otherwise.
  130. */
  131. static int kernel_is_rejected()
  132. {
  133. // Get kernel version from system
  134. char version_string[VERSION_STRING_LEN + 1];
  135. int version_string_len = 0;
  136. if (read_file("/proc/version_signature", version_string, VERSION_STRING_LEN)) {
  137. if (read_file("/proc/version", version_string, VERSION_STRING_LEN)) {
  138. struct utsname uname_buf;
  139. if (!uname(&uname_buf)) {
  140. info("Cannot check kernel version");
  141. return 0;
  142. }
  143. version_string_len =
  144. snprintfz(version_string, VERSION_STRING_LEN, "%s %s", uname_buf.release, uname_buf.version);
  145. }
  146. }
  147. if (!version_string_len)
  148. version_string_len = strlen(version_string);
  149. // Open a file with a list of rejected kernels
  150. char *config_dir = getenv("NETDATA_USER_CONFIG_DIR");
  151. if (config_dir == NULL) {
  152. config_dir = CONFIG_DIR;
  153. }
  154. char filename[FILENAME_MAX + 1];
  155. snprintfz(filename, FILENAME_MAX, "%s/ebpf.d/%s", config_dir, EBPF_KERNEL_REJECT_LIST_FILE);
  156. FILE *kernel_reject_list = fopen(filename, "r");
  157. if (!kernel_reject_list) {
  158. // Keep this to have compatibility with old versions
  159. snprintfz(filename, FILENAME_MAX, "%s/%s", config_dir, EBPF_KERNEL_REJECT_LIST_FILE);
  160. kernel_reject_list = fopen(filename, "r");
  161. if (!kernel_reject_list) {
  162. config_dir = getenv("NETDATA_STOCK_CONFIG_DIR");
  163. if (config_dir == NULL) {
  164. config_dir = LIBCONFIG_DIR;
  165. }
  166. snprintfz(filename, FILENAME_MAX, "%s/ebpf.d/%s", config_dir, EBPF_KERNEL_REJECT_LIST_FILE);
  167. kernel_reject_list = fopen(filename, "r");
  168. if (!kernel_reject_list)
  169. return 0;
  170. }
  171. }
  172. // Find if the kernel is in the reject list
  173. char *reject_string = NULL;
  174. size_t buf_len = 0;
  175. ssize_t reject_string_len;
  176. while ((reject_string_len = getline(&reject_string, &buf_len, kernel_reject_list) - 1) > 0) {
  177. if (version_string_len >= reject_string_len) {
  178. if (!strncmp(version_string, reject_string, reject_string_len)) {
  179. info("A buggy kernel is detected");
  180. fclose(kernel_reject_list);
  181. freez(reject_string);
  182. return 1;
  183. }
  184. }
  185. }
  186. fclose(kernel_reject_list);
  187. freez(reject_string);
  188. return 0;
  189. }
  190. static int has_ebpf_kernel_version(int version)
  191. {
  192. if (kernel_is_rejected())
  193. return 0;
  194. // Kernel 4.11.0 or RH > 7.5
  195. return (version >= NETDATA_MINIMUM_EBPF_KERNEL || get_redhat_release() >= NETDATA_MINIMUM_RH_VERSION);
  196. }
  197. int has_condition_to_run(int version)
  198. {
  199. if (!has_ebpf_kernel_version(version))
  200. return 0;
  201. return 1;
  202. }
  203. //----------------------------------------------------------------------------------------------------------------------
  204. char *ebpf_kernel_suffix(int version, int isrh)
  205. {
  206. if (isrh) {
  207. if (version >= NETDATA_EBPF_KERNEL_4_11)
  208. return "4.18";
  209. else
  210. return "3.10";
  211. } else {
  212. if (version >= NETDATA_EBPF_KERNEL_5_11)
  213. return "5.11";
  214. else if (version >= NETDATA_EBPF_KERNEL_5_10)
  215. return "5.10";
  216. else if (version >= NETDATA_EBPF_KERNEL_4_17)
  217. return "5.4";
  218. else if (version >= NETDATA_EBPF_KERNEL_4_15)
  219. return "4.16";
  220. else if (version >= NETDATA_EBPF_KERNEL_4_11)
  221. return "4.14";
  222. }
  223. return NULL;
  224. }
  225. //----------------------------------------------------------------------------------------------------------------------
  226. int ebpf_update_kernel(ebpf_data_t *ed)
  227. {
  228. char *kernel = ebpf_kernel_suffix(ed->running_on_kernel, (ed->isrh < 0) ? 0 : 1);
  229. size_t length = strlen(kernel);
  230. strncpyz(ed->kernel_string, kernel, length);
  231. ed->kernel_string[length] = '\0';
  232. return 0;
  233. }
  234. static int select_file(char *name, const char *program, size_t length, int mode, char *kernel_string)
  235. {
  236. int ret = -1;
  237. if (!mode)
  238. ret = snprintf(name, length, "rnetdata_ebpf_%s.%s.o", program, kernel_string);
  239. else if (mode == 1)
  240. ret = snprintf(name, length, "dnetdata_ebpf_%s.%s.o", program, kernel_string);
  241. else if (mode == 2)
  242. ret = snprintf(name, length, "pnetdata_ebpf_%s.%s.o", program, kernel_string);
  243. return ret;
  244. }
  245. void ebpf_update_pid_table(ebpf_local_maps_t *pid, ebpf_module_t *em)
  246. {
  247. pid->user_input = em->pid_map_size;
  248. }
  249. void ebpf_update_map_sizes(struct bpf_object *program, ebpf_module_t *em)
  250. {
  251. struct bpf_map *map;
  252. ebpf_local_maps_t *maps = em->maps;
  253. if (!maps)
  254. return;
  255. bpf_map__for_each(map, program)
  256. {
  257. const char *map_name = bpf_map__name(map);
  258. int i = 0; ;
  259. while (maps[i].name) {
  260. ebpf_local_maps_t *w = &maps[i];
  261. if (w->user_input != w->internal_input && !strcmp(w->name, map_name)) {
  262. #ifdef NETDATA_INTERNAL_CHECKS
  263. info("Changing map %s from size %u to %u ", map_name, w->internal_input, w->user_input);
  264. #endif
  265. bpf_map__resize(map, w->user_input);
  266. }
  267. i++;
  268. }
  269. }
  270. }
  271. size_t ebpf_count_programs(struct bpf_object *obj)
  272. {
  273. size_t tot = 0;
  274. struct bpf_program *prog;
  275. bpf_object__for_each_program(prog, obj)
  276. {
  277. tot++;
  278. }
  279. return tot;
  280. }
  281. static ebpf_specify_name_t *ebpf_find_names(ebpf_specify_name_t *names, const char *prog_name)
  282. {
  283. size_t i = 0;
  284. while (names[i].program_name) {
  285. if (!strcmp(prog_name, names[i].program_name))
  286. return &names[i];
  287. i++;
  288. }
  289. return NULL;
  290. }
  291. static struct bpf_link **ebpf_attach_programs(struct bpf_object *obj, size_t length, ebpf_specify_name_t *names)
  292. {
  293. struct bpf_link **links = callocz(length , sizeof(struct bpf_link *));
  294. size_t i = 0;
  295. struct bpf_program *prog;
  296. bpf_object__for_each_program(prog, obj)
  297. {
  298. links[i] = bpf_program__attach(prog);
  299. if (libbpf_get_error(links[i]) && names) {
  300. const char *name = bpf_program__name(prog);
  301. ebpf_specify_name_t *w = ebpf_find_names(names, name);
  302. if (w) {
  303. enum bpf_prog_type type = bpf_program__get_type(prog);
  304. if (type == BPF_PROG_TYPE_KPROBE)
  305. links[i] = bpf_program__attach_kprobe(prog, w->retprobe, w->optional);
  306. }
  307. }
  308. if (libbpf_get_error(links[i])) {
  309. links[i] = NULL;
  310. }
  311. i++;
  312. }
  313. return links;
  314. }
  315. struct bpf_link **ebpf_load_program(char *plugins_dir, ebpf_module_t *em, char *kernel_string,
  316. struct bpf_object **obj, int *map_fd)
  317. {
  318. char lpath[4096];
  319. char lname[128];
  320. int test = select_file(lname, em->thread_name, (size_t)127, em->mode, kernel_string);
  321. if (test < 0 || test > 127)
  322. return NULL;
  323. snprintf(lpath, 4096, "%s/ebpf.d/%s", plugins_dir, lname);
  324. *obj = bpf_object__open_file(lpath, NULL);
  325. if (libbpf_get_error(obj)) {
  326. error("Cannot open BPF object %s", lpath);
  327. bpf_object__close(*obj);
  328. return NULL;
  329. }
  330. ebpf_update_map_sizes(*obj, em);
  331. if (bpf_object__load(*obj)) {
  332. error("ERROR: loading BPF object file failed %s\n", lpath);
  333. bpf_object__close(*obj);
  334. return NULL;
  335. }
  336. struct bpf_map *map;
  337. size_t i = 0;
  338. bpf_map__for_each(map, *obj)
  339. {
  340. map_fd[i] = bpf_map__fd(map);
  341. i++;
  342. }
  343. size_t count_programs = ebpf_count_programs(*obj);
  344. return ebpf_attach_programs(*obj, count_programs, em->names);
  345. }
  346. static char *ebpf_update_name(char *search)
  347. {
  348. char filename[FILENAME_MAX + 1];
  349. char *ret = NULL;
  350. snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, NETDATA_KALLSYMS);
  351. procfile *ff = procfile_open(filename, " \t", PROCFILE_FLAG_DEFAULT);
  352. if(unlikely(!ff)) {
  353. error("Cannot open %s%s", netdata_configured_host_prefix, NETDATA_KALLSYMS);
  354. return ret;
  355. }
  356. ff = procfile_readall(ff);
  357. if(unlikely(!ff))
  358. return ret;
  359. unsigned long i, lines = procfile_lines(ff);
  360. size_t length = strlen(search);
  361. for(i = 0; i < lines ; i++) {
  362. char *cmp = procfile_lineword(ff, i,2);;
  363. if (!strncmp(search, cmp, length)) {
  364. ret = strdupz(cmp);
  365. break;
  366. }
  367. }
  368. procfile_close(ff);
  369. return ret;
  370. }
  371. void ebpf_update_names(ebpf_specify_name_t *opt, ebpf_module_t *em)
  372. {
  373. int mode = em->mode;
  374. em->names = opt;
  375. size_t i = 0;
  376. while (opt[i].program_name) {
  377. opt[i].retprobe = (mode == MODE_RETURN);
  378. opt[i].optional = ebpf_update_name(opt[i].function_to_attach);
  379. i++;
  380. }
  381. }
  382. //----------------------------------------------------------------------------------------------------------------------
  383. void ebpf_mount_config_name(char *filename, size_t length, char *path, char *config)
  384. {
  385. snprintf(filename, length, "%s/ebpf.d/%s", path, config);
  386. }
  387. int ebpf_load_config(struct config *config, char *filename)
  388. {
  389. return appconfig_load(config, filename, 0, NULL);
  390. }
  391. static netdata_run_mode_t ebpf_select_mode(char *mode)
  392. {
  393. if (!strcasecmp(mode, "return"))
  394. return MODE_RETURN;
  395. else if (!strcasecmp(mode, "dev"))
  396. return MODE_DEVMODE;
  397. return MODE_ENTRY;
  398. }
  399. void ebpf_update_module_using_config(ebpf_module_t *modules, struct config *cfg)
  400. {
  401. char *mode = appconfig_get(cfg, EBPF_GLOBAL_SECTION, EBPF_CFG_LOAD_MODE, EBPF_CFG_LOAD_MODE_DEFAULT);
  402. modules->mode = ebpf_select_mode(mode);
  403. modules->update_time = (int)appconfig_get_number(cfg, EBPF_GLOBAL_SECTION, EBPF_CFG_UPDATE_EVERY, 1);
  404. modules->apps_charts = appconfig_get_boolean(cfg, EBPF_GLOBAL_SECTION, EBPF_CFG_APPLICATION,
  405. CONFIG_BOOLEAN_YES);
  406. modules->pid_map_size = (uint32_t)appconfig_get_number(cfg, EBPF_GLOBAL_SECTION, EBPF_CFG_PID_SIZE,
  407. modules->pid_map_size);
  408. }
  409. /**
  410. * Update module
  411. *
  412. * When this function is called, it will load the configuration file and after this
  413. * it updates the global information of ebpf_module.
  414. * If the module has specific configuration, this function will load it, but it will not
  415. * update the variables.
  416. *
  417. * @param em the module structure
  418. * @param cfg the configuration structure
  419. * @param cfg_file the filename to load
  420. */
  421. void ebpf_update_module(ebpf_module_t *em, struct config *cfg, char *cfg_file)
  422. {
  423. char filename[FILENAME_MAX+1];
  424. ebpf_mount_config_name(filename, FILENAME_MAX, ebpf_user_config_dir, cfg_file);
  425. if (!ebpf_load_config(cfg, filename)) {
  426. ebpf_mount_config_name(filename, FILENAME_MAX, ebpf_stock_config_dir, cfg_file);
  427. if (!ebpf_load_config(cfg, filename)) {
  428. error("Cannot load the ebpf configuration file %s", cfg_file);
  429. return;
  430. }
  431. }
  432. ebpf_update_module_using_config(em, cfg);
  433. }