diff options
Diffstat (limited to 'libnetdata/ebpf')
-rw-r--r-- | libnetdata/ebpf/Makefile.am | 8 | ||||
-rw-r--r-- | libnetdata/ebpf/README.md | 5 | ||||
-rw-r--r-- | libnetdata/ebpf/ebpf.c | 324 | ||||
-rw-r--r-- | libnetdata/ebpf/ebpf.h | 105 |
4 files changed, 442 insertions, 0 deletions
diff --git a/libnetdata/ebpf/Makefile.am b/libnetdata/ebpf/Makefile.am new file mode 100644 index 0000000..161784b --- /dev/null +++ b/libnetdata/ebpf/Makefile.am @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +AUTOMAKE_OPTIONS = subdir-objects +MAINTAINERCLEANFILES = $(srcdir)/Makefile.in + +dist_noinst_DATA = \ + README.md \ + $(NULL) diff --git a/libnetdata/ebpf/README.md b/libnetdata/ebpf/README.md new file mode 100644 index 0000000..09c6607 --- /dev/null +++ b/libnetdata/ebpf/README.md @@ -0,0 +1,5 @@ +<!-- +custom_edit_url: https://github.com/netdata/netdata/edit/master/libnetdata/ebpf/README.md +--> + +[![analytics](https://www.google-analytics.com/collect?v=1&aip=1&t=pageview&_s=1&ds=github&dr=https%3A%2F%2Fgithub.com%2Fnetdata%2Fnetdata&dl=https%3A%2F%2Fmy-netdata.io%2Fgithub%2Flibnetdata%2Febpf%2FREADME&_u=MAC~&cid=5792dfd7-8dc4-476b-af31-da2fdb9f93d2&tid=UA-64295674-3)](<>) diff --git a/libnetdata/ebpf/ebpf.c b/libnetdata/ebpf/ebpf.c new file mode 100644 index 0000000..a9ff21f --- /dev/null +++ b/libnetdata/ebpf/ebpf.c @@ -0,0 +1,324 @@ +// SPDX-License-Identifier: GPL-3.0-or-later + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <dlfcn.h> +#include <sys/utsname.h> + +#include "../libnetdata.h" + +/* +static int clean_kprobe_event(FILE *out, char *filename, char *father_pid, netdata_ebpf_events_t *ptr) +{ + int fd = open(filename, O_WRONLY | O_APPEND, 0); + if (fd < 0) { + if (out) { + fprintf(out, "Cannot open %s : %s\n", filename, strerror(errno)); + } + return 1; + } + + char cmd[1024]; + int length = snprintf(cmd, 1023, "-:kprobes/%c_netdata_%s_%s", ptr->type, ptr->name, father_pid); + int ret = 0; + if (length > 0) { + ssize_t written = write(fd, cmd, strlen(cmd)); + if (written < 0) { + if (out) { + fprintf( + out, "Cannot remove the event (%d, %d) '%s' from %s : %s\n", getppid(), getpid(), cmd, filename, + strerror((int)errno)); + } + ret = 1; + } + } + + close(fd); + + return ret; +} + +int clean_kprobe_events(FILE *out, int pid, netdata_ebpf_events_t *ptr) +{ + debug(D_EXIT, "Cleaning parent process events."); + char filename[FILENAME_MAX + 1]; + snprintf(filename, FILENAME_MAX, "%s%s", NETDATA_DEBUGFS, "kprobe_events"); + + char removeme[16]; + snprintf(removeme, 15, "%d", pid); + + int i; + for (i = 0; ptr[i].name; i++) { + if (clean_kprobe_event(out, filename, removeme, &ptr[i])) { + break; + } + } + + return 0; +} +*/ + +//---------------------------------------------------------------------------------------------------------------------- + +int get_kernel_version(char *out, int size) +{ + char major[16], minor[16], patch[16]; + char ver[VERSION_STRING_LEN]; + char *version = ver; + + out[0] = '\0'; + int fd = open("/proc/sys/kernel/osrelease", O_RDONLY); + if (fd < 0) + return -1; + + ssize_t len = read(fd, ver, sizeof(ver)); + if (len < 0) { + close(fd); + return -1; + } + + close(fd); + + char *move = major; + while (*version && *version != '.') + *move++ = *version++; + *move = '\0'; + + version++; + move = minor; + while (*version && *version != '.') + *move++ = *version++; + *move = '\0'; + + if (*version) + version++; + else + return -1; + + move = patch; + while (*version && *version != '\n') + *move++ = *version++; + *move = '\0'; + + fd = snprintf(out, (size_t)size, "%s.%s.%s", major, minor, patch); + if (fd > size) + error("The buffer to store kernel version is not smaller than necessary."); + + return ((int)(str2l(major) * 65536) + (int)(str2l(minor) * 256) + (int)str2l(patch)); +} + +int get_redhat_release() +{ + char buffer[VERSION_STRING_LEN + 1]; + int major, minor; + FILE *fp = fopen("/etc/redhat-release", "r"); + + if (fp) { + major = 0; + minor = -1; + size_t length = fread(buffer, sizeof(char), VERSION_STRING_LEN, fp); + if (length > 4) { + buffer[length] = '\0'; + char *end = strchr(buffer, '.'); + char *start; + if (end) { + *end = 0x0; + + if (end > buffer) { + start = end - 1; + + major = strtol(start, NULL, 10); + start = ++end; + + end++; + if (end) { + end = 0x00; + minor = strtol(start, NULL, 10); + } else { + minor = -1; + } + } + } + } + + fclose(fp); + return ((major * 256) + minor); + } else { + return -1; + } +} + +/** + * Check if the kernel is in a list of rejected ones + * + * @return Returns 1 if the kernel is rejected, 0 otherwise. + */ +static int kernel_is_rejected() +{ + // Get kernel version from system + char version_string[VERSION_STRING_LEN + 1]; + int version_string_len = 0; + + if (read_file("/proc/version_signature", version_string, VERSION_STRING_LEN)) { + if (read_file("/proc/version", version_string, VERSION_STRING_LEN)) { + struct utsname uname_buf; + if (!uname(&uname_buf)) { + info("Cannot check kernel version"); + return 0; + } + version_string_len = + snprintfz(version_string, VERSION_STRING_LEN, "%s %s", uname_buf.release, uname_buf.version); + } + } + + if (!version_string_len) + version_string_len = strlen(version_string); + + // Open a file with a list of rejected kernels + char *config_dir = getenv("NETDATA_USER_CONFIG_DIR"); + if (config_dir == NULL) { + config_dir = CONFIG_DIR; + } + + char filename[FILENAME_MAX + 1]; + snprintfz(filename, FILENAME_MAX, "%s/%s", config_dir, EBPF_KERNEL_REJECT_LIST_FILE); + FILE *kernel_reject_list = fopen(filename, "r"); + + if (!kernel_reject_list) { + config_dir = getenv("NETDATA_STOCK_CONFIG_DIR"); + if (config_dir == NULL) { + config_dir = LIBCONFIG_DIR; + } + + snprintfz(filename, FILENAME_MAX, "%s/%s", config_dir, EBPF_KERNEL_REJECT_LIST_FILE); + kernel_reject_list = fopen(filename, "r"); + + if (!kernel_reject_list) + return 0; + } + + // Find if the kernel is in the reject list + char *reject_string = NULL; + size_t buf_len = 0; + ssize_t reject_string_len; + while ((reject_string_len = getline(&reject_string, &buf_len, kernel_reject_list) - 1) > 0) { + if (version_string_len >= reject_string_len) { + if (!strncmp(version_string, reject_string, reject_string_len)) { + info("A buggy kernel is detected"); + fclose(kernel_reject_list); + freez(reject_string); + return 1; + } + } + } + + fclose(kernel_reject_list); + freez(reject_string); + + return 0; +} + +static int has_ebpf_kernel_version(int version) +{ + if (kernel_is_rejected()) + return 0; + + // Kernel 4.11.0 or RH > 7.5 + return (version >= NETDATA_MINIMUM_EBPF_KERNEL || get_redhat_release() >= NETDATA_MINIMUM_RH_VERSION); +} + +int has_condition_to_run(int version) +{ + if (!has_ebpf_kernel_version(version)) + return 0; + + return 1; +} + +//---------------------------------------------------------------------------------------------------------------------- + +char *ebpf_kernel_suffix(int version, int isrh) +{ + if (isrh) { + if (version >= NETDATA_EBPF_KERNEL_4_11) + return "4.18"; + else + return "3.10"; + } else { + if (version >= NETDATA_EBPF_KERNEL_5_10) + return "5.10"; + else if (version >= NETDATA_EBPF_KERNEL_4_17) + return "5.4"; + else if (version >= NETDATA_EBPF_KERNEL_4_15) + return "4.16"; + else if (version >= NETDATA_EBPF_KERNEL_4_11) + return "4.14"; + } + + return NULL; +} + +//---------------------------------------------------------------------------------------------------------------------- + +int ebpf_update_kernel(ebpf_data_t *ed) +{ + char *kernel = ebpf_kernel_suffix(ed->running_on_kernel, (ed->isrh < 0) ? 0 : 1); + size_t length = strlen(kernel); + strncpyz(ed->kernel_string, kernel, length); + ed->kernel_string[length] = '\0'; + + return 0; +} + +static int select_file(char *name, const char *program, size_t length, int mode, char *kernel_string) +{ + int ret = -1; + if (!mode) + ret = snprintf(name, length, "rnetdata_ebpf_%s.%s.o", program, kernel_string); + else if (mode == 1) + ret = snprintf(name, length, "dnetdata_ebpf_%s.%s.o", program, kernel_string); + else if (mode == 2) + ret = snprintf(name, length, "pnetdata_ebpf_%s.%s.o", program, kernel_string); + + return ret; +} + +struct bpf_link **ebpf_load_program(char *plugins_dir, ebpf_module_t *em, char *kernel_string, struct bpf_object **obj, int *map_fd) +{ + char lpath[4096]; + char lname[128]; + int prog_fd; + + int test = select_file(lname, em->thread_name, (size_t)127, em->mode, kernel_string); + if (test < 0 || test > 127) + return NULL; + + snprintf(lpath, 4096, "%s/%s", plugins_dir, lname); + if (bpf_prog_load(lpath, BPF_PROG_TYPE_KPROBE, obj, &prog_fd)) { + em->enabled = CONFIG_BOOLEAN_NO; + info("Cannot load program: %s", lpath); + return NULL; + } else { + info("The eBPF program %s was loaded with success.", em->thread_name); + } + + struct bpf_map *map; + size_t i = 0; + bpf_map__for_each(map, *obj) + { + map_fd[i] = bpf_map__fd(map); + i++; + } + + struct bpf_program *prog; + struct bpf_link **links = callocz(NETDATA_MAX_PROBES , sizeof(struct bpf_link *)); + i = 0; + bpf_object__for_each_program(prog, *obj) + { + links[i] = bpf_program__attach(prog); + i++; + } + + return links; +} diff --git a/libnetdata/ebpf/ebpf.h b/libnetdata/ebpf/ebpf.h new file mode 100644 index 0000000..d4faccf --- /dev/null +++ b/libnetdata/ebpf/ebpf.h @@ -0,0 +1,105 @@ +// SPDX-License-Identifier: GPL-3.0-or-later + +#ifndef NETDATA_EBPF_H +#define NETDATA_EBPF_H 1 + +#include <bpf/bpf.h> +#include <bpf/libbpf.h> + +#define NETDATA_DEBUGFS "/sys/kernel/debug/tracing/" + +/** + * The next magic number is got doing the following math: + * 294960 = 4*65536 + 11*256 + 0 + * + * For more details, please, read /usr/include/linux/version.h + */ +#define NETDATA_MINIMUM_EBPF_KERNEL 264960 + +/** + * The RedHat magic number was got doing: + * + * 1797 = 7*256 + 5 + * + * For more details, please, read /usr/include/linux/version.h + * in any Red Hat installation. + */ +#define NETDATA_MINIMUM_RH_VERSION 1797 + +/** + * 2048 = 8*256 + 0 + */ +#define NETDATA_RH_8 2048 + +/** + * Kernel 5.10 + * + * 330240 = 5*65536 + 10*256 + */ +#define NETDATA_EBPF_KERNEL_5_10 330240 + +/** + * Kernel 4.17 + * + * 266496 = 4*65536 + 17*256 + */ +#define NETDATA_EBPF_KERNEL_4_17 266496 + +/** + * Kernel 4.15 + * + * 265984 = 4*65536 + 15*256 + */ +#define NETDATA_EBPF_KERNEL_4_15 265984 + +/** + * Kernel 4.11 + * + * 264960 = 4*65536 + 15*256 + */ +#define NETDATA_EBPF_KERNEL_4_11 264960 + +#define VERSION_STRING_LEN 256 +#define EBPF_KERNEL_REJECT_LIST_FILE "ebpf_kernel_reject_list.txt" + +typedef struct ebpf_data { + int *map_fd; + + char *kernel_string; + uint32_t running_on_kernel; + int isrh; +} ebpf_data_t; + +typedef enum { + MODE_RETURN = 0, // This attaches kprobe when the function returns + MODE_DEVMODE, // This stores log given description about the errors raised + MODE_ENTRY // This attaches kprobe when the function is called +} netdata_run_mode_t; + +typedef struct ebpf_module { + const char *thread_name; + const char *config_name; + int enabled; + void *(*start_routine)(void *); + int update_time; + int global_charts; + int apps_charts; + netdata_run_mode_t mode; + uint32_t thread_id; + int optional; +} ebpf_module_t; + +#define NETDATA_MAX_PROBES 64 + +extern int get_kernel_version(char *out, int size); +extern int get_redhat_release(); +extern int has_condition_to_run(int version); +extern char *ebpf_kernel_suffix(int version, int isrh); +extern int ebpf_update_kernel(ebpf_data_t *ef); +extern struct bpf_link **ebpf_load_program(char *plugins_dir, + ebpf_module_t *em, + char *kernel_string, + struct bpf_object **obj, + int *map_fd); + +#endif /* NETDATA_EBPF_H */ |