add verify userspace program

eunomia-bpf · Dec 4, 2024 · eeda781 · eeda781
1 parent 1696b2b
commit eeda781
Show file tree

Hide file tree

Showing 37 changed files with 2,686 additions and 5 deletions.
diff --git a/src/38-btf-uprobe/.gitignore b/src/38-btf-uprobe/.gitignore
@@ -2,3 +2,4 @@
 uprobe
 merge-btf
 *.btf
+uprobe_failed
diff --git a/src/38-btf-uprobe/Makefile b/src/38-btf-uprobe/Makefile
@@ -66,7 +66,14 @@ $(call allow-override,CC,$(CROSS_COMPILE)cc)
 $(call allow-override,LD,$(CROSS_COMPILE)ld)
 
 .PHONY: all
-all: $(APPS) merge-btf
+all: $(APPS) merge-btf all-btf
+
+.PHONY: all-btf
+all-btf: merge-btf
+	make -C examples
+	./merge-btf /sys/kernel/btf/vmlinux examples/base-new.btf target-base-new.btf
+	./merge-btf /sys/kernel/btf/vmlinux examples/base.btf target-base.btf
+	./merge-btf /sys/kernel/btf/vmlinux examples/base-complete.btf target-base-complete.btf
 
 .PHONY: clean
 clean:

diff --git a/src/38-btf-uprobe/README.zh.md b/src/38-btf-uprobe/README.zh.md
@@ -112,7 +112,7 @@ int main(int argc, char **argv) {
 我们可以使用pahole和clang来生成每个版本的btf。制作示例并生成btf:
 
 ```sh
-make -C example # it's like: pahole --btf_encode_detached base.btf btf-base.o
+make -C examples # it's like: pahole --btf_encode_detached base.btf btf-base.o
 ```
 
 然后我们执行eBPF程序和用户空间程序。 对于 `btf-base`：
@@ -197,6 +197,27 @@ char LICENSE[] SEC("license") = "Dual BSD/GPL";
 
 `struct data`的记录在eBPF程序中被保留下来。然后，我们可以使用 `btf-base.btf`来编译eBPF程序。
 
+这时，如果未提供用户态的 BTF 信息，会导致验证失败：
+
+```console
+# ./uprobe examples/btf-base 
+.....
+; int BPF_UPROBE(add_test, struct data *d) @ uprobe.bpf.c:23
+0: (79) r6 = *(u64 *)(r1 +112)        ; R1=ctx() R6_w=scalar()
+1: (b7) r7 = 0                        ; R7_w=0
+; int a = 0, c = 0; @ uprobe.bpf.c:25
+2: (63) *(u32 *)(r10 -4) = r7         ; R7_w=0 R10=fp0 fp-8=0000????
+3: (63) *(u32 *)(r10 -8) = r7         ; R7_w=0 R10=fp0 fp-8=00000
+4: <invalid CO-RE relocation>
+failed to resolve CO-RE relocation <byte_off> [17] struct data.a (0:0 @ offset 0)
+processed 5 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
+-- END PROG LOAD LOG --
+libbpf: prog 'add_test': failed to load: -22
+libbpf: failed to load object 'uprobe_bpf'
+libbpf: failed to load BPF skeleton 'uprobe_bpf': -22
+Failed to load and verify BPF skeleton
+```
+
 将用户btf与内核btf合并，这样我们就有了一个完整的内核和用户空间的btf:
 
 ```sh

diff --git a/src/38-btf-uprobe/examples/.gitignore b/src/38-btf-uprobe/examples/.gitignore
@@ -2,3 +2,4 @@
 *.btf
 btf-base
 btf-base-new
+btf-base-complete
diff --git a/src/38-btf-uprobe/examples/Makefile b/src/38-btf-uprobe/examples/Makefile
@@ -7,7 +7,7 @@ BPF_SRCS = $(wildcard *.bpf.c)
 # BPF object files
 BPF_OBJS = $(BPF_SRCS:.c=.o)
 
-all: $(BPF_OBJS) base.btf btf-base btf-base-new base-new.btf
+all: $(BPF_OBJS) base.btf btf-base btf-base-new btf-base-complete base-new.btf base-complete.btf
 
 %.bpf.o: %.bpf.c
 	$(BPF_CC) $(BPF_CFLAGS) $< -o $@
@@ -18,9 +18,15 @@ btf-base.o: btf-base.c
 btf-base-new.o: btf-base-new.c
 	clang -g -c btf-base-new.c -o btf-base-new.o
 
+btf-base-complete.o: btf-base-complete.c
+	clang -g -c btf-base-complete.c -o btf-base-complete.o
+
 base.btf: btf-base.o
 	pahole --btf_encode_detached base.btf btf-base.o
 
+base-complete.btf: btf-base-complete.o
+	pahole --btf_encode_detached base-complete.btf btf-base-complete.o
+
 base-new.btf: btf-base-new.o
 	pahole --btf_encode_detached base-new.btf btf-base-new.o
 
@@ -29,7 +35,9 @@ btf-base: btf-base.o
 
 btf-base-new: btf-base-new.o
 	clang -g btf-base-new.o -o btf-base-new
-
+
+btf-base-complete: btf-base-complete.o
+	clang -g btf-base-complete.o -o btf-base-complete
 
 clean:
-	rm -f *.o *.btf btf-base btf-base-new
+	rm -f *.o *.btf btf-base btf-base-new btf-base-complete
diff --git a/src/38-btf-uprobe/examples/btf-base-complete.c b/src/38-btf-uprobe/examples/btf-base-complete.c
@@ -0,0 +1,54 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+struct deep_memory_block {
+    int a;
+    char b[10];
+};
+
+struct inner_memory_block {
+    int a;
+    char b[10];
+    struct deep_memory_block *deep;
+};
+
+struct data {
+        int a;
+        int b;
+        int c;
+        int d;
+        // represent a pointer to a memory block
+        struct inner_memory_block *inner;
+};
+
+// hook function to be called by eBPF program
+int add_test(struct data *d) {
+    return d->a + d->c;
+}
+
+struct data* my_alloc_data() {
+    printf("my_alloc_data\n");
+    struct data *d = (struct data*)calloc(1, sizeof(struct data));
+    d->inner = (struct inner_memory_block*)calloc(1, sizeof(struct inner_memory_block));
+    d->inner->deep = (struct deep_memory_block*)calloc(1, sizeof(struct deep_memory_block));
+    return d;
+}
+
+void my_free_data(struct data *d) {
+    printf("my_free_data\n");
+    free(d->inner->deep);
+    free(d->inner);
+    free(d);
+}
+
+int main(int argc, char **argv) {
+    struct data *d = my_alloc_data();
+    d->a = 1;
+    d->c = 3;
+    d->b = 5;
+    d->d = 7;
+    printf("add_test(&d) = %d\n", add_test(d));
+    my_free_data(d);
+    return 0;
+}
+
-Original file line number
+Diff line change
@@ Expand Up / @@ -2,3 +2,4 @@ @@
     uprobe
     merge-btf
     *.btf
+    uprobe_failed