yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
pr/Billy99/974
linker-bindep
fix-verifier-blixt
revert-461-main
gh-pages
ci
perf-event
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f301ac9ca'
${ noResults }
aya/bpf/aya-bpf/src/helpers.rs

704 lines
20 KiB
Rust
Raw Normal View History Unescape Escape

aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
//! This module contains kernel helper functions that may be exposed to specific BPF
//! program types. These helpers can be used to perform common tasks, query and operate on
//! data exposed by the kernel, and perform some operations that would normally be denied
//! by the BPF verifier.
//!
//! Here, we provide some higher-level wrappers around the underlying kernel helpers, but
//! also expose bindings to the underlying helpers as a fall-back in case of a missing
//! implementation.
bpf: initial bpf bindings
4 years ago
use core::mem::{self, MaybeUninit};
aya-bpf/helpers: expose raw bindings through helpers::gen Until we add another set of bpf_probe_read_* wrappers for reading into a map pointer, users need access to the underlying bpf_probe_read helper, which is clobbered by this module. This patch enables direct access to the underlying helpers::gen module to support such use cases. In my view, it would also probably make sense to just not export helpers::gen::* and force the user to opt into helpers::gen, but this can be decided on later. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
pub use aya_bpf_bindings::helpers as gen;
bpf(doc): Hide docs of bindings Before this change, documentation of helper functions (defined by us, not bindings) were not visible, because `use gen::*` was overriding them with helpers coming from aya-bpf-bindings, which have the same names and no docs. Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
#[doc(hidden)]
bpf: initial bpf bindings
4 years ago
pub use gen::*;
bpf: add aya-bpf-bindings Move the generated bindings to aya-bpf-bindings.
4 years ago
use crate::cty::{c_char, c_long, c_void};
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read bytes stored at `src` and store them as a `T`.
///
/// Generally speaking, the more specific [`bpf_probe_read_user`] and
/// [`bpf_probe_read_kernel`] should be preferred over this function.
///
/// Returns a bitwise copy of `mem::size_of::<T>()` bytes stored at the user space address
/// `src`. See `bpf_probe_read_kernel` for reading kernel space memory.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read};
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const c_int = 0 as _;
/// let my_int: c_int = unsafe { bpf_probe_read(kernel_ptr)? };
///
/// // Do something with my_int
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
bpf: initial bpf bindings
4 years ago
#[inline]
pub unsafe fn bpf_probe_read<T>(src: *const T) -> Result<T, c_long> {
let mut v: MaybeUninit<T> = MaybeUninit::uninit();
let ret = gen::bpf_probe_read(
v.as_mut_ptr() as *mut c_void,
mem::size_of::<T>() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(v.assume_init())
} else {
Err(ret)
bpf: initial bpf bindings
4 years ago
}
}
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// Read bytes from the pointer `src` into the provided destination buffer.
///
/// Generally speaking, the more specific [`bpf_probe_read_user_buf`] and
/// [`bpf_probe_read_kernel_buf`] should be preferred over this function.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read_buf};
/// # fn try_test() -> Result<(), c_long> {
bpf: fix doc tests
3 years ago
/// # let ptr: *const u8 = 0 as _;
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// let mut buf = [0u8; 16];
/// unsafe { bpf_probe_read_buf(ptr, &mut buf)? };
///
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[inline]
pub unsafe fn bpf_probe_read_buf(src: *const u8, dst: &mut [u8]) -> Result<(), c_long> {
let ret = gen::bpf_probe_read(
dst.as_mut_ptr() as *mut c_void,
dst.len() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(())
} else {
Err(ret)
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
}
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read bytes stored at the _user space_ pointer `src` and store them as a `T`.
///
/// Returns a bitwise copy of `mem::size_of::<T>()` bytes stored at the user space address
/// `src`. See `bpf_probe_read_kernel` for reading kernel space memory.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read_user};
/// # fn try_test() -> Result<(), c_long> {
/// # let user_ptr: *const c_int = 0 as _;
/// let my_int: c_int = unsafe { bpf_probe_read_user(user_ptr)? };
///
/// // Do something with my_int
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[inline]
pub unsafe fn bpf_probe_read_user<T>(src: *const T) -> Result<T, c_long> {
let mut v: MaybeUninit<T> = MaybeUninit::uninit();
let ret = gen::bpf_probe_read_user(
v.as_mut_ptr() as *mut c_void,
mem::size_of::<T>() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(v.assume_init())
} else {
Err(ret)
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
}
}
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// Read bytes from the _user space_ pointer `src` into the provided destination
/// buffer.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read_user_buf};
/// # fn try_test() -> Result<(), c_long> {
bpf: fix doc tests
3 years ago
/// # let user_ptr: *const u8 = 0 as _;
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// let mut buf = [0u8; 16];
/// unsafe { bpf_probe_read_user_buf(user_ptr, &mut buf)? };
///
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[inline]
pub unsafe fn bpf_probe_read_user_buf(src: *const u8, dst: &mut [u8]) -> Result<(), c_long> {
let ret = gen::bpf_probe_read_user(
dst.as_mut_ptr() as *mut c_void,
dst.len() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(())
} else {
Err(ret)
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
}
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read bytes stored at the _kernel space_ pointer `src` and store them as a `T`.
///
/// Returns a bitwise copy of `mem::size_of::<T>()` bytes stored at the kernel space address
/// `src`. See `bpf_probe_read_user` for reading user space memory.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read_kernel};
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const c_int = 0 as _;
/// let my_int: c_int = unsafe { bpf_probe_read_kernel(kernel_ptr)? };
///
/// // Do something with my_int
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[inline]
pub unsafe fn bpf_probe_read_kernel<T>(src: *const T) -> Result<T, c_long> {
let mut v: MaybeUninit<T> = MaybeUninit::uninit();
let ret = gen::bpf_probe_read_kernel(
v.as_mut_ptr() as *mut c_void,
mem::size_of::<T>() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(v.assume_init())
} else {
Err(ret)
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
}
}
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// Read bytes from the _kernel space_ pointer `src` into the provided destination
/// buffer.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::{c_int, c_long}, helpers::bpf_probe_read_kernel_buf};
/// # fn try_test() -> Result<(), c_long> {
bpf: fix doc tests
3 years ago
/// # let kernel_ptr: *const u8 = 0 as _;
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
/// let mut buf = [0u8; 16];
/// unsafe { bpf_probe_read_kernel_buf(kernel_ptr, &mut buf)? };
///
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[inline]
pub unsafe fn bpf_probe_read_kernel_buf(src: *const u8, dst: &mut [u8]) -> Result<(), c_long> {
let ret = gen::bpf_probe_read_kernel(
dst.as_mut_ptr() as *mut c_void,
dst.len() as u32,
src as *const c_void,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(())
} else {
Err(ret)
bpf: add bpf_probe_read_buf, bpf_probe_read_user_buf and bpf_probe_read_kernel_buf
3 years ago
}
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read a null-terminated string stored at `src` into `dest`.
///
/// Generally speaking, the more specific [`bpf_probe_read_user_str`] and
/// [`bpf_probe_read_kernel_str`] should be preferred over this function.
///
/// In case the length of `dest` is smaller then the length of `src`, the read bytes will
/// be truncated to the size of `dest`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_str};
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const u8 = 0 as _;
/// let mut my_str = [0u8; 16];
/// let num_read = unsafe { bpf_probe_read_str(kernel_ptr, &mut my_str)? };
///
/// // Do something with num_read and my_str
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns Err(-1).
bpf(helpers): Add *_str_bytes helpers This change adds two new helpers: * bpf_probe_read_user_str_bytes * bpf_probe_read_kernel_str_bytes Those new helpers are returning a bytes slice (`&[u8]`) with a length equal to the length of probed, null-terminated string. When using those helpers, users don't have to manually check for length and create such slices themselves. They also make converting to `str` way more convenient, for example: ```rust let my_str = unsafe { core::str::from_utf8_unchecked( bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? ) }; ``` This change also deprecates the old helpers, since their names are confusing (they have nothing to do with Rust `str`) and using them requires writing boilerplate code (for checking the length and making eBPF verifier happy): * bpf_probe_read_user_str * bpf_probe_read_kernel_str Tested on: https://github.com/vadorovsky/aya-echo-tracepoint/tree/516b29af6838aab18ebb2c618e2ad8acf476c7c1 Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
#[deprecated(
note = "Use `bpf_probe_read_user_str_bytes` or `bpf_probe_read_kernel_str_bytes` instead"
)]
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
#[inline]
pub unsafe fn bpf_probe_read_str(src: *const u8, dest: &mut [u8]) -> Result<usize, c_long> {
let len = gen::bpf_probe_read_str(
dest.as_mut_ptr() as *mut c_void,
dest.len() as u32,
src as *const c_void,
);
if len < 0 {
return Err(-1);
}
let mut len = len as usize;
if len > dest.len() {
// this can never happen, it's needed to tell the verifier that len is
// bounded
len = dest.len();
}
Ok(len as usize)
}
/// Read a null-terminated string from _user space_ stored at `src` into `dest`.
///
/// In case the length of `dest` is smaller then the length of `src`, the read bytes will
/// be truncated to the size of `dest`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_user_str};
/// # fn try_test() -> Result<(), c_long> {
/// # let user_ptr: *const u8 = 0 as _;
/// let mut my_str = [0u8; 16];
/// let num_read = unsafe { bpf_probe_read_user_str(user_ptr, &mut my_str)? };
///
/// // Do something with num_read and my_str
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns Err(-1).
bpf(helpers): Add *_str_bytes helpers This change adds two new helpers: * bpf_probe_read_user_str_bytes * bpf_probe_read_kernel_str_bytes Those new helpers are returning a bytes slice (`&[u8]`) with a length equal to the length of probed, null-terminated string. When using those helpers, users don't have to manually check for length and create such slices themselves. They also make converting to `str` way more convenient, for example: ```rust let my_str = unsafe { core::str::from_utf8_unchecked( bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? ) }; ``` This change also deprecates the old helpers, since their names are confusing (they have nothing to do with Rust `str`) and using them requires writing boilerplate code (for checking the length and making eBPF verifier happy): * bpf_probe_read_user_str * bpf_probe_read_kernel_str Tested on: https://github.com/vadorovsky/aya-echo-tracepoint/tree/516b29af6838aab18ebb2c618e2ad8acf476c7c1 Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
#[deprecated(note = "Use `bpf_probe_read_user_str_bytes` instead")]
bpf: add override for bpf_probe_read_user_str
3 years ago
#[inline]
pub unsafe fn bpf_probe_read_user_str(src: *const u8, dest: &mut [u8]) -> Result<usize, c_long> {
let len = gen::bpf_probe_read_user_str(
dest.as_mut_ptr() as *mut c_void,
dest.len() as u32,
src as *const c_void,
);
if len < 0 {
return Err(-1);
}
let mut len = len as usize;
if len > dest.len() {
// this can never happen, it's needed to tell the verifier that len is
// bounded
len = dest.len();
}
Ok(len as usize)
}
bpf(helpers): Add *_str_bytes helpers This change adds two new helpers: * bpf_probe_read_user_str_bytes * bpf_probe_read_kernel_str_bytes Those new helpers are returning a bytes slice (`&[u8]`) with a length equal to the length of probed, null-terminated string. When using those helpers, users don't have to manually check for length and create such slices themselves. They also make converting to `str` way more convenient, for example: ```rust let my_str = unsafe { core::str::from_utf8_unchecked( bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? ) }; ``` This change also deprecates the old helpers, since their names are confusing (they have nothing to do with Rust `str`) and using them requires writing boilerplate code (for checking the length and making eBPF verifier happy): * bpf_probe_read_user_str * bpf_probe_read_kernel_str Tested on: https://github.com/vadorovsky/aya-echo-tracepoint/tree/516b29af6838aab18ebb2c618e2ad8acf476c7c1 Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
/// Returns a byte slice read from _user space_ address `src`.
///
/// Reads at most `dest.len()` bytes from the `src` address, truncating if the
/// length of the source string is larger than `dest`. On success, the
/// destination buffer is always null terminated, and the returned slice
/// includes the bytes up to and not including NULL.
///
/// # Examples
///
/// With an array allocated on the stack (not recommended for bigger strings,
/// eBPF stack limit is 512 bytes):
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_user_str_bytes};
/// # fn try_test() -> Result<(), c_long> {
/// # let user_ptr: *const u8 = 0 as _;
/// let mut buf = [0u8; 16];
/// let my_str_bytes = unsafe { bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? };
///
/// // Do something with my_str_bytes
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// With a `PerCpuArray` (with size defined by us):
///
/// ```no_run
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_user_str_bytes};
/// use aya_bpf::{macros::map, maps::PerCpuArray};
///
/// #[repr(C)]
/// pub struct Buf {
/// pub buf: [u8; 4096],
/// }
///
/// #[map]
/// pub static mut BUF: PerCpuArray<Buf> = PerCpuArray::with_max_entries(1, 0);
///
/// # fn try_test() -> Result<(), c_long> {
/// # let user_ptr: *const u8 = 0 as _;
/// let buf = unsafe {
/// let ptr = BUF.get_ptr_mut(0).ok_or(0)?;
/// &mut *ptr
/// };
/// let my_str_bytes = unsafe { bpf_probe_read_user_str_bytes(user_ptr, &mut buf.buf)? };
///
/// // Do something with my_str_bytes
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// You can also convert the resulted bytes slice into `&str` using
/// [core::str::from_utf8_unchecked]:
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_user_str_bytes};
/// # use aya_bpf::{macros::map, maps::PerCpuArray};
/// # #[repr(C)]
/// # pub struct Buf {
/// # pub buf: [u8; 4096],
/// # }
/// # #[map]
/// # pub static mut BUF: PerCpuArray<Buf> = PerCpuArray::with_max_entries(1, 0);
/// # fn try_test() -> Result<(), c_long> {
/// # let user_ptr: *const u8 = 0 as _;
/// # let buf = unsafe {
/// # let ptr = BUF.get_ptr_mut(0).ok_or(0)?;
/// # &mut *ptr
/// # };
/// let my_str = unsafe {
/// core::str::from_utf8_unchecked(bpf_probe_read_user_str_bytes(user_ptr, &mut buf.buf)?)
/// };
///
/// // Do something with my_str
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns Err(-1).
#[inline]
pub unsafe fn bpf_probe_read_user_str_bytes(
src: *const u8,
dest: &mut [u8],
) -> Result<&[u8], c_long> {
let len = gen::bpf_probe_read_user_str(
dest.as_mut_ptr() as *mut c_void,
dest.len() as u32,
src as *const c_void,
);
if len < 0 {
return Err(-1);
}
let len = len as usize;
if len >= dest.len() {
// this can never happen, it's needed to tell the verifier that len is
// bounded
return Err(-1);
}
Ok(&dest[..len])
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read a null-terminated string from _kernel space_ stored at `src` into `dest`.
///
/// In case the length of `dest` is smaller then the length of `src`, the read bytes will
/// be truncated to the size of `dest`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_kernel_str};
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const u8 = 0 as _;
/// let mut my_str = [0u8; 16];
/// let num_read = unsafe { bpf_probe_read_kernel_str(kernel_ptr, &mut my_str)? };
///
/// // Do something with num_read and my_str
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns Err(-1).
bpf(helpers): Add *_str_bytes helpers This change adds two new helpers: * bpf_probe_read_user_str_bytes * bpf_probe_read_kernel_str_bytes Those new helpers are returning a bytes slice (`&[u8]`) with a length equal to the length of probed, null-terminated string. When using those helpers, users don't have to manually check for length and create such slices themselves. They also make converting to `str` way more convenient, for example: ```rust let my_str = unsafe { core::str::from_utf8_unchecked( bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? ) }; ``` This change also deprecates the old helpers, since their names are confusing (they have nothing to do with Rust `str`) and using them requires writing boilerplate code (for checking the length and making eBPF verifier happy): * bpf_probe_read_user_str * bpf_probe_read_kernel_str Tested on: https://github.com/vadorovsky/aya-echo-tracepoint/tree/516b29af6838aab18ebb2c618e2ad8acf476c7c1 Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
#[deprecated(note = "Use bpf_probe_read_kernel_str_bytes instead")]
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
#[inline]
pub unsafe fn bpf_probe_read_kernel_str(src: *const u8, dest: &mut [u8]) -> Result<usize, c_long> {
let len = gen::bpf_probe_read_kernel_str(
dest.as_mut_ptr() as *mut c_void,
dest.len() as u32,
src as *const c_void,
);
if len < 0 {
return Err(-1);
}
let mut len = len as usize;
if len > dest.len() {
// this can never happen, it's needed to tell the verifier that len is
// bounded
len = dest.len();
}
Ok(len as usize)
}
bpf(helpers): Add *_str_bytes helpers This change adds two new helpers: * bpf_probe_read_user_str_bytes * bpf_probe_read_kernel_str_bytes Those new helpers are returning a bytes slice (`&[u8]`) with a length equal to the length of probed, null-terminated string. When using those helpers, users don't have to manually check for length and create such slices themselves. They also make converting to `str` way more convenient, for example: ```rust let my_str = unsafe { core::str::from_utf8_unchecked( bpf_probe_read_user_str_bytes(user_ptr, &mut buf)? ) }; ``` This change also deprecates the old helpers, since their names are confusing (they have nothing to do with Rust `str`) and using them requires writing boilerplate code (for checking the length and making eBPF verifier happy): * bpf_probe_read_user_str * bpf_probe_read_kernel_str Tested on: https://github.com/vadorovsky/aya-echo-tracepoint/tree/516b29af6838aab18ebb2c618e2ad8acf476c7c1 Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
2 years ago
/// Returns a byte slice read from _kernel space_ address `src`.
///
/// Reads at most `dest.len()` bytes from the `src` address, truncating if the
/// length of the source string is larger than `dest`. On success, the
/// destination buffer is always null terminated, and the returned slice
/// includes the bytes up to and not including NULL.
///
/// # Examples
///
/// With an array allocated on the stack (not recommended for bigger strings,
/// eBPF stack limit is 512 bytes):
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_kernel_str_bytes};
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const u8 = 0 as _;
/// let mut buf = [0u8; 16];
/// let my_str_bytes = unsafe { bpf_probe_read_kernel_str_bytes(kernel_ptr, &mut buf)? };
///
/// // Do something with my_str_bytes
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// With a `PerCpuArray` (with size defined by us):
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_kernel_str_bytes};
/// use aya_bpf::{macros::map, maps::PerCpuArray};
///
/// #[repr(C)]
/// pub struct Buf {
/// pub buf: [u8; 4096],
/// }
///
/// #[map]
/// pub static mut BUF: PerCpuArray<Buf> = PerCpuArray::with_max_entries(1, 0);
///
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const u8 = 0 as _;
/// let buf = unsafe {
/// let ptr = BUF.get_ptr_mut(0).ok_or(0)?;
/// &mut *ptr
/// };
/// let my_str_bytes = unsafe { bpf_probe_read_kernel_str_bytes(kernel_ptr, &mut buf.buf)? };
///
/// // Do something with my_str_bytes
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// You can also convert the resulted bytes slice into `&str` using
/// [core::str::from_utf8_unchecked]:
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{cty::c_long, helpers::bpf_probe_read_kernel_str_bytes};
/// # use aya_bpf::{macros::map, maps::PerCpuArray};
/// # #[repr(C)]
/// # pub struct Buf {
/// # pub buf: [u8; 4096],
/// # }
/// # #[map]
/// # pub static mut BUF: PerCpuArray<Buf> = PerCpuArray::with_max_entries(1, 0);
/// # fn try_test() -> Result<(), c_long> {
/// # let kernel_ptr: *const u8 = 0 as _;
/// # let buf = unsafe {
/// # let ptr = BUF.get_ptr_mut(0).ok_or(0)?;
/// # &mut *ptr
/// # };
/// let my_str = unsafe {
/// core::str::from_utf8_unchecked(bpf_probe_read_kernel_str_bytes(kernel_ptr, &mut buf.buf)?)
/// };
///
/// // Do something with my_str
/// # Ok::<(), c_long>(())
/// # }
/// ```
///
/// # Errors
///
/// On failure, this function returns Err(-1).
#[inline]
pub unsafe fn bpf_probe_read_kernel_str_bytes(
src: *const u8,
dest: &mut [u8],
) -> Result<&[u8], c_long> {
let len = gen::bpf_probe_read_kernel_str(
dest.as_mut_ptr() as *mut c_void,
dest.len() as u32,
src as *const c_void,
);
if len < 0 {
return Err(-1);
}
let len = len as usize;
if len >= dest.len() {
// this can never happen, it's needed to tell the verifier that len is
// bounded
return Err(-1);
}
Ok(&dest[..len])
}
aya-bpf: Add bpf_probe_write_user helper This helper allows to write to mutable pointers in the userspace, which come from userspace functions that uprobes attach to. Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
/// Write bytes to the _user space_ pointer `src` and store them as a `T`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::{
/// # cty::{c_int, c_long},
/// # helpers::bpf_probe_write_user,
/// # programs::ProbeContext,
/// # };
/// fn try_test(ctx: ProbeContext) -> Result<(), c_long> {
/// let retp: *mut c_int = ctx.arg(0).ok_or(1)?;
/// let val: i32 = 1;
/// // Write the value to the userspace pointer.
/// unsafe { bpf_probe_write_user(retp, &val as *const i32)? };
///
/// Ok::<(), c_long>(())
/// }
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
#[allow(clippy::fn_to_numeric_cast_with_truncation)]
#[inline]
pub unsafe fn bpf_probe_write_user<T>(dst: *mut T, src: *const T) -> Result<(), c_long> {
let ret = gen::bpf_probe_write_user(
dst as *mut c_void,
src as *const c_void,
mem::size_of::<T>() as u32,
);
Temporary change return value condition to avoid problems with possibly (not aware) cast from int to long
2 years ago
if ret == 0 {
Ok(())
} else {
Err(ret)
aya-bpf: Add bpf_probe_write_user helper This helper allows to write to mutable pointers in the userspace, which come from userspace functions that uprobes attach to. Signed-off-by: Michal Rostecki <mrostecki@opensuse.org>
3 years ago
}
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read the `comm` field associated with the current task struct
/// as a `[c_char; 16]`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
Fix minor typo
2 years ago
/// # use aya_bpf::helpers::bpf_get_current_comm;
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// let comm = bpf_get_current_comm();
///
/// // Do something with comm
/// ```
///
/// # Errors
///
/// On failure, this function returns a negative value wrapped in an `Err`.
bpf: initial bpf bindings
4 years ago
#[inline]
aya-bpf, aya-bpf-bindings: fix clippy lints
3 years ago
pub fn bpf_get_current_comm() -> Result<[c_char; 16], c_long> {
bpf: initial bpf bindings
4 years ago
let mut comm: [c_char; 16usize] = [0; 16];
aya-bpf, aya-bpf-bindings: fix clippy lints
3 years ago
let ret = unsafe { gen::bpf_get_current_comm(&mut comm as *mut _ as *mut c_void, 16u32) };
if ret == 0 {
bpf: initial bpf bindings
4 years ago
Ok(comm)
} else {
aya-bpf, aya-bpf-bindings: fix clippy lints
3 years ago
Err(ret)
bpf: initial bpf bindings
4 years ago
}
}
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// Read the process id and thread group id associated with the current task struct as
/// a `u64`.
///
/// In the return value, the upper 32 bits are the `tgid`, and the lower 32 bits are the
/// `pid`. That is, the returned value is equal to: `(tgid << 32) | pid`. A caller may
/// access the individual fields by either casting to a `u32` or performing a `>> 32` bit
/// shift and casting to a `u32`.
///
/// Note that the naming conventions used in the kernel differ from user space. From the
/// perspective of user space, `pid` may be thought of as the thread id, and `tgid` may be
/// thought of as the process id. For single-threaded processes, these values are
/// typically the same.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
Fix minor typo
2 years ago
/// # use aya_bpf::helpers::bpf_get_current_pid_tgid;
aya-bpf/helpers: add documentation and implement all bpf_probe_read_* wrappers This patch adds some documentation to aya-bpf/helpers and adds documentation for the module itself and for all of the wrappers currently defined in the module. It also implements the rest of the bpf_probe_read_* wrappers that were missing from this file. In the future, it probably also makes sense to add some bpf_probe_read_* wrappers that can read directly into a map pointer, avoiding the BPF stack altogether. I'm going to call this out of scope for this PR, but plan to submit a subsequent one that addresses this use case. Signed-off-by: William Findlay <william@williamfindlay.com>
3 years ago
/// let tgid = (bpf_get_current_pid_tgid() >> 32) as u32;
/// let pid = bpf_get_current_pid_tgid() as u32;
///
/// // Do something with pid and tgid
/// ```
bpf: initial bpf bindings
4 years ago
#[inline]
pub fn bpf_get_current_pid_tgid() -> u64 {
unsafe { gen::bpf_get_current_pid_tgid() }
}
Add wrapper and docs for for bpf_get_current_uid_gid
3 years ago
/// Read the user id and group id associated with the current task struct as
/// a `u64`.
///
/// In the return value, the upper 32 bits are the `gid`, and the lower 32 bits are the
/// `uid`. That is, the returned value is equal to: `(gid << 32) | uid`. A caller may
/// access the individual fields by either casting to a `u32` or performing a `>> 32` bit
/// shift and casting to a `u32`.
///
/// # Examples
///
/// ```no_run
/// # #![allow(dead_code)]
/// # use aya_bpf::helpers::bpf_get_current_uid_gid;
/// let gid = (bpf_get_current_uid_gid() >> 32) as u32;
/// let uid = bpf_get_current_uid_gid() as u32;
///
/// // Do something with uid and gid
/// ```
#[inline]
pub fn bpf_get_current_uid_gid() -> u64 {
unsafe { gen::bpf_get_current_uid_gid() }
}