diff --git a/aya-log/src/lib.rs b/aya-log/src/lib.rs index 9dcbb2f5..6a2ca27a 100644 --- a/aya-log/src/lib.rs +++ b/aya-log/src/lib.rs @@ -60,12 +60,11 @@ use std::{ const MAP_NAME: &str = "AYA_LOGS"; use aya::{ - loaded_programs, maps::{ perf::{AsyncPerfEventArray, Events, PerfBufferError}, Map, MapData, MapError, MapInfo, }, - programs::ProgramError, + programs::{loaded_programs, ProgramError}, util::online_cpus, Ebpf, Pod, }; @@ -137,13 +136,15 @@ impl EbpfLogger { ) -> Result { let program_info = loaded_programs() .filter_map(|info| info.ok()) - .find(|info| info.id() == program_id) + .find(|info| info.id().is_some_and(|id| id.get() == program_id)) .ok_or(Error::ProgramNotFound)?; + let map = program_info .map_ids() .map_err(Error::ProgramError)? + .expect("`map_ids` field in `bpf_prog_info` not available") .iter() - .filter_map(|id| MapInfo::from_id(*id).ok()) + .filter_map(|id| MapInfo::from_id(id.get()).ok()) .find(|map_info| match map_info.name_as_str() { Some(name) => name == MAP_NAME, None => false, diff --git a/aya-obj/src/obj.rs b/aya-obj/src/obj.rs index be1170f9..4e203fe1 100644 --- a/aya-obj/src/obj.rs +++ b/aya-obj/src/obj.rs @@ -47,6 +47,8 @@ pub struct Features { bpf_cookie: bool, cpumap_prog_id: bool, devmap_prog_id: bool, + prog_info_map_ids: bool, + prog_info_gpl_compatible: bool, btf: Option, } @@ -61,6 +63,8 @@ impl Features { bpf_cookie: bool, cpumap_prog_id: bool, devmap_prog_id: bool, + prog_info_map_ids: bool, + prog_info_gpl_compatible: bool, btf: Option, ) -> Self { Self { @@ -71,6 +75,8 @@ impl Features { bpf_cookie, cpumap_prog_id, devmap_prog_id, + prog_info_map_ids, + prog_info_gpl_compatible, btf, } } @@ -110,6 +116,16 @@ impl Features { self.devmap_prog_id } + /// Returns whether `bpf_prog_info` supports `nr_map_ids` & `map_ids` fields. + pub fn prog_info_map_ids(&self) -> bool { + self.prog_info_map_ids + } + + /// Returns whether `bpf_prog_info` supports `gpl_compatible` field. + pub fn prog_info_gpl_compatible(&self) -> bool { + self.prog_info_gpl_compatible + } + /// If BTF is supported, returns which BTF features are supported. pub fn btf(&self) -> Option<&BtfFeatures> { self.btf.as_ref() diff --git a/aya/src/bpf.rs b/aya/src/bpf.rs index 99d8e0d2..8a189476 100644 --- a/aya/src/bpf.rs +++ b/aya/src/bpf.rs @@ -21,8 +21,8 @@ use thiserror::Error; use crate::{ generated::{ - bpf_map_type, bpf_map_type::*, AYA_PERF_EVENT_IOC_DISABLE, AYA_PERF_EVENT_IOC_ENABLE, - AYA_PERF_EVENT_IOC_SET_BPF, + bpf_map_type::{self, *}, + AYA_PERF_EVENT_IOC_DISABLE, AYA_PERF_EVENT_IOC_ENABLE, AYA_PERF_EVENT_IOC_SET_BPF, }, maps::{Map, MapData, MapError}, obj::{ @@ -39,9 +39,9 @@ use crate::{ bpf_load_btf, is_bpf_cookie_supported, is_bpf_global_data_supported, is_btf_datasec_supported, is_btf_decl_tag_supported, is_btf_enum64_supported, is_btf_float_supported, is_btf_func_global_supported, is_btf_func_supported, - is_btf_supported, is_btf_type_tag_supported, is_perf_link_supported, - is_probe_read_kernel_supported, is_prog_id_supported, is_prog_name_supported, - retry_with_verifier_logs, + is_btf_supported, is_btf_type_tag_supported, is_info_gpl_compatible_supported, + is_info_map_ids_supported, is_perf_link_supported, is_probe_read_kernel_supported, + is_prog_id_supported, is_prog_name_supported, retry_with_verifier_logs, }, util::{bytes_of, bytes_of_slice, page_size, possible_cpus, POSSIBLE_CPUS}, }; @@ -96,6 +96,8 @@ fn detect_features() -> Features { is_bpf_cookie_supported(), is_prog_id_supported(BPF_MAP_TYPE_CPUMAP), is_prog_id_supported(BPF_MAP_TYPE_DEVMAP), + is_info_map_ids_supported(), + is_info_gpl_compatible_supported(), btf, ); debug!("BPF Feature Detection: {:#?}", f); diff --git a/aya/src/lib.rs b/aya/src/lib.rs index c35bf597..3278d3dc 100644 --- a/aya/src/lib.rs +++ b/aya/src/lib.rs @@ -91,7 +91,6 @@ use aya_obj::generated; pub use bpf::*; pub use obj::btf::{Btf, BtfError}; pub use object::Endianness; -pub use programs::loaded_programs; #[doc(hidden)] pub use sys::netlink_set_link_up; diff --git a/aya/src/programs/info.rs b/aya/src/programs/info.rs new file mode 100644 index 00000000..dbcfba3f --- /dev/null +++ b/aya/src/programs/info.rs @@ -0,0 +1,548 @@ +//! Metadata information about an eBPF program. + +use std::{ + ffi::CString, + num::{NonZeroU32, NonZeroU64}, + os::fd::{AsFd as _, BorrowedFd}, + path::Path, + time::{Duration, SystemTime}, +}; + +use aya_obj::generated::{bpf_prog_info, bpf_prog_type}; + +use super::{ + utils::{boot_time, get_fdinfo}, + ProgramError, ProgramFd, +}; +use crate::{ + sys::{ + bpf_get_object, bpf_prog_get_fd_by_id, bpf_prog_get_info_by_fd, iter_prog_ids, SyscallError, + }, + util::bytes_of_bpf_name, + FEATURES, +}; + +/// Provides metadata information about a loaded eBPF program. +/// +/// Introduced in kernel v4.13. +#[doc(alias = "bpf_prog_info")] +#[derive(Debug)] +pub struct ProgramInfo(pub(crate) bpf_prog_info); + +impl ProgramInfo { + pub(crate) fn new_from_fd(fd: BorrowedFd<'_>) -> Result { + let info = bpf_prog_get_info_by_fd(fd, &mut [])?; + Ok(Self(info)) + } + + /// The type of program. + /// + /// Introduced in kernel v4.13. + pub fn program_type(&self) -> Result { + bpf_prog_type::try_from(self.0.type_) + .unwrap_or(bpf_prog_type::__MAX_BPF_PROG_TYPE) + .try_into() + } + + /// The unique ID for this program. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.13. + pub fn id(&self) -> Option { + NonZeroU32::new(self.0.id) + } + + /// The program tag. + /// + /// The tag is a SHA sum of the program's instructions which be used as an alternative to + /// [`Self::id()`]. A program's ID can vary every time it's loaded or unloaded, but the tag + /// will remain the same. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.13. + pub fn tag(&self) -> Option { + NonZeroU64::new(u64::from_be_bytes(self.0.tag)) + } + + /// The size in bytes of the program's JIT-compiled machine code. + /// + /// Note that this field is only updated when BPF JIT compiler is enabled. Kernels v4.15 and + /// above may already have it enabled by default. + /// + /// `None` is returned if the field is not available, or if the JIT compiler is not enabled. + /// + /// Introduced in kernel v4.13. + pub fn size_jitted(&self) -> Option { + NonZeroU32::new(self.0.jited_prog_len) + } + + /// The size in bytes of the program's translated eBPF bytecode. + /// + /// The translated bytecode is after it has been passed though the verifier where it was + /// possibly modified by the kernel. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.15. + pub fn size_translated(&self) -> Option { + NonZeroU32::new(self.0.xlated_prog_len) + } + + /// The time when the program was loaded. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.15. + pub fn loaded_at(&self) -> Option { + if self.0.load_time > 0 { + Some(boot_time() + Duration::from_nanos(self.0.load_time)) + } else { + None + } + } + + /// The user ID of the process who loaded the program. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.15. + pub fn created_by_uid(&self) -> Option { + // This field was introduced in the same commit as `load_time`. + if self.0.load_time > 0 { + Some(self.0.created_by_uid) + } else { + None + } + } + + /// The IDs of the maps used by the program. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.15. + pub fn map_ids(&self) -> Result>, ProgramError> { + if FEATURES.prog_info_map_ids() { + let mut map_ids = vec![0u32; self.0.nr_map_ids as usize]; + bpf_prog_get_info_by_fd(self.fd()?.as_fd(), &mut map_ids)?; + + Ok(Some( + map_ids + .into_iter() + .map(|id| NonZeroU32::new(id).unwrap()) + .collect(), + )) + } else { + Ok(None) + } + } + + /// The name of the program as was provided when it was load. This is limited to 16 bytes. + /// + /// Introduced in kernel v4.15. + pub fn name(&self) -> &[u8] { + bytes_of_bpf_name(&self.0.name) + } + + /// The name of the program as a &str. + /// + /// `None` is returned if the name was not valid unicode or if field is not available. + /// + /// Introduced in kernel v4.15. + pub fn name_as_str(&self) -> Option<&str> { + let name = std::str::from_utf8(self.name()).ok(); + if let Some(name_str) = name { + if FEATURES.bpf_name() || !name_str.is_empty() { + return name; + } + } + None + } + + /// Returns true if the program is defined with a GPL-compatible license. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v4.18. + pub fn gpl_compatible(&self) -> Option { + if FEATURES.prog_info_gpl_compatible() { + Some(self.0.gpl_compatible() != 0) + } else { + None + } + } + + /// The BTF ID for the program. + /// + /// Introduced in kernel v5.0. + pub fn btf_id(&self) -> Option { + NonZeroU32::new(self.0.btf_id) + } + + /// The accumulated time that the program has been actively running. + /// + /// This is not to be confused with the duration since the program was + /// first loaded on the host. + /// + /// Note this field is only updated for as long as + /// [`enable_stats`](crate::sys::enable_stats) is enabled + /// with [`Stats::RunTime`](crate::sys::Stats::RunTime). + /// + /// Introduced in kernel v5.1. + pub fn run_time(&self) -> Duration { + Duration::from_nanos(self.0.run_time_ns) + } + + /// The accumulated execution count of the program. + /// + /// Note this field is only updated for as long as + /// [`enable_stats`](crate::sys::enable_stats) is enabled + /// with [`Stats::RunTime`](crate::sys::Stats::RunTime). + /// + /// Introduced in kernel v5.1. + pub fn run_count(&self) -> u64 { + self.0.run_cnt + } + + /// The number of verified instructions in the program. + /// + /// This may be less than the total number of instructions in the compiled program due to dead + /// code elimination in the verifier. + /// + /// `None` is returned if the field is not available. + /// + /// Introduced in kernel v5.16. + pub fn verified_instruction_count(&self) -> Option { + NonZeroU32::new(self.0.verified_insns) + } + + /// How much memory in bytes has been allocated and locked for the program. + pub fn memory_locked(&self) -> Result { + get_fdinfo(self.fd()?.as_fd(), "memlock") + } + + /// Returns a file descriptor referencing the program. + /// + /// The returned file descriptor can be closed at any time and doing so does + /// not influence the life cycle of the program. + /// + /// Uses kernel v4.13 features. + pub fn fd(&self) -> Result { + let Self(info) = self; + let fd = bpf_prog_get_fd_by_id(info.id)?; + Ok(ProgramFd(fd)) + } + + /// Loads a program from a pinned path in bpffs. + /// + /// Uses kernel v4.4 and v4.13 features. + pub fn from_pin>(path: P) -> Result { + use std::os::unix::ffi::OsStrExt as _; + + // TODO: avoid this unwrap by adding a new error variant. + let path_string = CString::new(path.as_ref().as_os_str().as_bytes()).unwrap(); + let fd = bpf_get_object(&path_string).map_err(|(_, io_error)| SyscallError { + call: "BPF_OBJ_GET", + io_error, + })?; + + Self::new_from_fd(fd.as_fd()) + } +} + +/// Returns information about a loaded program with the [`ProgramInfo`] structure. +/// +/// This information is populated at load time by the kernel and can be used +/// to correlate a given [`crate::programs::Program`] to it's corresponding [`ProgramInfo`] +/// metadata. +macro_rules! impl_info { + ($($struct_name:ident),+ $(,)?) => { + $( + impl $struct_name { + /// Returns metadata information of this program. + /// + /// Uses kernel v4.13 features. + pub fn info(&self) -> Result { + let ProgramFd(fd) = self.fd()?; + ProgramInfo::new_from_fd(fd.as_fd()) + } + } + )+ + } +} + +pub(crate) use impl_info; + +/// Returns an iterator of [`ProgramInfo`] over all eBPF programs loaded on the host. +/// +/// Unlike [`Ebpf::programs`](crate::Ebpf::programs), this includes **all** programs on the host +/// system, not just those tied to a specific [`crate::Ebpf`] instance. +/// +/// Uses kernel v4.13 features. +/// +/// # Example +/// ``` +/// # use aya::programs::loaded_programs; +/// # +/// for p in loaded_programs() { +/// match p { +/// Ok(program) => println!("{}", String::from_utf8_lossy(program.name())), +/// Err(e) => println!("Error iterating programs: {:?}", e), +/// } +/// } +/// ``` +/// +/// # Errors +/// +/// Returns [`ProgramError::SyscallError`] if any of the syscalls required to either get +/// next program id, get the program fd, or the [`ProgramInfo`] fail. +/// +/// In cases where iteration can't be performed, for example the caller does not have the necessary +/// privileges, a single item will be yielded containing the error that occurred. +pub fn loaded_programs() -> impl Iterator> { + iter_prog_ids() + .map(|id| { + let id = id?; + bpf_prog_get_fd_by_id(id) + }) + .map(|fd| { + let fd = fd?; + bpf_prog_get_info_by_fd(fd.as_fd(), &mut []) + }) + .map(|result| result.map(ProgramInfo).map_err(Into::into)) +} + +/// The type of eBPF program. +#[non_exhaustive] +#[doc(alias = "bpf_prog_type")] +#[derive(Copy, Clone, Debug, PartialEq)] +pub enum ProgramType { + /// An unspecified program type. + Unspecified = bpf_prog_type::BPF_PROG_TYPE_UNSPEC as isize, + /// A Socket Filter program type. See [`SocketFilter`](super::socket_filter::SocketFilter) + /// for the program implementation. + /// + /// Introduced in kernel v3.19. + #[doc(alias = "BPF_PROG_TYPE_SOCKET_FILTER")] + SocketFilter = bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER as isize, + /// A Kernel Probe program type. See [`KProbe`](super::kprobe::KProbe) and + /// [`UProbe`](super::uprobe::UProbe) for the program implementations. + /// + /// Introduced in kernel v4.1. + #[doc(alias = "BPF_PROG_TYPE_KPROBE")] + KProbe = bpf_prog_type::BPF_PROG_TYPE_KPROBE as isize, + /// A Traffic Control (TC) Classifier program type. See + /// [`SchedClassifier`](super::tc::SchedClassifier) for the program implementation. + /// + /// Introduced in kernel v4.1. + #[doc(alias = "BPF_PROG_TYPE_SCHED_CLS")] + SchedClassifier = bpf_prog_type::BPF_PROG_TYPE_SCHED_CLS as isize, + /// A Traffic Control (TC) Action program type. + /// + /// Introduced in kernel v4.1. + #[doc(alias = "BPF_PROG_TYPE_SCHED_ACT")] + SchedAction = bpf_prog_type::BPF_PROG_TYPE_SCHED_ACT as isize, + /// A Tracepoint program type. See [`TracePoint`](super::trace_point::TracePoint) for the + /// program implementation. + /// + /// Introduced in kernel v4.7. + #[doc(alias = "BPF_PROG_TYPE_TRACEPOINT")] + TracePoint = bpf_prog_type::BPF_PROG_TYPE_TRACEPOINT as isize, + /// An Express Data Path (XDP) program type. See [`Xdp`](super::xdp::Xdp) for the program + /// implementation. + /// + /// Introduced in kernel v4.8. + #[doc(alias = "BPF_PROG_TYPE_XDP")] + Xdp = bpf_prog_type::BPF_PROG_TYPE_XDP as isize, + /// A Perf Event program type. See [`PerfEvent`](super::perf_event::PerfEvent) for the program + /// implementation. + /// + /// Introduced in kernel v4.9. + #[doc(alias = "BPF_PROG_TYPE_PERF_EVENT")] + PerfEvent = bpf_prog_type::BPF_PROG_TYPE_PERF_EVENT as isize, + /// A cGroup Socket Buffer program type. See [`CgroupSkb`](super::cgroup_skb::CgroupSkb) for + /// the program implementation. + /// + /// Introduced in kernel v4.10. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_SKB")] + CgroupSkb = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SKB as isize, + /// A cGroup Socket program type. See [`CgroupSock`](super::cgroup_sock::CgroupSock) for the + /// program implementation. + /// + /// Introduced in kernel v4.10. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCK")] + CgroupSock = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK as isize, + /// A Lightweight Tunnel (LWT) Input program type. + /// + /// Introduced in kernel v4.10. + #[doc(alias = "BPF_PROG_TYPE_LWT_IN")] + LwtInput = bpf_prog_type::BPF_PROG_TYPE_LWT_IN as isize, + /// A Lightweight Tunnel (LWT) Output program type. + /// + /// Introduced in kernel v4.10. + #[doc(alias = "BPF_PROG_TYPE_LWT_OUT")] + LwtOutput = bpf_prog_type::BPF_PROG_TYPE_LWT_OUT as isize, + /// A Lightweight Tunnel (LWT) Transmit program type. + /// + /// Introduced in kernel v4.10. + #[doc(alias = "BPF_PROG_TYPE_LWT_XMIT")] + LwtXmit = bpf_prog_type::BPF_PROG_TYPE_LWT_XMIT as isize, + /// A Socket Operation program type. See [`SockOps`](super::sock_ops::SockOps) for the program + /// implementation. + /// + /// Introduced in kernel v4.13. + #[doc(alias = "BPF_PROG_TYPE_SOCK_OPS")] + SockOps = bpf_prog_type::BPF_PROG_TYPE_SOCK_OPS as isize, + /// A Socket-to-Socket Buffer program type. See [`SkSkb`](super::sk_skb::SkSkb) for the program + /// implementation. + /// + /// Introduced in kernel v4.14. + #[doc(alias = "BPF_PROG_TYPE_SK_SKB")] + SkSkb = bpf_prog_type::BPF_PROG_TYPE_SK_SKB as isize, + /// A cGroup Device program type. See [`CgroupDevice`](super::cgroup_device::CgroupDevice) + /// for the program implementation. + /// + /// Introduced in kernel v4.15. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_DEVICE")] + CgroupDevice = bpf_prog_type::BPF_PROG_TYPE_CGROUP_DEVICE as isize, + /// A Socket Message program type. See [`SkMsg`](super::sk_msg::SkMsg) for the program + /// implementation. + /// + /// Introduced in kernel v4.17. + #[doc(alias = "BPF_PROG_TYPE_SK_MSG")] + SkMsg = bpf_prog_type::BPF_PROG_TYPE_SK_MSG as isize, + /// A Raw Tracepoint program type. See [`RawTracePoint`](super::raw_trace_point::RawTracePoint) + /// for the program implementation. + /// + /// Introduced in kernel v4.17. + #[doc(alias = "BPF_PROG_TYPE_RAW_TRACEPOINT")] + RawTracePoint = bpf_prog_type::BPF_PROG_TYPE_RAW_TRACEPOINT as isize, + /// A cGroup Socket Address program type. See + /// [`CgroupSockAddr`](super::cgroup_sock_addr::CgroupSockAddr) for the program implementation. + /// + /// Introduced in kernel v4.17. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCK_ADDR")] + CgroupSockAddr = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCK_ADDR as isize, + /// A Lightweight Tunnel (LWT) Seg6local program type. + /// + /// Introduced in kernel v4.18. + #[doc(alias = "BPF_PROG_TYPE_LWT_SEG6LOCAL")] + LwtSeg6local = bpf_prog_type::BPF_PROG_TYPE_LWT_SEG6LOCAL as isize, + /// A Linux Infrared Remote Control (LIRC) Mode2 program type. See + /// [`LircMode2`](super::lirc_mode2::LircMode2) for the program implementation. + /// + /// Introduced in kernel v4.18. + #[doc(alias = "BPF_PROG_TYPE_LIRC_MODE2")] + LircMode2 = bpf_prog_type::BPF_PROG_TYPE_LIRC_MODE2 as isize, + /// A Socket Reuseport program type. + /// + /// Introduced in kernel v4.19. + #[doc(alias = "BPF_PROG_TYPE_SK_REUSEPORT")] + SkReuseport = bpf_prog_type::BPF_PROG_TYPE_SK_REUSEPORT as isize, + /// A Flow Dissector program type. + /// + /// Introduced in kernel v4.20. + #[doc(alias = "BPF_PROG_TYPE_FLOW_DISSECTOR")] + FlowDissector = bpf_prog_type::BPF_PROG_TYPE_FLOW_DISSECTOR as isize, + /// A cGroup Sysctl program type. See [`CgroupSysctl`](super::cgroup_sysctl::CgroupSysctl) for + /// the program implementation. + /// + /// Introduced in kernel v5.2. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_SYSCTL")] + CgroupSysctl = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SYSCTL as isize, + /// A Writable Raw Tracepoint program type. + /// + /// Introduced in kernel v5.2. + #[doc(alias = "BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE")] + RawTracePointWritable = bpf_prog_type::BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE as isize, + /// A cGroup Socket Option program type. See [`CgroupSockopt`](super::cgroup_sockopt::CgroupSockopt) + /// for the program implementation. + /// + /// Introduced in kernel v5.3. + #[doc(alias = "BPF_PROG_TYPE_CGROUP_SOCKOPT")] + CgroupSockopt = bpf_prog_type::BPF_PROG_TYPE_CGROUP_SOCKOPT as isize, + /// A Tracing program type. See [`FEntry`](super::fentry::FEntry), [`FExit`](super::fexit::FExit), + /// and [`BtfTracePoint`](super::tp_btf::BtfTracePoint) for the program implementations. + /// + /// Introduced in kernel v5.5. + #[doc(alias = "BPF_PROG_TYPE_TRACING")] + Tracing = bpf_prog_type::BPF_PROG_TYPE_TRACING as isize, + /// A Struct Ops program type. + /// + /// Introduced in kernel v5.6. + #[doc(alias = "BPF_PROG_TYPE_STRUCT_OPS")] + StructOps = bpf_prog_type::BPF_PROG_TYPE_STRUCT_OPS as isize, + /// A Extension program type. See [`Extension`](super::extension::Extension) for the program + /// implementation. + /// + /// Introduced in kernel v5.6. + #[doc(alias = "BPF_PROG_TYPE_EXT")] + Extension = bpf_prog_type::BPF_PROG_TYPE_EXT as isize, + /// A Linux Security Module (LSM) program type. See [`Lsm`](super::lsm::Lsm) for the program + /// implementation. + /// + /// Introduced in kernel v5.7. + #[doc(alias = "BPF_PROG_TYPE_LSM")] + Lsm = bpf_prog_type::BPF_PROG_TYPE_LSM as isize, + /// A Socket Lookup program type. See [`SkLookup`](super::sk_lookup::SkLookup) for the program + /// implementation. + /// + /// Introduced in kernel v5.9. + #[doc(alias = "BPF_PROG_TYPE_SK_LOOKUP")] + SkLookup = bpf_prog_type::BPF_PROG_TYPE_SK_LOOKUP as isize, + /// A Syscall program type. + /// + /// Introduced in kernel v5.14. + #[doc(alias = "BPF_PROG_TYPE_SYSCALL")] + Syscall = bpf_prog_type::BPF_PROG_TYPE_SYSCALL as isize, + /// A Netfilter program type. + /// + /// Introduced in kernel v6.4. + #[doc(alias = "BPF_PROG_TYPE_NETFILTER")] + Netfilter = bpf_prog_type::BPF_PROG_TYPE_NETFILTER as isize, +} + +impl TryFrom for ProgramType { + type Error = ProgramError; + + fn try_from(prog_type: bpf_prog_type) -> Result { + use bpf_prog_type::*; + Ok(match prog_type { + BPF_PROG_TYPE_UNSPEC => Self::Unspecified, + BPF_PROG_TYPE_SOCKET_FILTER => Self::SocketFilter, + BPF_PROG_TYPE_KPROBE => Self::KProbe, + BPF_PROG_TYPE_SCHED_CLS => Self::SchedClassifier, + BPF_PROG_TYPE_SCHED_ACT => Self::SchedAction, + BPF_PROG_TYPE_TRACEPOINT => Self::TracePoint, + BPF_PROG_TYPE_XDP => Self::Xdp, + BPF_PROG_TYPE_PERF_EVENT => Self::PerfEvent, + BPF_PROG_TYPE_CGROUP_SKB => Self::CgroupSkb, + BPF_PROG_TYPE_CGROUP_SOCK => Self::CgroupSock, + BPF_PROG_TYPE_LWT_IN => Self::LwtInput, + BPF_PROG_TYPE_LWT_OUT => Self::LwtOutput, + BPF_PROG_TYPE_LWT_XMIT => Self::LwtXmit, + BPF_PROG_TYPE_SOCK_OPS => Self::SockOps, + BPF_PROG_TYPE_SK_SKB => Self::SkSkb, + BPF_PROG_TYPE_CGROUP_DEVICE => Self::CgroupDevice, + BPF_PROG_TYPE_SK_MSG => Self::SkMsg, + BPF_PROG_TYPE_RAW_TRACEPOINT => Self::RawTracePoint, + BPF_PROG_TYPE_CGROUP_SOCK_ADDR => Self::CgroupSockAddr, + BPF_PROG_TYPE_LWT_SEG6LOCAL => Self::LwtSeg6local, + BPF_PROG_TYPE_LIRC_MODE2 => Self::LircMode2, + BPF_PROG_TYPE_SK_REUSEPORT => Self::SkReuseport, + BPF_PROG_TYPE_FLOW_DISSECTOR => Self::FlowDissector, + BPF_PROG_TYPE_CGROUP_SYSCTL => Self::CgroupSysctl, + BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE => Self::RawTracePointWritable, + BPF_PROG_TYPE_CGROUP_SOCKOPT => Self::CgroupSockopt, + BPF_PROG_TYPE_TRACING => Self::Tracing, + BPF_PROG_TYPE_STRUCT_OPS => Self::StructOps, + BPF_PROG_TYPE_EXT => Self::Extension, + BPF_PROG_TYPE_LSM => Self::Lsm, + BPF_PROG_TYPE_SK_LOOKUP => Self::SkLookup, + BPF_PROG_TYPE_SYSCALL => Self::Syscall, + BPF_PROG_TYPE_NETFILTER => Self::Netfilter, + __MAX_BPF_PROG_TYPE => return Err(ProgramError::UnexpectedProgramType), + }) + } +} diff --git a/aya/src/programs/mod.rs b/aya/src/programs/mod.rs index 81b94f78..d0ce82d9 100644 --- a/aya/src/programs/mod.rs +++ b/aya/src/programs/mod.rs @@ -37,6 +37,7 @@ //! [`maps`]: crate::maps // modules we don't export +mod info; mod probe; mod utils; @@ -71,13 +72,13 @@ pub mod xdp; use std::{ ffi::CString, io, - num::NonZeroU32, os::fd::{AsFd, AsRawFd, BorrowedFd}, path::{Path, PathBuf}, sync::Arc, - time::{Duration, SystemTime}, }; +use info::impl_info; +pub use info::{loaded_programs, ProgramInfo, ProgramType}; use libc::ENOSPC; use thiserror::Error; @@ -115,18 +116,13 @@ use crate::{ maps::MapError, obj::{self, btf::BtfError, VerifierLog}, pin::PinError, - programs::{ - links::*, - perf_attach::*, - utils::{boot_time, get_fdinfo}, - }, + programs::{links::*, perf_attach::*}, sys::{ bpf_btf_get_fd_by_id, bpf_get_object, bpf_link_get_fd_by_id, bpf_link_get_info_by_fd, - bpf_load_program, bpf_pin_object, bpf_prog_get_fd_by_id, bpf_prog_get_info_by_fd, - bpf_prog_query, iter_link_ids, iter_prog_ids, retry_with_verifier_logs, - EbpfLoadProgramAttrs, SyscallError, + bpf_load_program, bpf_pin_object, bpf_prog_get_fd_by_id, bpf_prog_query, iter_link_ids, + retry_with_verifier_logs, EbpfLoadProgramAttrs, SyscallError, }, - util::{bytes_of_bpf_name, KernelVersion}, + util::KernelVersion, VerifierLogLevel, }; @@ -242,7 +238,7 @@ impl AsFd for ProgramFd { } } -/// eBPF program type. +/// The various eBPF programs. #[derive(Debug)] pub enum Program { /// A [`KProbe`] program @@ -296,34 +292,30 @@ pub enum Program { } impl Program { - /// Returns the low level program type. - pub fn prog_type(&self) -> bpf_prog_type { - use crate::generated::bpf_prog_type::*; + /// Returns the program type. + pub fn prog_type(&self) -> ProgramType { match self { - Self::KProbe(_) => BPF_PROG_TYPE_KPROBE, - Self::UProbe(_) => BPF_PROG_TYPE_KPROBE, - Self::TracePoint(_) => BPF_PROG_TYPE_TRACEPOINT, - Self::SocketFilter(_) => BPF_PROG_TYPE_SOCKET_FILTER, - Self::Xdp(_) => BPF_PROG_TYPE_XDP, - Self::SkMsg(_) => BPF_PROG_TYPE_SK_MSG, - Self::SkSkb(_) => BPF_PROG_TYPE_SK_SKB, - Self::SockOps(_) => BPF_PROG_TYPE_SOCK_OPS, - Self::SchedClassifier(_) => BPF_PROG_TYPE_SCHED_CLS, - Self::CgroupSkb(_) => BPF_PROG_TYPE_CGROUP_SKB, - Self::CgroupSysctl(_) => BPF_PROG_TYPE_CGROUP_SYSCTL, - Self::CgroupSockopt(_) => BPF_PROG_TYPE_CGROUP_SOCKOPT, - Self::LircMode2(_) => BPF_PROG_TYPE_LIRC_MODE2, - Self::PerfEvent(_) => BPF_PROG_TYPE_PERF_EVENT, - Self::RawTracePoint(_) => BPF_PROG_TYPE_RAW_TRACEPOINT, - Self::Lsm(_) => BPF_PROG_TYPE_LSM, - Self::BtfTracePoint(_) => BPF_PROG_TYPE_TRACING, - Self::FEntry(_) => BPF_PROG_TYPE_TRACING, - Self::FExit(_) => BPF_PROG_TYPE_TRACING, - Self::Extension(_) => BPF_PROG_TYPE_EXT, - Self::CgroupSockAddr(_) => BPF_PROG_TYPE_CGROUP_SOCK_ADDR, - Self::SkLookup(_) => BPF_PROG_TYPE_SK_LOOKUP, - Self::CgroupSock(_) => BPF_PROG_TYPE_CGROUP_SOCK, - Self::CgroupDevice(_) => BPF_PROG_TYPE_CGROUP_DEVICE, + Self::KProbe(_) | Self::UProbe(_) => ProgramType::KProbe, + Self::TracePoint(_) => ProgramType::TracePoint, + Self::SocketFilter(_) => ProgramType::SocketFilter, + Self::Xdp(_) => ProgramType::Xdp, + Self::SkMsg(_) => ProgramType::SkMsg, + Self::SkSkb(_) => ProgramType::SkSkb, + Self::SockOps(_) => ProgramType::SockOps, + Self::SchedClassifier(_) => ProgramType::SchedClassifier, + Self::CgroupSkb(_) => ProgramType::CgroupSkb, + Self::CgroupSysctl(_) => ProgramType::CgroupSysctl, + Self::CgroupSockopt(_) => ProgramType::CgroupSockopt, + Self::LircMode2(_) => ProgramType::LircMode2, + Self::PerfEvent(_) => ProgramType::PerfEvent, + Self::RawTracePoint(_) => ProgramType::RawTracePoint, + Self::Lsm(_) => ProgramType::Lsm, + Self::BtfTracePoint(_) | Self::FEntry(_) | Self::FExit(_) => ProgramType::Tracing, + Self::Extension(_) => ProgramType::Extension, + Self::CgroupSockAddr(_) => ProgramType::CgroupSockAddr, + Self::SkLookup(_) => ProgramType::SkLookup, + Self::CgroupSock(_) => ProgramType::CgroupSock, + Self::CgroupDevice(_) => ProgramType::CgroupDevice, } } @@ -952,28 +944,6 @@ impl_try_from_program!( CgroupDevice, ); -/// Returns information about a loaded program with the [`ProgramInfo`] structure. -/// -/// This information is populated at load time by the kernel and can be used -/// to correlate a given [`Program`] to it's corresponding [`ProgramInfo`] -/// metadata. -macro_rules! impl_info { - ($($struct_name:ident),+ $(,)?) => { - $( - impl $struct_name { - /// Returns metadata information of this program. - /// - /// Uses kernel v4.13 features. - pub fn info(&self) -> Result { - let ProgramFd(fd) = self.fd()?; - - ProgramInfo::new_from_fd(fd.as_fd()) - } - } - )+ - } -} - impl_info!( KProbe, UProbe, @@ -1001,182 +971,6 @@ impl_info!( CgroupDevice, ); -/// Provides information about a loaded program, like name, id and statistics -#[doc(alias = "bpf_prog_info")] -#[derive(Debug)] -pub struct ProgramInfo(bpf_prog_info); - -impl ProgramInfo { - fn new_from_fd(fd: BorrowedFd<'_>) -> Result { - let info = bpf_prog_get_info_by_fd(fd, &mut [])?; - Ok(Self(info)) - } - - /// The name of the program as was provided when it was load. This is limited to 16 bytes - pub fn name(&self) -> &[u8] { - bytes_of_bpf_name(&self.0.name) - } - - /// The name of the program as a &str. If the name was not valid unicode, None is returned. - pub fn name_as_str(&self) -> Option<&str> { - std::str::from_utf8(self.name()).ok() - } - - /// The id for this program. Each program has a unique id. - pub fn id(&self) -> u32 { - self.0.id - } - - /// The program tag. - /// - /// The program tag is a SHA sum of the program's instructions which be used as an alternative to - /// [`Self::id()`]". A program's id can vary every time it's loaded or unloaded, but the tag - /// will remain the same. - pub fn tag(&self) -> u64 { - u64::from_be_bytes(self.0.tag) - } - - /// The program type as defined by the linux kernel enum - /// [`bpf_prog_type`](https://elixir.bootlin.com/linux/v6.4.4/source/include/uapi/linux/bpf.h#L948). - pub fn program_type(&self) -> u32 { - self.0.type_ - } - - /// Returns true if the program is defined with a GPL-compatible license. - pub fn gpl_compatible(&self) -> bool { - self.0.gpl_compatible() != 0 - } - - /// The ids of the maps used by the program. - pub fn map_ids(&self) -> Result, ProgramError> { - let ProgramFd(fd) = self.fd()?; - let mut map_ids = vec![0u32; self.0.nr_map_ids as usize]; - - bpf_prog_get_info_by_fd(fd.as_fd(), &mut map_ids)?; - - Ok(map_ids) - } - - /// The btf id for the program. - pub fn btf_id(&self) -> Option { - NonZeroU32::new(self.0.btf_id) - } - - /// The size in bytes of the program's translated eBPF bytecode, which is - /// the bytecode after it has been passed though the verifier where it was - /// possibly modified by the kernel. - pub fn size_translated(&self) -> u32 { - self.0.xlated_prog_len - } - - /// The size in bytes of the program's JIT-compiled machine code. - pub fn size_jitted(&self) -> u32 { - self.0.jited_prog_len - } - - /// How much memory in bytes has been allocated and locked for the program. - pub fn memory_locked(&self) -> Result { - get_fdinfo(self.fd()?.as_fd(), "memlock") - } - - /// The number of verified instructions in the program. - /// - /// This may be less than the total number of instructions in the compiled - /// program due to dead code elimination in the verifier. - pub fn verified_instruction_count(&self) -> u32 { - self.0.verified_insns - } - - /// The time the program was loaded. - pub fn loaded_at(&self) -> SystemTime { - boot_time() + Duration::from_nanos(self.0.load_time) - } - - /// Returns a file descriptor referencing the program. - /// - /// The returned file descriptor can be closed at any time and doing so does - /// not influence the life cycle of the program. - pub fn fd(&self) -> Result { - let Self(info) = self; - let fd = bpf_prog_get_fd_by_id(info.id)?; - Ok(ProgramFd(fd)) - } - - /// The accumulated time that the program has been actively running. - /// - /// This is not to be confused with the duration since the program was - /// first loaded on the host. - /// - /// Note this field is only updated for as long as - /// [`enable_stats`](crate::sys::enable_stats) is enabled - /// with [`Stats::RunTime`](crate::sys::Stats::RunTime). - pub fn run_time(&self) -> Duration { - Duration::from_nanos(self.0.run_time_ns) - } - - /// The accumulated execution count of the program. - /// - /// Note this field is only updated for as long as - /// [`enable_stats`](crate::sys::enable_stats) is enabled - /// with [`Stats::RunTime`](crate::sys::Stats::RunTime). - pub fn run_count(&self) -> u64 { - self.0.run_cnt - } - - /// Loads a program from a pinned path in bpffs. - pub fn from_pin>(path: P) -> Result { - use std::os::unix::ffi::OsStrExt as _; - - // TODO: avoid this unwrap by adding a new error variant. - let path_string = CString::new(path.as_ref().as_os_str().as_bytes()).unwrap(); - let fd = bpf_get_object(&path_string).map_err(|(_, io_error)| SyscallError { - call: "BPF_OBJ_GET", - io_error, - })?; - - let info = bpf_prog_get_info_by_fd(fd.as_fd(), &mut [])?; - Ok(Self(info)) - } -} - -/// Returns an iterator over all loaded bpf programs. -/// -/// This differs from [`crate::Ebpf::programs`] since it will return all programs -/// listed on the host system and not only programs a specific [`crate::Ebpf`] instance. -/// -/// Uses kernel v4.13 features. -/// -/// # Example -/// ``` -/// # use aya::programs::loaded_programs; -/// -/// for p in loaded_programs() { -/// match p { -/// Ok(program) => println!("{}", String::from_utf8_lossy(program.name())), -/// Err(e) => println!("Error iterating programs: {:?}", e), -/// } -/// } -/// ``` -/// -/// # Errors -/// -/// Returns [`ProgramError::SyscallError`] if any of the syscalls required to either get -/// next program id, get the program fd, or the [`ProgramInfo`] fail. In cases where -/// iteration can't be performed, for example the caller does not have the necessary privileges, -/// a single item will be yielded containing the error that occurred. -pub fn loaded_programs() -> impl Iterator> { - iter_prog_ids() - .map(|id| { - let id = id?; - bpf_prog_get_fd_by_id(id) - }) - .map(|fd| { - let fd = fd?; - bpf_prog_get_info_by_fd(fd.as_fd(), &mut []) - }) - .map(|result| result.map(ProgramInfo).map_err(Into::into)) -} - // TODO(https://github.com/aya-rs/aya/issues/645): this API is currently used in tests. Stabilize // and remove doc(hidden). #[doc(hidden)] diff --git a/aya/src/sys/bpf.rs b/aya/src/sys/bpf.rs index 058de40e..8d07b70c 100644 --- a/aya/src/sys/bpf.rs +++ b/aya/src/sys/bpf.rs @@ -8,7 +8,7 @@ use std::{ }; use assert_matches::assert_matches; -use libc::{E2BIG, ENOENT, ENOSPC}; +use libc::{ENOENT, ENOSPC}; use obj::{ btf::{BtfEnum64, Enum64}, generated::bpf_stats_type, @@ -32,7 +32,7 @@ use crate::{ }, sys::{syscall, SysResult, Syscall, SyscallError}, util::KernelVersion, - Btf, Pod, VerifierLogLevel, BPF_OBJ_NAME_LEN, + Btf, Pod, VerifierLogLevel, BPF_OBJ_NAME_LEN, FEATURES, }; pub(crate) fn bpf_create_map( @@ -105,6 +105,7 @@ pub(crate) fn bpf_pin_object(fd: BorrowedFd<'_>, path: &CStr) -> SysResult sys_bpf(bpf_cmd::BPF_OBJ_PIN, &mut attr) } +/// Introduced in kernel v4.4. pub(crate) fn bpf_get_object(path: &CStr) -> SysResult { let mut attr = unsafe { mem::zeroed::() }; let u = unsafe { &mut attr.__bindgen_anon_4 }; @@ -548,23 +549,14 @@ pub(crate) fn bpf_prog_get_info_by_fd( fd: BorrowedFd<'_>, map_ids: &mut [u32], ) -> Result { - // Attempt syscall with the map info filled. - let mut info = bpf_obj_get_info_by_fd(fd, |info: &mut bpf_prog_info| { - info.nr_map_ids = map_ids.len() as _; - info.map_ids = map_ids.as_mut_ptr() as _; - }); - // An `E2BIG` error can occur on kernels below v4.15 when handing over a large struct where the // extra space is not all-zero bytes. - if let Err(err) = &info { - if let Some(errno) = &err.io_error.raw_os_error() { - if errno == &E2BIG { - info = bpf_obj_get_info_by_fd(fd, |_| {}); - } + bpf_obj_get_info_by_fd(fd, |info: &mut bpf_prog_info| { + if FEATURES.prog_info_map_ids() { + info.nr_map_ids = map_ids.len() as _; + info.map_ids = map_ids.as_mut_ptr() as _; } - } - - info + }) } /// Introduced in kernel v4.13. @@ -711,6 +703,62 @@ pub(crate) fn is_prog_name_supported() -> bool { bpf_prog_load(&mut attr).is_ok() } +/// Tests whether `nr_map_ids` & `map_ids` fields in `bpf_prog_info` is available. +pub(crate) fn is_info_map_ids_supported() -> bool { + let mut attr = unsafe { mem::zeroed::() }; + let u = unsafe { &mut attr.__bindgen_anon_3 }; + + u.prog_type = bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER as u32; + + let prog: &[u8] = &[ + 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r0 = 0 + 0x95, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // exit + ]; + let insns = copy_instructions(prog).unwrap(); + u.insn_cnt = insns.len() as u32; + u.insns = insns.as_ptr() as u64; + + let gpl = b"GPL\0"; + u.license = gpl.as_ptr() as u64; + + let prog_fd = match bpf_prog_load(&mut attr) { + Ok(fd) => fd, + Err(_) => return false, + }; + bpf_obj_get_info_by_fd(prog_fd.as_fd(), |info: &mut bpf_prog_info| { + info.nr_map_ids = 1 + }) + .is_ok() +} + +/// Tests whether `gpl_compatible` field in `bpf_prog_info` is available. +pub(crate) fn is_info_gpl_compatible_supported() -> bool { + let mut attr = unsafe { mem::zeroed::() }; + let u = unsafe { &mut attr.__bindgen_anon_3 }; + + u.prog_type = bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER as u32; + + let prog: &[u8] = &[ + 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // mov64 r0 = 0 + 0x95, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, // exit + ]; + let insns = copy_instructions(prog).unwrap(); + u.insn_cnt = insns.len() as u32; + u.insns = insns.as_ptr() as u64; + + let gpl = b"GPL\0"; + u.license = gpl.as_ptr() as u64; + + let prog_fd = match bpf_prog_load(&mut attr) { + Ok(fd) => fd, + Err(_) => return false, + }; + if let Ok::(info) = bpf_obj_get_info_by_fd(prog_fd.as_fd(), |_| {}) { + return info.gpl_compatible() != 0; + } + false +} + pub(crate) fn is_probe_read_kernel_supported() -> bool { let mut attr = unsafe { mem::zeroed::() }; let u = unsafe { &mut attr.__bindgen_anon_3 }; diff --git a/test/integration-test/src/tests/info.rs b/test/integration-test/src/tests/info.rs index e44d720d..16770136 100644 --- a/test/integration-test/src/tests/info.rs +++ b/test/integration-test/src/tests/info.rs @@ -1,82 +1,229 @@ //! Tests the Info API. -use std::{fs, time::SystemTime}; +use std::{fs, panic, path::Path, time::SystemTime}; use aya::{ maps::{loaded_maps, MapError}, - programs::{loaded_programs, ProgramError, SocketFilter}, + programs::{loaded_programs, ProgramError, ProgramType, SocketFilter, TracePoint}, + sys::enable_stats, util::KernelVersion, Ebpf, }; -use aya_obj::generated::{bpf_map_type, bpf_prog_type}; +use aya_obj::generated::bpf_map_type; use libc::EINVAL; use crate::utils::{kernel_assert, kernel_assert_eq}; const BPF_JIT_ENABLE: &str = "/proc/sys/net/core/bpf_jit_enable"; +const BPF_STATS_ENABLED: &str = "/proc/sys/kernel/bpf_stats_enabled"; #[test] -fn list_loaded_programs() { - // Kernels below v4.15 have been observed to have `bpf_jit_enable` disabled by default. - let jit_enabled = enable_jit(); - +fn test_loaded_programs() { // Load a program. // Since we are only testing the programs for their metadata, there is no need to "attach" them. let mut bpf = Ebpf::load(crate::SIMPLE_PROG).unwrap(); let prog: &mut SocketFilter = bpf.program_mut("simple_prog").unwrap().try_into().unwrap(); prog.load().unwrap(); + let test_prog = prog.info().unwrap(); - // Ensure the `loaded_programs()` api does not panic and grab the last loaded program in the - // iter, which should be our test program. - let prog = match loaded_programs().last().unwrap() { - Ok(prog) => prog, - Err(err) => { - if let ProgramError::SyscallError(err) = &err { - // Skip entire test since feature not available - if err - .io_error - .raw_os_error() - .is_some_and(|errno| errno == EINVAL) - { - eprintln!("ignoring test completely as `loaded_programs()` is not available on the host"); - return; - } + // Ensure loaded program doesn't panic + let mut programs = loaded_programs().peekable(); + if let Err(err) = programs.peek().unwrap() { + if let ProgramError::SyscallError(err) = &err { + // Skip entire test since feature not available + if err + .io_error + .raw_os_error() + .is_some_and(|errno| errno == EINVAL) + { + eprintln!( + "ignoring test completely as `loaded_programs()` is not available on the host" + ); + return; } - panic!("{err}"); } - }; + panic!("{err}"); + } + + // Loaded programs should contain our test program + let mut programs = programs.filter_map(|prog| prog.ok()); + kernel_assert!( + programs.any(|prog| prog.id() == test_prog.id()), + KernelVersion::new(4, 13, 0) + ); +} + +#[test] +fn test_program_info() { + // Kernels below v4.15 have been observed to have `bpf_jit_enable` disabled by default. + let previously_enabled = is_sysctl_enabled(BPF_JIT_ENABLE); + // Restore to previous state when panic occurs. + let prev_panic = panic::take_hook(); + panic::set_hook(Box::new(move |panic_info| { + if !previously_enabled { + disable_sysctl_param(BPF_JIT_ENABLE); + } + prev_panic(panic_info); + })); + let jit_enabled = previously_enabled || enable_sysctl_param(BPF_JIT_ENABLE); + + let mut bpf = Ebpf::load(crate::SIMPLE_PROG).unwrap(); + let prog: &mut SocketFilter = bpf.program_mut("simple_prog").unwrap().try_into().unwrap(); + prog.load().unwrap(); + let test_prog = prog.info().unwrap(); // Test `bpf_prog_info` fields. kernel_assert_eq!( - bpf_prog_type::BPF_PROG_TYPE_SOCKET_FILTER as u32, - prog.program_type(), + ProgramType::SocketFilter, + test_prog.program_type().unwrap_or(ProgramType::Unspecified), KernelVersion::new(4, 13, 0), ); - kernel_assert!(prog.id() > 0, KernelVersion::new(4, 13, 0)); - kernel_assert!(prog.tag() > 0, KernelVersion::new(4, 13, 0)); + kernel_assert!(test_prog.id().is_some(), KernelVersion::new(4, 13, 0)); + kernel_assert!(test_prog.tag().is_some(), KernelVersion::new(4, 13, 0)); if jit_enabled { - kernel_assert!(prog.size_jitted() > 0, KernelVersion::new(4, 13, 0)); + kernel_assert!( + test_prog.size_jitted().is_some(), + KernelVersion::new(4, 13, 0), + ); } - kernel_assert!(prog.size_translated() > 0, KernelVersion::new(4, 13, 0)); - let uptime = SystemTime::now().duration_since(prog.loaded_at()).unwrap(); - kernel_assert!(uptime.as_nanos() > 0, KernelVersion::new(4, 15, 0)); - let maps = prog.map_ids().unwrap(); - kernel_assert!(maps.is_empty(), KernelVersion::new(4, 15, 0)); - let name = prog.name_as_str().unwrap(); - kernel_assert_eq!("simple_prog", name, KernelVersion::new(4, 15, 0)); - kernel_assert!(prog.gpl_compatible(), KernelVersion::new(4, 18, 0)); kernel_assert!( - prog.verified_instruction_count() > 0, - KernelVersion::new(5, 16, 0) + test_prog.size_translated().is_some(), + KernelVersion::new(4, 13, 0), + ); + kernel_assert!( + test_prog.loaded_at().is_some(), + KernelVersion::new(4, 15, 0), + ); + kernel_assert!( + test_prog.created_by_uid().is_some_and(|uid| uid == 0), + KernelVersion::new(4, 15, 0), + ); + let maps = test_prog.map_ids().unwrap(); + kernel_assert!( + maps.is_some_and(|ids| ids.is_empty()), + KernelVersion::new(4, 15, 0), + ); + kernel_assert!( + test_prog + .name_as_str() + .is_some_and(|name| name == "simple_prog"), + KernelVersion::new(4, 15, 0), + ); + kernel_assert!( + test_prog.gpl_compatible().is_some_and(|gpl| gpl), + KernelVersion::new(4, 18, 0), + ); + kernel_assert!( + test_prog.verified_instruction_count().is_some(), + KernelVersion::new(5, 16, 0), ); // We can't reliably test these fields since `0` can be interpreted as the actual value or // unavailable. - prog.btf_id(); + test_prog.btf_id(); // Ensure rest of the fields do not panic. - prog.memory_locked().unwrap(); - prog.fd().unwrap(); + test_prog.memory_locked().unwrap(); + test_prog.fd().unwrap(); + + // Restore to previous state + if !previously_enabled { + disable_sysctl_param(BPF_JIT_ENABLE); + } +} + +#[test] +fn test_loaded_at() { + let mut bpf: Ebpf = Ebpf::load(crate::SIMPLE_PROG).unwrap(); + let prog: &mut SocketFilter = bpf.program_mut("simple_prog").unwrap().try_into().unwrap(); + + // SystemTime is not monotonic, which can cause this test to flake. We don't expect the clock + // timestamp to continuously jump around, so we add some retries. If the test is ever correct, + // we know that the value returned by loaded_at() was reasonable relative to SystemTime::now(). + let mut failures = Vec::new(); + for _ in 0..5 { + let t1 = SystemTime::now(); + prog.load().unwrap(); + + let t2 = SystemTime::now(); + let loaded_at = match prog.info().unwrap().loaded_at() { + Some(time) => time, + None => { + eprintln!("ignoring test completely as `load_time` field of `bpf_prog_info` is not available on the host"); + return; + } + }; + prog.unload().unwrap(); + + let range = t1..t2; + if range.contains(&loaded_at) { + failures.clear(); + break; + } + failures.push(LoadedAtRange(loaded_at, range)); + } + assert!( + failures.is_empty(), + "loaded_at was not in range: {failures:?}", + ); + + struct LoadedAtRange(SystemTime, std::ops::Range); + impl std::fmt::Debug for LoadedAtRange { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + let Self(loaded_at, range) = self; + write!(f, "{range:?}.contains({loaded_at:?})") + } + } +} + +#[test] +fn test_prog_stats() { + // Test depends on whether trace point exists. + if !Path::new("/sys/kernel/debug/tracing/events/syscalls/sys_enter_bpf").exists() { + eprintln!( + "ignoring test completely as `syscalls/sys_enter_bpf` is not available on the host" + ); + return; + } + + let stats_fd = enable_stats(aya::sys::Stats::RunTime).ok(); + // Restore to previous state when panic occurs. + let previously_enabled = is_sysctl_enabled(BPF_STATS_ENABLED); + let prev_panic = panic::take_hook(); + panic::set_hook(Box::new(move |panic_info| { + if !previously_enabled { + disable_sysctl_param(BPF_STATS_ENABLED); + } + prev_panic(panic_info); + })); + + let stats_enabled = + stats_fd.is_some() || previously_enabled || enable_sysctl_param(BPF_STATS_ENABLED); + if !stats_enabled { + eprintln!("ignoring test completely as bpf stats could not be enabled on the host"); + return; + } + + let mut bpf = Ebpf::load(crate::TEST).unwrap(); + let prog: &mut TracePoint = bpf + .program_mut("test_tracepoint") + .unwrap() + .try_into() + .unwrap(); + prog.load().unwrap(); + prog.attach("syscalls", "sys_enter_bpf").unwrap(); + let test_prog = prog.info().unwrap(); + + kernel_assert!( + test_prog.run_time().as_nanos() > 0, + KernelVersion::new(5, 1, 0) + ); + kernel_assert!(test_prog.run_count() > 0, KernelVersion::new(5, 1, 0)); + + // Restore to previous state + if !previously_enabled { + disable_sysctl_param(BPF_STATS_ENABLED); + } } #[test] @@ -108,19 +255,22 @@ fn list_loaded_maps() { // There's not a good way to extract our maps of interest with load order being // non-deterministic. Since we are trying to be more considerate of older kernels, we should // only rely on v4.13 feats. - // Expected sort order should be: `BAR`, `aya_global` (if ran local), `FOO` + // Expected sort order should be: `BAR`, `aya_global` (if avail), `FOO` maps.sort_unstable_by_key(|m| (m.map_type(), m.id())); // Ensure program has the 2 maps. if let Ok(info) = prog.info() { let map_ids = info.map_ids().unwrap(); - kernel_assert_eq!(2, map_ids.len(), KernelVersion::new(4, 15, 0)); + kernel_assert!(map_ids.is_some(), KernelVersion::new(4, 15, 0)); - for id in map_ids.iter() { - assert!( - maps.iter().any(|m| m.id() == *id), - "expected `loaded_maps()` to have `map_ids` from program" - ); + if let Some(map_ids) = map_ids { + assert_eq!(2, map_ids.len()); + for id in map_ids.iter() { + assert!( + maps.iter().any(|m| m.id() == id.get()), + "expected `loaded_maps()` to have `map_ids` from program" + ); + } } } @@ -164,18 +314,20 @@ fn list_loaded_maps() { array.fd().unwrap(); } -/// Enable program to be JIT-compiled if not already enabled. -fn enable_jit() -> bool { - match fs::read_to_string(BPF_JIT_ENABLE) { - Ok(contents) => { - if contents.chars().next().is_some_and(|c| c == '0') { - let failed = fs::write(BPF_JIT_ENABLE, b"1").is_err(); - if failed { - return false; - } - } - true - } +/// Whether sysctl parameter is enabled in the `/proc` file. +fn is_sysctl_enabled(path: &str) -> bool { + match fs::read_to_string(path) { + Ok(contents) => contents.chars().next().is_some_and(|c| c == '1'), Err(_) => false, } } + +/// Enable sysctl parameter through procfs. +fn enable_sysctl_param(path: &str) -> bool { + fs::write(path, b"1").is_ok() +} + +/// Disable sysctl parameter through procfs. +fn disable_sysctl_param(path: &str) -> bool { + fs::write(path, b"0").is_ok() +} diff --git a/test/integration-test/src/tests/load.rs b/test/integration-test/src/tests/load.rs index 8ff13757..60025092 100644 --- a/test/integration-test/src/tests/load.rs +++ b/test/integration-test/src/tests/load.rs @@ -1,10 +1,4 @@ -use std::{ - convert::TryInto as _, - fs::remove_file, - path::Path, - thread, - time::{Duration, SystemTime}, -}; +use std::{convert::TryInto as _, fs::remove_file, path::Path, thread, time::Duration}; use aya::{ maps::Array, @@ -144,7 +138,7 @@ fn poll_loaded_program_id(name: &str) -> impl Iterator> + '_ // program in the middle of a `loaded_programs()` call. loaded_programs() .filter_map(|prog| prog.ok()) - .find_map(|prog| (prog.name() == name.as_bytes()).then(|| prog.id())) + .find_map(|prog| (prog.name() == name.as_bytes()).then(|| prog.id().unwrap().get())) }) } @@ -221,42 +215,6 @@ fn unload_xdp() { assert_unloaded("pass"); } -#[test] -fn test_loaded_at() { - let mut bpf = Ebpf::load(crate::TEST).unwrap(); - let prog: &mut Xdp = bpf.program_mut("pass").unwrap().try_into().unwrap(); - - // SystemTime is not monotonic, which can cause this test to flake. We don't expect the clock - // timestamp to continuously jump around, so we add some retries. If the test is ever correct, - // we know that the value returned by loaded_at() was reasonable relative to SystemTime::now(). - let mut failures = Vec::new(); - for _ in 0..5 { - let t1 = SystemTime::now(); - prog.load().unwrap(); - let t2 = SystemTime::now(); - let loaded_at = prog.info().unwrap().loaded_at(); - prog.unload().unwrap(); - let range = t1..t2; - if range.contains(&loaded_at) { - failures.clear(); - break; - } - failures.push(LoadedAtRange(loaded_at, range)); - } - assert!( - failures.is_empty(), - "loaded_at was not in range: {failures:?}", - ); - - struct LoadedAtRange(SystemTime, std::ops::Range); - impl std::fmt::Debug for LoadedAtRange { - fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { - let Self(loaded_at, range) = self; - write!(f, "{range:?}.contains({loaded_at:?})") - } - } -} - #[test] fn unload_kprobe() { let mut bpf = Ebpf::load(crate::TEST).unwrap(); diff --git a/xtask/public-api/aya-obj.txt b/xtask/public-api/aya-obj.txt index 5014c91c..f46d106f 100644 --- a/xtask/public-api/aya-obj.txt +++ b/xtask/public-api/aya-obj.txt @@ -7109,6 +7109,8 @@ pub fn aya_obj::Features::bpf_probe_read_kernel(&self) -> bool pub fn aya_obj::Features::btf(&self) -> core::option::Option<&aya_obj::btf::BtfFeatures> pub fn aya_obj::Features::cpumap_prog_id(&self) -> bool pub fn aya_obj::Features::devmap_prog_id(&self) -> bool +pub fn aya_obj::Features::prog_info_gpl_compatible(&self) -> bool +pub fn aya_obj::Features::prog_info_map_ids(&self) -> bool impl core::default::Default for aya_obj::Features pub fn aya_obj::Features::default() -> aya_obj::Features impl core::fmt::Debug for aya_obj::Features @@ -7967,6 +7969,8 @@ pub fn aya_obj::Features::bpf_probe_read_kernel(&self) -> bool pub fn aya_obj::Features::btf(&self) -> core::option::Option<&aya_obj::btf::BtfFeatures> pub fn aya_obj::Features::cpumap_prog_id(&self) -> bool pub fn aya_obj::Features::devmap_prog_id(&self) -> bool +pub fn aya_obj::Features::prog_info_gpl_compatible(&self) -> bool +pub fn aya_obj::Features::prog_info_map_ids(&self) -> bool impl core::default::Default for aya_obj::Features pub fn aya_obj::Features::default() -> aya_obj::Features impl core::fmt::Debug for aya_obj::Features diff --git a/xtask/public-api/aya.txt b/xtask/public-api/aya.txt index 0f46ef74..b26f09d0 100644 --- a/xtask/public-api/aya.txt +++ b/xtask/public-api/aya.txt @@ -6644,7 +6644,7 @@ impl aya::programs::Program pub fn aya::programs::Program::fd(&self) -> core::result::Result<&aya::programs::ProgramFd, aya::programs::ProgramError> pub fn aya::programs::Program::info(&self) -> core::result::Result pub fn aya::programs::Program::pin>(&mut self, path: P) -> core::result::Result<(), aya::pin::PinError> -pub fn aya::programs::Program::prog_type(&self) -> aya_obj::generated::linux_bindings_x86_64::bpf_prog_type +pub fn aya::programs::Program::prog_type(&self) -> aya::programs::ProgramType pub fn aya::programs::Program::unload(self) -> core::result::Result<(), aya::programs::ProgramError> impl core::fmt::Debug for aya::programs::Program pub fn aya::programs::Program::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result @@ -6892,6 +6892,79 @@ impl core::borrow::BorrowMut for aya::programs::ProgramError where T: core pub fn aya::programs::ProgramError::borrow_mut(&mut self) -> &mut T impl core::convert::From for aya::programs::ProgramError pub fn aya::programs::ProgramError::from(t: T) -> T +#[non_exhaustive] pub enum aya::programs::ProgramType +pub aya::programs::ProgramType::CgroupDevice = 15 +pub aya::programs::ProgramType::CgroupSkb = 8 +pub aya::programs::ProgramType::CgroupSock = 9 +pub aya::programs::ProgramType::CgroupSockAddr = 18 +pub aya::programs::ProgramType::CgroupSockopt = 25 +pub aya::programs::ProgramType::CgroupSysctl = 23 +pub aya::programs::ProgramType::Extension = 28 +pub aya::programs::ProgramType::FlowDissector = 22 +pub aya::programs::ProgramType::KProbe = 2 +pub aya::programs::ProgramType::LircMode2 = 20 +pub aya::programs::ProgramType::Lsm = 29 +pub aya::programs::ProgramType::LwtInput = 10 +pub aya::programs::ProgramType::LwtOutput = 11 +pub aya::programs::ProgramType::LwtSeg6local = 19 +pub aya::programs::ProgramType::LwtXmit = 12 +pub aya::programs::ProgramType::Netfilter = 32 +pub aya::programs::ProgramType::PerfEvent = 7 +pub aya::programs::ProgramType::RawTracePoint = 17 +pub aya::programs::ProgramType::RawTracePointWritable = 24 +pub aya::programs::ProgramType::SchedAction = 4 +pub aya::programs::ProgramType::SchedClassifier = 3 +pub aya::programs::ProgramType::SkLookup = 30 +pub aya::programs::ProgramType::SkMsg = 16 +pub aya::programs::ProgramType::SkReuseport = 21 +pub aya::programs::ProgramType::SkSkb = 14 +pub aya::programs::ProgramType::SockOps = 13 +pub aya::programs::ProgramType::SocketFilter = 1 +pub aya::programs::ProgramType::StructOps = 27 +pub aya::programs::ProgramType::Syscall = 31 +pub aya::programs::ProgramType::TracePoint = 5 +pub aya::programs::ProgramType::Tracing = 26 +pub aya::programs::ProgramType::Unspecified = 0 +pub aya::programs::ProgramType::Xdp = 6 +impl core::clone::Clone for aya::programs::ProgramType +pub fn aya::programs::ProgramType::clone(&self) -> aya::programs::ProgramType +impl core::cmp::PartialEq for aya::programs::ProgramType +pub fn aya::programs::ProgramType::eq(&self, other: &aya::programs::ProgramType) -> bool +impl core::convert::TryFrom for aya::programs::ProgramType +pub type aya::programs::ProgramType::Error = aya::programs::ProgramError +pub fn aya::programs::ProgramType::try_from(prog_type: aya_obj::generated::linux_bindings_x86_64::bpf_prog_type) -> core::result::Result +impl core::fmt::Debug for aya::programs::ProgramType +pub fn aya::programs::ProgramType::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result +impl core::marker::Copy for aya::programs::ProgramType +impl core::marker::StructuralPartialEq for aya::programs::ProgramType +impl core::marker::Freeze for aya::programs::ProgramType +impl core::marker::Send for aya::programs::ProgramType +impl core::marker::Sync for aya::programs::ProgramType +impl core::marker::Unpin for aya::programs::ProgramType +impl core::panic::unwind_safe::RefUnwindSafe for aya::programs::ProgramType +impl core::panic::unwind_safe::UnwindSafe for aya::programs::ProgramType +impl core::convert::Into for aya::programs::ProgramType where U: core::convert::From +pub fn aya::programs::ProgramType::into(self) -> U +impl core::convert::TryFrom for aya::programs::ProgramType where U: core::convert::Into +pub type aya::programs::ProgramType::Error = core::convert::Infallible +pub fn aya::programs::ProgramType::try_from(value: U) -> core::result::Result>::Error> +impl core::convert::TryInto for aya::programs::ProgramType where U: core::convert::TryFrom +pub type aya::programs::ProgramType::Error = >::Error +pub fn aya::programs::ProgramType::try_into(self) -> core::result::Result>::Error> +impl alloc::borrow::ToOwned for aya::programs::ProgramType where T: core::clone::Clone +pub type aya::programs::ProgramType::Owned = T +pub fn aya::programs::ProgramType::clone_into(&self, target: &mut T) +pub fn aya::programs::ProgramType::to_owned(&self) -> T +impl core::any::Any for aya::programs::ProgramType where T: 'static + core::marker::Sized +pub fn aya::programs::ProgramType::type_id(&self) -> core::any::TypeId +impl core::borrow::Borrow for aya::programs::ProgramType where T: core::marker::Sized +pub fn aya::programs::ProgramType::borrow(&self) -> &T +impl core::borrow::BorrowMut for aya::programs::ProgramType where T: core::marker::Sized +pub fn aya::programs::ProgramType::borrow_mut(&mut self) -> &mut T +impl core::clone::CloneToUninit for aya::programs::ProgramType where T: core::clone::Clone +pub unsafe fn aya::programs::ProgramType::clone_to_uninit(&self, dst: *mut T) +impl core::convert::From for aya::programs::ProgramType +pub fn aya::programs::ProgramType::from(t: T) -> T pub enum aya::programs::SamplePolicy pub aya::programs::SamplePolicy::Frequency(u64) pub aya::programs::SamplePolicy::Period(u64) @@ -7913,22 +7986,23 @@ pub fn aya::programs::ProgramFd::from(t: T) -> T pub struct aya::programs::ProgramInfo(_) impl aya::programs::ProgramInfo pub fn aya::programs::ProgramInfo::btf_id(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::created_by_uid(&self) -> core::option::Option pub fn aya::programs::ProgramInfo::fd(&self) -> core::result::Result pub fn aya::programs::ProgramInfo::from_pin>(path: P) -> core::result::Result -pub fn aya::programs::ProgramInfo::gpl_compatible(&self) -> bool -pub fn aya::programs::ProgramInfo::id(&self) -> u32 -pub fn aya::programs::ProgramInfo::loaded_at(&self) -> std::time::SystemTime -pub fn aya::programs::ProgramInfo::map_ids(&self) -> core::result::Result, aya::programs::ProgramError> +pub fn aya::programs::ProgramInfo::gpl_compatible(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::id(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::loaded_at(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::map_ids(&self) -> core::result::Result>, aya::programs::ProgramError> pub fn aya::programs::ProgramInfo::memory_locked(&self) -> core::result::Result pub fn aya::programs::ProgramInfo::name(&self) -> &[u8] pub fn aya::programs::ProgramInfo::name_as_str(&self) -> core::option::Option<&str> -pub fn aya::programs::ProgramInfo::program_type(&self) -> u32 +pub fn aya::programs::ProgramInfo::program_type(&self) -> core::result::Result pub fn aya::programs::ProgramInfo::run_count(&self) -> u64 pub fn aya::programs::ProgramInfo::run_time(&self) -> core::time::Duration -pub fn aya::programs::ProgramInfo::size_jitted(&self) -> u32 -pub fn aya::programs::ProgramInfo::size_translated(&self) -> u32 -pub fn aya::programs::ProgramInfo::tag(&self) -> u64 -pub fn aya::programs::ProgramInfo::verified_instruction_count(&self) -> u32 +pub fn aya::programs::ProgramInfo::size_jitted(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::size_translated(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::tag(&self) -> core::option::Option +pub fn aya::programs::ProgramInfo::verified_instruction_count(&self) -> core::option::Option impl core::fmt::Debug for aya::programs::ProgramInfo pub fn aya::programs::ProgramInfo::fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result impl core::marker::Freeze for aya::programs::ProgramInfo @@ -9093,7 +9167,6 @@ impl aya::Pod for u8 impl aya::Pod for aya::maps::lpm_trie::Key impl aya::Pod for [T; N] pub fn aya::features() -> &'static aya_obj::obj::Features -pub fn aya::loaded_programs() -> impl core::iter::traits::iterator::Iterator> pub type aya::Bpf = aya::Ebpf pub type aya::BpfError = aya::EbpfError pub type aya::BpfLoader<'a> = aya::EbpfLoader<'a>