yanguangshaonian
/
aya
mirror of https://github.com/aya-rs/aya
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
724 Commits
8 Branches
29 Tags
32 MiB
main
pr/Billy99/974
linker-bindep
fix-verifier-blixt
revert-461-main
gh-pages
ci
perf-event
aya-log-ebpf-v0.1.0
aya-log-ebpf-macros-v0.1.0
aya-log-parser-v0.1.13
aya-ebpf-v0.1.0
aya-ebpf-macros-v0.1.0
aya-ebpf-bindings-v0.1.0
aya-ebpf-cty-v0.2.1
aya-log-v0.2.0
aya-log-common-v0.1.14
aya-v0.12.0
aya-obj-v0.1.0
aya-log-common-v0.1.13
aya-log-v0.1.13
aya-log-common-v0.1.11
aya-log-v0.1.11
aya-log-common-v0.1.10
aya-log-v0.1.10
aya-v0.11.0
aya-log-common-v0.1.9
aya-log-v0.1.9
aya-v0.10.7
aya-v0.10.6
aya-log-v0.1.1
aya-v0.10.5
aya-v0.10.4
aya-v0.10.3
aya-v0.10.2
aya-v0.10.1
aya-v0.10.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9ee27765a6'
${ noResults }
Commit Graph

724 Commits (9ee27765a6756d5c02bb41e11bed0fa83e642e9a)
 

Author SHA1 Message Date
Matthias Einwag 9ee27765a6 Userspace symbol resolving via addr2line 
This change implements additional symbol resolving for stack traces, which
improve the support for userspace stack traces.

A challenge with the stack traces obtained via ebpf is that they just contain
a raw address inside the virtual memory space of the process, which
requires some extra steps to be translated into a function name. This change
provides most of the infrastructure to provide the translation via a `DefaultResolver`
type which can resolve both kernelspace and userspace functions based on
a PID and address. In addition in adds a `SymbolResolver` trait that allows to customize
resolving behavior and extend it further.

I originally looked into just using the [StackTrace::resolve](https://docs.rs/aya/0.11.0/aya/maps/stack_trace/struct.StackTrace.html#method.resolve)
function. However I noticed that the information that is at the moment stored
in the StackTrace struct is not sufficient for resolving, e.g. due to missing the PID
and being unable to account for the virtual -> physical memory address translation.
Therefore this change uses a new resolver infrastructure.

Usage via a suitable EBPF program that sends stack traces and process IDs:

```rust

/// The BPF program populates this Queue with the process ID, kernel-space and user-space
/// stack trace IDs.
/// The former can be obtained via `bpf_get_current_pid_tgid()`, the stack
/// traces via `aya_bpf::maps::StackTrace`.
let mut stacks = Queue::<_, [u64; 3]>::try_from(bpf.map_mut("STACKS")?)?;
let stack_traces = StackTraceMap::try_from(bpf.map_mut("STACK_TRACES")?)?;
let resolver = DefaultResolver::new().unwrap();

loop {
    match stacks.pop(0) {
        Ok([pid_tgid, ktrace_id, utrace_id]) => {
            let tgid = pid_tgid & 0xFFFFFFFF;

            if let Ok(trace) = stack_traces.get(&(ktrace_id as u32), 0) {
                for f in trace.frames() {
                    let mut symbol = SymbolInfo::unresolved_kernel(f.ip);
                    resolver.resolve(&mut symbol);
                    println!("Resolved kernel address: 0x{:x} to {:?}", f.ip, symbol);
                }
            }

            if let Ok(trace) = stack_traces.get(&(utrace_id as u32), 0) {
                for f in trace.frames() {
                    let mut symbol = SymbolInfo::unresolved_user(tgid as _, f.ip);
                    resolver.resolve(&mut symbol);
                    info!("Resolved pid {}, address: 0x{:x} to {:?}", tgid, f.ip, symbol);
                }
            }
        }
    }
}
```

BPF code:
```rust
static STACK_TRACES: StackTrace = StackTrace::with_max_entries(10, 0);

static STACKS: Queue<[u64; 3]> = Queue::with_max_entries(1024, 0);

pub fn testprobe(ctx: ProbeContext) -> u32 {
    unsafe {
        let pid_tgid = bpf_get_current_pid_tgid();
        let ustack = STACK_TRACES.get_stackid(&ctx, BPF_F_USER_STACK as _);
        let kstack = STACK_TRACES.get_stackid(&ctx, 0);

        match (kstack, ustack) {
            (Ok(kstack), Ok(ustack)) => {
                if let Err(e) = STACKS.push(&[pid_tgid, kstack as _, ustack as _], 0) {
                    info!(&ctx, "Error pushing stack: {}", e);
                }
            },
            _ => {}
        }

        0
    }
}
```

Output when fetching stack traces of a kprobe on `sendmmsg` on a test program:
```
Resolved kernel address: 0xffffffff81a62691 to SymbolInfo { virtual_address: 18446744071589734033, object_address: Some(18446744071589734033), process_id: None, function_name: Some("__sys_sendmmsg"), object_path: None }
Resolved kernel address: 0xffffffff81a62870 to SymbolInfo { virtual_address: 18446744071589734512, object_address: Some(18446744071589734512), process_id: None, function_name: Some("__x64_sys_sendmmsg"), object_path: None }
Resolved kernel address: 0xffffffff81da30a3 to SymbolInfo { virtual_address: 18446744071593144483, object_address: Some(18446744071593144483), process_id: None, function_name: Some("do_syscall_64"), object_path: None }
Resolved kernel address: 0xffffffff81e0007c to SymbolInfo { virtual_address: 18446744071593525372, object_address: Some(18446744071593525372), process_id: None, function_name: Some("entry_SYSCALL_64_after_hwframe"), object_path: None }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x7fccf3b2adee to SymbolInfo { virtual_address: 140518238629358, object_address: Some(1195502), process_id: Some(22158), function_name: None, object_path: Some("/usr/lib/x86_64-linux-gnu/libc-2.31.so") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570cd66cc to SymbolInfo { virtual_address: 94856245241548, object_address: Some(947916), process_id: Some(22158), function_name: Some("tokio::io::async_fd::AsyncFdReadyGuard<Inner>::try_io"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570cd43e6 to SymbolInfo { virtual_address: 94856245232614, object_address: Some(938982), process_id: Some(22158), function_name: Some("quinn_udp:👿:UdpSocket::poll_send"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570ccd31f to SymbolInfo { virtual_address: 94856245203743, object_address: Some(910111), process_id: Some(22158), function_name: Some("<quinn::endpoint::EndpointDriver as core::future::future::Future>::poll"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570cc2400 to SymbolInfo { virtual_address: 94856245158912, object_address: Some(865280), process_id: Some(22158), function_name: Some("<core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570cd0e8d to SymbolInfo { virtual_address: 94856245218957, object_address: Some(925325), process_id: Some(22158), function_name: Some("tokio::runtime::task::harness::poll_future"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570cd160a to SymbolInfo { virtual_address: 94856245220874, object_address: Some(927242), process_id: Some(22158), function_name: Some("tokio::runtime::task::harness::Harness<T,S>::poll"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c6ef25 to SymbolInfo { virtual_address: 94856244817701, object_address: Some(524069), process_id: Some(22158), function_name: Some("std:🧵:local::LocalKey<T>::with"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c7e505 to SymbolInfo { virtual_address: 94856244880645, object_address: Some(587013), process_id: Some(22158), function_name: Some("tokio::runtime::basic_scheduler::Context::run_task"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c7b2fa to SymbolInfo { virtual_address: 94856244867834, object_address: Some(574202), process_id: Some(22158), function_name: Some("tokio::macros::scoped_tls::ScopedKey<T>::set"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c7de7c to SymbolInfo { virtual_address: 94856244878972, object_address: Some(585340), process_id: Some(22158), function_name: Some("tokio::runtime::basic_scheduler::BasicScheduler::block_on"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c75a3d to SymbolInfo { virtual_address: 94856244845117, object_address: Some(551485), process_id: Some(22158), function_name: Some("tokio::runtime::Runtime::block_on"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c5c597 to SymbolInfo { virtual_address: 94856244741527, object_address: Some(447895), process_id: Some(22158), function_name: Some("std::sys_common::backtrace::__rust_begin_short_backtrace"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570c59d44 to SymbolInfo { virtual_address: 94856244731204, object_address: Some(437572), process_id: Some(22158), function_name: Some("core::ops::function::FnOnce::call_once{{vtable.shim}}"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
02:46:16 [INFO] ayatest: [ayatest/src/main.rs:98] Resolved pid 22158, address: 0x564570ecc763 to SymbolInfo { virtual_address: 94856247297891, object_address: Some(3004259), process_id: Some(22158), function_name: Some("std::sys::unix:🧵:Thread:🆕:thread_start"), object_path: Some("/mnt/c/Users/matth/Code/rust/quinn/target/release/bulk") }
```
 2 years ago
Michal Rostecki d968094b66
Merge pull request #353 from vadorovsky/log-remove-u128 
aya-log: Remove i128 and u128 types
 2 years ago
Michal Rostecki 611f967cd1 aya-log: Remove i128 and u128 types 
They are not supported by eBPF VM and we are going to use arrays for
IPv6.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Michal Rostecki f37a51433f
Merge pull request #350 from dave-tucker/monorepo 
Bring aya-log into aya, creating a Monorepo
 2 years ago
Dave Tucker 6ab7148731 bpf: Only use never type with rust nightly 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker c9e70a8758 aya: Fix rlimit warning on for 32bit systems 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker dc31e11691 Re-organize into a single workspace 
This commit moves the aya-log projects from the subtree and adds them to
the main cargo workspace. It also brings the BPF crates into the
workspace and moves the macro crates up a level since they aren't BPF
code.

Miri was disabled for aya-bpf as the previous config wasn't actually
checking anything.

CI, clippy, fmt and release configurations have all been adjusted
appropriately.

CI was not properly running for other supported arches which was also
ixed here.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Michal Rostecki 28abaece2a Fix the log buffer bounds 
Change 821ba0b243fd removed the `size > buf.len()` check, which was a
mistake, because we might write to a subslice of the whole buffer, so
then `buf` can be lower than `LOG_BUF_CAPACITY`.

This change compares `size` with `min::(buf.len(), LOG_BUF_CAPACITY)`
instead.

Fixes: 821ba0b243fd ("Ensure log buffer bounds")
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Michal Rostecki 2e0702854b Ensure log buffer bounds 
This change adds checks in `TagLenValue.write()` to ensure that the size
of written data doesn't exceed the buffer size.

Verifier in recent kernel versions requires the bound to be a constant
value, so using `buf.len()` does not work.

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Alessandro Decina 6aea880890 ebpf: use new PerCpuArray::get_ptr_mut API 2 years ago
Dave Tucker 526493b444 aya-log, aya-log-common: start next development iteration 0.1.11-dev.0 2 years ago
Dave Tucker 3abd97307e aya-log, aya-log-common: release version 0.1.10 2 years ago
dependabot[bot] 060ba45153 Update aya requirement from 0.10.7 to 0.11.0 
Updates the requirements on [aya](https://github.com/aya-rs/aya) to permit the latest version.
- [Release notes](https://github.com/aya-rs/aya/releases)
- [Commits](https://github.com/aya-rs/aya/compare/aya-v0.10.7...aya-v0.11.0)

---
updated-dependencies:
- dependency-name: aya
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Dave Tucker 0038b43627 Add CI 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker c1bb790c0d Add vim/vscode rust-analyzer settings 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker 3f0085195f Add rustfmt.toml 
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker 5789585994 ebpf: Add example 
This ensures that macro expansion works properly and that expanded code
compiles

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Dave Tucker 5d82d9a73e Add Tests 
This moves a large chunk of code from ebpf to shared so we can re-use
write_record_header and write_record_message and friends so that we
can write test cases to ensure that logs are properly formatted
given certain input.

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
 2 years ago
Michal Rostecki 628b473e09 ebpf: Ensure the bounds of log buffer 
eBPF verifier rejects programs which are not checking the bounds of the
log buffer before writing any arguments. This change ensures that
written log arguments.

In practice, it means that doing this kind of checks is not going to be
needed in eBPF program code anymore:

33a1aee2ea/echo-ebpf/src/main.rs (L47)

Tested on:

876f8b4551

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Michal Rostecki 70b4e68130 common: Bump the buffer size 
1024 is too small for many kernel string limits (i.e. PATH_MAX, which is
4096).

Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Alessandro Decina bd9a5c8fdf aya-log, aya-log-common: start next development iteration 0.1.10-dev.0 2 years ago
Alessandro Decina 8bc1bbb3ab aya-log, aya-log-common: release version 0.1.9 2 years ago
Alessandro Decina a8d133f6b0 Add cargo-release config 2 years ago
Alessandro Decina d1a0ce51ee xtask: do not release 2 years ago
Alessandro Decina c4d89fa13c aya-log: use stricter version for the aya-log-common dep 2 years ago
Alessandro Decina bdb2750e66 ebpf: inline write_record_header 
This seems to help the verifier keep track of where we're writing into
LOG_BUF
 2 years ago
Michal Rostecki 81befa0661 Update aya to 0.10.7 
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
 2 years ago
Michal Rostecki ca1fe7e05f Format arguments in userspace 
This change moves away argument formatting from eBPF to the userspace.
eBPF part of aya-log writes unformatted log message and all arguments to
the perf buffer and the userspace part of aya-log is formatting the
message after receiving all arguments.

Aya-based project to test this change:

https://github.com/vadorovsky/aya-log-example

Fixes: #4
Signed-off-by: Michal Rostecki <vadorovsky@gmail.com>
Signed-off-by: Tuetuopay <tuetuopay@me.com>
Co-authored-by: Tuetuopay <tuetuopay@me.com>
 2 years ago
Alessandro Decina 9b229d00e1 Don't recompute the record length 2 years ago
Alessandro Decina 7f8d7057df ebpf: initialize AYA_LOGS with max_entries=0 
This way aya will create one perf buffer for each cpu
 2 years ago
Alessandro Decina 2800454763 Fix clippy warning 2 years ago
Alessandro Decina 8bde15dad7 Add copy of README.md inside aya-log/ 
Needed for crates.io
 2 years ago
Alessandro Decina 5e18a715b2 Add missing manifest fields 2 years ago
Alessandro Decina 31e71f8db5 (cargo-release) version 0.1.1 2 years ago
Alessandro Decina 29955b2287 (cargo-release) version 0.1.1 2 years ago
Alessandro Decina 6d14a16d8e git add .cargo and xtask 2 years ago
Alessandro Decina cced3da5c8 Update to aya 0.10.5 2 years ago
Alessandro Decina 9ab9c80183 Simplify BpfLogger::init 
Make BpfLogger::init(bpf) log using the default logger. Add
BpfLoger::init_with_logger(bpf, logger) for logging using a custom
logger instance.
 2 years ago
Alessandro Decina 2ac433449c Minor tweaks to make the verifier's job easier 2 years ago
Alessandro Decina b14d4bab2f Switch to aya-ufmt 2 years ago
Alessandro Decina 22d8f86fbb Use aya_bpf::maps::PerfEventByteArray to output logs 2 years ago
Alessandro Decina 741957f945 Use aya_log_ebpf::ufmt instead of ::ufmt 2 years ago
Alessandro Decina 0d7ac3eb3e Add ufmt to readme 2 years ago
Alessandro Decina 5df853cfb0 Update readme 2 years ago
Alessandro Decina b29a061bce Initial commit 2 years ago
Alessandro Decina f9588a9daa
Merge pull request #348 from athre0z/printk 
bpf: add `bpf_printk!` helper
 2 years ago
Joel Höner bfb5536f12 bpf: avoid stack-alloc for `fmt` in `bpf_printk!` 2 years ago
Joel Höner da13143c05 bpf: add `bpf_printk!` helper 
The `bpf_printk!` macro is a helper providing a convenient way to invoke the
`bpf_trace_printk` and `bpf_trace_vprintk` BPF helpers. It is implemented as
a macro because it requires variadic arguments.
 2 years ago
Michal Rostecki 6c9d814860
Merge pull request #345 from vadorovsky/bpf-get-current-comm-u8 
bpf: Change the result type of bpf_get_current_comm helper
 2 years ago
Dave Tucker 73ee3cff70
Merge pull request #140 from dave-tucker/btf-maps 
Support Parsing of BTF Maps
 2 years ago