Skip to content

cleanup: drop capture_enabled flag from driver #709

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
poiana merged 15 commits into from
Nov 22, 2022
Merged

cleanup: drop capture_enabled flag from driver #709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ec5f938
cleanup(driver,userspace/libscap): drop `capture_enabled` flag in bpf…
FedeDP Nov 8, 2022
d9bfc46
cleanup(userspace/libscap): attach requested tracepoints when the eng…
FedeDP Nov 8, 2022
81612b0
cleanup(userspace/libscap): fixed userspace for bpf and kmod.
FedeDP Nov 8, 2022
536f8da
cleanup(driver/modern_bpf,test,userspace/libscap,userspace/libpman): …
FedeDP Nov 8, 2022
0f974e3
cleanup(userspace/libscap): define SCAP_HANDLE_T on source files, nev…
FedeDP Nov 8, 2022
a97a843
fix(userspace/libscap): fixed dynamic tracepoints for bpf engine.
FedeDP Nov 8, 2022
07f8a6c
fix(test/modern_bpf): fixed modern bpf tests.
FedeDP Nov 9, 2022
214c29d
cleanup(driver): dropped `capture_enabled` flag in kmod.
FedeDP Nov 9, 2022
10637bf
update(driver,userspace/libscap): bump driver API_VERSION and scap mi…
FedeDP Nov 10, 2022
4cde43f
fix(driver): fix consumer numeric id retrieval.
FedeDP Nov 10, 2022
060fb1c
chore(libscap): be safer while destroying ELF data in bpf engine.
FedeDP Nov 10, 2022
ab9ad3f
chore(driver): moved back force_tp_set and compat_set_tracepoint to t…
FedeDP Nov 11, 2022
4a30a9e
chore(driver): make force_tp_set as robust as possible.
FedeDP Nov 14, 2022
6a3e413
update: refactor tests
Andreagit97 Nov 17, 2022
7e391c5
cleanup: remove some compilation warning
Andreagit97 Nov 17, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion driver/API_VERSION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.0.0
3.0.0
Copy link
Contributor Author

@FedeDP FedeDP Nov 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We changed how scap tells drivers to start/stop the capture.

6 changes: 5 additions & 1 deletion driver/bpf/plumbing_helpers.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -528,9 +528,9 @@ static __always_inline void reset_tail_ctx(struct scap_bpf_per_cpu_state *state,
static __always_inline void call_filler(void *ctx,
void *stack_ctx,
enum ppm_event_type evt_type,
struct scap_bpf_settings *settings,
enum syscall_flags drop_flags)
{
struct scap_bpf_settings *settings;
Copy link
Contributor Author

@FedeDP FedeDP Nov 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved the retrieval of bpf settings down to call_filler as it is now unused in attached programs.

const struct ppm_event_entry *filler_info;
struct scap_bpf_per_cpu_state *state;
unsigned long long pid;
Expand All @@ -543,6 +543,10 @@ static __always_inline void call_filler(void *ctx,
if (!state)
return;

settings = get_bpf_settings();
if (!settings)
return;

if (!acquire_local_state(state))
return;

Expand Down
100 changes: 21 additions & 79 deletions driver/bpf/probe.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,6 @@ int bpf_##event(struct type *ctx)
BPF_PROBE("raw_syscalls/", sys_enter, sys_enter_args)
{
const struct syscall_evt_pair *sc_evt;
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;
int drop_flags;
long id;
Expand All @@ -50,18 +49,11 @@ BPF_PROBE("raw_syscalls/", sys_enter, sys_enter_args)
return 0;

enabled = is_syscall_interesting(id);
if (enabled == false)
if (!enabled)
{
return 0;
}

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

sc_evt = get_syscall_info(id);
if (!sc_evt)
return 0;
Expand All @@ -75,7 +67,7 @@ BPF_PROBE("raw_syscalls/", sys_enter, sys_enter_args)
}

#ifdef BPF_SUPPORTS_RAW_TRACEPOINTS
call_filler(ctx, ctx, evt_type, settings, drop_flags);
call_filler(ctx, ctx, evt_type, drop_flags);
#else
/* Duplicated here to avoid verifier madness */
struct sys_enter_args stack_ctx;
Expand All @@ -84,15 +76,14 @@ BPF_PROBE("raw_syscalls/", sys_enter, sys_enter_args)
if (stash_args(stack_ctx.args))
return 0;

call_filler(ctx, &stack_ctx, evt_type, settings, drop_flags);
call_filler(ctx, &stack_ctx, evt_type, drop_flags);
#endif
return 0;
}

BPF_PROBE("raw_syscalls/", sys_exit, sys_exit_args)
{
const struct syscall_evt_pair *sc_evt;
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;
int drop_flags;
long id;
Expand All @@ -106,18 +97,11 @@ BPF_PROBE("raw_syscalls/", sys_exit, sys_exit_args)
return 0;

enabled = is_syscall_interesting(id);
if (enabled == false)
if (!enabled)
{
return 0;
}

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

sc_evt = get_syscall_info(id);
if (!sc_evt)
return 0;
Expand All @@ -130,13 +114,12 @@ BPF_PROBE("raw_syscalls/", sys_exit, sys_exit_args)
drop_flags = UF_ALWAYS_DROP;
}

call_filler(ctx, ctx, evt_type, settings, drop_flags);
call_filler(ctx, ctx, evt_type, drop_flags);
return 0;
}

BPF_PROBE("sched/", sched_process_exit, sched_process_exit_args)
{
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;
struct task_struct *task;
unsigned int flags;
Expand All @@ -147,53 +130,30 @@ BPF_PROBE("sched/", sched_process_exit, sched_process_exit_args)
if (flags & PF_KTHREAD)
return 0;

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

evt_type = PPME_PROCEXIT_1_E;

call_filler(ctx, ctx, evt_type, settings, UF_NEVER_DROP);
call_filler(ctx, ctx, evt_type, UF_NEVER_DROP);
return 0;
}

BPF_PROBE("sched/", sched_switch, sched_switch_args)
{
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

evt_type = PPME_SCHEDSWITCH_6_E;

call_filler(ctx, ctx, evt_type, settings, 0);
call_filler(ctx, ctx, evt_type, 0);
return 0;
}

#ifdef CAPTURE_PAGE_FAULTS
static __always_inline int bpf_page_fault(struct page_fault_args *ctx)
{
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

evt_type = PPME_PAGE_FAULT_E;

call_filler(ctx, ctx, evt_type, settings, UF_ALWAYS_DROP);
call_filler(ctx, ctx, evt_type, UF_ALWAYS_DROP);
return 0;
}

Expand All @@ -210,38 +170,22 @@ BPF_PROBE("exceptions/", page_fault_kernel, page_fault_args)

BPF_PROBE("signal/", signal_deliver, signal_deliver_args)
{
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

evt_type = PPME_SIGNALDELIVER_E;

call_filler(ctx, ctx, evt_type, settings, UF_ALWAYS_DROP);
call_filler(ctx, ctx, evt_type, UF_ALWAYS_DROP);
return 0;
}

#ifndef BPF_SUPPORTS_RAW_TRACEPOINTS
__bpf_section(TP_NAME "sched/sched_process_fork")
int bpf_sched_process_fork(struct sched_process_fork_args *ctx)
{
struct scap_bpf_settings *settings;
enum ppm_event_type evt_type;
struct sys_stash_args args;
unsigned long *argsp;

settings = get_bpf_settings();
if (!settings)
return 0;

if (!settings->capture_enabled)
return 0;

argsp = __unstash_args(ctx->parent_pid);
if (!argsp)
return 0;
Expand Down Expand Up @@ -269,20 +213,19 @@ BPF_PROBE("sched/", sched_process_exec, sched_process_exec_args)
return 0;
}

/* Check if the capture is enabled. */
settings = get_bpf_settings();
if(!(settings && settings->capture_enabled))
{
return 0;
}

/* Reset the tail context in the CPU state map. */
uint32_t cpu = bpf_get_smp_processor_id();
struct scap_bpf_per_cpu_state * state = get_local_state(cpu);
if(!state)
{
return 0;
}

settings = get_bpf_settings();
if(!settings)
{
return 0;
}
uint64_t ts = settings->boot_time + bpf_ktime_get_boot_ns();
reset_tail_ctx(state, event_type, ts);
++state->n_evts;
Expand Down Expand Up @@ -313,20 +256,19 @@ int bpf_sched_process_fork(struct sched_process_fork_raw_args *ctx)
return 0;
}

/* Check if the capture is enabled. */
settings = get_bpf_settings();
if(!(settings && settings->capture_enabled))
{
return 0;
}

/* Reset the tail context in the CPU state map. */
uint32_t cpu = bpf_get_smp_processor_id();
struct scap_bpf_per_cpu_state * state = get_local_state(cpu);
if(!state)
{
return 0;
}

settings = get_bpf_settings();
if(!settings)
{
return 0;
}
uint64_t ts = settings->boot_time + bpf_ktime_get_boot_ns();
reset_tail_ctx(state, event_type, ts);
++state->n_evts;
Expand Down
1 change: 0 additions & 1 deletion driver/bpf/types.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,6 @@ struct scap_bpf_settings {
void *socket_file_ops;
uint32_t snaplen;
uint32_t sampling_ratio;
bool capture_enabled;
bool do_dynamic_snaplen;
bool dropping_mode;
bool is_dropping;
Expand Down
Loading