Message ID | 088f1485865016d639cadc891957918060261405.1576381512.git.ethercflow@gmail.com |
---|---|
State | Changes Requested |
Delegated to: | BPF Maintainers |
Headers | show |
Series | bpf: adding get_file_path helper | expand |
On 12/14/19 8:01 PM, Wenbo Zhang wrote: > trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle > events only produced by test_file_get_path, which call fstat on several > different types of files to test bpf_get_file_path's feature. > > v4->v5: addressed Andrii's feedback > - pass NULL for opts as bpf_object__open_file's PARAM2, as not really > using any > - modify patch subject to keep up with test code > - as this test is single-threaded, so use getpid instead of SYS_gettid > - remove unnecessary parens around check which after if (i < 3) > - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in > userspace part > - with the patch adding helper as one patch series > > v3->v4: addressed Andrii's feedback > - use a set of fd instead of fds array > - use global variables instead of maps (in v3, I mistakenly thought that > the bpf maps are global variables.) > - remove uncessary global variable path_info_index > - remove fd compare as the fstat's order is fixed > > v2->v3: addressed Andrii's feedback > - use global data instead of perf_buffer to simplified code > > v1->v2: addressed Daniel's feedback > - rename bpf_fd2path to bpf_get_file_path to be consistent with other > helper's names > > Signed-off-by: Wenbo Zhang <ethercflow@gmail.com> > --- > .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++ > .../selftests/bpf/progs/test_get_file_path.c | 43 +++++ > 2 files changed, 214 insertions(+) > create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c > create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c > > diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > new file mode 100644 > index 000000000000..7ec11e43e0fc > --- /dev/null > +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > @@ -0,0 +1,171 @@ > +// SPDX-License-Identifier: GPL-2.0 > +#define _GNU_SOURCE > +#include <test_progs.h> > +#include <sys/stat.h> > +#include <linux/sched.h> > +#include <sys/syscall.h> > + > +#define MAX_PATH_LEN 128 > +#define MAX_FDS 7 > +#define MAX_EVENT_NUM 16 > + > +static struct file_path_test_data { > + pid_t pid; > + __u32 cnt; > + __u32 fds[MAX_EVENT_NUM]; > + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > +} src, dst; > + > +static inline int set_pathname(int fd) In non-bpf .c file, typically we do not add 'inline' attribute. It is up to compiler to decide whether it should be inlined. > +{ > + char buf[MAX_PATH_LEN]; > + > + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd); > + src.fds[src.cnt] = fd; > + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN); > +} > + [...] > diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c > new file mode 100644 > index 000000000000..eae663c1262a > --- /dev/null > +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c > @@ -0,0 +1,43 @@ > +// SPDX-License-Identifier: GPL-2.0 > + > +#include <linux/bpf.h> > +#include <linux/ptrace.h> > +#include <string.h> > +#include <unistd.h> > +#include "bpf_helpers.h" > +#include "bpf_tracing.h" > + > +#define MAX_PATH_LEN 128 > +#define MAX_EVENT_NUM 16 > + > +static struct file_path_test_data { > + pid_t pid; > + __u32 cnt; > + __u32 fds[MAX_EVENT_NUM]; > + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > +} data; > + > +struct sys_enter_newfstat_args { > + unsigned long long pad1; > + unsigned long long pad2; > + unsigned int fd; > +}; The BTF generated vmlinux.h has the following structure, struct trace_entry { short unsigned int type; unsigned char flags; unsigned char preempt_count; int pid; }; struct trace_event_raw_sys_enter { struct trace_entry ent; long int id; long unsigned int args[6]; char __data[0]; }; The third parameter type should be long, otherwise, it may have issue on big endian machines?
> In non-bpf .c file, typically we do not add 'inline' attribute. > It is up to compiler to decide whether it should be inlined. Thank you, I'll fix this. > > +struct sys_enter_newfstat_args { > > + unsigned long long pad1; > > + unsigned long long pad2; > > + unsigned int fd; > > +}; > The BTF generated vmlinux.h has the following structure, > struct trace_entry { > short unsigned int type; > unsigned char flags; > unsigned char preempt_count; > int pid; > }; > struct trace_event_raw_sys_enter { > struct trace_entry ent; > long int id; > long unsigned int args[6]; > char __data[0]; > }; > The third parameter type should be long, otherwise, > it may have issue on big endian machines? Sorry, I don't understand why there is a problem on big-endian machines. Would you please explain that in more detail? Thank you. Yonghong Song <yhs@fb.com> 于2019年12月16日周一 上午12:25写道: > > > > On 12/14/19 8:01 PM, Wenbo Zhang wrote: > > trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle > > events only produced by test_file_get_path, which call fstat on several > > different types of files to test bpf_get_file_path's feature. > > > > v4->v5: addressed Andrii's feedback > > - pass NULL for opts as bpf_object__open_file's PARAM2, as not really > > using any > > - modify patch subject to keep up with test code > > - as this test is single-threaded, so use getpid instead of SYS_gettid > > - remove unnecessary parens around check which after if (i < 3) > > - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in > > userspace part > > - with the patch adding helper as one patch series > > > > v3->v4: addressed Andrii's feedback > > - use a set of fd instead of fds array > > - use global variables instead of maps (in v3, I mistakenly thought that > > the bpf maps are global variables.) > > - remove uncessary global variable path_info_index > > - remove fd compare as the fstat's order is fixed > > > > v2->v3: addressed Andrii's feedback > > - use global data instead of perf_buffer to simplified code > > > > v1->v2: addressed Daniel's feedback > > - rename bpf_fd2path to bpf_get_file_path to be consistent with other > > helper's names > > > > Signed-off-by: Wenbo Zhang <ethercflow@gmail.com> > > --- > > .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++ > > .../selftests/bpf/progs/test_get_file_path.c | 43 +++++ > > 2 files changed, 214 insertions(+) > > create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c > > create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c > > > > diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > > new file mode 100644 > > index 000000000000..7ec11e43e0fc > > --- /dev/null > > +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > > @@ -0,0 +1,171 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > +#define _GNU_SOURCE > > +#include <test_progs.h> > > +#include <sys/stat.h> > > +#include <linux/sched.h> > > +#include <sys/syscall.h> > > + > > +#define MAX_PATH_LEN 128 > > +#define MAX_FDS 7 > > +#define MAX_EVENT_NUM 16 > > + > > +static struct file_path_test_data { > > + pid_t pid; > > + __u32 cnt; > > + __u32 fds[MAX_EVENT_NUM]; > > + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > > +} src, dst; > > + > > +static inline int set_pathname(int fd) > > In non-bpf .c file, typically we do not add 'inline' attribute. > It is up to compiler to decide whether it should be inlined. > > > +{ > > + char buf[MAX_PATH_LEN]; > > + > > + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd); > > + src.fds[src.cnt] = fd; > > + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN); > > +} > > + > [...] > > diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c > > new file mode 100644 > > index 000000000000..eae663c1262a > > --- /dev/null > > +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c > > @@ -0,0 +1,43 @@ > > +// SPDX-License-Identifier: GPL-2.0 > > + > > +#include <linux/bpf.h> > > +#include <linux/ptrace.h> > > +#include <string.h> > > +#include <unistd.h> > > +#include "bpf_helpers.h" > > +#include "bpf_tracing.h" > > + > > +#define MAX_PATH_LEN 128 > > +#define MAX_EVENT_NUM 16 > > + > > +static struct file_path_test_data { > > + pid_t pid; > > + __u32 cnt; > > + __u32 fds[MAX_EVENT_NUM]; > > + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > > +} data; > > + > > +struct sys_enter_newfstat_args { > > + unsigned long long pad1; > > + unsigned long long pad2; > > + unsigned int fd; > > +}; > > The BTF generated vmlinux.h has the following structure, > struct trace_entry { > short unsigned int type; > unsigned char flags; > unsigned char preempt_count; > int pid; > }; > struct trace_event_raw_sys_enter { > struct trace_entry ent; > long int id; > long unsigned int args[6]; > char __data[0]; > }; > > The third parameter type should be long, otherwise, > it may have issue on big endian machines?
On 12/16/19 8:01 PM, Wenbo Zhang wrote: >> In non-bpf .c file, typically we do not add 'inline' attribute. >> It is up to compiler to decide whether it should be inlined. > > Thank you, I'll fix this. > >>> +struct sys_enter_newfstat_args { >>> + unsigned long long pad1; >>> + unsigned long long pad2; >>> + unsigned int fd; >>> +}; > >> The BTF generated vmlinux.h has the following structure, >> struct trace_entry { >> short unsigned int type; >> unsigned char flags; >> unsigned char preempt_count; >> int pid; >> }; >> struct trace_event_raw_sys_enter { >> struct trace_entry ent; >> long int id; >> long unsigned int args[6]; >> char __data[0]; >> }; > >> The third parameter type should be long, otherwise, >> it may have issue on big endian machines? > > Sorry, I don't understand why there is a problem on big-endian machines. > Would you please explain that in more detail? Thank you. The kernel will actually have 8 bytes of memory to store fd based on trace_event_raw_sys_enter. For little endian machine, the lower 4 bytes are read based on your sys_enter_newfstat_args, which is "accidentally" the lower 4 bytes in u64, so you get the correct answer. For big endian machine, the lower 4 bytes read based on your sys_enter_newfstat_args will be high 4 bytes in u64, which is incorrect. > > Yonghong Song <yhs@fb.com> 于2019年12月16日周一 上午12:25写道: >> >> >> >> On 12/14/19 8:01 PM, Wenbo Zhang wrote: >>> trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle >>> events only produced by test_file_get_path, which call fstat on several >>> different types of files to test bpf_get_file_path's feature. >>> >>> v4->v5: addressed Andrii's feedback >>> - pass NULL for opts as bpf_object__open_file's PARAM2, as not really >>> using any >>> - modify patch subject to keep up with test code >>> - as this test is single-threaded, so use getpid instead of SYS_gettid >>> - remove unnecessary parens around check which after if (i < 3) >>> - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in >>> userspace part >>> - with the patch adding helper as one patch series >>> >>> v3->v4: addressed Andrii's feedback >>> - use a set of fd instead of fds array >>> - use global variables instead of maps (in v3, I mistakenly thought that >>> the bpf maps are global variables.) >>> - remove uncessary global variable path_info_index >>> - remove fd compare as the fstat's order is fixed >>> >>> v2->v3: addressed Andrii's feedback >>> - use global data instead of perf_buffer to simplified code >>> >>> v1->v2: addressed Daniel's feedback >>> - rename bpf_fd2path to bpf_get_file_path to be consistent with other >>> helper's names >>> >>> Signed-off-by: Wenbo Zhang <ethercflow@gmail.com> >>> --- >>> .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++ >>> .../selftests/bpf/progs/test_get_file_path.c | 43 +++++ >>> 2 files changed, 214 insertions(+) >>> create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c >>> create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c >>> >>> diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c >>> new file mode 100644 >>> index 000000000000..7ec11e43e0fc >>> --- /dev/null >>> +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c >>> @@ -0,0 +1,171 @@ >>> +// SPDX-License-Identifier: GPL-2.0 >>> +#define _GNU_SOURCE >>> +#include <test_progs.h> >>> +#include <sys/stat.h> >>> +#include <linux/sched.h> >>> +#include <sys/syscall.h> >>> + >>> +#define MAX_PATH_LEN 128 >>> +#define MAX_FDS 7 >>> +#define MAX_EVENT_NUM 16 >>> + >>> +static struct file_path_test_data { >>> + pid_t pid; >>> + __u32 cnt; >>> + __u32 fds[MAX_EVENT_NUM]; >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; >>> +} src, dst; >>> + >>> +static inline int set_pathname(int fd) >> >> In non-bpf .c file, typically we do not add 'inline' attribute. >> It is up to compiler to decide whether it should be inlined. >> >>> +{ >>> + char buf[MAX_PATH_LEN]; >>> + >>> + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd); >>> + src.fds[src.cnt] = fd; >>> + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN); >>> +} >>> + >> [...] >>> diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c >>> new file mode 100644 >>> index 000000000000..eae663c1262a >>> --- /dev/null >>> +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c >>> @@ -0,0 +1,43 @@ >>> +// SPDX-License-Identifier: GPL-2.0 >>> + >>> +#include <linux/bpf.h> >>> +#include <linux/ptrace.h> >>> +#include <string.h> >>> +#include <unistd.h> >>> +#include "bpf_helpers.h" >>> +#include "bpf_tracing.h" >>> + >>> +#define MAX_PATH_LEN 128 >>> +#define MAX_EVENT_NUM 16 >>> + >>> +static struct file_path_test_data { >>> + pid_t pid; >>> + __u32 cnt; >>> + __u32 fds[MAX_EVENT_NUM]; >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; >>> +} data; >>> + >>> +struct sys_enter_newfstat_args { >>> + unsigned long long pad1; >>> + unsigned long long pad2; >>> + unsigned int fd; >>> +}; >> >> The BTF generated vmlinux.h has the following structure, >> struct trace_entry { >> short unsigned int type; >> unsigned char flags; >> unsigned char preempt_count; >> int pid; >> }; >> struct trace_event_raw_sys_enter { >> struct trace_entry ent; >> long int id; >> long unsigned int args[6]; >> char __data[0]; >> }; >> >> The third parameter type should be long, otherwise, >> it may have issue on big endian machines?
> The kernel will actually have 8 bytes of memory to store fd > based on trace_event_raw_sys_enter. > For little endian machine, the lower 4 bytes are read based on > your sys_enter_newfstat_args, which is "accidentally" the lower > 4 bytes in u64, so you get the correct answer. > For big endian machine, the lower 4 bytes read based on > your sys_enter_newfstat_args will be high 4 bytes in u64, which > is incorrect. Oh, get it. Thank you, I'll fix this in the next version. Yonghong Song <yhs@fb.com> 于2019年12月17日周二 下午12:14写道: > > > > On 12/16/19 8:01 PM, Wenbo Zhang wrote: > >> In non-bpf .c file, typically we do not add 'inline' attribute. > >> It is up to compiler to decide whether it should be inlined. > > > > Thank you, I'll fix this. > > > >>> +struct sys_enter_newfstat_args { > >>> + unsigned long long pad1; > >>> + unsigned long long pad2; > >>> + unsigned int fd; > >>> +}; > > > >> The BTF generated vmlinux.h has the following structure, > >> struct trace_entry { > >> short unsigned int type; > >> unsigned char flags; > >> unsigned char preempt_count; > >> int pid; > >> }; > >> struct trace_event_raw_sys_enter { > >> struct trace_entry ent; > >> long int id; > >> long unsigned int args[6]; > >> char __data[0]; > >> }; > > > >> The third parameter type should be long, otherwise, > >> it may have issue on big endian machines? > > > > Sorry, I don't understand why there is a problem on big-endian machines. > > Would you please explain that in more detail? Thank you. > > The kernel will actually have 8 bytes of memory to store fd > based on trace_event_raw_sys_enter. > > For little endian machine, the lower 4 bytes are read based on > your sys_enter_newfstat_args, which is "accidentally" the lower > 4 bytes in u64, so you get the correct answer. > > For big endian machine, the lower 4 bytes read based on > your sys_enter_newfstat_args will be high 4 bytes in u64, which > is incorrect. > > > > > Yonghong Song <yhs@fb.com> 于2019年12月16日周一 上午12:25写道: > >> > >> > >> > >> On 12/14/19 8:01 PM, Wenbo Zhang wrote: > >>> trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle > >>> events only produced by test_file_get_path, which call fstat on several > >>> different types of files to test bpf_get_file_path's feature. > >>> > >>> v4->v5: addressed Andrii's feedback > >>> - pass NULL for opts as bpf_object__open_file's PARAM2, as not really > >>> using any > >>> - modify patch subject to keep up with test code > >>> - as this test is single-threaded, so use getpid instead of SYS_gettid > >>> - remove unnecessary parens around check which after if (i < 3) > >>> - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in > >>> userspace part > >>> - with the patch adding helper as one patch series > >>> > >>> v3->v4: addressed Andrii's feedback > >>> - use a set of fd instead of fds array > >>> - use global variables instead of maps (in v3, I mistakenly thought that > >>> the bpf maps are global variables.) > >>> - remove uncessary global variable path_info_index > >>> - remove fd compare as the fstat's order is fixed > >>> > >>> v2->v3: addressed Andrii's feedback > >>> - use global data instead of perf_buffer to simplified code > >>> > >>> v1->v2: addressed Daniel's feedback > >>> - rename bpf_fd2path to bpf_get_file_path to be consistent with other > >>> helper's names > >>> > >>> Signed-off-by: Wenbo Zhang <ethercflow@gmail.com> > >>> --- > >>> .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++ > >>> .../selftests/bpf/progs/test_get_file_path.c | 43 +++++ > >>> 2 files changed, 214 insertions(+) > >>> create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c > >>> create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c > >>> > >>> diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > >>> new file mode 100644 > >>> index 000000000000..7ec11e43e0fc > >>> --- /dev/null > >>> +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c > >>> @@ -0,0 +1,171 @@ > >>> +// SPDX-License-Identifier: GPL-2.0 > >>> +#define _GNU_SOURCE > >>> +#include <test_progs.h> > >>> +#include <sys/stat.h> > >>> +#include <linux/sched.h> > >>> +#include <sys/syscall.h> > >>> + > >>> +#define MAX_PATH_LEN 128 > >>> +#define MAX_FDS 7 > >>> +#define MAX_EVENT_NUM 16 > >>> + > >>> +static struct file_path_test_data { > >>> + pid_t pid; > >>> + __u32 cnt; > >>> + __u32 fds[MAX_EVENT_NUM]; > >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > >>> +} src, dst; > >>> + > >>> +static inline int set_pathname(int fd) > >> > >> In non-bpf .c file, typically we do not add 'inline' attribute. > >> It is up to compiler to decide whether it should be inlined. > >> > >>> +{ > >>> + char buf[MAX_PATH_LEN]; > >>> + > >>> + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd); > >>> + src.fds[src.cnt] = fd; > >>> + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN); > >>> +} > >>> + > >> [...] > >>> diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c > >>> new file mode 100644 > >>> index 000000000000..eae663c1262a > >>> --- /dev/null > >>> +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c > >>> @@ -0,0 +1,43 @@ > >>> +// SPDX-License-Identifier: GPL-2.0 > >>> + > >>> +#include <linux/bpf.h> > >>> +#include <linux/ptrace.h> > >>> +#include <string.h> > >>> +#include <unistd.h> > >>> +#include "bpf_helpers.h" > >>> +#include "bpf_tracing.h" > >>> + > >>> +#define MAX_PATH_LEN 128 > >>> +#define MAX_EVENT_NUM 16 > >>> + > >>> +static struct file_path_test_data { > >>> + pid_t pid; > >>> + __u32 cnt; > >>> + __u32 fds[MAX_EVENT_NUM]; > >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; > >>> +} data; > >>> + > >>> +struct sys_enter_newfstat_args { > >>> + unsigned long long pad1; > >>> + unsigned long long pad2; > >>> + unsigned int fd; > >>> +}; > >> > >> The BTF generated vmlinux.h has the following structure, > >> struct trace_entry { > >> short unsigned int type; > >> unsigned char flags; > >> unsigned char preempt_count; > >> int pid; > >> }; > >> struct trace_event_raw_sys_enter { > >> struct trace_entry ent; > >> long int id; > >> long unsigned int args[6]; > >> char __data[0]; > >> }; > >> > >> The third parameter type should be long, otherwise, > >> it may have issue on big endian machines?
diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c new file mode 100644 index 000000000000..7ec11e43e0fc --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c @@ -0,0 +1,171 @@ +// SPDX-License-Identifier: GPL-2.0 +#define _GNU_SOURCE +#include <test_progs.h> +#include <sys/stat.h> +#include <linux/sched.h> +#include <sys/syscall.h> + +#define MAX_PATH_LEN 128 +#define MAX_FDS 7 +#define MAX_EVENT_NUM 16 + +static struct file_path_test_data { + pid_t pid; + __u32 cnt; + __u32 fds[MAX_EVENT_NUM]; + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; +} src, dst; + +static inline int set_pathname(int fd) +{ + char buf[MAX_PATH_LEN]; + + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd); + src.fds[src.cnt] = fd; + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN); +} + +static int trigger_fstat_events(pid_t pid) +{ + int pipefd[2] = { -1, -1 }; + int sockfd = -1, procfd = -1, devfd = -1; + int localfd = -1, indicatorfd = -1; + struct stat fileStat; + int ret = -1; + + /* unmountable pseudo-filesystems */ + if (CHECK_FAIL(pipe(pipefd) < 0)) + return ret; + /* unmountable pseudo-filesystems */ + sockfd = socket(AF_INET, SOCK_STREAM, 0); + if (CHECK_FAIL(sockfd < 0)) + goto out_close; + /* mountable pseudo-filesystems */ + procfd = open("/proc/self/comm", O_RDONLY); + if (CHECK_FAIL(procfd < 0)) + goto out_close; + devfd = open("/dev/urandom", O_RDONLY); + if (CHECK_FAIL(devfd < 0)) + goto out_close; + localfd = open("/tmp/fd2path_loadgen.txt", O_CREAT | O_RDONLY); + if (CHECK_FAIL(localfd < 0)) + goto out_close; + /* bpf_get_file_path will return path with (deleted) */ + remove("/tmp/fd2path_loadgen.txt"); + indicatorfd = open("/tmp/", O_PATH); + if (CHECK_FAIL(indicatorfd < 0)) + goto out_close; + + src.pid = pid; + + ret = set_pathname(pipefd[0]); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(pipefd[1]); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(sockfd); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(procfd); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(devfd); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(localfd); + if (CHECK_FAIL(ret < 0)) + goto out_close; + ret = set_pathname(indicatorfd); + if (CHECK_FAIL(ret < 0)) + goto out_close; + + fstat(pipefd[0], &fileStat); + fstat(pipefd[1], &fileStat); + fstat(sockfd, &fileStat); + fstat(procfd, &fileStat); + fstat(devfd, &fileStat); + fstat(localfd, &fileStat); + fstat(indicatorfd, &fileStat); + +out_close: + close(indicatorfd); + close(localfd); + close(devfd); + close(procfd); + close(sockfd); + close(pipefd[1]); + close(pipefd[0]); + + return ret; +} + +void test_get_file_path(void) +{ + const char *prog_name = "tracepoint/syscalls/sys_enter_newfstat"; + const char *obj_file = "test_get_file_path.o"; + int err, results_map_fd, duration = 0; + struct bpf_program *tp_prog = NULL; + struct bpf_link *tp_link = NULL; + struct bpf_object *obj = NULL; + const int zero = 0; + + obj = bpf_object__open_file(obj_file, NULL); + if (CHECK(IS_ERR(obj), "obj_open_file", "err %ld\n", PTR_ERR(obj))) + return; + + tp_prog = bpf_object__find_program_by_title(obj, prog_name); + if (CHECK(!tp_prog, "find_tp", + "prog '%s' not found\n", prog_name)) + goto cleanup; + + err = bpf_object__load(obj); + if (CHECK(err, "obj_load", "err %d\n", err)) + goto cleanup; + + results_map_fd = bpf_find_map(__func__, obj, "test_get.bss"); + if (CHECK(results_map_fd < 0, "find_bss_map", + "err %d\n", results_map_fd)) + goto cleanup; + + tp_link = bpf_program__attach_tracepoint(tp_prog, "syscalls", + "sys_enter_newfstat"); + if (CHECK(IS_ERR(tp_link), "attach_tp", + "err %ld\n", PTR_ERR(tp_link))) { + tp_link = NULL; + goto cleanup; + } + + dst.pid = getpid(); + err = bpf_map_update_elem(results_map_fd, &zero, &dst, 0); + if (CHECK(err, "update_elem", + "failed to set pid filter: %d\n", err)) + goto cleanup; + + err = trigger_fstat_events(dst.pid); + if (CHECK_FAIL(err < 0)) + goto cleanup; + + err = bpf_map_lookup_elem(results_map_fd, &zero, &dst); + if (CHECK(err, "get_results", + "failed to get results: %d\n", err)) + goto cleanup; + + for (int i = 0; i < MAX_FDS; i++) { + if (i < 3) + CHECK((dst.paths[i][0] != '0'), "get_file_path", + "failed to filter fs [%d]: %u(%s) vs %u(%s)\n", + i, src.fds[i], src.paths[i], dst.fds[i], + dst.paths[i]); + else + CHECK(strncmp(src.paths[i], dst.paths[i], MAX_PATH_LEN), + "get_file_path", + "failed to get path[%d]: %u(%s) vs %u(%s)\n", + i, src.fds[i], src.paths[i], dst.fds[i], + dst.paths[i]); + } + +cleanup: + bpf_link__destroy(tp_link); + bpf_object__close(obj); +} diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c new file mode 100644 index 000000000000..eae663c1262a --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c @@ -0,0 +1,43 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include <linux/bpf.h> +#include <linux/ptrace.h> +#include <string.h> +#include <unistd.h> +#include "bpf_helpers.h" +#include "bpf_tracing.h" + +#define MAX_PATH_LEN 128 +#define MAX_EVENT_NUM 16 + +static struct file_path_test_data { + pid_t pid; + __u32 cnt; + __u32 fds[MAX_EVENT_NUM]; + char paths[MAX_EVENT_NUM][MAX_PATH_LEN]; +} data; + +struct sys_enter_newfstat_args { + unsigned long long pad1; + unsigned long long pad2; + unsigned int fd; +}; + +SEC("tracepoint/syscalls/sys_enter_newfstat") +int bpf_prog(struct sys_enter_newfstat_args *args) +{ + pid_t pid = bpf_get_current_pid_tgid() >> 32; + + if (pid != data.pid) + return 0; + if (data.cnt >= MAX_EVENT_NUM) + return 0; + + data.fds[data.cnt] = args->fd; + bpf_get_file_path(data.paths[data.cnt], MAX_PATH_LEN, args->fd); + data.cnt++; + + return 0; +} + +char _license[] SEC("license") = "GPL";
trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle events only produced by test_file_get_path, which call fstat on several different types of files to test bpf_get_file_path's feature. v4->v5: addressed Andrii's feedback - pass NULL for opts as bpf_object__open_file's PARAM2, as not really using any - modify patch subject to keep up with test code - as this test is single-threaded, so use getpid instead of SYS_gettid - remove unnecessary parens around check which after if (i < 3) - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in userspace part - with the patch adding helper as one patch series v3->v4: addressed Andrii's feedback - use a set of fd instead of fds array - use global variables instead of maps (in v3, I mistakenly thought that the bpf maps are global variables.) - remove uncessary global variable path_info_index - remove fd compare as the fstat's order is fixed v2->v3: addressed Andrii's feedback - use global data instead of perf_buffer to simplified code v1->v2: addressed Daniel's feedback - rename bpf_fd2path to bpf_get_file_path to be consistent with other helper's names Signed-off-by: Wenbo Zhang <ethercflow@gmail.com> --- .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++ .../selftests/bpf/progs/test_get_file_path.c | 43 +++++ 2 files changed, 214 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c