test_get_stack_rawtp.c source code [linux/tools/testing/selftests/bpf/progs/test_get_stack_rawtp.c]

1	// SPDX-License-Identifier: GPL-2.0
2
3	#include <linux/bpf.h>
4	#include <bpf/bpf_helpers.h>
5
6	/ Permit pretty deep stack traces /
7	#define MAX_STACK_RAWTP 100
8	struct stack_trace_t {
9	int pid;
10	int kern_stack_size;
11	int user_stack_size;
12	int user_stack_buildid_size;
13	__u64 kern_stack[MAX_STACK_RAWTP];
14	__u64 user_stack[MAX_STACK_RAWTP];
15	struct bpf_stack_build_id user_stack_buildid[MAX_STACK_RAWTP];
16	};
17
18	struct {
19	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
20	__uint(max_entries, `2`);
21	__uint(key_size, sizeof(int));
22	__uint(value_size, sizeof(__u32));
23	} perfmap SEC(".maps");
24
25	struct {
26	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
27	__uint(max_entries, `1`);
28	__type(key, __u32);
29	__type(value, struct stack_trace_t);
30	} stackdata_map SEC(".maps");
31
32	/ Allocate per-cpu space twice the needed. For the code below*
33	* usize = bpf_get_stack(ctx, raw_data, max_len, BPF_F_USER_STACK);
34	* if (usize < 0)
35	* return 0;
36	* ksize = bpf_get_stack(ctx, raw_data + usize, max_len - usize, 0);
37	*
38	* If we have value_size = MAX_STACK_RAWTP * sizeof(__u64),
39	* verifier will complain that access "raw_data + usize"
40	* with size "max_len - usize" may be out of bound.
41	* The maximum "raw_data + usize" is "raw_data + max_len"
42	* and the maximum "max_len - usize" is "max_len", verifier
43	* concludes that the maximum buffer access range is
44	* "raw_data[0...max_len * 2 - 1]" and hence reject the program.
45	*
46	* Doubling the to-be-used max buffer size can fix this verifier
47	* issue and avoid complicated C programming massaging.
48	* This is an acceptable workaround since there is one entry here.
49	*/
50	struct {
51	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
52	__uint(max_entries, `1`);
53	__type(key, __u32);
54	__type(value, __u64[`2` * MAX_STACK_RAWTP]);
55	} rawdata_map SEC(".maps");
56
57	SEC("raw_tracepoint/sys_enter")
58	int bpf_prog1(void *ctx)
59	{
60	int max_len, max_buildid_len, total_size;
61	struct stack_trace_t *data;
62	long usize, ksize;
63	void *raw_data;
64	__u32 key = `0`;
65
66	data = bpf_map_lookup_elem(&stackdata_map, &key);
67	if (!data)
68	return `0`;
69
70	max_len = MAX_STACK_RAWTP * sizeof(__u64);
71	max_buildid_len = MAX_STACK_RAWTP * sizeof(struct bpf_stack_build_id);
72	data->pid = bpf_get_current_pid_tgid();
73	data->kern_stack_size = bpf_get_stack(ctx, data->kern_stack,
74	max_len, `0`);
75	data->user_stack_size = bpf_get_stack(ctx, data->user_stack, max_len,
76	BPF_F_USER_STACK);
77	data->user_stack_buildid_size = bpf_get_stack(
78	ctx, data->user_stack_buildid, max_buildid_len,
79	BPF_F_USER_STACK \| BPF_F_USER_BUILD_ID);
80	bpf_perf_event_output(ctx, &perfmap, `0`, data, sizeof(*data));
81
82	/ write both kernel and user stacks to the same buffer /
83	raw_data = bpf_map_lookup_elem(&rawdata_map, &key);
84	if (!raw_data)
85	return `0`;
86
87	usize = bpf_get_stack(ctx, raw_data, max_len, BPF_F_USER_STACK);
88	if (usize < `0`)
89	return `0`;
90
91	ksize = bpf_get_stack(ctx, raw_data + usize, max_len - usize, `0`);
92	if (ksize < `0`)
93	return `0`;
94
95	total_size = usize + ksize;
96	if (total_size > `0` && total_size <= max_len)
97	bpf_perf_event_output(ctx, &perfmap, `0`, raw_data, total_size);
98
99	return `0`;
100	}
101
102	char _license[] SEC("license") = "GPL";
103

source code of linux/tools/testing/selftests/bpf/progs/test_get_stack_rawtp.c