524 lines
14 KiB
Go
524 lines
14 KiB
Go
package ebpf
|
|
|
|
import (
|
|
"bytes"
|
|
"debug/elf"
|
|
"encoding/binary"
|
|
"io"
|
|
"os"
|
|
"strings"
|
|
|
|
"github.com/cilium/ebpf/asm"
|
|
"github.com/cilium/ebpf/internal"
|
|
"github.com/cilium/ebpf/internal/btf"
|
|
|
|
"github.com/pkg/errors"
|
|
)
|
|
|
|
type elfCode struct {
|
|
*elf.File
|
|
symbols []elf.Symbol
|
|
symbolsPerSection map[elf.SectionIndex]map[uint64]string
|
|
license string
|
|
version uint32
|
|
}
|
|
|
|
// LoadCollectionSpec parses an ELF file into a CollectionSpec.
|
|
func LoadCollectionSpec(file string) (*CollectionSpec, error) {
|
|
f, err := os.Open(file)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer f.Close()
|
|
|
|
spec, err := LoadCollectionSpecFromReader(f)
|
|
return spec, errors.Wrapf(err, "file %s", file)
|
|
}
|
|
|
|
// LoadCollectionSpecFromReader parses an ELF file into a CollectionSpec.
|
|
func LoadCollectionSpecFromReader(rd io.ReaderAt) (*CollectionSpec, error) {
|
|
f, err := elf.NewFile(rd)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer f.Close()
|
|
|
|
symbols, err := f.Symbols()
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "load symbols")
|
|
}
|
|
|
|
ec := &elfCode{f, symbols, symbolsPerSection(symbols), "", 0}
|
|
|
|
var (
|
|
licenseSection *elf.Section
|
|
versionSection *elf.Section
|
|
btfMaps = make(map[elf.SectionIndex]*elf.Section)
|
|
progSections = make(map[elf.SectionIndex]*elf.Section)
|
|
relSections = make(map[elf.SectionIndex]*elf.Section)
|
|
mapSections = make(map[elf.SectionIndex]*elf.Section)
|
|
)
|
|
|
|
for i, sec := range ec.Sections {
|
|
switch {
|
|
case strings.HasPrefix(sec.Name, "license"):
|
|
licenseSection = sec
|
|
case strings.HasPrefix(sec.Name, "version"):
|
|
versionSection = sec
|
|
case strings.HasPrefix(sec.Name, "maps"):
|
|
mapSections[elf.SectionIndex(i)] = sec
|
|
case sec.Name == ".maps":
|
|
btfMaps[elf.SectionIndex(i)] = sec
|
|
case sec.Type == elf.SHT_REL:
|
|
if int(sec.Info) >= len(ec.Sections) {
|
|
return nil, errors.Errorf("found relocation section %v for missing section %v", i, sec.Info)
|
|
}
|
|
|
|
// Store relocations under the section index of the target
|
|
idx := elf.SectionIndex(sec.Info)
|
|
if relSections[idx] != nil {
|
|
return nil, errors.Errorf("section %d has multiple relocation sections", sec.Info)
|
|
}
|
|
relSections[idx] = sec
|
|
case sec.Type == elf.SHT_PROGBITS && (sec.Flags&elf.SHF_EXECINSTR) != 0 && sec.Size > 0:
|
|
progSections[elf.SectionIndex(i)] = sec
|
|
}
|
|
}
|
|
|
|
ec.license, err = loadLicense(licenseSection)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "load license")
|
|
}
|
|
|
|
ec.version, err = loadVersion(versionSection, ec.ByteOrder)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "load version")
|
|
}
|
|
|
|
btf, err := btf.LoadSpecFromReader(rd)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "load BTF")
|
|
}
|
|
|
|
maps := make(map[string]*MapSpec)
|
|
|
|
if err := ec.loadMaps(maps, mapSections); err != nil {
|
|
return nil, errors.Wrap(err, "load maps")
|
|
}
|
|
|
|
if len(btfMaps) > 0 {
|
|
if err := ec.loadBTFMaps(maps, btfMaps, btf); err != nil {
|
|
return nil, errors.Wrap(err, "load BTF maps")
|
|
}
|
|
}
|
|
|
|
progs, err := ec.loadPrograms(progSections, relSections, btf)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "load programs")
|
|
}
|
|
|
|
return &CollectionSpec{maps, progs}, nil
|
|
}
|
|
|
|
func loadLicense(sec *elf.Section) (string, error) {
|
|
if sec == nil {
|
|
return "", errors.Errorf("missing license section")
|
|
}
|
|
data, err := sec.Data()
|
|
if err != nil {
|
|
return "", errors.Wrapf(err, "section %s", sec.Name)
|
|
}
|
|
return string(bytes.TrimRight(data, "\000")), nil
|
|
}
|
|
|
|
func loadVersion(sec *elf.Section, bo binary.ByteOrder) (uint32, error) {
|
|
if sec == nil {
|
|
return 0, nil
|
|
}
|
|
|
|
var version uint32
|
|
err := binary.Read(sec.Open(), bo, &version)
|
|
return version, errors.Wrapf(err, "section %s", sec.Name)
|
|
}
|
|
|
|
func (ec *elfCode) loadPrograms(progSections, relSections map[elf.SectionIndex]*elf.Section, btf *btf.Spec) (map[string]*ProgramSpec, error) {
|
|
var (
|
|
progs []*ProgramSpec
|
|
libs []*ProgramSpec
|
|
)
|
|
|
|
for idx, prog := range progSections {
|
|
syms := ec.symbolsPerSection[idx]
|
|
if len(syms) == 0 {
|
|
return nil, errors.Errorf("section %v: missing symbols", prog.Name)
|
|
}
|
|
|
|
funcSym := syms[0]
|
|
if funcSym == "" {
|
|
return nil, errors.Errorf("section %v: no label at start", prog.Name)
|
|
}
|
|
|
|
rels, err := ec.loadRelocations(relSections[idx])
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "program %s: can't load relocations", funcSym)
|
|
}
|
|
|
|
insns, length, err := ec.loadInstructions(prog, syms, rels)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "program %s: can't unmarshal instructions", funcSym)
|
|
}
|
|
|
|
progType, attachType := getProgType(prog.Name)
|
|
|
|
spec := &ProgramSpec{
|
|
Name: funcSym,
|
|
Type: progType,
|
|
AttachType: attachType,
|
|
License: ec.license,
|
|
KernelVersion: ec.version,
|
|
Instructions: insns,
|
|
}
|
|
|
|
if btf != nil {
|
|
spec.BTF, err = btf.Program(prog.Name, length)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "BTF for section %s (program %s)", prog.Name, funcSym)
|
|
}
|
|
}
|
|
|
|
if spec.Type == UnspecifiedProgram {
|
|
// There is no single name we can use for "library" sections,
|
|
// since they may contain multiple functions. We'll decode the
|
|
// labels they contain later on, and then link sections that way.
|
|
libs = append(libs, spec)
|
|
} else {
|
|
progs = append(progs, spec)
|
|
}
|
|
}
|
|
|
|
res := make(map[string]*ProgramSpec, len(progs))
|
|
for _, prog := range progs {
|
|
err := link(prog, libs)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "program %s", prog.Name)
|
|
}
|
|
res[prog.Name] = prog
|
|
}
|
|
|
|
return res, nil
|
|
}
|
|
|
|
func (ec *elfCode) loadInstructions(section *elf.Section, symbols, relocations map[uint64]string) (asm.Instructions, uint64, error) {
|
|
var (
|
|
r = section.Open()
|
|
insns asm.Instructions
|
|
ins asm.Instruction
|
|
offset uint64
|
|
)
|
|
for {
|
|
n, err := ins.Unmarshal(r, ec.ByteOrder)
|
|
if err == io.EOF {
|
|
return insns, offset, nil
|
|
}
|
|
if err != nil {
|
|
return nil, 0, errors.Wrapf(err, "offset %d", offset)
|
|
}
|
|
|
|
ins.Symbol = symbols[offset]
|
|
ins.Reference = relocations[offset]
|
|
|
|
insns = append(insns, ins)
|
|
offset += n
|
|
}
|
|
}
|
|
|
|
func (ec *elfCode) loadMaps(maps map[string]*MapSpec, mapSections map[elf.SectionIndex]*elf.Section) error {
|
|
for idx, sec := range mapSections {
|
|
syms := ec.symbolsPerSection[idx]
|
|
if len(syms) == 0 {
|
|
return errors.Errorf("section %v: no symbols", sec.Name)
|
|
}
|
|
|
|
if sec.Size%uint64(len(syms)) != 0 {
|
|
return errors.Errorf("section %v: map descriptors are not of equal size", sec.Name)
|
|
}
|
|
|
|
var (
|
|
r = sec.Open()
|
|
size = sec.Size / uint64(len(syms))
|
|
)
|
|
for i, offset := 0, uint64(0); i < len(syms); i, offset = i+1, offset+size {
|
|
mapSym := syms[offset]
|
|
if mapSym == "" {
|
|
return errors.Errorf("section %s: missing symbol for map at offset %d", sec.Name, offset)
|
|
}
|
|
|
|
if maps[mapSym] != nil {
|
|
return errors.Errorf("section %v: map %v already exists", sec.Name, mapSym)
|
|
}
|
|
|
|
lr := io.LimitReader(r, int64(size))
|
|
|
|
var spec MapSpec
|
|
switch {
|
|
case binary.Read(lr, ec.ByteOrder, &spec.Type) != nil:
|
|
return errors.Errorf("map %v: missing type", mapSym)
|
|
case binary.Read(lr, ec.ByteOrder, &spec.KeySize) != nil:
|
|
return errors.Errorf("map %v: missing key size", mapSym)
|
|
case binary.Read(lr, ec.ByteOrder, &spec.ValueSize) != nil:
|
|
return errors.Errorf("map %v: missing value size", mapSym)
|
|
case binary.Read(lr, ec.ByteOrder, &spec.MaxEntries) != nil:
|
|
return errors.Errorf("map %v: missing max entries", mapSym)
|
|
case binary.Read(lr, ec.ByteOrder, &spec.Flags) != nil:
|
|
return errors.Errorf("map %v: missing flags", mapSym)
|
|
}
|
|
|
|
if _, err := io.Copy(internal.DiscardZeroes{}, lr); err != nil {
|
|
return errors.Errorf("map %v: unknown and non-zero fields in definition", mapSym)
|
|
}
|
|
|
|
maps[mapSym] = &spec
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (ec *elfCode) loadBTFMaps(maps map[string]*MapSpec, mapSections map[elf.SectionIndex]*elf.Section, spec *btf.Spec) error {
|
|
|
|
if spec == nil {
|
|
return errors.Errorf("missing BTF")
|
|
}
|
|
|
|
for idx, sec := range mapSections {
|
|
syms := ec.symbolsPerSection[idx]
|
|
if len(syms) == 0 {
|
|
return errors.Errorf("section %v: no symbols", sec.Name)
|
|
}
|
|
|
|
for _, sym := range syms {
|
|
if maps[sym] != nil {
|
|
return errors.Errorf("section %v: map %v already exists", sec.Name, sym)
|
|
}
|
|
|
|
btfMap, err := spec.Map(sym)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "map %v: can't get BTF", sym)
|
|
}
|
|
|
|
spec, err := mapSpecFromBTF(btfMap)
|
|
if err != nil {
|
|
return errors.Wrapf(err, "map %v", sym)
|
|
}
|
|
|
|
maps[sym] = spec
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func mapSpecFromBTF(btfMap *btf.Map) (*MapSpec, error) {
|
|
var (
|
|
mapType, flags, maxEntries uint32
|
|
err error
|
|
)
|
|
for _, member := range btf.MapType(btfMap).Members {
|
|
switch member.Name {
|
|
case "type":
|
|
mapType, err = uintFromBTF(member.Type)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "can't get type")
|
|
}
|
|
|
|
case "map_flags":
|
|
flags, err = uintFromBTF(member.Type)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "can't get BTF map flags")
|
|
}
|
|
|
|
case "max_entries":
|
|
maxEntries, err = uintFromBTF(member.Type)
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "can't get BTF map max entries")
|
|
}
|
|
|
|
case "key":
|
|
case "value":
|
|
default:
|
|
return nil, errors.Errorf("unrecognized field %s in BTF map definition", member.Name)
|
|
}
|
|
}
|
|
|
|
keySize, err := btf.Sizeof(btf.MapKey(btfMap))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "can't get size of BTF key")
|
|
}
|
|
|
|
valueSize, err := btf.Sizeof(btf.MapValue(btfMap))
|
|
if err != nil {
|
|
return nil, errors.Wrap(err, "can't get size of BTF value")
|
|
}
|
|
|
|
return &MapSpec{
|
|
Type: MapType(mapType),
|
|
KeySize: uint32(keySize),
|
|
ValueSize: uint32(valueSize),
|
|
MaxEntries: maxEntries,
|
|
Flags: flags,
|
|
BTF: btfMap,
|
|
}, nil
|
|
}
|
|
|
|
// uintFromBTF resolves the __uint macro, which is a pointer to a sized
|
|
// array, e.g. for int (*foo)[10], this function will return 10.
|
|
func uintFromBTF(typ btf.Type) (uint32, error) {
|
|
ptr, ok := typ.(*btf.Pointer)
|
|
if !ok {
|
|
return 0, errors.Errorf("not a pointer: %v", typ)
|
|
}
|
|
|
|
arr, ok := ptr.Target.(*btf.Array)
|
|
if !ok {
|
|
return 0, errors.Errorf("not a pointer to array: %v", typ)
|
|
}
|
|
|
|
return arr.Nelems, nil
|
|
}
|
|
|
|
func getProgType(v string) (ProgramType, AttachType) {
|
|
types := map[string]ProgramType{
|
|
// From https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/lib/bpf/libbpf.c#n3568
|
|
"socket": SocketFilter,
|
|
"seccomp": SocketFilter,
|
|
"kprobe/": Kprobe,
|
|
"uprobe/": Kprobe,
|
|
"kretprobe/": Kprobe,
|
|
"uretprobe/": Kprobe,
|
|
"tracepoint/": TracePoint,
|
|
"raw_tracepoint/": RawTracepoint,
|
|
"xdp": XDP,
|
|
"perf_event": PerfEvent,
|
|
"lwt_in": LWTIn,
|
|
"lwt_out": LWTOut,
|
|
"lwt_xmit": LWTXmit,
|
|
"lwt_seg6local": LWTSeg6Local,
|
|
"sockops": SockOps,
|
|
"sk_skb": SkSKB,
|
|
"sk_msg": SkMsg,
|
|
"lirc_mode2": LircMode2,
|
|
"flow_dissector": FlowDissector,
|
|
|
|
"cgroup_skb/": CGroupSKB,
|
|
"cgroup/dev": CGroupDevice,
|
|
"cgroup/skb": CGroupSKB,
|
|
"cgroup/sock": CGroupSock,
|
|
"cgroup/post_bind": CGroupSock,
|
|
"cgroup/bind": CGroupSockAddr,
|
|
"cgroup/connect": CGroupSockAddr,
|
|
"cgroup/sendmsg": CGroupSockAddr,
|
|
"cgroup/recvmsg": CGroupSockAddr,
|
|
"cgroup/sysctl": CGroupSysctl,
|
|
"cgroup/getsockopt": CGroupSockopt,
|
|
"cgroup/setsockopt": CGroupSockopt,
|
|
"classifier": SchedCLS,
|
|
"action": SchedACT,
|
|
}
|
|
attachTypes := map[string]AttachType{
|
|
"cgroup_skb/ingress": AttachCGroupInetIngress,
|
|
"cgroup_skb/egress": AttachCGroupInetEgress,
|
|
"cgroup/sock": AttachCGroupInetSockCreate,
|
|
"cgroup/post_bind4": AttachCGroupInet4PostBind,
|
|
"cgroup/post_bind6": AttachCGroupInet6PostBind,
|
|
"cgroup/dev": AttachCGroupDevice,
|
|
"sockops": AttachCGroupSockOps,
|
|
"sk_skb/stream_parser": AttachSkSKBStreamParser,
|
|
"sk_skb/stream_verdict": AttachSkSKBStreamVerdict,
|
|
"sk_msg": AttachSkSKBStreamVerdict,
|
|
"lirc_mode2": AttachLircMode2,
|
|
"flow_dissector": AttachFlowDissector,
|
|
"cgroup/bind4": AttachCGroupInet4Bind,
|
|
"cgroup/bind6": AttachCGroupInet6Bind,
|
|
"cgroup/connect4": AttachCGroupInet4Connect,
|
|
"cgroup/connect6": AttachCGroupInet6Connect,
|
|
"cgroup/sendmsg4": AttachCGroupUDP4Sendmsg,
|
|
"cgroup/sendmsg6": AttachCGroupUDP6Sendmsg,
|
|
"cgroup/recvmsg4": AttachCGroupUDP4Recvmsg,
|
|
"cgroup/recvmsg6": AttachCGroupUDP6Recvmsg,
|
|
"cgroup/sysctl": AttachCGroupSysctl,
|
|
"cgroup/getsockopt": AttachCGroupGetsockopt,
|
|
"cgroup/setsockopt": AttachCGroupSetsockopt,
|
|
}
|
|
attachType := AttachNone
|
|
for k, t := range attachTypes {
|
|
if strings.HasPrefix(v, k) {
|
|
attachType = t
|
|
}
|
|
}
|
|
|
|
for k, t := range types {
|
|
if strings.HasPrefix(v, k) {
|
|
return t, attachType
|
|
}
|
|
}
|
|
return UnspecifiedProgram, AttachNone
|
|
}
|
|
|
|
func (ec *elfCode) loadRelocations(sec *elf.Section) (map[uint64]string, error) {
|
|
rels := make(map[uint64]string)
|
|
if sec == nil {
|
|
return rels, nil
|
|
}
|
|
|
|
if sec.Entsize < 16 {
|
|
return nil, errors.New("rels are less than 16 bytes")
|
|
}
|
|
|
|
r := sec.Open()
|
|
for off := uint64(0); off < sec.Size; off += sec.Entsize {
|
|
ent := io.LimitReader(r, int64(sec.Entsize))
|
|
|
|
var rel elf.Rel64
|
|
if binary.Read(ent, ec.ByteOrder, &rel) != nil {
|
|
return nil, errors.Errorf("can't parse relocation at offset %v", off)
|
|
}
|
|
|
|
symNo := int(elf.R_SYM64(rel.Info) - 1)
|
|
if symNo >= len(ec.symbols) {
|
|
return nil, errors.Errorf("relocation at offset %d: symbol %v doesnt exist", off, symNo)
|
|
}
|
|
|
|
rels[rel.Off] = ec.symbols[symNo].Name
|
|
}
|
|
return rels, nil
|
|
}
|
|
|
|
func symbolsPerSection(symbols []elf.Symbol) map[elf.SectionIndex]map[uint64]string {
|
|
result := make(map[elf.SectionIndex]map[uint64]string)
|
|
for i, sym := range symbols {
|
|
switch elf.ST_TYPE(sym.Info) {
|
|
case elf.STT_NOTYPE:
|
|
// Older versions of LLVM doesn't tag
|
|
// symbols correctly.
|
|
break
|
|
case elf.STT_OBJECT:
|
|
break
|
|
case elf.STT_FUNC:
|
|
break
|
|
default:
|
|
continue
|
|
}
|
|
|
|
if sym.Name == "" {
|
|
continue
|
|
}
|
|
|
|
idx := sym.Section
|
|
if _, ok := result[idx]; !ok {
|
|
result[idx] = make(map[uint64]string)
|
|
}
|
|
result[idx][sym.Value] = symbols[i].Name
|
|
}
|
|
return result
|
|
}
|