From 1f069b9465b183fcd1bb8b2fecaa5a40d84a18f1 Mon Sep 17 00:00:00 2001 From: Rafael David Tinoco Date: Thu, 11 Jan 2024 18:56:07 -0300 Subject: [PATCH] selftest: add selftest for AttachKprobeOffset --- selftest/tracing-by-offset/Makefile | 1 + selftest/tracing-by-offset/go.mod | 14 ++++++ selftest/tracing-by-offset/go.sum | 6 +++ selftest/tracing-by-offset/main.bpf.c | 14 ++++++ selftest/tracing-by-offset/main.go | 70 +++++++++++++++++++++++++++ selftest/tracing-by-offset/run.sh | 1 + selftest/tracing/main.go | 2 +- 7 files changed, 107 insertions(+), 1 deletion(-) create mode 120000 selftest/tracing-by-offset/Makefile create mode 100644 selftest/tracing-by-offset/go.mod create mode 100644 selftest/tracing-by-offset/go.sum create mode 100644 selftest/tracing-by-offset/main.bpf.c create mode 100644 selftest/tracing-by-offset/main.go create mode 120000 selftest/tracing-by-offset/run.sh diff --git a/selftest/tracing-by-offset/Makefile b/selftest/tracing-by-offset/Makefile new file mode 120000 index 00000000..d981720c --- /dev/null +++ b/selftest/tracing-by-offset/Makefile @@ -0,0 +1 @@ +../common/Makefile \ No newline at end of file diff --git a/selftest/tracing-by-offset/go.mod b/selftest/tracing-by-offset/go.mod new file mode 100644 index 00000000..7d572001 --- /dev/null +++ b/selftest/tracing-by-offset/go.mod @@ -0,0 +1,14 @@ +module github.com/aquasecurity/libbpfgo/selftest/tracing-by-offset + +go 1.18 + +require ( + github.com/aquasecurity/libbpfgo v0.4.7-libbpf-1.2.0-b2e29a1 + github.com/aquasecurity/libbpfgo/helpers v0.4.5 +) + +require golang.org/x/sys v0.7.0 // indirect + +replace github.com/aquasecurity/libbpfgo => ../../ + +replace github.com/aquasecurity/libbpfgo/helpers => ../../helpers diff --git a/selftest/tracing-by-offset/go.sum b/selftest/tracing-by-offset/go.sum new file mode 100644 index 00000000..70691e6f --- /dev/null +++ b/selftest/tracing-by-offset/go.sum @@ -0,0 +1,6 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= +golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/selftest/tracing-by-offset/main.bpf.c b/selftest/tracing-by-offset/main.bpf.c new file mode 100644 index 00000000..abde44f8 --- /dev/null +++ b/selftest/tracing-by-offset/main.bpf.c @@ -0,0 +1,14 @@ +//+build ignore + +#include + +#include + +SEC("kprobe/sys_mmap") +int kprobe__sys_mmap(struct pt_regs *ctx) +{ + bpf_printk("Hello, World!\n"); + return 0; +} + +char LICENSE[] SEC("license") = "Dual BSD/GPL"; diff --git a/selftest/tracing-by-offset/main.go b/selftest/tracing-by-offset/main.go new file mode 100644 index 00000000..33133dcb --- /dev/null +++ b/selftest/tracing-by-offset/main.go @@ -0,0 +1,70 @@ +package main + +import "C" + +import ( + "os" + "runtime" + "time" + + "fmt" + "syscall" + + bpf "github.com/aquasecurity/libbpfgo" + "github.com/aquasecurity/libbpfgo/helpers" +) + +func main() { + funcName := fmt.Sprintf("__%s_sys_mmap", ksymArch()) + + kst, err := helpers.NewKernelSymbolTable() + if err != nil { + fmt.Fprintln(os.Stderr, "NewKernelSymbolTable() failed: %v", err) + os.Exit(-1) + } + + funcSymbol, err := kst.GetSymbolByName(funcName) + if err != nil { + fmt.Fprintln(os.Stderr, "Expected to find symbol %s, but it was not found", funcSymbol) + os.Exit(-1) + } + + bpfModule, err := bpf.NewModuleFromFile("main.bpf.o") + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(-1) + } + defer bpfModule.Close() + + bpfModule.BPFLoadObject() + prog, err := bpfModule.GetProgram("kprobe__sys_mmap") + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(-1) + } + + _, err = prog.AttachKprobeOffset(funcSymbol[0].Address) + if err != nil { + fmt.Fprintln(os.Stderr, err) + os.Exit(-1) + } + + go func() { + time.Sleep(time.Second) + syscall.Mmap(999, 999, 999, 1, 1) + syscall.Mmap(999, 999, 999, 1, 1) + }() + + time.Sleep(time.Second * 2) +} + +func ksymArch() string { + switch runtime.GOARCH { + case "amd64": + return "x64" + case "arm64": + return "arm64" + default: + panic("unsupported architecture") + } +} diff --git a/selftest/tracing-by-offset/run.sh b/selftest/tracing-by-offset/run.sh new file mode 120000 index 00000000..aee911b2 --- /dev/null +++ b/selftest/tracing-by-offset/run.sh @@ -0,0 +1 @@ +../common/run.sh \ No newline at end of file diff --git a/selftest/tracing/main.go b/selftest/tracing/main.go index a801a9cf..652e520a 100644 --- a/selftest/tracing/main.go +++ b/selftest/tracing/main.go @@ -42,7 +42,7 @@ func main() { os.Exit(-1) } - if sym[0].Address == 0 || sym[0].Name == "" { + if sym[0].Address == 0 && sym[0].Name == "" { fmt.Fprintln(os.Stderr, "could not find symbol to attach to") os.Exit(-1) }