1*387f9dfdSAndroid Build Coastguard Worker /*
2*387f9dfdSAndroid Build Coastguard Worker * CGroupTest Demonstrate how to use BPF cgroup API to collect file open event
3*387f9dfdSAndroid Build Coastguard Worker *
4*387f9dfdSAndroid Build Coastguard Worker * Basic example of cgroup and BPF kprobes.
5*387f9dfdSAndroid Build Coastguard Worker *
6*387f9dfdSAndroid Build Coastguard Worker * USAGE: CGroupTest cgroup2_path
7*387f9dfdSAndroid Build Coastguard Worker *
8*387f9dfdSAndroid Build Coastguard Worker * EXAMPLES:
9*387f9dfdSAndroid Build Coastguard Worker * 1. Create a directory under cgroup2 mountpoint:
10*387f9dfdSAndroid Build Coastguard Worker * $ sudo mkdir /sys/fs/cgroup/unified/test
11*387f9dfdSAndroid Build Coastguard Worker * 2. Add current bash into the testing cgroup:
12*387f9dfdSAndroid Build Coastguard Worker * $ sudo echo $$ | sudo tee -a /sys/fs/cgroup/unified/test/cgroup.procs
13*387f9dfdSAndroid Build Coastguard Worker * 3. Open another bash window, and start CGroupTest as:
14*387f9dfdSAndroid Build Coastguard Worker * $ sudo ./examples/cpp/CGroupTest /sys/fs/cgroup/unified/test
15*387f9dfdSAndroid Build Coastguard Worker * 4. Run file open activity from previous bash window should be printed.
16*387f9dfdSAndroid Build Coastguard Worker *
17*387f9dfdSAndroid Build Coastguard Worker * Copyright (c) Jinshan Xiong
18*387f9dfdSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License")
19*387f9dfdSAndroid Build Coastguard Worker */
20*387f9dfdSAndroid Build Coastguard Worker
21*387f9dfdSAndroid Build Coastguard Worker #include <unistd.h>
22*387f9dfdSAndroid Build Coastguard Worker #include <fstream>
23*387f9dfdSAndroid Build Coastguard Worker #include <cstdlib>
24*387f9dfdSAndroid Build Coastguard Worker #include <iomanip>
25*387f9dfdSAndroid Build Coastguard Worker #include <iostream>
26*387f9dfdSAndroid Build Coastguard Worker #include <string>
27*387f9dfdSAndroid Build Coastguard Worker
28*387f9dfdSAndroid Build Coastguard Worker #include "BPF.h"
29*387f9dfdSAndroid Build Coastguard Worker
30*387f9dfdSAndroid Build Coastguard Worker const std::string BPF_PROGRAM = R"(
31*387f9dfdSAndroid Build Coastguard Worker #include <linux/sched.h>
32*387f9dfdSAndroid Build Coastguard Worker #include <linux/path.h>
33*387f9dfdSAndroid Build Coastguard Worker #include <linux/dcache.h>
34*387f9dfdSAndroid Build Coastguard Worker
35*387f9dfdSAndroid Build Coastguard Worker BPF_CGROUP_ARRAY(cgroup, 1);
36*387f9dfdSAndroid Build Coastguard Worker
37*387f9dfdSAndroid Build Coastguard Worker int on_vfs_open(struct pt_regs *ctx, struct path *path) {
38*387f9dfdSAndroid Build Coastguard Worker if (cgroup.check_current_task(0) > 0)
39*387f9dfdSAndroid Build Coastguard Worker bpf_trace_printk("file '%s' was opened!\n", path->dentry->d_name.name);
40*387f9dfdSAndroid Build Coastguard Worker return 0;
41*387f9dfdSAndroid Build Coastguard Worker }
42*387f9dfdSAndroid Build Coastguard Worker )";
43*387f9dfdSAndroid Build Coastguard Worker
main(int argc,char ** argv)44*387f9dfdSAndroid Build Coastguard Worker int main(int argc, char** argv) {
45*387f9dfdSAndroid Build Coastguard Worker if (argc != 2) {
46*387f9dfdSAndroid Build Coastguard Worker std::cerr << argv[0] << ": requires _one_ cgroup path" << std::endl;
47*387f9dfdSAndroid Build Coastguard Worker return 1;
48*387f9dfdSAndroid Build Coastguard Worker }
49*387f9dfdSAndroid Build Coastguard Worker
50*387f9dfdSAndroid Build Coastguard Worker ebpf::BPF bpf;
51*387f9dfdSAndroid Build Coastguard Worker auto init_res = bpf.init(BPF_PROGRAM);
52*387f9dfdSAndroid Build Coastguard Worker if (!init_res.ok()) {
53*387f9dfdSAndroid Build Coastguard Worker std::cerr << init_res.msg() << std::endl;
54*387f9dfdSAndroid Build Coastguard Worker return 1;
55*387f9dfdSAndroid Build Coastguard Worker }
56*387f9dfdSAndroid Build Coastguard Worker
57*387f9dfdSAndroid Build Coastguard Worker auto cgroup_array = bpf.get_cgroup_array("cgroup");
58*387f9dfdSAndroid Build Coastguard Worker auto update_res = cgroup_array.update_value(0, argv[1]);
59*387f9dfdSAndroid Build Coastguard Worker if (!update_res.ok()) {
60*387f9dfdSAndroid Build Coastguard Worker std::cerr << update_res.msg() << std::endl;
61*387f9dfdSAndroid Build Coastguard Worker return 1;
62*387f9dfdSAndroid Build Coastguard Worker }
63*387f9dfdSAndroid Build Coastguard Worker
64*387f9dfdSAndroid Build Coastguard Worker auto attach_res =
65*387f9dfdSAndroid Build Coastguard Worker bpf.attach_kprobe("vfs_open", "on_vfs_open");
66*387f9dfdSAndroid Build Coastguard Worker if (!attach_res.ok()) {
67*387f9dfdSAndroid Build Coastguard Worker std::cerr << attach_res.msg() << std::endl;
68*387f9dfdSAndroid Build Coastguard Worker return 1;
69*387f9dfdSAndroid Build Coastguard Worker }
70*387f9dfdSAndroid Build Coastguard Worker
71*387f9dfdSAndroid Build Coastguard Worker std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe");
72*387f9dfdSAndroid Build Coastguard Worker std::string line;
73*387f9dfdSAndroid Build Coastguard Worker
74*387f9dfdSAndroid Build Coastguard Worker std::cout << "Started tracing open event, hit Ctrl-C to terminate." << std::endl;
75*387f9dfdSAndroid Build Coastguard Worker while (std::getline(pipe, line))
76*387f9dfdSAndroid Build Coastguard Worker std::cout << line << std::endl;
77*387f9dfdSAndroid Build Coastguard Worker
78*387f9dfdSAndroid Build Coastguard Worker auto detach_res = bpf.detach_kprobe("vfs_open");
79*387f9dfdSAndroid Build Coastguard Worker if (!detach_res.ok()) {
80*387f9dfdSAndroid Build Coastguard Worker std::cerr << detach_res.msg() << std::endl;
81*387f9dfdSAndroid Build Coastguard Worker return 1;
82*387f9dfdSAndroid Build Coastguard Worker }
83*387f9dfdSAndroid Build Coastguard Worker
84*387f9dfdSAndroid Build Coastguard Worker return 0;
85*387f9dfdSAndroid Build Coastguard Worker }
86