-
Notifications
You must be signed in to change notification settings - Fork 10
/
uprobe.go
160 lines (141 loc) · 4.68 KB
/
uprobe.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package manager
import (
"debug/elf"
"errors"
"fmt"
"regexp"
)
// SanitizeUprobeAddresses - sanitizes the addresses of the provided symbols
func SanitizeUprobeAddresses(f *elf.File, syms []elf.Symbol) {
// If the binary is a non-PIE executable, addr must be a virtual address, otherwise it must be an offset relative to
// the file load address. For executable (ET_EXEC) binaries and shared objects (ET_DYN), translate the virtual
// address to physical address in the binary file.
if f.Type == elf.ET_EXEC || f.Type == elf.ET_DYN {
for i, sym := range syms {
for _, prog := range f.Progs {
if prog.Type == elf.PT_LOAD {
if sym.Value >= prog.Vaddr && sym.Value < (prog.Vaddr+prog.Memsz) {
syms[i].Value = sym.Value - prog.Vaddr + prog.Off
}
}
}
}
}
}
// OpenAndListSymbols - Opens an elf file and extracts all its symbols
func OpenAndListSymbols(path string) (*elf.File, []elf.Symbol, error) {
// open elf file
f, err := elf.Open(path)
if err != nil {
return nil, nil, fmt.Errorf("couldn't open elf file %s: %w", path, err)
}
defer f.Close()
// Loop through all symbols
syms, errSyms := f.Symbols()
dynSyms, errDynSyms := f.DynamicSymbols()
syms = append(syms, dynSyms...)
if len(syms) == 0 {
var err error
if errSyms != nil {
err = fmt.Errorf("failed to list symbols: %v", errSyms)
}
if errDynSyms != nil {
err = fmt.Errorf("failed to list dynamic symbols: %v", errDynSyms)
}
if err != nil {
return nil, nil, err
}
return nil, nil, fmt.Errorf("no symbols found")
}
return f, syms, nil
}
// findSymbolOffsets - Parses the provided file and returns the offsets of the symbols that match the provided pattern
func findSymbolOffsets(path string, pattern *regexp.Regexp) ([]elf.Symbol, error) {
f, syms, err := OpenAndListSymbols(path)
if err != nil {
return nil, err
}
var matches []elf.Symbol
for _, sym := range syms {
if elf.ST_TYPE(sym.Info) == elf.STT_FUNC && pattern.MatchString(sym.Name) {
matches = append(matches, sym)
}
}
if len(matches) == 0 {
return nil, ErrSymbolNotFound
}
SanitizeUprobeAddresses(f, matches)
return matches, nil
}
// attachWithUprobeEvents attaches the uprobe using the uprobes_events ABI
func (p *Probe) attachWithUprobeEvents() (*tracefsLink, error) {
args := traceFsEventArgs{
Type: uprobe,
ReturnProbe: p.isReturnProbe,
Symbol: p.HookFuncName, // only used for event naming
Path: p.BinaryPath,
Offset: p.UprobeOffset,
UID: p.UID,
AttachingPID: p.attachPID,
}
var uprobeID int
var eventName string
uprobeID, eventName, err := registerTraceFSEvent(args)
if err != nil {
return nil, fmt.Errorf("couldn't enable uprobe %s: %w", p.ProbeIdentificationPair, err)
}
pfd, err := perfEventOpenTracingEvent(uprobeID, p.PerfEventPID)
if err != nil {
return nil, fmt.Errorf("couldn't open perf event fd for %s: %w", p.ProbeIdentificationPair, err)
}
return &tracefsLink{perfEventLink: newPerfEventLink(pfd), Type: uprobe, EventName: eventName}, nil
}
// attachUprobe - Attaches the probe to its Uprobe
func (p *Probe) attachUprobe() error {
// compute the offset if it was not provided
if p.UprobeOffset == 0 {
var funcPattern string
// find the offset of the first symbol matching the provided pattern
if len(p.MatchFuncName) > 0 {
funcPattern = p.MatchFuncName
} else {
funcPattern = fmt.Sprintf("^%s$", p.HookFuncName)
}
pattern, err := regexp.Compile(funcPattern)
if err != nil {
return fmt.Errorf("failed to compile pattern %s: %w", funcPattern, err)
}
// Retrieve dynamic symbol offset
offsets, err := findSymbolOffsets(p.BinaryPath, pattern)
if err != nil {
return fmt.Errorf("couldn't find symbol matching %s in %s: %w", pattern.String(), p.BinaryPath, err)
}
p.UprobeOffset = offsets[0].Value
p.HookFuncName = offsets[0].Name
}
var eventsFunc attachFunc = p.attachWithUprobeEvents
var pmuFunc attachFunc = func() (*tracefsLink, error) {
pfd, err := perfEventOpenPMU(p.BinaryPath, int(p.UprobeOffset), p.PerfEventPID, uprobe, p.isReturnProbe, 0)
if err != nil {
return nil, err
}
return &tracefsLink{perfEventLink: newPerfEventLink(pfd), Type: uprobe}, nil
}
startFunc, fallbackFunc := pmuFunc, eventsFunc
if p.UprobeAttachMethod == AttachWithProbeEvents {
startFunc, fallbackFunc = eventsFunc, pmuFunc
}
var startErr, fallbackErr error
var tl *tracefsLink
if tl, startErr = startFunc(); startErr != nil {
if tl, fallbackErr = fallbackFunc(); fallbackErr != nil {
return errors.Join(startErr, fallbackErr)
}
}
if err := attachPerfEvent(tl.perfEventLink, p.program); err != nil {
_ = tl.Close()
return fmt.Errorf("attach %s: %w", p.ProbeIdentificationPair, err)
}
p.progLink = tl
return nil
}