From a514fdf23fe4b12e7ece505a97a48995efc8ee84 Mon Sep 17 00:00:00 2001
From: "xiayu.lyt" <xiayu.lyt@alibaba-inc.com>
Date: Thu, 14 Sep 2023 21:02:31 +0800
Subject: [PATCH] chore(btfhack): add kprobe.c for btfhack test

Signed-off-by: xiayu.lyt <xiayu.lyt@alibaba-inc.com>
---
 bpf/headers/common.h              | 148 ++++++++++++++++++++++++++++++
 bpf/kprobe.c                      |  27 ++++++
 pkg/exporter/testbtf/bpf_bpfeb.go |   7 +-
 pkg/exporter/testbtf/bpf_bpfeb.o  | Bin 2584 -> 2584 bytes
 pkg/exporter/testbtf/bpf_bpfel.go |   7 +-
 pkg/exporter/testbtf/bpf_bpfel.o  | Bin 2584 -> 2584 bytes
 pkg/exporter/testbtf/btf.go       |   2 +-
 7 files changed, 184 insertions(+), 7 deletions(-)
 create mode 100644 bpf/headers/common.h
 create mode 100644 bpf/kprobe.c

diff --git a/bpf/headers/common.h b/bpf/headers/common.h
new file mode 100644
index 00000000..75e72415
--- /dev/null
+++ b/bpf/headers/common.h
@@ -0,0 +1,148 @@
+// This is a compact version of `vmlinux.h` to be used in the examples using C code.
+
+#pragma once
+
+typedef unsigned char __u8;
+typedef short int __s16;
+typedef short unsigned int __u16;
+typedef int __s32;
+typedef unsigned int __u32;
+typedef long long int __s64;
+typedef long long unsigned int __u64;
+typedef __u8 u8;
+typedef __s16 s16;
+typedef __u16 u16;
+typedef __s32 s32;
+typedef __u32 u32;
+typedef __s64 s64;
+typedef __u64 u64;
+typedef __u16 __le16;
+typedef __u16 __be16;
+typedef __u32 __be32;
+typedef __u64 __be64;
+typedef __u32 __wsum;
+
+#include "bpf_helpers.h"
+
+enum bpf_map_type {
+	BPF_MAP_TYPE_UNSPEC                = 0,
+	BPF_MAP_TYPE_HASH                  = 1,
+	BPF_MAP_TYPE_ARRAY                 = 2,
+	BPF_MAP_TYPE_PROG_ARRAY            = 3,
+	BPF_MAP_TYPE_PERF_EVENT_ARRAY      = 4,
+	BPF_MAP_TYPE_PERCPU_HASH           = 5,
+	BPF_MAP_TYPE_PERCPU_ARRAY          = 6,
+	BPF_MAP_TYPE_STACK_TRACE           = 7,
+	BPF_MAP_TYPE_CGROUP_ARRAY          = 8,
+	BPF_MAP_TYPE_LRU_HASH              = 9,
+	BPF_MAP_TYPE_LRU_PERCPU_HASH       = 10,
+	BPF_MAP_TYPE_LPM_TRIE              = 11,
+	BPF_MAP_TYPE_ARRAY_OF_MAPS         = 12,
+	BPF_MAP_TYPE_HASH_OF_MAPS          = 13,
+	BPF_MAP_TYPE_DEVMAP                = 14,
+	BPF_MAP_TYPE_SOCKMAP               = 15,
+	BPF_MAP_TYPE_CPUMAP                = 16,
+	BPF_MAP_TYPE_XSKMAP                = 17,
+	BPF_MAP_TYPE_SOCKHASH              = 18,
+	BPF_MAP_TYPE_CGROUP_STORAGE        = 19,
+	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY   = 20,
+	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE = 21,
+	BPF_MAP_TYPE_QUEUE                 = 22,
+	BPF_MAP_TYPE_STACK                 = 23,
+	BPF_MAP_TYPE_SK_STORAGE            = 24,
+	BPF_MAP_TYPE_DEVMAP_HASH           = 25,
+	BPF_MAP_TYPE_STRUCT_OPS            = 26,
+	BPF_MAP_TYPE_RINGBUF               = 27,
+	BPF_MAP_TYPE_INODE_STORAGE         = 28,
+};
+
+enum xdp_action {
+	XDP_ABORTED = 0,
+	XDP_DROP = 1,
+	XDP_PASS = 2,
+	XDP_TX = 3,
+	XDP_REDIRECT = 4,
+};
+
+struct xdp_md {
+	__u32 data;
+	__u32 data_end;
+	__u32 data_meta;
+	__u32 ingress_ifindex;
+	__u32 rx_queue_index;
+	__u32 egress_ifindex;
+};
+
+typedef __u16 __sum16;
+
+#define ETH_P_IP 0x0800
+
+struct ethhdr {
+	unsigned char h_dest[6];
+	unsigned char h_source[6];
+	__be16 h_proto;
+};
+
+struct iphdr {
+	__u8 ihl: 4;
+	__u8 version: 4;
+	__u8 tos;
+	__be16 tot_len;
+	__be16 id;
+	__be16 frag_off;
+	__u8 ttl;
+	__u8 protocol;
+	__sum16 check;
+	__be32 saddr;
+	__be32 daddr;
+};
+
+enum {
+	BPF_ANY     = 0,
+	BPF_NOEXIST = 1,
+	BPF_EXIST   = 2,
+	BPF_F_LOCK  = 4,
+};
+
+/* BPF_FUNC_perf_event_output, BPF_FUNC_perf_event_read and
+ * BPF_FUNC_perf_event_read_value flags.
+ */
+#define BPF_F_INDEX_MASK 0xffffffffULL
+#define BPF_F_CURRENT_CPU BPF_F_INDEX_MASK
+
+#if defined(__TARGET_ARCH_x86)
+struct pt_regs {
+	/*
+	 * C ABI says these regs are callee-preserved. They aren't saved on kernel entry
+	 * unless syscall needs a complete, fully filled "struct pt_regs".
+	 */
+	unsigned long r15;
+	unsigned long r14;
+	unsigned long r13;
+	unsigned long r12;
+	unsigned long rbp;
+	unsigned long rbx;
+	/* These regs are callee-clobbered. Always saved on kernel entry. */
+	unsigned long r11;
+	unsigned long r10;
+	unsigned long r9;
+	unsigned long r8;
+	unsigned long rax;
+	unsigned long rcx;
+	unsigned long rdx;
+	unsigned long rsi;
+	unsigned long rdi;
+	/*
+	 * On syscall entry, this is syscall#. On CPU exception, this is error code.
+	 * On hw interrupt, it's IRQ number:
+	 */
+	unsigned long orig_rax;
+	/* Return frame for iretq */
+	unsigned long rip;
+	unsigned long cs;
+	unsigned long eflags;
+	unsigned long rsp;
+	unsigned long ss;
+	/* top of stack page */
+};
+#endif /* __TARGET_ARCH_x86 */
diff --git a/bpf/kprobe.c b/bpf/kprobe.c
new file mode 100644
index 00000000..c1d49c5f
--- /dev/null
+++ b/bpf/kprobe.c
@@ -0,0 +1,27 @@
+// +build ignore
+
+#include "common.h"
+
+char __license[] SEC("license") = "Dual MIT/GPL";
+
+struct bpf_map_def SEC("maps") kprobe_map = {
+	.type        = BPF_MAP_TYPE_ARRAY,
+	.key_size    = sizeof(u32),
+	.value_size  = sizeof(u64),
+	.max_entries = 1,
+};
+
+SEC("kprobe/sys_execve")
+int kprobe_execve() {
+	u32 key     = 0;
+	u64 initval = 1, *valp;
+
+	valp = bpf_map_lookup_elem(&kprobe_map, &key);
+	if (!valp) {
+		bpf_map_update_elem(&kprobe_map, &key, &initval, BPF_ANY);
+		return 0;
+	}
+	__sync_fetch_and_add(valp, 1);
+
+	return 0;
+}
diff --git a/pkg/exporter/testbtf/bpf_bpfeb.go b/pkg/exporter/testbtf/bpf_bpfeb.go
index df197592..27deb824 100644
--- a/pkg/exporter/testbtf/bpf_bpfeb.go
+++ b/pkg/exporter/testbtf/bpf_bpfeb.go
@@ -28,9 +28,9 @@ func loadBpf() (*ebpf.CollectionSpec, error) {
 //
 // The following types are suitable as obj argument:
 //
-//     *bpfObjects
-//     *bpfPrograms
-//     *bpfMaps
+//	*bpfObjects
+//	*bpfPrograms
+//	*bpfMaps
 //
 // See ebpf.CollectionSpec.LoadAndAssign documentation for details.
 func loadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error {
@@ -115,5 +115,6 @@ func _BpfClose(closers ...io.Closer) error {
 }
 
 // Do not access this directly.
+//
 //go:embed bpf_bpfeb.o
 var _BpfBytes []byte
diff --git a/pkg/exporter/testbtf/bpf_bpfeb.o b/pkg/exporter/testbtf/bpf_bpfeb.o
index 58fd2128ca91d45249348300a88cec593ebaa2ed..061ede590a4bfb6e841a8660a9b138644101f142 100644
GIT binary patch
delta 831
zcmZ8fJxc>Y5S`84=5lI`i7_82$r%WWrU)rb#47_TC`yQ3#8L%2ErbNLursoS2U?`F
zu~6*9LjOUmZS4I4w$AMBnY$a9+4p8<cV=hTNjvHO8e=#154#r?w#@RP%@(=^22ymi
z767YFx}4*JA=bbE;WXkVuBIDin+jX#Zz*ge-dDJT_*mf{;?q!_OSeu5VwgmQt`l-a
z24F}F5J%Uoup%ojdyx+|Uk7MVgtnAXw*l-Zt~tdIL|rc?&jB{5OX`-g9>t+vEWZNm
zYRDYr{RQYm5D#3=vH(X+d`9PV%+kcOKFxa=(!@~D=4m6zKw8%{QxvW8Y?oT_3yum}
zNq201Ki)=46)i_q6M>T;mu@<fo&<%_^(bF)sE~8SyI=<$uodE+5T}B^1E3e;{SY67
z_)~xv0Nw)*fT73ZiAk{@9f~h=Rpg8dUc-PXsz#>7+XzW4)Cp8?#`L%(Q^GMG*qgA8
zSxybhZA<)221nbxukybQ<Kw6dpD;6~Q70td@*GN*=cG9O0}{Fml{dwexg+jki!=Vo
Ic&Fz60FAmpZU6uP

delta 864
zcmZ8fJxc>Y5S_i`a-K#_G>8&|rw{}UK?NH>@K8{T6oMZJf{2hVMUWs7iyYWkiLxL8
zn-q37ij|0vf1v&YdwXl&Y<BUyf!TTQ&CKoX>^3va%=L;$-uU0*P8P(p7?%5DvXK*{
zERNM960?0BZX+Ni7Lj0_0p37#J84nU*n_^Su@8KtF`}qw8~~q2_POZnGeKP_;*GBQ
zRRkk))JoI~=~jBy!t;UE7UK&<OPt}BJba7DPaqC!ek_;bW9f6E6946<Rv%;~K9+wW
z+KEAFYW0Wc$O3M4xELa;2>F>9oe!XJhK;L@odFoVWkinntR<h~gN?nkBH<h#fi?&J
zI!*EsU<CC%_po8k%4V?g+4R_``kyN~)GIK9In|)Lu@vBZU}HW&m}7VplPM?L;7^A$
zL4;pNcq_smBfK5qABOjIC#hH~*K1TfDOZZCJL^Rdd6;;U2TmZfUH9Tu`cBsFL5ILd
zhq`0$fNWo~?XKmLK<3o^3fTDe=in|kOxgRa!8|y>BXeb@JO!-^*X4CUHV@9_{MOmR
Y<*cjn0lTS^M0{qJ6Y|pCmRV={7p;ax`v3p{

diff --git a/pkg/exporter/testbtf/bpf_bpfel.go b/pkg/exporter/testbtf/bpf_bpfel.go
index d5fa572c..61c2becc 100644
--- a/pkg/exporter/testbtf/bpf_bpfel.go
+++ b/pkg/exporter/testbtf/bpf_bpfel.go
@@ -28,9 +28,9 @@ func loadBpf() (*ebpf.CollectionSpec, error) {
 //
 // The following types are suitable as obj argument:
 //
-//     *bpfObjects
-//     *bpfPrograms
-//     *bpfMaps
+//	*bpfObjects
+//	*bpfPrograms
+//	*bpfMaps
 //
 // See ebpf.CollectionSpec.LoadAndAssign documentation for details.
 func loadBpfObjects(obj interface{}, opts *ebpf.CollectionOptions) error {
@@ -115,5 +115,6 @@ func _BpfClose(closers ...io.Closer) error {
 }
 
 // Do not access this directly.
+//
 //go:embed bpf_bpfel.o
 var _BpfBytes []byte
diff --git a/pkg/exporter/testbtf/bpf_bpfel.o b/pkg/exporter/testbtf/bpf_bpfel.o
index 862c3277997f1d7b896b86c88f081da6fe1762da..27cee82f5fe6b83dca97575ba702cf2dbead59b3 100644
GIT binary patch
delta 768
zcmZ9KKTE?<6vf|5(k2gVZMBdVv1t|mp&)b;t(vi*f<-O3Ra`nK=;R{UL1!&@u!BQ4
z7YD&jMDzoQb#ry}6S#VA^IB^Txi9B;@6Eg6CCyYbb+sa8WA$6!(2Sgw8QPIkXIUv&
z(!!EM6atP%IEg4?fwxldC3uB9YeV}Sd_{X7eoy-<{Gs-B_!D@jH|IRyvADxo#3dG7
zgWP5F0>u#5G-@nA>>AH9zr?ws5d6plqKt_8LZmhC(}LwCPeE!OZ>zI+RI|LvN07NK
zL{n#fa5t(#v^2Xs{(wHB*%4EiNd8y7gC@OOZpQ39)L-XOL&Bu_h&vwb75K<l6-1H`
zQ7cB}$nY8Sk<MUtP-g@2$KZX^ea!uH2o~45<Re&J-VCtE)ev{*p}*GIpdM<t3UMpM
z_aS}>aXZAZ!8ol&-{@2Ml(y@tfI9y{K7Bb}asZBxn!hJ2K@I!Xcrs|w&MJP_pf#_8
nR{ksgTFZ_n+jQ)>RI(F_YeDy(@*=#kq6@V}O=nt4dUf1i*ULZZ

delta 800
zcmZXSy-Nc@5XE;d_mPWH6BEoyh>3!VXcH@qU+EM~p=d;~Ijj^?q!Pp;0kM_HfCOx=
zw~1JZ2$nXYe}b)@m9=l~_JW+l&CdJHzGe58?Pj~#&YDbKuYbu~nw4|Xp}L%D6{O&h
zI))Om9Pp6AP2@5LXgv$P0d1pl)RZnk*Ojh9yGpyz4W--Ar_hN0J{JK`4#l~PyuyHQ
zm|YeRh(Y8H6|~idL+x2kRJgYy1TUFFZX?aA5RT#_TGET@bC6vVVpDbR=tM70KZ0U=
zLUdL42UT;0@Dz{o_6@q%^Yp2kdCfOst{-Q<(u4<3rXCYoe<l?B5NQz$(LX%{A7tc@
zzo#5ysA<6$A4HaRj7-Y}G*t&@63qSusUG_so>0N_^C6(}{?!QcMTNohZV0H%;eL?E
zexnT)1{*pdpfY<A?nU?|!XFVHNF-^?e4_)aO-|g?o;0dh<K)<me5bOVqgQ)TCP^l8
x#sZeweCPCSr3(Bq_~!WuaHN9b|ABJF0~a3cKNqhKTunP=Fqw2|?~-Fxe*sR|LZ<)#

diff --git a/pkg/exporter/testbtf/btf.go b/pkg/exporter/testbtf/btf.go
index 561c9988..0a5ba5f5 100644
--- a/pkg/exporter/testbtf/btf.go
+++ b/pkg/exporter/testbtf/btf.go
@@ -11,7 +11,7 @@ import (
 
 const mapKey uint32 = 0
 
-//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang bpf ../../bpf/kprobe.c -- -I../../bpf/headers
+//go:generate go run github.com/cilium/ebpf/cmd/bpf2go -cc clang-16 bpf ../../../bpf/kprobe.c -- -I../../../bpf/headers
 
 func btfTest(btf *btf.Spec) error {
 	fn := "sys_execve"