1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2020 Facebook */
3 #pragma once
4
5 #define TASK_COMM_LEN 16
6 #define MAX_ANCESTORS 4
7 #define MAX_PATH 256
8 #define KILL_TARGET_LEN 64
9 #define CTL_MAXNAME 10
10 #define MAX_ARGS_LEN 4096
11 #define MAX_FILENAME_LEN 512
12 #define MAX_ENVIRON_LEN 8192
13 #define MAX_PATH_DEPTH 32
14 #define MAX_FILEPATH_LENGTH (MAX_PATH_DEPTH * MAX_PATH)
15 #define MAX_CGROUPS_PATH_DEPTH 8
16
17 #define MAX_METADATA_PAYLOAD_LEN TASK_COMM_LEN
18
19 #define MAX_CGROUP_PAYLOAD_LEN \
20 (MAX_PATH * 2 + (MAX_PATH * MAX_CGROUPS_PATH_DEPTH))
21
22 #define MAX_CAP_PAYLOAD_LEN (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN)
23
24 #define MAX_SYSCTL_PAYLOAD_LEN \
25 (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + CTL_MAXNAME + MAX_PATH)
26
27 #define MAX_KILL_PAYLOAD_LEN \
28 (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + TASK_COMM_LEN + \
29 KILL_TARGET_LEN)
30
31 #define MAX_EXEC_PAYLOAD_LEN \
32 (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILENAME_LEN + \
33 MAX_ARGS_LEN + MAX_ENVIRON_LEN)
34
35 #define MAX_FILEMOD_PAYLOAD_LEN \
36 (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILEPATH_LENGTH + \
37 MAX_FILEPATH_LENGTH)
38
39 enum data_type {
40 INVALID_EVENT,
41 EXEC_EVENT,
42 FORK_EVENT,
43 KILL_EVENT,
44 SYSCTL_EVENT,
45 FILEMOD_EVENT,
46 MAX_DATA_TYPE_EVENT
47 };
48
49 enum filemod_type {
50 FMOD_OPEN,
51 FMOD_LINK,
52 FMOD_SYMLINK,
53 };
54
55 struct ancestors_data_t {
56 pid_t ancestor_pids[MAX_ANCESTORS];
57 uint32_t ancestor_exec_ids[MAX_ANCESTORS];
58 uint64_t ancestor_start_times[MAX_ANCESTORS];
59 uint32_t num_ancestors;
60 };
61
62 struct var_metadata_t {
63 enum data_type type;
64 pid_t pid;
65 uint32_t exec_id;
66 uid_t uid;
67 gid_t gid;
68 uint64_t start_time;
69 uint32_t cpu_id;
70 uint64_t bpf_stats_num_perf_events;
71 uint64_t bpf_stats_start_ktime_ns;
72 uint8_t comm_length;
73 };
74
75 struct cgroup_data_t {
76 ino_t cgroup_root_inode;
77 ino_t cgroup_proc_inode;
78 uint64_t cgroup_root_mtime;
79 uint64_t cgroup_proc_mtime;
80 uint16_t cgroup_root_length;
81 uint16_t cgroup_proc_length;
82 uint16_t cgroup_full_length;
83 int cgroup_full_path_root_pos;
84 };
85
86 struct var_sysctl_data_t {
87 struct var_metadata_t meta;
88 struct cgroup_data_t cgroup_data;
89 struct ancestors_data_t ancestors_info;
90 uint8_t sysctl_val_length;
91 uint16_t sysctl_path_length;
92 char payload[MAX_SYSCTL_PAYLOAD_LEN];
93 };
94
95 struct var_kill_data_t {
96 struct var_metadata_t meta;
97 struct cgroup_data_t cgroup_data;
98 struct ancestors_data_t ancestors_info;
99 pid_t kill_target_pid;
100 int kill_sig;
101 uint32_t kill_count;
102 uint64_t last_kill_time;
103 uint8_t kill_target_name_length;
104 uint8_t kill_target_cgroup_proc_length;
105 char payload[MAX_KILL_PAYLOAD_LEN];
106 size_t payload_length;
107 };
108
109 struct var_exec_data_t {
110 struct var_metadata_t meta;
111 struct cgroup_data_t cgroup_data;
112 pid_t parent_pid;
113 uint32_t parent_exec_id;
114 uid_t parent_uid;
115 uint64_t parent_start_time;
116 uint16_t bin_path_length;
117 uint16_t cmdline_length;
118 uint16_t environment_length;
119 char payload[MAX_EXEC_PAYLOAD_LEN];
120 };
121
122 struct var_fork_data_t {
123 struct var_metadata_t meta;
124 pid_t parent_pid;
125 uint32_t parent_exec_id;
126 uint64_t parent_start_time;
127 char payload[MAX_METADATA_PAYLOAD_LEN];
128 };
129
130 struct var_filemod_data_t {
131 struct var_metadata_t meta;
132 struct cgroup_data_t cgroup_data;
133 enum filemod_type fmod_type;
134 unsigned int dst_flags;
135 uint32_t src_device_id;
136 uint32_t dst_device_id;
137 ino_t src_inode;
138 ino_t dst_inode;
139 uint16_t src_filepath_length;
140 uint16_t dst_filepath_length;
141 char payload[MAX_FILEMOD_PAYLOAD_LEN];
142 };
143
144 struct profiler_config_struct {
145 bool fetch_cgroups_from_bpf;
146 ino_t cgroup_fs_inode;
147 ino_t cgroup_login_session_inode;
148 uint64_t kill_signals_mask;
149 ino_t inode_filter;
150 uint32_t stale_info_secs;
151 bool use_variable_buffers;
152 bool read_environ_from_exec;
153 bool enable_cgroup_v1_resolver;
154 };
155
156 struct bpf_func_stats_data {
157 uint64_t time_elapsed_ns;
158 uint64_t num_executions;
159 uint64_t num_perf_events;
160 };
161
162 struct bpf_func_stats_ctx {
163 uint64_t start_time_ns;
164 struct bpf_func_stats_data* bpf_func_stats_data_val;
165 };
166
167 enum bpf_function_id {
168 profiler_bpf_proc_sys_write,
169 profiler_bpf_sched_process_exec,
170 profiler_bpf_sched_process_exit,
171 profiler_bpf_sys_enter_kill,
172 profiler_bpf_do_filp_open_ret,
173 profiler_bpf_sched_process_fork,
174 profiler_bpf_vfs_link,
175 profiler_bpf_vfs_symlink,
176 profiler_bpf_max_function_id
177 };
178
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.