File: test_stackid.py

package info (click to toggle)
bpfcc 0.31.0%2Bds-7
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 27,208 kB
  • sloc: ansic: 758,058; python: 40,671; cpp: 25,637; sh: 780; makefile: 279
file content (83 lines) | stat: -rwxr-xr-x 2,617 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
#!/usr/bin/env python3
# Copyright (c) PLUMgrid, Inc.
# Licensed under the Apache License, Version 2.0 (the "License")

import bcc
import os
import unittest
from utils import mayFail, kernel_version_ge
import subprocess


@unittest.skipUnless(kernel_version_ge(4,6), "requires kernel >= 4.6")
class TestStackid(unittest.TestCase):
    @mayFail("This fails on github actions environment, and needs to be fixed")
    def test_simple(self):
        b = bcc.BPF(text=b"""
#include <uapi/linux/ptrace.h>
struct bpf_map;
BPF_STACK_TRACE(stack_traces, 10240);
BPF_HASH(stack_entries, int, int);
BPF_HASH(stub);
int kprobe__htab_map_lookup_elem(struct pt_regs *ctx, struct bpf_map *map, u64 *k) {
    int id = stack_traces.get_stackid(ctx, BPF_F_REUSE_STACKID);
    if (id < 0)
        return 0;
    int key = 1;
    stack_entries.update(&key, &id);
    return 0;
}
""")
        stub = b[b"stub"]
        stack_traces = b[b"stack_traces"]
        stack_entries = b[b"stack_entries"]
        try: x = stub[stub.Key(1)]
        except: pass
        k = stack_entries.Key(1)
        self.assertIn(k, stack_entries)
        stackid = stack_entries[k]
        self.assertIsNotNone(stackid)
        stack = stack_traces[stackid].ip
        self.assertEqual(b.ksym(stack[0]), b"htab_map_lookup_elem")

def Get_libc_path():
  cmd = 'cat /proc/self/maps | grep libc | awk \'{print $6}\' | uniq'
  output = subprocess.check_output(cmd, shell=True)
  if not isinstance(output, str):
    output = output.decode()
  return output.split('\n')[0]

@unittest.skipUnless(kernel_version_ge(4,17), "requires kernel >= 4.17")
class TestStackBuildid(unittest.TestCase):
    def test_simple(self):
        b = bcc.BPF(text=b"""
#include <uapi/linux/ptrace.h>
struct bpf_map;
BPF_STACK_TRACE_BUILDID(stack_traces, 10240);
BPF_HASH(stack_entries, int, int);
BPF_HASH(stub);
int kprobe__sys_getuid(struct pt_regs *ctx, struct bpf_map *map, u64 *k) {
    int id = stack_traces.get_stackid(ctx, BPF_F_USER_STACK);
    if (id < 0)
        return 0;
    int key = 1;
    stack_entries.update(&key, &id);
    return 0;
}
""")
        os.getuid()
        stub = b[b"stub"]
        stack_traces = b[b"stack_traces"]
        stack_entries = b[b"stack_entries"]
        b.add_module(Get_libc_path())
        try: x = stub[stub.Key(1)]
        except: pass
        k = stack_entries.Key(1)
        self.assertIn(k, stack_entries)
        stackid = stack_entries[k]
        self.assertIsNotNone(stackid)
        stack = stack_traces[stackid]
        self.assertTrue(b.sym(stack.trace[0], -1).find(b"getuid")!=-1)

if __name__ == "__main__":
    unittest.main()