1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2020 Facebook */
3 #pragma once
4 
5 #define TASK_COMM_LEN 16
6 #define MAX_ANCESTORS 4
7 #define MAX_PATH 256
8 #define KILL_TARGET_LEN 64
9 #define CTL_MAXNAME 10
10 #define MAX_ARGS_LEN 4096
11 #define MAX_FILENAME_LEN 512
12 #define MAX_ENVIRON_LEN 8192
13 #define MAX_PATH_DEPTH 32
14 #define MAX_FILEPATH_LENGTH (MAX_PATH_DEPTH * MAX_PATH)
15 #define MAX_CGROUPS_PATH_DEPTH 8
16 
17 #define MAX_METADATA_PAYLOAD_LEN TASK_COMM_LEN
18 
19 #define MAX_CGROUP_PAYLOAD_LEN \
20 	(MAX_PATH * 2 + (MAX_PATH * MAX_CGROUPS_PATH_DEPTH))
21 
22 #define MAX_CAP_PAYLOAD_LEN (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN)
23 
24 #define MAX_SYSCTL_PAYLOAD_LEN \
25 	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + CTL_MAXNAME + MAX_PATH)
26 
27 #define MAX_KILL_PAYLOAD_LEN \
28 	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + TASK_COMM_LEN + \
29 	 KILL_TARGET_LEN)
30 
31 #define MAX_EXEC_PAYLOAD_LEN \
32 	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILENAME_LEN + \
33 	 MAX_ARGS_LEN + MAX_ENVIRON_LEN)
34 
35 #define MAX_FILEMOD_PAYLOAD_LEN \
36 	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILEPATH_LENGTH + \
37 	 MAX_FILEPATH_LENGTH)
38 
39 enum data_type {
40 	INVALID_EVENT,
41 	EXEC_EVENT,
42 	FORK_EVENT,
43 	KILL_EVENT,
44 	SYSCTL_EVENT,
45 	FILEMOD_EVENT,
46 	MAX_DATA_TYPE_EVENT
47 };
48 
49 enum filemod_type {
50 	FMOD_OPEN,
51 	FMOD_LINK,
52 	FMOD_SYMLINK,
53 };
54 
55 struct ancestors_data_t {
56 	pid_t ancestor_pids[MAX_ANCESTORS];
57 	uint32_t ancestor_exec_ids[MAX_ANCESTORS];
58 	uint64_t ancestor_start_times[MAX_ANCESTORS];
59 	uint32_t num_ancestors;
60 };
61 
62 struct var_metadata_t {
63 	enum data_type type;
64 	pid_t pid;
65 	uint32_t exec_id;
66 	uid_t uid;
67 	gid_t gid;
68 	uint64_t start_time;
69 	uint32_t cpu_id;
70 	uint64_t bpf_stats_num_perf_events;
71 	uint64_t bpf_stats_start_ktime_ns;
72 	uint8_t comm_length;
73 };
74 
75 struct cgroup_data_t {
76 	ino_t cgroup_root_inode;
77 	ino_t cgroup_proc_inode;
78 	uint64_t cgroup_root_mtime;
79 	uint64_t cgroup_proc_mtime;
80 	uint16_t cgroup_root_length;
81 	uint16_t cgroup_proc_length;
82 	uint16_t cgroup_full_length;
83 	int cgroup_full_path_root_pos;
84 };
85 
86 struct var_sysctl_data_t {
87 	struct var_metadata_t meta;
88 	struct cgroup_data_t cgroup_data;
89 	struct ancestors_data_t ancestors_info;
90 	uint8_t sysctl_val_length;
91 	uint16_t sysctl_path_length;
92 	char payload[MAX_SYSCTL_PAYLOAD_LEN];
93 };
94 
95 struct var_kill_data_t {
96 	struct var_metadata_t meta;
97 	struct cgroup_data_t cgroup_data;
98 	struct ancestors_data_t ancestors_info;
99 	pid_t kill_target_pid;
100 	int kill_sig;
101 	uint32_t kill_count;
102 	uint64_t last_kill_time;
103 	uint8_t kill_target_name_length;
104 	uint8_t kill_target_cgroup_proc_length;
105 	char payload[MAX_KILL_PAYLOAD_LEN];
106 	size_t payload_length;
107 };
108 
109 struct var_exec_data_t {
110 	struct var_metadata_t meta;
111 	struct cgroup_data_t cgroup_data;
112 	pid_t parent_pid;
113 	uint32_t parent_exec_id;
114 	uid_t parent_uid;
115 	uint64_t parent_start_time;
116 	uint16_t bin_path_length;
117 	uint16_t cmdline_length;
118 	uint16_t environment_length;
119 	char payload[MAX_EXEC_PAYLOAD_LEN];
120 };
121 
122 struct var_fork_data_t {
123 	struct var_metadata_t meta;
124 	pid_t parent_pid;
125 	uint32_t parent_exec_id;
126 	uint64_t parent_start_time;
127 	char payload[MAX_METADATA_PAYLOAD_LEN];
128 };
129 
130 struct var_filemod_data_t {
131 	struct var_metadata_t meta;
132 	struct cgroup_data_t cgroup_data;
133 	enum filemod_type fmod_type;
134 	unsigned int dst_flags;
135 	uint32_t src_device_id;
136 	uint32_t dst_device_id;
137 	ino_t src_inode;
138 	ino_t dst_inode;
139 	uint16_t src_filepath_length;
140 	uint16_t dst_filepath_length;
141 	char payload[MAX_FILEMOD_PAYLOAD_LEN];
142 };
143 
144 struct profiler_config_struct {
145 	bool fetch_cgroups_from_bpf;
146 	ino_t cgroup_fs_inode;
147 	ino_t cgroup_login_session_inode;
148 	uint64_t kill_signals_mask;
149 	ino_t inode_filter;
150 	uint32_t stale_info_secs;
151 	bool use_variable_buffers;
152 	bool read_environ_from_exec;
153 	bool enable_cgroup_v1_resolver;
154 };
155 
156 struct bpf_func_stats_data {
157 	uint64_t time_elapsed_ns;
158 	uint64_t num_executions;
159 	uint64_t num_perf_events;
160 };
161 
162 struct bpf_func_stats_ctx {
163 	uint64_t start_time_ns;
164 	struct bpf_func_stats_data* bpf_func_stats_data_val;
165 };
166 
167 enum bpf_function_id {
168 	profiler_bpf_proc_sys_write,
169 	profiler_bpf_sched_process_exec,
170 	profiler_bpf_sched_process_exit,
171 	profiler_bpf_sys_enter_kill,
172 	profiler_bpf_do_filp_open_ret,
173 	profiler_bpf_sched_process_fork,
174 	profiler_bpf_vfs_link,
175 	profiler_bpf_vfs_symlink,
176 	profiler_bpf_max_function_id
177 };
178