features: add Tracing and Extension program probes

Hardcode bpf_init as the fentry probe target. It's been part of the kernel since 4.4 (torvalds/linux@b2197755b263), has been completely untouched, and has a simple signature. For probing a BPF program type, it makes sense to target a symbol from the BPF subsystem. Signed-off-by: Robin Gögge <[email protected]> Signed-off-by: Timo Beckers <[email protected]>
ti-mo · Dec 23, 2022 · c7ba7f0 · c7ba7f0
1 parent a6ec438
commit c7ba7f0
Showing 1 changed file with 53 additions and 4 deletions.
diff --git a/features/prog.go b/features/prog.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/cilium/ebpf"
 	"github.com/cilium/ebpf/asm"
+	"github.com/cilium/ebpf/btf"
 	"github.com/cilium/ebpf/internal"
 	"github.com/cilium/ebpf/internal/sys"
 	"github.com/cilium/ebpf/internal/unix"
@@ -92,7 +93,16 @@ var haveProgramTypeMatrix = internal.FeatureMatrix[ebpf.ProgramType]{
 			})
 		},
 	},
-	// ebpf.Tracing:               {Version: "5.5"},
+	ebpf.Tracing: {
+		Version: "5.5",
+		Fn: func() error {
+			return probeProgram(&ebpf.ProgramSpec{
+				Type:       ebpf.Tracing,
+				AttachType: ebpf.AttachTraceFEntry,
+				AttachTo:   "bpf_init",
+			})
+		},
+	},
 	ebpf.StructOps: {
 		Version: "5.6",
 		Fn: func() error {
@@ -107,16 +117,55 @@ var haveProgramTypeMatrix = internal.FeatureMatrix[ebpf.ProgramType]{
 			return err
 		},
 	},
-	// ebpf.Extension:             {Version: "5.6"},
+	ebpf.Extension: {
+		Version: "5.6",
+		Fn: func() error {
+			// create btf.Func to add to first ins of target and extension so both progs are btf powered
+			btfFn := btf.Func{
+				Name: "a",
+				Type: &btf.FuncProto{
+					Return: &btf.Int{},
+				},
+				Linkage: btf.GlobalFunc,
+			}
+			insns := asm.Instructions{
+				btf.WithFuncMetadata(asm.Mov.Imm(asm.R0, 0), &btfFn),
+				asm.Return(),
+			}
+
+			// create target prog
+			prog, err := ebpf.NewProgramWithOptions(
+				&ebpf.ProgramSpec{
+					Type:         ebpf.XDP,
+					Instructions: insns,
+				},
+				ebpf.ProgramOptions{
+					LogDisabled: true,
+				},
+			)
+			if err != nil {
+				return err
+			}
+			defer prog.Close()
+
+			// probe for Extension prog with target
+			return probeProgram(&ebpf.ProgramSpec{
+				Type:         ebpf.Extension,
+				Instructions: insns,
+				AttachTarget: prog,
+				AttachTo:     btfFn.Name,
+			})
+		},
+	},
 	ebpf.LSM: {
 		Version: "5.7",
 		Fn: func() error {
-			return probeProgram((&ebpf.ProgramSpec{
+			return probeProgram(&ebpf.ProgramSpec{
 				Type:       ebpf.LSM,
 				AttachType: ebpf.AttachLSMMac,
 				AttachTo:   "file_mprotect",
 				License:    "GPL",
-			}))
+			})
 		},
 	},
 	ebpf.SkLookup: {