1 /*
2  * Copyright (c) 2017 Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <linux/perf_event.h>
18 #include <linux/version.h>
19 #include <unistd.h>
20 #include <string>
21 
22 #include "BPF.h"
23 #include "catch.hpp"
24 
25 TEST_CASE("test read perf event", "[bpf_perf_event]") {
26 // The basic bpf_perf_event_read is supported since Kernel 4.3. However in that
27 // version it only supported HARDWARE and RAW events. On the other hand, our
28 // tests running on Jenkins won't have availiable HARDWARE counters since they
29 // are running on VMs. The support of other types of events such as SOFTWARE are
30 // only added since Kernel 4.13, hence we can only run the test since that.
31 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
32   const std::string BPF_PROGRAM = R"(
33     BPF_PERF_ARRAY(cnt, NUM_CPUS);
34     BPF_HASH(val, int, u64, 1);
35     BPF_HASH(ret, int, int, 1);
36     BPF_HASH(counter, int, struct bpf_perf_event_value, 1);
37 
38     int on_sys_getuid(void *ctx) {
39       int zero = 0;
40 
41       u64 v = cnt.perf_read(CUR_CPU_IDENTIFIER);
42       if (((s64)v < 0) && ((s64)v > -256))
43         return 0;
44       val.update(&zero, &v);
45     #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
46       u32 cpu = bpf_get_smp_processor_id();
47       struct bpf_perf_event_value c = {0};
48       int r = cnt.perf_counter_value(cpu, &c, sizeof(c));
49       ret.update(&zero, &r);
50       counter.update(&zero, &c);
51     #endif
52       return 0;
53     }
54   )";
55 
56   ebpf::BPF bpf;
57   ebpf::StatusTuple res(0);
58   res = bpf.init(
59       BPF_PROGRAM,
60       {"-DNUM_CPUS=" + std::to_string(sysconf(_SC_NPROCESSORS_ONLN))}, {});
61   REQUIRE(res.code() == 0);
62   res =
63       bpf.open_perf_event("cnt", PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK);
64   REQUIRE(res.code() == 0);
65   std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
66   res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
67   REQUIRE(res.code() == 0);
68   REQUIRE(getuid() >= 0);
69   res = bpf.detach_kprobe(getuid_fnname);
70   REQUIRE(res.code() == 0);
71   res = bpf.close_perf_event("cnt");
72   REQUIRE(res.code() == 0);
73 
74   auto val = bpf.get_hash_table<int, uint64_t>("val");
75   REQUIRE(val[0] >= 0);
76 #endif
77 
78 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
79   auto counter_table =
80       bpf.get_hash_table<int, struct bpf_perf_event_value>("counter");
81   auto counter = counter_table[0];
82   auto ret = bpf.get_hash_table<int, int>("ret");
83   REQUIRE(ret[0] == 0);
84   REQUIRE(counter.counter >= 0);
85   REQUIRE(counter.enabled > 0);
86   REQUIRE(counter.running >= 0);
87   REQUIRE(counter.running <= counter.enabled);
88 #endif
89 }
90 
91 TEST_CASE("test attach perf event", "[bpf_perf_event]") {
92 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)
93   const std::string BPF_PROGRAM = R"(
94     BPF_HASH(pid, int, u64, 1);
95     BPF_HASH(ret, int, int, 1);
96     BPF_HASH(counter, int, struct bpf_perf_event_value, 1);
97 
98     int on_event(void *ctx) {
99       int zero = 0;
100 
101       u64 p = bpf_get_current_pid_tgid();
102       pid.update(&zero, &p);
103     #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
104       struct bpf_perf_event_value c = {0};
105       int r = bpf_perf_prog_read_value(ctx, &c, sizeof(c));
106       ret.update(&zero, &r);
107       counter.update(&zero, &c);
108     #endif
109       return 0;
110     }
111   )";
112 
113   ebpf::BPF bpf;
114   ebpf::StatusTuple res(0);
115   res = bpf.init(BPF_PROGRAM);
116   REQUIRE(res.code() == 0);
117   res = bpf.attach_perf_event(PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK,
118                               "on_event", 0, 1000);
119   REQUIRE(res.code() == 0);
120   sleep(1);
121   res = bpf.detach_perf_event(PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK);
122   REQUIRE(res.code() == 0);
123 
124   auto pid = bpf.get_hash_table<int, uint64_t>("pid");
125   REQUIRE(pid[0] >= 0);
126 #endif
127 
128 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 15, 0)
129   auto counter_table =
130       bpf.get_hash_table<int, struct bpf_perf_event_value>("counter");
131   auto counter = counter_table[0];
132   auto ret = bpf.get_hash_table<int, int>("ret");
133   REQUIRE(ret[0] == 0);
134   REQUIRE(counter.counter >= 0);
135   // the program slept one second between perf_event attachment and detachment
136   // in the above, so the enabled counter should be 1000000000ns or
137   // more. But in reality, most of counters (if not all) are 9xxxxxxxx,
138   // and I also saw one 8xxxxxxxx. So let us a little bit conservative here.
139   REQUIRE(counter.enabled >= 800000000);
140   REQUIRE(counter.running >= 0);
141   REQUIRE(counter.running <= counter.enabled);
142 #endif
143 }
144