/* * Copyright (c) 2016 GitHub, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include "catch.hpp" #include "usdt.h" #include "api/BPF.h" /* required to insert USDT probes on this very executable -- * we're gonna be testing them live! */ #include "folly/tracing/StaticTracepoint.h" static int a_probed_function() { int an_int = 23 + getpid(); void *a_pointer = malloc(4); FOLLY_SDT(libbcc_test, sample_probe_1, an_int, a_pointer); free(a_pointer); return an_int; } #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0) FOLLY_SDT_DEFINE_SEMAPHORE(libbcc_test, sample_probe_2) static int a_probed_function_with_sem() { int an_int = 23 + getpid(); void *a_pointer = malloc(4); FOLLY_SDT_WITH_SEMAPHORE(libbcc_test, sample_probe_2, an_int, a_pointer); free(a_pointer); return an_int; } #endif // linux version >= 4.20 extern "C" int lib_probed_function(); int call_shared_lib_func() { return lib_probed_function(); } TEST_CASE("test finding a probe in our own process", "[usdt]") { USDT::Context ctx(getpid()); REQUIRE(ctx.num_probes() >= 1); SECTION("our test probe") { auto probe = ctx.get("sample_probe_1"); REQUIRE(probe); if(probe->in_shared_object(probe->bin_path())) return; REQUIRE(probe->name() == "sample_probe_1"); REQUIRE(probe->provider() == "libbcc_test"); REQUIRE(probe->bin_path().find("/test_libbcc") != std::string::npos); REQUIRE(probe->num_locations() == 1); REQUIRE(probe->num_arguments() == 2); REQUIRE(probe->need_enable() == false); REQUIRE(a_probed_function() != 0); } } TEST_CASE("test probe's attributes with C++ API", "[usdt]") { const ebpf::USDT u("/proc/self/exe", "libbcc_test", "sample_probe_1", "on_event"); REQUIRE(u.binary_path() == "/proc/self/exe"); REQUIRE(u.pid() == -1); REQUIRE(u.provider() == "libbcc_test"); REQUIRE(u.name() == "sample_probe_1"); REQUIRE(u.probe_func() == "on_event"); } TEST_CASE("test fine a probe in our own binary with C++ API", "[usdt]") { ebpf::BPF bpf; ebpf::USDT u("/proc/self/exe", "libbcc_test", "sample_probe_1", "on_event"); auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.ok()); res = bpf.attach_usdt(u); REQUIRE(res.ok()); res = bpf.detach_usdt(u); REQUIRE(res.ok()); } TEST_CASE("test fine probes in our own binary with C++ API", "[usdt]") { ebpf::BPF bpf; ebpf::USDT u("/proc/self/exe", "libbcc_test", "sample_probe_1", "on_event"); auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.ok()); res = bpf.attach_usdt_all(); REQUIRE(res.ok()); res = bpf.detach_usdt_all(); REQUIRE(res.ok()); } TEST_CASE("test fine a probe in our Process with C++ API", "[usdt]") { ebpf::BPF bpf; ebpf::USDT u(::getpid(), "libbcc_test", "sample_probe_1", "on_event"); auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.ok()); res = bpf.attach_usdt(u); REQUIRE(res.ok()); res = bpf.detach_usdt(u); REQUIRE(res.ok()); } TEST_CASE("test find a probe in our process' shared libs with c++ API", "[usdt]") { ebpf::BPF bpf; ebpf::USDT u(::getpid(), "libbcc_test", "sample_lib_probe_1", "on_event"); auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.msg() == ""); REQUIRE(res.ok()); } TEST_CASE("test usdt partial init w/ fail init_usdt", "[usdt]") { ebpf::BPF bpf; ebpf::USDT u(::getpid(), "libbcc_test", "sample_lib_probe_nonexistent", "on_event"); ebpf::USDT p(::getpid(), "libbcc_test", "sample_lib_probe_1", "on_event"); // We should be able to fail initialization and subsequently do bpf.init w/o USDT // successfully auto res = bpf.init_usdt(u); REQUIRE(res.msg() != ""); REQUIRE(!res.ok()); // Shouldn't be necessary to re-init bpf object either after failure to init w/ // bad USDT res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.msg() != ""); REQUIRE(!res.ok()); res = bpf.init_usdt(p); REQUIRE(res.msg() == ""); REQUIRE(res.ok()); res = bpf.init("int on_event() { return 0; }", {}, {}); REQUIRE(res.msg() == ""); REQUIRE(res.ok()); } class ChildProcess { pid_t pid_; public: ChildProcess(const char *name, char *const argv[]) { pid_ = fork(); if (pid_ == 0) { execvp(name, argv); exit(0); } if (spawned()) { usleep(250000); if (kill(pid_, 0) < 0) pid_ = -1; } } ~ChildProcess() { if (spawned()) { int status; kill(pid_, SIGKILL); if (waitpid(pid_, &status, 0) != pid_) abort(); } } bool spawned() const { return pid_ > 0; } pid_t pid() const { return pid_; } }; extern int cmd_scanf(const char *cmd, const char *fmt, ...); static int probe_num_locations(const char *bin_path, const char *func_name) { int num_locations; char cmd[512]; const char *cmdfmt = "readelf -n %s | grep -c \"Name: %s$\""; sprintf(cmd, cmdfmt, bin_path, func_name); if (cmd_scanf(cmd, "%d", &num_locations) != 0) { return -1; } return num_locations; } static int probe_num_arguments(const char *bin_path, const char *func_name) { int num_arguments; char cmd[512]; const char *cmdfmt = "readelf -n %s | grep -m 1 -A 2 \" %s$\" | " \ "tail -1 | cut -d \" \" -f 6- | wc -w"; sprintf(cmd, cmdfmt, bin_path, func_name); if (cmd_scanf(cmd, "%d", &num_arguments) != 0) { return -1; } return num_arguments; } // Unsharing pid namespace requires forking // this uses pgrep to find the child process, by searching for a process // that has the unshare as its parent static int unshared_child_pid(const int ppid) { int child_pid; char cmd[512]; const char *cmdfmt = "pgrep -P %d"; sprintf(cmd, cmdfmt, ppid); if (cmd_scanf(cmd, "%d", &child_pid) != 0) { return -1; } return child_pid; } // FIXME This seems like a legitimate bug with probing ruby where the // ruby symbols are in libruby.so? TEST_CASE("test listing all USDT probes in Ruby/MRI", "[usdt][!mayfail]") { size_t mri_probe_count = 0; SECTION("without a running Ruby process") { USDT::Context ctx("ruby"); if (!ctx.loaded()) return; REQUIRE(ctx.num_probes() > 10); mri_probe_count = ctx.num_probes(); SECTION("GC static probe") { auto name = "gc__mark__begin"; auto probe = ctx.get(name); REQUIRE(probe); REQUIRE(probe->in_shared_object(probe->bin_path()) == true); REQUIRE(probe->name() == name); REQUIRE(probe->provider() == "ruby"); auto bin_path = probe->bin_path(); bool bin_path_match = (bin_path.find("/ruby") != std::string::npos) || (bin_path.find("/libruby") != std::string::npos); REQUIRE(bin_path_match); int exp_locations, exp_arguments; exp_locations = probe_num_locations(bin_path.c_str(), name); exp_arguments = probe_num_arguments(bin_path.c_str(), name); REQUIRE(probe->num_locations() == exp_locations); REQUIRE(probe->num_arguments() == exp_arguments); REQUIRE(probe->need_enable() == true); } SECTION("object creation probe") { auto name = "object__create"; auto probe = ctx.get(name); REQUIRE(probe); REQUIRE(probe->in_shared_object(probe->bin_path()) == true); REQUIRE(probe->name() == name); REQUIRE(probe->provider() == "ruby"); auto bin_path = probe->bin_path(); bool bin_path_match = (bin_path.find("/ruby") != std::string::npos) || (bin_path.find("/libruby") != std::string::npos); REQUIRE(bin_path_match); int exp_locations, exp_arguments; exp_locations = probe_num_locations(bin_path.c_str(), name); exp_arguments = probe_num_arguments(bin_path.c_str(), name); REQUIRE(probe->num_locations() == exp_locations); REQUIRE(probe->num_arguments() == exp_arguments); REQUIRE(probe->need_enable() == true); } SECTION("array creation probe") { auto name = "array__create"; auto probe = ctx.get(name); REQUIRE(probe); REQUIRE(probe->name() == name); auto bin_path = probe->bin_path().c_str(); int exp_locations, exp_arguments; exp_locations = probe_num_locations(bin_path, name); exp_arguments = probe_num_arguments(bin_path, name); REQUIRE(probe->num_locations() == exp_locations); REQUIRE(probe->num_arguments() == exp_arguments); REQUIRE(probe->need_enable() == true); } } SECTION("with a running Ruby process") { static char _ruby[] = "ruby"; char *const argv[2] = {_ruby, NULL}; ChildProcess ruby(argv[0], argv); if (!ruby.spawned()) return; USDT::Context ctx(ruby.pid()); REQUIRE(ctx.num_probes() >= mri_probe_count); SECTION("get probe in running process") { auto name = "gc__mark__begin"; auto probe = ctx.get(name); REQUIRE(probe); REQUIRE(probe->in_shared_object(probe->bin_path()) == true); REQUIRE(probe->name() == name); REQUIRE(probe->provider() == "ruby"); auto bin_path = probe->bin_path(); bool bin_path_match = (bin_path.find("/ruby") != std::string::npos) || (bin_path.find("/libruby") != std::string::npos); REQUIRE(bin_path_match); int exp_locations, exp_arguments; exp_locations = probe_num_locations(bin_path.c_str(), name); exp_arguments = probe_num_arguments(bin_path.c_str(), name); REQUIRE(probe->num_locations() == exp_locations); REQUIRE(probe->num_arguments() == exp_arguments); REQUIRE(probe->need_enable() == true); } } } // These tests are expected to fail if there is no Ruby with dtrace probes TEST_CASE("test probing running Ruby process in namespaces", "[usdt][!mayfail]") { SECTION("in separate mount namespace") { static char _unshare[] = "unshare"; const char *const argv[4] = {_unshare, "--mount", "ruby", NULL}; ChildProcess unshare(argv[0], (char **const)argv); if (!unshare.spawned()) return; int ruby_pid = unshare.pid(); ebpf::BPF bpf; ebpf::USDT u(ruby_pid, "ruby", "gc__mark__begin", "on_event"); u.set_probe_matching_kludge(1); // Also required for overlayfs... auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.msg() == ""); REQUIRE(res.ok()); res = bpf.attach_usdt(u, ruby_pid); REQUIRE(res.ok()); res = bpf.detach_usdt(u, ruby_pid); REQUIRE(res.ok()); } SECTION("in separate mount namespace and separate PID namespace") { static char _unshare[] = "unshare"; const char *const argv[8] = {_unshare, "--fork", "--mount", "--pid", "--mount-proc", "ruby", NULL}; ChildProcess unshare(argv[0], (char **const)argv); if (!unshare.spawned()) return; int ruby_pid = unshared_child_pid(unshare.pid()); ebpf::BPF bpf; ebpf::USDT u(ruby_pid, "ruby", "gc__mark__begin", "on_event"); u.set_probe_matching_kludge(1); // Also required for overlayfs... auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.msg() == ""); REQUIRE(res.ok()); res = bpf.attach_usdt(u, ruby_pid); REQUIRE(res.ok()); res = bpf.detach_usdt(u, ruby_pid); REQUIRE(res.ok()); struct bcc_symbol sym; std::string pid_root= "/proc/" + std::to_string(ruby_pid) + "/root/"; std::string module = pid_root + "usr/local/bin/ruby"; REQUIRE(bcc_resolve_symname(module.c_str(), "rb_gc_mark", 0x0, ruby_pid, nullptr, &sym) == 0); REQUIRE(std::string(sym.module).find(pid_root, 1) == std::string::npos); kill(ruby_pid, SIGKILL); bcc_procutils_free(sym.module); } } #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0) TEST_CASE("Test uprobe refcnt semaphore activation", "[usdt]") { ebpf::BPF bpf; REQUIRE(!FOLLY_SDT_IS_ENABLED(libbcc_test, sample_probe_2)); ebpf::USDT u("/proc/self/exe", "libbcc_test", "sample_probe_2", "on_event"); auto res = bpf.init("int on_event() { return 0; }", {}, {u}); REQUIRE(res.ok()); res = bpf.attach_usdt(u); REQUIRE(res.ok()); REQUIRE(FOLLY_SDT_IS_ENABLED(libbcc_test, sample_probe_2)); res = bpf.detach_usdt(u); REQUIRE(res.ok()); REQUIRE(a_probed_function_with_sem() != 0); } #endif // linux version >= 4.20