profiler.h - cachepc-linux - Fork of AMDESE/linux with modifications for CachePC side-channel attack

	cachepc-linux Fork of AMDESE/linux with modifications for CachePC side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-linux
	Log \| Files \| Refs \| README \| LICENSE \| sfeed.txt
profiler.h (4232B)
      1// SPDX-License-Identifier: GPL-2.0
      2/* Copyright (c) 2020 Facebook */
      3#pragma once
      4
      5#define TASK_COMM_LEN 16
      6#define MAX_ANCESTORS 4
      7#define MAX_PATH 256
      8#define KILL_TARGET_LEN 64
      9#define CTL_MAXNAME 10
     10#define MAX_ARGS_LEN 4096
     11#define MAX_FILENAME_LEN 512
     12#define MAX_ENVIRON_LEN 8192
     13#define MAX_PATH_DEPTH 32
     14#define MAX_FILEPATH_LENGTH (MAX_PATH_DEPTH * MAX_PATH)
     15#define MAX_CGROUPS_PATH_DEPTH 8
     16
     17#define MAX_METADATA_PAYLOAD_LEN TASK_COMM_LEN
     18
     19#define MAX_CGROUP_PAYLOAD_LEN \
     20	(MAX_PATH * 2 + (MAX_PATH * MAX_CGROUPS_PATH_DEPTH))
     21
     22#define MAX_CAP_PAYLOAD_LEN (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN)
     23
     24#define MAX_SYSCTL_PAYLOAD_LEN \
     25	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + CTL_MAXNAME + MAX_PATH)
     26
     27#define MAX_KILL_PAYLOAD_LEN \
     28	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + TASK_COMM_LEN + \
     29	 KILL_TARGET_LEN)
     30
     31#define MAX_EXEC_PAYLOAD_LEN \
     32	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILENAME_LEN + \
     33	 MAX_ARGS_LEN + MAX_ENVIRON_LEN)
     34
     35#define MAX_FILEMOD_PAYLOAD_LEN \
     36	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILEPATH_LENGTH + \
     37	 MAX_FILEPATH_LENGTH)
     38
     39enum data_type {
     40	INVALID_EVENT,
     41	EXEC_EVENT,
     42	FORK_EVENT,
     43	KILL_EVENT,
     44	SYSCTL_EVENT,
     45	FILEMOD_EVENT,
     46	MAX_DATA_TYPE_EVENT
     47};
     48
     49enum filemod_type {
     50	FMOD_OPEN,
     51	FMOD_LINK,
     52	FMOD_SYMLINK,
     53};
     54
     55struct ancestors_data_t {
     56	pid_t ancestor_pids[MAX_ANCESTORS];
     57	uint32_t ancestor_exec_ids[MAX_ANCESTORS];
     58	uint64_t ancestor_start_times[MAX_ANCESTORS];
     59	uint32_t num_ancestors;
     60};
     61
     62struct var_metadata_t {
     63	enum data_type type;
     64	pid_t pid;
     65	uint32_t exec_id;
     66	uid_t uid;
     67	gid_t gid;
     68	uint64_t start_time;
     69	uint32_t cpu_id;
     70	uint64_t bpf_stats_num_perf_events;
     71	uint64_t bpf_stats_start_ktime_ns;
     72	uint8_t comm_length;
     73};
     74
     75struct cgroup_data_t {
     76	ino_t cgroup_root_inode;
     77	ino_t cgroup_proc_inode;
     78	uint64_t cgroup_root_mtime;
     79	uint64_t cgroup_proc_mtime;
     80	uint16_t cgroup_root_length;
     81	uint16_t cgroup_proc_length;
     82	uint16_t cgroup_full_length;
     83	int cgroup_full_path_root_pos;
     84};
     85
     86struct var_sysctl_data_t {
     87	struct var_metadata_t meta;
     88	struct cgroup_data_t cgroup_data;
     89	struct ancestors_data_t ancestors_info;
     90	uint8_t sysctl_val_length;
     91	uint16_t sysctl_path_length;
     92	char payload[MAX_SYSCTL_PAYLOAD_LEN];
     93};
     94
     95struct var_kill_data_t {
     96	struct var_metadata_t meta;
     97	struct cgroup_data_t cgroup_data;
     98	struct ancestors_data_t ancestors_info;
     99	pid_t kill_target_pid;
    100	int kill_sig;
    101	uint32_t kill_count;
    102	uint64_t last_kill_time;
    103	uint8_t kill_target_name_length;
    104	uint8_t kill_target_cgroup_proc_length;
    105	char payload[MAX_KILL_PAYLOAD_LEN];
    106	size_t payload_length;
    107};
    108
    109struct var_exec_data_t {
    110	struct var_metadata_t meta;
    111	struct cgroup_data_t cgroup_data;
    112	pid_t parent_pid;
    113	uint32_t parent_exec_id;
    114	uid_t parent_uid;
    115	uint64_t parent_start_time;
    116	uint16_t bin_path_length;
    117	uint16_t cmdline_length;
    118	uint16_t environment_length;
    119	char payload[MAX_EXEC_PAYLOAD_LEN];
    120};
    121
    122struct var_fork_data_t {
    123	struct var_metadata_t meta;
    124	pid_t parent_pid;
    125	uint32_t parent_exec_id;
    126	uint64_t parent_start_time;
    127	char payload[MAX_METADATA_PAYLOAD_LEN];
    128};
    129
    130struct var_filemod_data_t {
    131	struct var_metadata_t meta;
    132	struct cgroup_data_t cgroup_data;
    133	enum filemod_type fmod_type;
    134	unsigned int dst_flags;
    135	uint32_t src_device_id;
    136	uint32_t dst_device_id;
    137	ino_t src_inode;
    138	ino_t dst_inode;
    139	uint16_t src_filepath_length;
    140	uint16_t dst_filepath_length;
    141	char payload[MAX_FILEMOD_PAYLOAD_LEN];
    142};
    143
    144struct profiler_config_struct {
    145	bool fetch_cgroups_from_bpf;
    146	ino_t cgroup_fs_inode;
    147	ino_t cgroup_login_session_inode;
    148	uint64_t kill_signals_mask;
    149	ino_t inode_filter;
    150	uint32_t stale_info_secs;
    151	bool use_variable_buffers;
    152	bool read_environ_from_exec;
    153	bool enable_cgroup_v1_resolver;
    154};
    155
    156struct bpf_func_stats_data {
    157	uint64_t time_elapsed_ns;
    158	uint64_t num_executions;
    159	uint64_t num_perf_events;
    160};
    161
    162struct bpf_func_stats_ctx {
    163	uint64_t start_time_ns;
    164	struct bpf_func_stats_data* bpf_func_stats_data_val;
    165};
    166
    167enum bpf_function_id {
    168	profiler_bpf_proc_sys_write,
    169	profiler_bpf_sched_process_exec,
    170	profiler_bpf_sched_process_exit,
    171	profiler_bpf_sys_enter_kill,
    172	profiler_bpf_do_filp_open_ret,
    173	profiler_bpf_sched_process_fork,
    174	profiler_bpf_vfs_link,
    175	profiler_bpf_vfs_symlink,
    176	profiler_bpf_max_function_id
    177};