Merge branch 'linuxkerneltravel:develop' into develop

.github/workflows/ebpf_stack_analyser.yml

@@ -30,4 +30,4 @@ jobs:
         run: |
           cd eBPF_Supermarket/Stack_Analyser
           make
-          sudo ./stack_analyzer on-cpu off-cpu mem io ra -t 5
+          sudo ./stack_analyzer on_cpu off_cpu memleak io readahead -t 5

MagicEyes/docs/ToDo.md

@@ -1,6 +1,6 @@
 ## ToDo Lists
 
 - [ ] kvm_watcher 放入
-- [ ] fs_watcher 放入
+- [x] fs_watcher 放入
 - [ ] 交叉编译支持，x64平台一键编译出arm64架构程序
 - [ ] bridge可视化

MagicEyes/src/backend/fs/fs_watcher/CMakeLists.txt

@@ -0,0 +1,56 @@
+# \copyright
+# Copyright (c) 2024 by the lmp/magic_eyes project authors. All Rights Reserved.
+#
+# This file is open source software, licensed to you under the terms
+# of the Apache License, Version 2.0 (the "License").  See the NOTICE file
+# distributed with this work for additional information regarding copyright
+# ownership.  You may not use this file except in compliance with the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+# -----------------------------------------------------------------------------------------
+# \brief
+#      fs_watcher 工具 CMakeLists 文件
+# -----------------------------------------------------------------------------------------
+set(TOOL_NAME fs_watcher)
+set(TOOL_BELONG_TO_MODULE fs)
+
+file(GLOB apps ${CMAKE_CURRENT_SOURCE_DIR}/bpf/*.bpf.c)
+# 若不用Rust，则排除 profile.bpf.c
+if(NOT CARGO_EXISTS)
+    list(REMOVE_ITEM apps ${CMAKE_CURRENT_SOURCE_DIR}/bpf/profile.bpf.c)
+endif()
+
+# 设置并创建  <>/src-gen/TOOL_BELONG_TO_MODULE/TOOL_NAME 文件夹
+set(SRC_GEN_TARGET_DIR ${CONFIG_SRC_GEN_DIR}/${TOOL_BELONG_TO_MODULE}/${TOOL_NAME})
+if (NOT EXISTS ${SRC_GEN_TARGET_DIR})
+    file(MAKE_DIRECTORY ${SRC_GEN_TARGET_DIR})
+    message(STATUS "directory create success")
+endif ()
+
+# 遍历文件夹内所有的bpf.c
+foreach(app ${apps})
+    get_filename_component(app_stem ${app} NAME_WE)
+    # Build object skeleton and depend skeleton on libbpf build
+    bpf_object(${app_stem} ${app_stem}.bpf.c ${SRC_GEN_TARGET_DIR})
+    add_dependencies(${app_stem}_skel libbpf-build bpftool-build)
+endforeach()
+
+add_executable(${TOOL_NAME} src/${TOOL_NAME}.c)
+foreach (app ${apps})
+    get_filename_component(app_stem ${app} NAME_WE)
+    target_link_libraries(${TOOL_NAME} ${app_stem}_skel)
+
+    if(${app_stem} STREQUAL "profile")
+        target_include_directories(${app_stem} PRIVATE
+                ${CMAKE_SOURCE_DIR}/blazesym/include)
+        target_link_libraries(${app_stem}
+                ${CMAKE_SOURCE_DIR}/blazesym/target/release/libblazesym.a -lpthread -lrt -ldl)
+    endif()
+endforeach ()
+
+# 将可执行文件，配置文件等安装在对应的位置
+# 设置安装目录
+set(CPU_WATCHER_INSTALL_DIR backend/${TOOL_BELONG_TO_MODULE}/${TOOL_NAME})
+# 安装可执行文件到 ${CPU_WATCHER_INSTALL_DIR}/bin
+install(TARGETS ${TOOL_NAME}
+        RUNTIME DESTINATION ${CPU_WATCHER_INSTALL_DIR}/bin)
+# 安装配置文件到 ${CPU_WATCHER_INSTALL_DIR}/etc

MagicEyes/src/backend/fs/fs_watcher/README.md

@@ -1,3 +1,5 @@
-1. 项目简介
-2. 安装与编译
-3. 运行
+1.项目简介
+
+2.安装与编译
+
+3.运行

MagicEyes/src/backend/fs/fs_watcher/bpf/open.bpf.c

@@ -0,0 +1,63 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>		//包含了BPF 辅助函数
+#include <bpf/bpf_tracing.h>
+#include "open.h"
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+// 定义哈希映射
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, 1024);
+	__type(key, pid_t);
+	__type(value, u64);
+} fdtmp SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_RINGBUF);
+	__uint(max_entries, 256 * 1024);
+} rb SEC(".maps");
+
+SEC("kprobe/do_sys_openat2")
+int BPF_KPROBE(do_sys_openat2)
+{	
+    	struct fs_t fs; 
+    	pid_t pid;
+
+    	//pid
+    	pid = bpf_get_current_pid_tgid() >> 32;
+    	fs.pid = pid;
+
+    	//uid
+    	fs.uid = bpf_get_current_uid_gid();
+
+	//fd,file descriptor
+    	int fd = PT_REGS_RC(ctx);
+    	if (fd >= 0)
+        	fs.fd = fd;
+    	else
+        	fs.fd= -1;
+
+        //time
+        unsigned long long ts = bpf_ktime_get_ns();
+	fs.ts = ts;
+    	bpf_map_update_elem(&fdtmp, &pid, &ts, BPF_ANY);
+
+	//从环形缓冲区（ring buffer）中分配一块内存来存储一个名为 struct fs_t 类型的数据，并将该内存块的指针赋值给指针变量 e
+	struct fs_t *e;
+	e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0);
+	if (!e)	return 0;	
+
+	//给变量e赋值
+	e->pid = fs.pid;
+	e->uid = fs.uid;
+	e->fd = fs.fd;
+	e->ts = fs.ts;
+	bpf_get_current_comm(e->comm, sizeof(e->comm));
+
+	// 成功地将其提交到用户空间进行后期处理
+	bpf_ringbuf_submit(e, 0);
+
+    	return 0;
+}
+

MagicEyes/src/backend/fs/fs_watcher/bpf/read.bpf.c

@@ -0,0 +1,46 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include "read.h"
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, 1024);
+	__type(key, pid_t);
+	__type(value, u64);
+} data SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_RINGBUF);
+	__uint(max_entries, 256 * 1024);
+} rb SEC(".maps");
+
+const volatile unsigned long long min_duration_ns = 0;
+
+SEC("tracepoint/syscalls/sys_enter_read")
+
+int trace_enter_read(void *ctx)
+{
+	pid_t pid;
+	struct event *e;
+	u64 ts;
+    pid = bpf_get_current_pid_tgid() >> 32;
+	ts = bpf_ktime_get_ns();
+	bpf_map_update_elem(&data, &pid, &ts, BPF_ANY);
+	if (min_duration_ns)
+		return 0;
+	/* reserve sample from BPF ringbuf */
+	e = bpf_ringbuf_reserve(&rb, sizeof(*e), 0);
+	if (!e)
+		return 0;
+
+	e->pid = pid;
+	e->duration_ns = ts;
+
+	/* successfully submit it to user-space for post-processing */
+	bpf_ringbuf_submit(e, 0);
+	return 0;
+}
+

MagicEyes/src/backend/fs/fs_watcher/bpf/write.bpf.c

@@ -0,0 +1,43 @@
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include "write.h"
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, 1024);
+	__type(key, pid_t);
+	__type(value, u64);
+} data SEC(".maps");
+
+struct {
+	__uint(type, BPF_MAP_TYPE_RINGBUF);
+	__uint(max_entries,256 * 1024);
+} rb SEC(".maps");
+
+const volatile unsigned long long min_duration_ns = 0;
+
+SEC("tracepoint/syscalls/sys_enter_write")
+
+int kprobe_sys_enter_write( void *ctx)
+{
+  pid_t pid;
+  struct fs_t *e;
+  u64 ts;
+  pid = bpf_get_current_pid_tgid() >> 32;
+  ts = bpf_ktime_get_ns();
+  bpf_map_update_elem(&data,&pid,&ts,BPF_ANY);
+  if(min_duration_ns)
+    return 0;
+  e = bpf_ringbuf_reserve(&rb,sizeof(*e),0);
+  if(!e)
+    return 0;
+  e->pid = pid;
+  e->duration_ns = ts;
+
+  bpf_ringbuf_submit(e,0);
+  return 0;
+}

MagicEyes/src/backend/fs/fs_watcher/include/open.h

@@ -0,0 +1,16 @@
+#ifndef __OPEN_H
+#define __OPEN_H
+
+#ifndef TASK_COMM_LEN
+#define TASK_COMM_LEN 16
+#endif
+
+struct fs_t {
+	int pid;
+	unsigned long long uid;
+    	int fd;
+    	unsigned long long ts;
+    	char comm[TASK_COMM_LEN];
+};
+
+#endif /* __OPEN_H */

MagicEyes/src/backend/fs/fs_watcher/include/read.h

@@ -0,0 +1,10 @@
+#ifndef __READ_H
+#define __READ_H
+
+
+struct event {
+	int pid;
+    unsigned long long duration_ns;
+};
+
+#endif /* __READ_H */