1*387f9dfdSAndroid Build Coastguard Worker#!/usr/bin/env python 2*387f9dfdSAndroid Build Coastguard Worker# 3*387f9dfdSAndroid Build Coastguard Worker# This script generates a BPF program with structure inspired by trace.py. The 4*387f9dfdSAndroid Build Coastguard Worker# generated program operates on PID-indexed stacks. Generally speaking, 5*387f9dfdSAndroid Build Coastguard Worker# bookkeeping is done at every intermediate function kprobe/kretprobe to enforce 6*387f9dfdSAndroid Build Coastguard Worker# the goal of "fail iff this call chain and these predicates". 7*387f9dfdSAndroid Build Coastguard Worker# 8*387f9dfdSAndroid Build Coastguard Worker# Top level functions(the ones at the end of the call chain) are responsible for 9*387f9dfdSAndroid Build Coastguard Worker# creating the pid_struct and deleting it from the map in kprobe and kretprobe 10*387f9dfdSAndroid Build Coastguard Worker# respectively. 11*387f9dfdSAndroid Build Coastguard Worker# 12*387f9dfdSAndroid Build Coastguard Worker# Intermediate functions(between should_fail_whatever and the top level 13*387f9dfdSAndroid Build Coastguard Worker# functions) are responsible for updating the stack to indicate "I have been 14*387f9dfdSAndroid Build Coastguard Worker# called and one of my predicate(s) passed" in their entry probes. In their exit 15*387f9dfdSAndroid Build Coastguard Worker# probes, they do the opposite, popping their stack to maintain correctness. 16*387f9dfdSAndroid Build Coastguard Worker# This implementation aims to ensure correctness in edge cases like recursive 17*387f9dfdSAndroid Build Coastguard Worker# calls, so there's some additional information stored in pid_struct for that. 18*387f9dfdSAndroid Build Coastguard Worker# 19*387f9dfdSAndroid Build Coastguard Worker# At the bottom level function(should_fail_whatever), we do a simple check to 20*387f9dfdSAndroid Build Coastguard Worker# ensure all necessary calls/predicates have passed before error injection. 21*387f9dfdSAndroid Build Coastguard Worker# 22*387f9dfdSAndroid Build Coastguard Worker# Note: presently there are a few hacks to get around various rewriter/verifier 23*387f9dfdSAndroid Build Coastguard Worker# issues. 24*387f9dfdSAndroid Build Coastguard Worker# 25*387f9dfdSAndroid Build Coastguard Worker# Note: this tool requires: 26*387f9dfdSAndroid Build Coastguard Worker# - CONFIG_BPF_KPROBE_OVERRIDE 27*387f9dfdSAndroid Build Coastguard Worker# 28*387f9dfdSAndroid Build Coastguard Worker# USAGE: inject [-h] [-I header] [-P probability] [-v] mode spec 29*387f9dfdSAndroid Build Coastguard Worker# 30*387f9dfdSAndroid Build Coastguard Worker# Copyright (c) 2018 Facebook, Inc. 31*387f9dfdSAndroid Build Coastguard Worker# Licensed under the Apache License, Version 2.0 (the "License") 32*387f9dfdSAndroid Build Coastguard Worker# 33*387f9dfdSAndroid Build Coastguard Worker# 16-Mar-2018 Howard McLauchlan Created this. 34*387f9dfdSAndroid Build Coastguard Worker 35*387f9dfdSAndroid Build Coastguard Workerimport argparse 36*387f9dfdSAndroid Build Coastguard Workerimport re 37*387f9dfdSAndroid Build Coastguard Workerfrom bcc import BPF 38*387f9dfdSAndroid Build Coastguard Worker 39*387f9dfdSAndroid Build Coastguard Worker 40*387f9dfdSAndroid Build Coastguard Workerclass Probe: 41*387f9dfdSAndroid Build Coastguard Worker errno_mapping = { 42*387f9dfdSAndroid Build Coastguard Worker "kmalloc": "-ENOMEM", 43*387f9dfdSAndroid Build Coastguard Worker "bio": "-EIO", 44*387f9dfdSAndroid Build Coastguard Worker "alloc_page" : "true", 45*387f9dfdSAndroid Build Coastguard Worker } 46*387f9dfdSAndroid Build Coastguard Worker 47*387f9dfdSAndroid Build Coastguard Worker @classmethod 48*387f9dfdSAndroid Build Coastguard Worker def configure(cls, mode, probability, count): 49*387f9dfdSAndroid Build Coastguard Worker cls.mode = mode 50*387f9dfdSAndroid Build Coastguard Worker cls.probability = probability 51*387f9dfdSAndroid Build Coastguard Worker cls.count = count 52*387f9dfdSAndroid Build Coastguard Worker 53*387f9dfdSAndroid Build Coastguard Worker def __init__(self, func, preds, length, entry): 54*387f9dfdSAndroid Build Coastguard Worker # length of call chain 55*387f9dfdSAndroid Build Coastguard Worker self.length = length 56*387f9dfdSAndroid Build Coastguard Worker self.func = func 57*387f9dfdSAndroid Build Coastguard Worker self.preds = preds 58*387f9dfdSAndroid Build Coastguard Worker self.is_entry = entry 59*387f9dfdSAndroid Build Coastguard Worker 60*387f9dfdSAndroid Build Coastguard Worker def _bail(self, err): 61*387f9dfdSAndroid Build Coastguard Worker raise ValueError("error in probe '%s': %s" % 62*387f9dfdSAndroid Build Coastguard Worker (self.spec, err)) 63*387f9dfdSAndroid Build Coastguard Worker 64*387f9dfdSAndroid Build Coastguard Worker def _get_err(self): 65*387f9dfdSAndroid Build Coastguard Worker return Probe.errno_mapping[Probe.mode] 66*387f9dfdSAndroid Build Coastguard Worker 67*387f9dfdSAndroid Build Coastguard Worker def _get_if_top(self): 68*387f9dfdSAndroid Build Coastguard Worker # ordering guarantees that if this function is top, the last tup is top 69*387f9dfdSAndroid Build Coastguard Worker chk = self.preds[0][1] == 0 70*387f9dfdSAndroid Build Coastguard Worker if not chk: 71*387f9dfdSAndroid Build Coastguard Worker return "" 72*387f9dfdSAndroid Build Coastguard Worker 73*387f9dfdSAndroid Build Coastguard Worker if Probe.probability == 1: 74*387f9dfdSAndroid Build Coastguard Worker early_pred = "false" 75*387f9dfdSAndroid Build Coastguard Worker else: 76*387f9dfdSAndroid Build Coastguard Worker early_pred = "bpf_get_prandom_u32() > %s" % str(int((1<<32)*Probe.probability)) 77*387f9dfdSAndroid Build Coastguard Worker # init the map 78*387f9dfdSAndroid Build Coastguard Worker # don't do an early exit here so the singular case works automatically 79*387f9dfdSAndroid Build Coastguard Worker # have an early exit for probability option 80*387f9dfdSAndroid Build Coastguard Worker enter = """ 81*387f9dfdSAndroid Build Coastguard Worker /* 82*387f9dfdSAndroid Build Coastguard Worker * Early exit for probability case 83*387f9dfdSAndroid Build Coastguard Worker */ 84*387f9dfdSAndroid Build Coastguard Worker if (%s) 85*387f9dfdSAndroid Build Coastguard Worker return 0; 86*387f9dfdSAndroid Build Coastguard Worker /* 87*387f9dfdSAndroid Build Coastguard Worker * Top level function init map 88*387f9dfdSAndroid Build Coastguard Worker */ 89*387f9dfdSAndroid Build Coastguard Worker struct pid_struct p_struct = {0, 0}; 90*387f9dfdSAndroid Build Coastguard Worker m.insert(&pid, &p_struct); 91*387f9dfdSAndroid Build Coastguard Worker """ % early_pred 92*387f9dfdSAndroid Build Coastguard Worker 93*387f9dfdSAndroid Build Coastguard Worker # kill the entry 94*387f9dfdSAndroid Build Coastguard Worker exit = """ 95*387f9dfdSAndroid Build Coastguard Worker /* 96*387f9dfdSAndroid Build Coastguard Worker * Top level function clean up map 97*387f9dfdSAndroid Build Coastguard Worker */ 98*387f9dfdSAndroid Build Coastguard Worker m.delete(&pid); 99*387f9dfdSAndroid Build Coastguard Worker """ 100*387f9dfdSAndroid Build Coastguard Worker 101*387f9dfdSAndroid Build Coastguard Worker return enter if self.is_entry else exit 102*387f9dfdSAndroid Build Coastguard Worker 103*387f9dfdSAndroid Build Coastguard Worker def _get_heading(self): 104*387f9dfdSAndroid Build Coastguard Worker 105*387f9dfdSAndroid Build Coastguard Worker # we need to insert identifier and ctx into self.func 106*387f9dfdSAndroid Build Coastguard Worker # gonna make a lot of formatting assumptions to make this work 107*387f9dfdSAndroid Build Coastguard Worker left = self.func.find("(") 108*387f9dfdSAndroid Build Coastguard Worker right = self.func.rfind(")") 109*387f9dfdSAndroid Build Coastguard Worker 110*387f9dfdSAndroid Build Coastguard Worker # self.event and self.func_name need to be accessible 111*387f9dfdSAndroid Build Coastguard Worker self.event = self.func[0:left] 112*387f9dfdSAndroid Build Coastguard Worker self.func_name = self.event + ("_entry" if self.is_entry else "_exit") 113*387f9dfdSAndroid Build Coastguard Worker func_sig = "struct pt_regs *ctx" 114*387f9dfdSAndroid Build Coastguard Worker 115*387f9dfdSAndroid Build Coastguard Worker # assume there's something in there, no guarantee its well formed 116*387f9dfdSAndroid Build Coastguard Worker if right > left + 1 and self.is_entry: 117*387f9dfdSAndroid Build Coastguard Worker func_sig += ", " + self.func[left + 1:right] 118*387f9dfdSAndroid Build Coastguard Worker 119*387f9dfdSAndroid Build Coastguard Worker return "int %s(%s)" % (self.func_name, func_sig) 120*387f9dfdSAndroid Build Coastguard Worker 121*387f9dfdSAndroid Build Coastguard Worker def _get_entry_logic(self): 122*387f9dfdSAndroid Build Coastguard Worker # there is at least one tup(pred, place) for this function 123*387f9dfdSAndroid Build Coastguard Worker text = """ 124*387f9dfdSAndroid Build Coastguard Worker 125*387f9dfdSAndroid Build Coastguard Worker if (p->conds_met >= %s) 126*387f9dfdSAndroid Build Coastguard Worker return 0; 127*387f9dfdSAndroid Build Coastguard Worker if (p->conds_met == %s && %s) { 128*387f9dfdSAndroid Build Coastguard Worker p->stack[%s] = p->curr_call; 129*387f9dfdSAndroid Build Coastguard Worker p->conds_met++; 130*387f9dfdSAndroid Build Coastguard Worker }""" 131*387f9dfdSAndroid Build Coastguard Worker text = text % (self.length, self.preds[0][1], self.preds[0][0], 132*387f9dfdSAndroid Build Coastguard Worker self.preds[0][1]) 133*387f9dfdSAndroid Build Coastguard Worker 134*387f9dfdSAndroid Build Coastguard Worker # for each additional pred 135*387f9dfdSAndroid Build Coastguard Worker for tup in self.preds[1:]: 136*387f9dfdSAndroid Build Coastguard Worker text += """ 137*387f9dfdSAndroid Build Coastguard Worker else if (p->conds_met == %s && %s) { 138*387f9dfdSAndroid Build Coastguard Worker p->stack[%s] = p->curr_call; 139*387f9dfdSAndroid Build Coastguard Worker p->conds_met++; 140*387f9dfdSAndroid Build Coastguard Worker } 141*387f9dfdSAndroid Build Coastguard Worker """ % (tup[1], tup[0], tup[1]) 142*387f9dfdSAndroid Build Coastguard Worker return text 143*387f9dfdSAndroid Build Coastguard Worker 144*387f9dfdSAndroid Build Coastguard Worker def _generate_entry(self): 145*387f9dfdSAndroid Build Coastguard Worker prog = self._get_heading() + """ 146*387f9dfdSAndroid Build Coastguard Worker{ 147*387f9dfdSAndroid Build Coastguard Worker u32 pid = bpf_get_current_pid_tgid(); 148*387f9dfdSAndroid Build Coastguard Worker %s 149*387f9dfdSAndroid Build Coastguard Worker 150*387f9dfdSAndroid Build Coastguard Worker struct pid_struct *p = m.lookup(&pid); 151*387f9dfdSAndroid Build Coastguard Worker 152*387f9dfdSAndroid Build Coastguard Worker if (!p) 153*387f9dfdSAndroid Build Coastguard Worker return 0; 154*387f9dfdSAndroid Build Coastguard Worker 155*387f9dfdSAndroid Build Coastguard Worker /* 156*387f9dfdSAndroid Build Coastguard Worker * preparation for predicate, if necessary 157*387f9dfdSAndroid Build Coastguard Worker */ 158*387f9dfdSAndroid Build Coastguard Worker %s 159*387f9dfdSAndroid Build Coastguard Worker /* 160*387f9dfdSAndroid Build Coastguard Worker * Generate entry logic 161*387f9dfdSAndroid Build Coastguard Worker */ 162*387f9dfdSAndroid Build Coastguard Worker %s 163*387f9dfdSAndroid Build Coastguard Worker 164*387f9dfdSAndroid Build Coastguard Worker p->curr_call++; 165*387f9dfdSAndroid Build Coastguard Worker 166*387f9dfdSAndroid Build Coastguard Worker return 0; 167*387f9dfdSAndroid Build Coastguard Worker}""" 168*387f9dfdSAndroid Build Coastguard Worker 169*387f9dfdSAndroid Build Coastguard Worker prog = prog % (self._get_if_top(), self.prep, self._get_entry_logic()) 170*387f9dfdSAndroid Build Coastguard Worker return prog 171*387f9dfdSAndroid Build Coastguard Worker 172*387f9dfdSAndroid Build Coastguard Worker # only need to check top of stack 173*387f9dfdSAndroid Build Coastguard Worker def _get_exit_logic(self): 174*387f9dfdSAndroid Build Coastguard Worker text = """ 175*387f9dfdSAndroid Build Coastguard Worker if (p->conds_met < 1 || p->conds_met >= %s) 176*387f9dfdSAndroid Build Coastguard Worker return 0; 177*387f9dfdSAndroid Build Coastguard Worker 178*387f9dfdSAndroid Build Coastguard Worker if (p->stack[p->conds_met - 1] == p->curr_call) 179*387f9dfdSAndroid Build Coastguard Worker p->conds_met--; 180*387f9dfdSAndroid Build Coastguard Worker """ 181*387f9dfdSAndroid Build Coastguard Worker return text % str(self.length + 1) 182*387f9dfdSAndroid Build Coastguard Worker 183*387f9dfdSAndroid Build Coastguard Worker def _generate_exit(self): 184*387f9dfdSAndroid Build Coastguard Worker prog = self._get_heading() + """ 185*387f9dfdSAndroid Build Coastguard Worker{ 186*387f9dfdSAndroid Build Coastguard Worker u32 pid = bpf_get_current_pid_tgid(); 187*387f9dfdSAndroid Build Coastguard Worker 188*387f9dfdSAndroid Build Coastguard Worker struct pid_struct *p = m.lookup(&pid); 189*387f9dfdSAndroid Build Coastguard Worker 190*387f9dfdSAndroid Build Coastguard Worker if (!p) 191*387f9dfdSAndroid Build Coastguard Worker return 0; 192*387f9dfdSAndroid Build Coastguard Worker 193*387f9dfdSAndroid Build Coastguard Worker p->curr_call--; 194*387f9dfdSAndroid Build Coastguard Worker 195*387f9dfdSAndroid Build Coastguard Worker /* 196*387f9dfdSAndroid Build Coastguard Worker * Generate exit logic 197*387f9dfdSAndroid Build Coastguard Worker */ 198*387f9dfdSAndroid Build Coastguard Worker %s 199*387f9dfdSAndroid Build Coastguard Worker %s 200*387f9dfdSAndroid Build Coastguard Worker return 0; 201*387f9dfdSAndroid Build Coastguard Worker}""" 202*387f9dfdSAndroid Build Coastguard Worker 203*387f9dfdSAndroid Build Coastguard Worker prog = prog % (self._get_exit_logic(), self._get_if_top()) 204*387f9dfdSAndroid Build Coastguard Worker 205*387f9dfdSAndroid Build Coastguard Worker return prog 206*387f9dfdSAndroid Build Coastguard Worker 207*387f9dfdSAndroid Build Coastguard Worker # Special case for should_fail_whatever 208*387f9dfdSAndroid Build Coastguard Worker def _generate_bottom(self): 209*387f9dfdSAndroid Build Coastguard Worker pred = self.preds[0][0] 210*387f9dfdSAndroid Build Coastguard Worker text = self._get_heading() + """ 211*387f9dfdSAndroid Build Coastguard Worker{ 212*387f9dfdSAndroid Build Coastguard Worker u32 overridden = 0; 213*387f9dfdSAndroid Build Coastguard Worker int zero = 0; 214*387f9dfdSAndroid Build Coastguard Worker u32* val; 215*387f9dfdSAndroid Build Coastguard Worker 216*387f9dfdSAndroid Build Coastguard Worker val = count.lookup(&zero); 217*387f9dfdSAndroid Build Coastguard Worker if (val) 218*387f9dfdSAndroid Build Coastguard Worker overridden = *val; 219*387f9dfdSAndroid Build Coastguard Worker 220*387f9dfdSAndroid Build Coastguard Worker /* 221*387f9dfdSAndroid Build Coastguard Worker * preparation for predicate, if necessary 222*387f9dfdSAndroid Build Coastguard Worker */ 223*387f9dfdSAndroid Build Coastguard Worker %s 224*387f9dfdSAndroid Build Coastguard Worker /* 225*387f9dfdSAndroid Build Coastguard Worker * If this is the only call in the chain and predicate passes 226*387f9dfdSAndroid Build Coastguard Worker */ 227*387f9dfdSAndroid Build Coastguard Worker if (%s == 1 && %s && overridden < %s) { 228*387f9dfdSAndroid Build Coastguard Worker count.atomic_increment(zero); 229*387f9dfdSAndroid Build Coastguard Worker bpf_override_return(ctx, %s); 230*387f9dfdSAndroid Build Coastguard Worker return 0; 231*387f9dfdSAndroid Build Coastguard Worker } 232*387f9dfdSAndroid Build Coastguard Worker u32 pid = bpf_get_current_pid_tgid(); 233*387f9dfdSAndroid Build Coastguard Worker 234*387f9dfdSAndroid Build Coastguard Worker struct pid_struct *p = m.lookup(&pid); 235*387f9dfdSAndroid Build Coastguard Worker 236*387f9dfdSAndroid Build Coastguard Worker if (!p) 237*387f9dfdSAndroid Build Coastguard Worker return 0; 238*387f9dfdSAndroid Build Coastguard Worker 239*387f9dfdSAndroid Build Coastguard Worker /* 240*387f9dfdSAndroid Build Coastguard Worker * If all conds have been met and predicate passes 241*387f9dfdSAndroid Build Coastguard Worker */ 242*387f9dfdSAndroid Build Coastguard Worker if (p->conds_met == %s && %s && overridden < %s) { 243*387f9dfdSAndroid Build Coastguard Worker count.atomic_increment(zero); 244*387f9dfdSAndroid Build Coastguard Worker bpf_override_return(ctx, %s); 245*387f9dfdSAndroid Build Coastguard Worker } 246*387f9dfdSAndroid Build Coastguard Worker return 0; 247*387f9dfdSAndroid Build Coastguard Worker}""" 248*387f9dfdSAndroid Build Coastguard Worker return text % (self.prep, self.length, pred, Probe.count, 249*387f9dfdSAndroid Build Coastguard Worker self._get_err(), self.length - 1, pred, Probe.count, 250*387f9dfdSAndroid Build Coastguard Worker self._get_err()) 251*387f9dfdSAndroid Build Coastguard Worker 252*387f9dfdSAndroid Build Coastguard Worker # presently parses and replaces STRCMP 253*387f9dfdSAndroid Build Coastguard Worker # STRCMP exists because string comparison is inconvenient and somewhat buggy 254*387f9dfdSAndroid Build Coastguard Worker # https://github.com/iovisor/bcc/issues/1617 255*387f9dfdSAndroid Build Coastguard Worker def _prepare_pred(self): 256*387f9dfdSAndroid Build Coastguard Worker self.prep = "" 257*387f9dfdSAndroid Build Coastguard Worker for i in range(len(self.preds)): 258*387f9dfdSAndroid Build Coastguard Worker new_pred = "" 259*387f9dfdSAndroid Build Coastguard Worker pred = self.preds[i][0] 260*387f9dfdSAndroid Build Coastguard Worker place = self.preds[i][1] 261*387f9dfdSAndroid Build Coastguard Worker start, ind = 0, 0 262*387f9dfdSAndroid Build Coastguard Worker while start < len(pred): 263*387f9dfdSAndroid Build Coastguard Worker ind = pred.find("STRCMP(", start) 264*387f9dfdSAndroid Build Coastguard Worker if ind == -1: 265*387f9dfdSAndroid Build Coastguard Worker break 266*387f9dfdSAndroid Build Coastguard Worker new_pred += pred[start:ind] 267*387f9dfdSAndroid Build Coastguard Worker # 7 is len("STRCMP(") 268*387f9dfdSAndroid Build Coastguard Worker start = pred.find(")", start + 7) + 1 269*387f9dfdSAndroid Build Coastguard Worker 270*387f9dfdSAndroid Build Coastguard Worker # then ind ... start is STRCMP(...) 271*387f9dfdSAndroid Build Coastguard Worker ptr, literal = pred[ind + 7:start - 1].split(",") 272*387f9dfdSAndroid Build Coastguard Worker literal = literal.strip() 273*387f9dfdSAndroid Build Coastguard Worker 274*387f9dfdSAndroid Build Coastguard Worker # x->y->z, some string literal 275*387f9dfdSAndroid Build Coastguard Worker # we make unique id with place_ind 276*387f9dfdSAndroid Build Coastguard Worker uuid = "%s_%s" % (place, ind) 277*387f9dfdSAndroid Build Coastguard Worker unique_bool = "is_true_%s" % uuid 278*387f9dfdSAndroid Build Coastguard Worker self.prep += """ 279*387f9dfdSAndroid Build Coastguard Worker char *str_%s = %s; 280*387f9dfdSAndroid Build Coastguard Worker bool %s = true;\n""" % (uuid, ptr.strip(), unique_bool) 281*387f9dfdSAndroid Build Coastguard Worker 282*387f9dfdSAndroid Build Coastguard Worker check = "\t%s &= *(str_%s++) == '%%s';\n" % (unique_bool, uuid) 283*387f9dfdSAndroid Build Coastguard Worker 284*387f9dfdSAndroid Build Coastguard Worker for ch in literal: 285*387f9dfdSAndroid Build Coastguard Worker self.prep += check % ch 286*387f9dfdSAndroid Build Coastguard Worker self.prep += check % r'\0' 287*387f9dfdSAndroid Build Coastguard Worker new_pred += unique_bool 288*387f9dfdSAndroid Build Coastguard Worker 289*387f9dfdSAndroid Build Coastguard Worker new_pred += pred[start:] 290*387f9dfdSAndroid Build Coastguard Worker self.preds[i] = (new_pred, place) 291*387f9dfdSAndroid Build Coastguard Worker 292*387f9dfdSAndroid Build Coastguard Worker def generate_program(self): 293*387f9dfdSAndroid Build Coastguard Worker # generate code to work around various rewriter issues 294*387f9dfdSAndroid Build Coastguard Worker self._prepare_pred() 295*387f9dfdSAndroid Build Coastguard Worker 296*387f9dfdSAndroid Build Coastguard Worker # special case for bottom 297*387f9dfdSAndroid Build Coastguard Worker if self.preds[-1][1] == self.length - 1: 298*387f9dfdSAndroid Build Coastguard Worker return self._generate_bottom() 299*387f9dfdSAndroid Build Coastguard Worker 300*387f9dfdSAndroid Build Coastguard Worker return self._generate_entry() if self.is_entry else self._generate_exit() 301*387f9dfdSAndroid Build Coastguard Worker 302*387f9dfdSAndroid Build Coastguard Worker def attach(self, bpf): 303*387f9dfdSAndroid Build Coastguard Worker if self.is_entry: 304*387f9dfdSAndroid Build Coastguard Worker bpf.attach_kprobe(event=self.event, 305*387f9dfdSAndroid Build Coastguard Worker fn_name=self.func_name) 306*387f9dfdSAndroid Build Coastguard Worker else: 307*387f9dfdSAndroid Build Coastguard Worker bpf.attach_kretprobe(event=self.event, 308*387f9dfdSAndroid Build Coastguard Worker fn_name=self.func_name) 309*387f9dfdSAndroid Build Coastguard Worker 310*387f9dfdSAndroid Build Coastguard Worker 311*387f9dfdSAndroid Build Coastguard Workerclass Tool: 312*387f9dfdSAndroid Build Coastguard Worker 313*387f9dfdSAndroid Build Coastguard Worker examples =""" 314*387f9dfdSAndroid Build Coastguard WorkerEXAMPLES: 315*387f9dfdSAndroid Build Coastguard Worker# ./inject.py kmalloc -v 'SyS_mount()' 316*387f9dfdSAndroid Build Coastguard Worker Fails all calls to syscall mount 317*387f9dfdSAndroid Build Coastguard Worker# ./inject.py kmalloc -v '(true) => SyS_mount()(true)' 318*387f9dfdSAndroid Build Coastguard Worker Explicit rewriting of above 319*387f9dfdSAndroid Build Coastguard Worker# ./inject.py kmalloc -v 'mount_subtree() => btrfs_mount()' 320*387f9dfdSAndroid Build Coastguard Worker Fails btrfs mounts only 321*387f9dfdSAndroid Build Coastguard Worker# ./inject.py kmalloc -v 'd_alloc_parallel(struct dentry *parent, const struct \\ 322*387f9dfdSAndroid Build Coastguard Worker qstr *name)(STRCMP(name->name, 'bananas'))' 323*387f9dfdSAndroid Build Coastguard Worker Fails dentry allocations of files named 'bananas' 324*387f9dfdSAndroid Build Coastguard Worker# ./inject.py kmalloc -v -P 0.01 'SyS_mount()' 325*387f9dfdSAndroid Build Coastguard Worker Fails calls to syscall mount with 1% probability 326*387f9dfdSAndroid Build Coastguard Worker """ 327*387f9dfdSAndroid Build Coastguard Worker # add cases as necessary 328*387f9dfdSAndroid Build Coastguard Worker error_injection_mapping = { 329*387f9dfdSAndroid Build Coastguard Worker "kmalloc": "should_failslab(struct kmem_cache *s, gfp_t gfpflags)", 330*387f9dfdSAndroid Build Coastguard Worker "bio": "should_fail_bio(struct bio *bio)", 331*387f9dfdSAndroid Build Coastguard Worker "alloc_page": "should_fail_alloc_page(gfp_t gfp_mask, unsigned int order)", 332*387f9dfdSAndroid Build Coastguard Worker } 333*387f9dfdSAndroid Build Coastguard Worker 334*387f9dfdSAndroid Build Coastguard Worker def __init__(self): 335*387f9dfdSAndroid Build Coastguard Worker parser = argparse.ArgumentParser(description="Fail specified kernel" + 336*387f9dfdSAndroid Build Coastguard Worker " functionality when call chain and predicates are met", 337*387f9dfdSAndroid Build Coastguard Worker formatter_class=argparse.RawDescriptionHelpFormatter, 338*387f9dfdSAndroid Build Coastguard Worker epilog=Tool.examples) 339*387f9dfdSAndroid Build Coastguard Worker parser.add_argument(dest="mode", choices=["kmalloc", "bio", "alloc_page"], 340*387f9dfdSAndroid Build Coastguard Worker help="indicate which base kernel function to fail") 341*387f9dfdSAndroid Build Coastguard Worker parser.add_argument(metavar="spec", dest="spec", 342*387f9dfdSAndroid Build Coastguard Worker help="specify call chain") 343*387f9dfdSAndroid Build Coastguard Worker parser.add_argument("-I", "--include", action="append", 344*387f9dfdSAndroid Build Coastguard Worker metavar="header", 345*387f9dfdSAndroid Build Coastguard Worker help="additional header files to include in the BPF program") 346*387f9dfdSAndroid Build Coastguard Worker parser.add_argument("-P", "--probability", default=1, 347*387f9dfdSAndroid Build Coastguard Worker metavar="probability", type=float, 348*387f9dfdSAndroid Build Coastguard Worker help="probability that this call chain will fail") 349*387f9dfdSAndroid Build Coastguard Worker parser.add_argument("-v", "--verbose", action="store_true", 350*387f9dfdSAndroid Build Coastguard Worker help="print BPF program") 351*387f9dfdSAndroid Build Coastguard Worker parser.add_argument("-c", "--count", action="store", default=-1, 352*387f9dfdSAndroid Build Coastguard Worker help="Number of fails before bypassing the override") 353*387f9dfdSAndroid Build Coastguard Worker self.args = parser.parse_args() 354*387f9dfdSAndroid Build Coastguard Worker 355*387f9dfdSAndroid Build Coastguard Worker self.program = "" 356*387f9dfdSAndroid Build Coastguard Worker self.spec = self.args.spec 357*387f9dfdSAndroid Build Coastguard Worker self.map = {} 358*387f9dfdSAndroid Build Coastguard Worker self.probes = [] 359*387f9dfdSAndroid Build Coastguard Worker self.key = Tool.error_injection_mapping[self.args.mode] 360*387f9dfdSAndroid Build Coastguard Worker 361*387f9dfdSAndroid Build Coastguard Worker # create_probes and associated stuff 362*387f9dfdSAndroid Build Coastguard Worker def _create_probes(self): 363*387f9dfdSAndroid Build Coastguard Worker self._parse_spec() 364*387f9dfdSAndroid Build Coastguard Worker Probe.configure(self.args.mode, self.args.probability, self.args.count) 365*387f9dfdSAndroid Build Coastguard Worker # self, func, preds, total, entry 366*387f9dfdSAndroid Build Coastguard Worker 367*387f9dfdSAndroid Build Coastguard Worker # create all the pair probes 368*387f9dfdSAndroid Build Coastguard Worker for fx, preds in self.map.items(): 369*387f9dfdSAndroid Build Coastguard Worker 370*387f9dfdSAndroid Build Coastguard Worker # do the enter 371*387f9dfdSAndroid Build Coastguard Worker self.probes.append(Probe(fx, preds, self.length, True)) 372*387f9dfdSAndroid Build Coastguard Worker 373*387f9dfdSAndroid Build Coastguard Worker if self.key == fx: 374*387f9dfdSAndroid Build Coastguard Worker continue 375*387f9dfdSAndroid Build Coastguard Worker 376*387f9dfdSAndroid Build Coastguard Worker # do the exit 377*387f9dfdSAndroid Build Coastguard Worker self.probes.append(Probe(fx, preds, self.length, False)) 378*387f9dfdSAndroid Build Coastguard Worker 379*387f9dfdSAndroid Build Coastguard Worker def _parse_frames(self): 380*387f9dfdSAndroid Build Coastguard Worker # sentinel 381*387f9dfdSAndroid Build Coastguard Worker data = self.spec + '\0' 382*387f9dfdSAndroid Build Coastguard Worker start, count = 0, 0 383*387f9dfdSAndroid Build Coastguard Worker 384*387f9dfdSAndroid Build Coastguard Worker frames = [] 385*387f9dfdSAndroid Build Coastguard Worker cur_frame = [] 386*387f9dfdSAndroid Build Coastguard Worker i = 0 387*387f9dfdSAndroid Build Coastguard Worker last_frame_added = 0 388*387f9dfdSAndroid Build Coastguard Worker 389*387f9dfdSAndroid Build Coastguard Worker while i < len(data): 390*387f9dfdSAndroid Build Coastguard Worker # improper input 391*387f9dfdSAndroid Build Coastguard Worker if count < 0: 392*387f9dfdSAndroid Build Coastguard Worker raise Exception("Check your parentheses") 393*387f9dfdSAndroid Build Coastguard Worker c = data[i] 394*387f9dfdSAndroid Build Coastguard Worker count += c == '(' 395*387f9dfdSAndroid Build Coastguard Worker count -= c == ')' 396*387f9dfdSAndroid Build Coastguard Worker if not count: 397*387f9dfdSAndroid Build Coastguard Worker if c == '\0' or (c == '=' and data[i + 1] == '>'): 398*387f9dfdSAndroid Build Coastguard Worker # This block is closing a chunk. This means cur_frame must 399*387f9dfdSAndroid Build Coastguard Worker # have something in it. 400*387f9dfdSAndroid Build Coastguard Worker if not cur_frame: 401*387f9dfdSAndroid Build Coastguard Worker raise Exception("Cannot parse spec, missing parens") 402*387f9dfdSAndroid Build Coastguard Worker if len(cur_frame) == 2: 403*387f9dfdSAndroid Build Coastguard Worker frame = tuple(cur_frame) 404*387f9dfdSAndroid Build Coastguard Worker elif cur_frame[0][0] == '(': 405*387f9dfdSAndroid Build Coastguard Worker frame = self.key, cur_frame[0] 406*387f9dfdSAndroid Build Coastguard Worker else: 407*387f9dfdSAndroid Build Coastguard Worker frame = cur_frame[0], '(true)' 408*387f9dfdSAndroid Build Coastguard Worker frames.append(frame) 409*387f9dfdSAndroid Build Coastguard Worker del cur_frame[:] 410*387f9dfdSAndroid Build Coastguard Worker i += 1 411*387f9dfdSAndroid Build Coastguard Worker start = i + 1 412*387f9dfdSAndroid Build Coastguard Worker elif c == ')': 413*387f9dfdSAndroid Build Coastguard Worker cur_frame.append(data[start:i + 1].strip()) 414*387f9dfdSAndroid Build Coastguard Worker start = i + 1 415*387f9dfdSAndroid Build Coastguard Worker last_frame_added = start 416*387f9dfdSAndroid Build Coastguard Worker i += 1 417*387f9dfdSAndroid Build Coastguard Worker 418*387f9dfdSAndroid Build Coastguard Worker # We only permit spaces after the last frame 419*387f9dfdSAndroid Build Coastguard Worker if self.spec[last_frame_added:].strip(): 420*387f9dfdSAndroid Build Coastguard Worker raise Exception("Invalid characters found after last frame"); 421*387f9dfdSAndroid Build Coastguard Worker # improper input 422*387f9dfdSAndroid Build Coastguard Worker if count: 423*387f9dfdSAndroid Build Coastguard Worker raise Exception("Check your parentheses") 424*387f9dfdSAndroid Build Coastguard Worker return frames 425*387f9dfdSAndroid Build Coastguard Worker 426*387f9dfdSAndroid Build Coastguard Worker def _parse_spec(self): 427*387f9dfdSAndroid Build Coastguard Worker frames = self._parse_frames() 428*387f9dfdSAndroid Build Coastguard Worker frames.reverse() 429*387f9dfdSAndroid Build Coastguard Worker 430*387f9dfdSAndroid Build Coastguard Worker absolute_order = 0 431*387f9dfdSAndroid Build Coastguard Worker for f in frames: 432*387f9dfdSAndroid Build Coastguard Worker # default case 433*387f9dfdSAndroid Build Coastguard Worker func, pred = f[0], f[1] 434*387f9dfdSAndroid Build Coastguard Worker 435*387f9dfdSAndroid Build Coastguard Worker if not self._validate_predicate(pred): 436*387f9dfdSAndroid Build Coastguard Worker raise Exception("Invalid predicate") 437*387f9dfdSAndroid Build Coastguard Worker if not self._validate_identifier(func): 438*387f9dfdSAndroid Build Coastguard Worker raise Exception("Invalid function identifier") 439*387f9dfdSAndroid Build Coastguard Worker tup = (pred, absolute_order) 440*387f9dfdSAndroid Build Coastguard Worker 441*387f9dfdSAndroid Build Coastguard Worker if func not in self.map: 442*387f9dfdSAndroid Build Coastguard Worker self.map[func] = [tup] 443*387f9dfdSAndroid Build Coastguard Worker else: 444*387f9dfdSAndroid Build Coastguard Worker self.map[func].append(tup) 445*387f9dfdSAndroid Build Coastguard Worker 446*387f9dfdSAndroid Build Coastguard Worker absolute_order += 1 447*387f9dfdSAndroid Build Coastguard Worker 448*387f9dfdSAndroid Build Coastguard Worker if self.key not in self.map: 449*387f9dfdSAndroid Build Coastguard Worker self.map[self.key] = [('(true)', absolute_order)] 450*387f9dfdSAndroid Build Coastguard Worker absolute_order += 1 451*387f9dfdSAndroid Build Coastguard Worker 452*387f9dfdSAndroid Build Coastguard Worker self.length = absolute_order 453*387f9dfdSAndroid Build Coastguard Worker 454*387f9dfdSAndroid Build Coastguard Worker def _validate_identifier(self, func): 455*387f9dfdSAndroid Build Coastguard Worker # We've already established paren balancing. We will only look for 456*387f9dfdSAndroid Build Coastguard Worker # identifier validity here. 457*387f9dfdSAndroid Build Coastguard Worker paren_index = func.find("(") 458*387f9dfdSAndroid Build Coastguard Worker potential_id = func[:paren_index] 459*387f9dfdSAndroid Build Coastguard Worker pattern = '[_a-zA-z][_a-zA-Z0-9]*$' 460*387f9dfdSAndroid Build Coastguard Worker if re.match(pattern, potential_id): 461*387f9dfdSAndroid Build Coastguard Worker return True 462*387f9dfdSAndroid Build Coastguard Worker return False 463*387f9dfdSAndroid Build Coastguard Worker 464*387f9dfdSAndroid Build Coastguard Worker def _validate_predicate(self, pred): 465*387f9dfdSAndroid Build Coastguard Worker 466*387f9dfdSAndroid Build Coastguard Worker if len(pred) > 0 and pred[0] == "(": 467*387f9dfdSAndroid Build Coastguard Worker open = 1 468*387f9dfdSAndroid Build Coastguard Worker for i in range(1, len(pred)): 469*387f9dfdSAndroid Build Coastguard Worker if pred[i] == "(": 470*387f9dfdSAndroid Build Coastguard Worker open += 1 471*387f9dfdSAndroid Build Coastguard Worker elif pred[i] == ")": 472*387f9dfdSAndroid Build Coastguard Worker open -= 1 473*387f9dfdSAndroid Build Coastguard Worker if open != 0: 474*387f9dfdSAndroid Build Coastguard Worker # not well formed, break 475*387f9dfdSAndroid Build Coastguard Worker return False 476*387f9dfdSAndroid Build Coastguard Worker 477*387f9dfdSAndroid Build Coastguard Worker return True 478*387f9dfdSAndroid Build Coastguard Worker 479*387f9dfdSAndroid Build Coastguard Worker def _def_pid_struct(self): 480*387f9dfdSAndroid Build Coastguard Worker text = """ 481*387f9dfdSAndroid Build Coastguard Workerstruct pid_struct { 482*387f9dfdSAndroid Build Coastguard Worker u64 curr_call; /* book keeping to handle recursion */ 483*387f9dfdSAndroid Build Coastguard Worker u64 conds_met; /* stack pointer */ 484*387f9dfdSAndroid Build Coastguard Worker u64 stack[%s]; 485*387f9dfdSAndroid Build Coastguard Worker}; 486*387f9dfdSAndroid Build Coastguard Worker""" % self.length 487*387f9dfdSAndroid Build Coastguard Worker return text 488*387f9dfdSAndroid Build Coastguard Worker 489*387f9dfdSAndroid Build Coastguard Worker def _attach_probes(self): 490*387f9dfdSAndroid Build Coastguard Worker self.bpf = BPF(text=self.program) 491*387f9dfdSAndroid Build Coastguard Worker for p in self.probes: 492*387f9dfdSAndroid Build Coastguard Worker p.attach(self.bpf) 493*387f9dfdSAndroid Build Coastguard Worker 494*387f9dfdSAndroid Build Coastguard Worker def _generate_program(self): 495*387f9dfdSAndroid Build Coastguard Worker # leave out auto includes for now 496*387f9dfdSAndroid Build Coastguard Worker self.program += '#include <linux/mm.h>\n' 497*387f9dfdSAndroid Build Coastguard Worker for include in (self.args.include or []): 498*387f9dfdSAndroid Build Coastguard Worker self.program += "#include <%s>\n" % include 499*387f9dfdSAndroid Build Coastguard Worker 500*387f9dfdSAndroid Build Coastguard Worker self.program += self._def_pid_struct() 501*387f9dfdSAndroid Build Coastguard Worker self.program += "BPF_HASH(m, u32, struct pid_struct);\n" 502*387f9dfdSAndroid Build Coastguard Worker self.program += "BPF_ARRAY(count, u32, 1);\n" 503*387f9dfdSAndroid Build Coastguard Worker 504*387f9dfdSAndroid Build Coastguard Worker for p in self.probes: 505*387f9dfdSAndroid Build Coastguard Worker self.program += p.generate_program() + "\n" 506*387f9dfdSAndroid Build Coastguard Worker 507*387f9dfdSAndroid Build Coastguard Worker if self.args.verbose: 508*387f9dfdSAndroid Build Coastguard Worker print(self.program) 509*387f9dfdSAndroid Build Coastguard Worker 510*387f9dfdSAndroid Build Coastguard Worker def _main_loop(self): 511*387f9dfdSAndroid Build Coastguard Worker while True: 512*387f9dfdSAndroid Build Coastguard Worker try: 513*387f9dfdSAndroid Build Coastguard Worker self.bpf.perf_buffer_poll() 514*387f9dfdSAndroid Build Coastguard Worker except KeyboardInterrupt: 515*387f9dfdSAndroid Build Coastguard Worker exit() 516*387f9dfdSAndroid Build Coastguard Worker 517*387f9dfdSAndroid Build Coastguard Worker def run(self): 518*387f9dfdSAndroid Build Coastguard Worker self._create_probes() 519*387f9dfdSAndroid Build Coastguard Worker self._generate_program() 520*387f9dfdSAndroid Build Coastguard Worker self._attach_probes() 521*387f9dfdSAndroid Build Coastguard Worker self._main_loop() 522*387f9dfdSAndroid Build Coastguard Worker 523*387f9dfdSAndroid Build Coastguard Worker 524*387f9dfdSAndroid Build Coastguard Workerif __name__ == "__main__": 525*387f9dfdSAndroid Build Coastguard Worker Tool().run() 526