1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2020 Facebook */
3#pragma once
4
5#define TASK_COMM_LEN 16
6#define MAX_ANCESTORS 4
7#define MAX_PATH 256
8#define KILL_TARGET_LEN 64
9#define CTL_MAXNAME 10
10#define MAX_ARGS_LEN 4096
11#define MAX_FILENAME_LEN 512
12#define MAX_ENVIRON_LEN 8192
13#define MAX_PATH_DEPTH 32
14#define MAX_FILEPATH_LENGTH (MAX_PATH_DEPTH * MAX_PATH)
15#define MAX_CGROUPS_PATH_DEPTH 8
16
17#define MAX_METADATA_PAYLOAD_LEN TASK_COMM_LEN
18
19#define MAX_CGROUP_PAYLOAD_LEN \
20	(MAX_PATH * 2 + (MAX_PATH * MAX_CGROUPS_PATH_DEPTH))
21
22#define MAX_CAP_PAYLOAD_LEN (MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN)
23
24#define MAX_SYSCTL_PAYLOAD_LEN \
25	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + CTL_MAXNAME + MAX_PATH)
26
27#define MAX_KILL_PAYLOAD_LEN \
28	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + TASK_COMM_LEN + \
29	 KILL_TARGET_LEN)
30
31#define MAX_EXEC_PAYLOAD_LEN \
32	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILENAME_LEN + \
33	 MAX_ARGS_LEN + MAX_ENVIRON_LEN)
34
35#define MAX_FILEMOD_PAYLOAD_LEN \
36	(MAX_METADATA_PAYLOAD_LEN + MAX_CGROUP_PAYLOAD_LEN + MAX_FILEPATH_LENGTH + \
37	 MAX_FILEPATH_LENGTH)
38
39enum data_type {
40	INVALID_EVENT,
41	EXEC_EVENT,
42	FORK_EVENT,
43	KILL_EVENT,
44	SYSCTL_EVENT,
45	FILEMOD_EVENT,
46	MAX_DATA_TYPE_EVENT
47};
48
49enum filemod_type {
50	FMOD_OPEN,
51	FMOD_LINK,
52	FMOD_SYMLINK,
53};
54
55struct ancestors_data_t {
56	pid_t ancestor_pids[MAX_ANCESTORS];
57	uint32_t ancestor_exec_ids[MAX_ANCESTORS];
58	uint64_t ancestor_start_times[MAX_ANCESTORS];
59	uint32_t num_ancestors;
60};
61
62struct var_metadata_t {
63	enum data_type type;
64	pid_t pid;
65	uint32_t exec_id;
66	uid_t uid;
67	gid_t gid;
68	uint64_t start_time;
69	uint32_t cpu_id;
70	uint64_t bpf_stats_num_perf_events;
71	uint64_t bpf_stats_start_ktime_ns;
72	uint8_t comm_length;
73};
74
75struct cgroup_data_t {
76	ino_t cgroup_root_inode;
77	ino_t cgroup_proc_inode;
78	uint64_t cgroup_root_mtime;
79	uint64_t cgroup_proc_mtime;
80	uint16_t cgroup_root_length;
81	uint16_t cgroup_proc_length;
82	uint16_t cgroup_full_length;
83	int cgroup_full_path_root_pos;
84};
85
86struct var_sysctl_data_t {
87	struct var_metadata_t meta;
88	struct cgroup_data_t cgroup_data;
89	struct ancestors_data_t ancestors_info;
90	uint8_t sysctl_val_length;
91	uint16_t sysctl_path_length;
92	char payload[MAX_SYSCTL_PAYLOAD_LEN];
93};
94
95struct var_kill_data_t {
96	struct var_metadata_t meta;
97	struct cgroup_data_t cgroup_data;
98	struct ancestors_data_t ancestors_info;
99	pid_t kill_target_pid;
100	int kill_sig;
101	uint32_t kill_count;
102	uint64_t last_kill_time;
103	uint8_t kill_target_name_length;
104	uint8_t kill_target_cgroup_proc_length;
105	char payload[MAX_KILL_PAYLOAD_LEN];
106	size_t payload_length;
107};
108
109struct var_exec_data_t {
110	struct var_metadata_t meta;
111	struct cgroup_data_t cgroup_data;
112	pid_t parent_pid;
113	uint32_t parent_exec_id;
114	uid_t parent_uid;
115	uint64_t parent_start_time;
116	uint16_t bin_path_length;
117	uint16_t cmdline_length;
118	uint16_t environment_length;
119	char payload[MAX_EXEC_PAYLOAD_LEN];
120};
121
122struct var_fork_data_t {
123	struct var_metadata_t meta;
124	pid_t parent_pid;
125	uint32_t parent_exec_id;
126	uint64_t parent_start_time;
127	char payload[MAX_METADATA_PAYLOAD_LEN];
128};
129
130struct var_filemod_data_t {
131	struct var_metadata_t meta;
132	struct cgroup_data_t cgroup_data;
133	enum filemod_type fmod_type;
134	unsigned int dst_flags;
135	uint32_t src_device_id;
136	uint32_t dst_device_id;
137	ino_t src_inode;
138	ino_t dst_inode;
139	uint16_t src_filepath_length;
140	uint16_t dst_filepath_length;
141	char payload[MAX_FILEMOD_PAYLOAD_LEN];
142};
143
144struct profiler_config_struct {
145	bool fetch_cgroups_from_bpf;
146	ino_t cgroup_fs_inode;
147	ino_t cgroup_login_session_inode;
148	uint64_t kill_signals_mask;
149	ino_t inode_filter;
150	uint32_t stale_info_secs;
151	bool use_variable_buffers;
152	bool read_environ_from_exec;
153	bool enable_cgroup_v1_resolver;
154};
155
156struct bpf_func_stats_data {
157	uint64_t time_elapsed_ns;
158	uint64_t num_executions;
159	uint64_t num_perf_events;
160};
161
162struct bpf_func_stats_ctx {
163	uint64_t start_time_ns;
164	struct bpf_func_stats_data* bpf_func_stats_data_val;
165};
166
167enum bpf_function_id {
168	profiler_bpf_proc_sys_write,
169	profiler_bpf_sched_process_exec,
170	profiler_bpf_sched_process_exit,
171	profiler_bpf_sys_enter_kill,
172	profiler_bpf_do_filp_open_ret,
173	profiler_bpf_sched_process_fork,
174	profiler_bpf_vfs_link,
175	profiler_bpf_vfs_symlink,
176	profiler_bpf_max_function_id
177};
178