feat: compile in advance using CO-RE (#3)

* feat: compile in advance

* feat: use CO:RE for task_struct

* Remove exectrace.Filter struct

* Add github actions workflows for lint/fmt

* Fix typo

* Improve CI coverage, check for genned files

* Shellcheck

* Rename FilterPidNS to PidNS

* Make arglen and argsize private

Author: deansheather

.clang-tidy

@@ -0,0 +1,2 @@
+Checks: "clang-diagnostic-*,clang-analyzer-*,-*,cert-*,linuxkernel-*,clang-analyzer-*,llvm-*,performance-*,portability-*,readability-*"
+WarningsAsErrors: "*"

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[{*.go,*.c,*.h,Makefile}]
+indent_style = tab
+indent_size = 4
+
+[{*.ya?ml,*.json,.prettierrc]
+indent_style = space
+indent_size = 2

.github/workflows/gen.yml

@@ -0,0 +1,40 @@
+name: gen
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
+  pull_request:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  issues: none
+  packages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  handler-elf:
+    name: handler-elf
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Run make
+        run: make
+
+      - name: Check for unstaged files
+        run: ./ci/scripts/check_unstaged.sh

.github/workflows/quality.yml

@@ -0,0 +1,114 @@
+name: quality
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
+  pull_request:
+    branches:
+      - main
+
+  workflow_dispatch:
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  issues: none
+  packages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  fmt-go:
+    name: fmt/go
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16.12"
+
+      - name: Run make fmt/go
+        run: make fmt/go
+
+      - name: Check for unstaged files
+        run: ./ci/scripts/check_unstaged.sh
+
+  fmt-prettier:
+    name: fmt/prettier
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install prettier
+        run: npm install --global prettier
+
+      - name: Run make fmt/prettier
+        run: make fmt/prettier
+
+      - name: Check for unstaged files
+        run: ./ci/scripts/check_unstaged.sh
+
+  lint-go:
+    name: lint/go
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: "^1.16.12"
+
+      - name: Install golangci-lint
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \
+            | sh -s -- -b $(go env GOPATH)/bin v1.43.0
+
+      # Linting needs to be done on each build variation of GOOS.
+      - name: Run make lint/go/linux
+        run: make lint/go/linux
+
+      # The windows and darwin builds include the same files.
+      - name: Run make lint/go/other
+        run: make lint/go/other
+
+  lint-c:
+    name: lint/c
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Run make lint/c
+        run: make lint/c
+
+  lint-shellcheck:
+    name: lint/shellcheck
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Install shellcheck
+        run: sudo apt install -y shellcheck
+
+      - name: Run make lint/shellcheck
+        run: make lint/shellcheck

.gitignore

@@ -16,5 +16,12 @@
 
 # Object files
 *.o
+!bpf/handler-*.o
 *.obj
 *.elf
+
+# Editor folders
+.vscode
+
+# Make outputs
+.clang-image

Makefile

@@ -0,0 +1,65 @@
+SHELL := bash
+# Exit on failure
+.SHELLFLAGS := -ceu
+.DELETE_ON_ERROR:
+.ONESHELL:
+
+# Specify the verbose flag to see all command output.
+ifndef VERBOSE
+.SILENT:
+endif
+
+CXX = clang-13
+
+.PHONY: all
+all: bpf/handler-bpfeb.o bpf/handler-bpfel.o
+
+.PHONY: clean
+clean:
+	rm -rf bpf/handler-bpfeb.o bpf/handler-bpfel.o
+
+ci/.clang-image: ci/images/clang-13/Dockerfile
+	./ci/scripts/clang_image.sh
+	touch ci/.clang-image
+
+# bpfeb is big endian, bpfel is little endian.
+bpf/handler-bpfeb.o bpf/handler-bpfel.o: bpf/*.h bpf/*.c ci/.clang-image
+	./ci/scripts/build_handler.sh "$(@F)"
+
+.PHONY: fmt
+fmt: fmt/go fmt/prettier
+
+.PHONY: fmt/go
+fmt/go:
+	go fmt ./...
+
+.PHONY: fmt/prettier
+fmt/prettier:
+	# Config file: .prettierrc
+	prettier -w .
+
+.PHONY: lint
+lint: lint/go lint/c lint/shellcheck
+
+.PHONY: lint/go
+lint/go: lint/go/linux lint/go/other
+
+.PHONY: lint/go/linux
+lint/go/linux:
+	# Config file: .golangci.yml
+	golangci-lint run ./...
+
+.PHONY: lint/go/other
+lint/go/other:
+	# The windows and darwin builds include the same files.
+	# Config file: .golangci.yml
+	GOOS=windows golangci-lint run ./...
+
+.PHONY: lint/c
+lint/c: ci/.clang-image
+	# Config file: .clang-tidy
+	./ci/scripts/clang.sh clang-tidy-13 --config-file ../.clang-tidy ./handler.c
+
+.PHONY: lint/shellcheck
+lint/shellcheck:
+	./ci/scripts/shellcheck.sh

README.md

@@ -43,6 +43,20 @@ $ sudo exectrace --compiler clang-13
 You can look at the example program [exectrace](./cmd/exectrace/main.go) for a
 comprehensive program using this library.
 
+## Development
+
+Since the eBPF program is packaged as a Go library, the program needs to be
+compiled and included in the repo. If you make changes to files under the `bpf`
+directory, you should run `make` and include the `.o` files in that directory in
+your commit if they changed. CI will ensure that this is done correctly.
+
+You will probably need the following tools:
+
+- Docker (clang is run within a Docker container for reproducibility)
+- `golangci-lint`
+- `prettier`
+- `shellcheck`
+
 ## Status: In Development
 
 The library is currently under heavy development as we develop it out to suit

bpf.go

@@ -1,9 +1,97 @@
+//go:build linux
+// +build linux
+
 package exectrace
 
-import "bytes"
+import (
+	"bytes"
+	"runtime"
+	"sync"
+
+	"github.com/cilium/ebpf"
+	"github.com/cilium/ebpf/rlimit"
+	"github.com/hashicorp/go-multierror"
+	"golang.org/x/xerrors"
+)
+
+var (
+	errObjectsClosed  = xerrors.New("objects are closed")
+	removeMemlockOnce sync.Once
+
+	// collectionOpts used for loading the BPF objects.
+	collectionOpts = &ebpf.CollectionOptions{
+		Programs: ebpf.ProgramOptions{
+			// While debugging, it may be helpful to set this value to be much
+			// higher (i.e. * 1000).
+			LogSize: ebpf.DefaultVerifierLogSize,
+		},
+	}
+)
+
+// loadBPFObjects reads and parses the programs and maps out of the embedded
+// BPF program.
+func loadBPFObjects() (*bpfObjects, error) {
+	// Allow the current process to lock memory for eBPF resources. This does
+	// nothing on 5.11+ kernels which don't need this.
+	var err error
+	removeMemlockOnce.Do(func() {
+		err = rlimit.RemoveMemlock()
+	})
+	if err != nil {
+		return nil, xerrors.Errorf("remove kernel memlock: %w", err)
+	}
+
+	r := bytes.NewReader(bpfProgram)
+	spec, err := ebpf.LoadCollectionSpecFromReader(r)
+	if err != nil {
+		return nil, xerrors.Errorf("load collection from reader: %w", err)
+	}
+
+	objs := &bpfObjects{
+		closeLock: sync.Mutex{},
+		closed:    make(chan struct{}),
+	}
+	err = spec.LoadAndAssign(objs, collectionOpts)
+	if err != nil {
+		return nil, xerrors.Errorf("load and assign specs: %w", err)
+	}
+
+	return objs, nil
+}
+
+type bpfObjects struct {
+	EnterExecveProg *ebpf.Program `ebpf:"enter_execve"`
+	EventsMap       *ebpf.Map     `ebpf:"events"`
+	FiltersMap      *ebpf.Map     `ebpf:"filters"`
+
+	closeLock sync.Mutex
+	closed    chan struct{}
+}
+
+func (o *bpfObjects) Close() error {
+	o.closeLock.Lock()
+	defer o.closeLock.Unlock()
+	select {
+	case <-o.closed:
+		return errObjectsClosed
+	default:
+	}
+	close(o.closed)
+	runtime.SetFinalizer(o, nil)
+
+	var merr error
+	if o.EnterExecveProg != nil {
+		err := o.EnterExecveProg.Close()
+		if err != nil {
+			merr = multierror.Append(merr, xerrors.Errorf(`close BPF program "enter_execve": %w`, err))
+		}
+	}
+	if o.EventsMap != nil {
+		err := o.EventsMap.Close()
+		if err != nil {
+			merr = multierror.Append(merr, xerrors.Errorf(`close BPF map "events": %w`, err))
+		}
+	}
 
-// LoadBPFObjectsBytes is a helper for LoadBPFObjects that automatically wraps
-// the given byte slice with a bytes.Reader.
-func LoadBPFObjectsBytes(p []byte) (BPFObjects, error) {
-	return LoadBPFObjects(bytes.NewReader(p))
+	return merr
 }