enable perf ureplace

.github/workflows/test-examples.yml

@@ -57,7 +57,7 @@ jobs:
             executable: ./uprobe
             victim: ./victim
             syscall_trace: false
-            expected_str: "target_func called."
+            expected_str: ""
           - path: opensnoop
             executable: ./opensnoop
             victim: ./victim

runtime/include/bpftime_shm.hpp

@@ -275,6 +275,7 @@ int bpftime_is_software_perf_event(int fd);
 void *bpftime_get_software_perf_event_raw_buffer(int fd, size_t expected_size);
 int bpftime_perf_event_output(int fd, const void *buf, size_t sz);
 int bpftime_shared_perf_event_output(int map_fd, const void *buf, size_t sz);
+int bpftime_add_ureplace(int fd, int pid, const char *name, uint64_t offset);
 }
 
 #endif // BPFTIME_SHM_CPP_H

runtime/src/bpftime_shm.cpp

@@ -329,6 +329,12 @@ int bpftime_add_software_perf_event(int cpu, int32_t sample_type,
 	return shm.add_software_perf_event(cpu, sample_type, config);
 }
 
+int bpftime_add_ureplace(int fd, int pid, const char *name, uint64_t offset)
+{
+	auto &shm = shm_holder.global_shared_memory;
+	return shm.add_ureplace(fd, pid, name, offset);
+}
+
 int bpftime_add_software_perf_event_fd_to_epoll(int swpe_fd, int epoll_fd,
 						epoll_data_t extra_data)
 {

runtime/src/bpftime_shm_internal.cpp

@@ -149,6 +149,21 @@ int bpftime_shm::add_uprobe(int fd, int pid, const char *name, uint64_t offset,
 		segment);
 }
 
+int bpftime_shm::add_ureplace(int fd, int pid, const char *name, uint64_t offset)
+{
+	if (fd < 0) {
+		// if fd is negative, we need to create a new fd for allocating
+		fd = open_fake_fd();
+	}
+	spdlog::debug("Set fd {} to ureplace, pid={}, name={}, offset={}", fd,
+		      pid, name, offset);
+	return manager->set_handler(
+		fd,
+		bpf_perf_event_handler(bpf_event_type::BPF_TYPE_UREPLACE, offset,
+				       pid, name, segment, true),
+		segment);
+}
+
 int bpftime_shm::add_tracepoint(int fd, int pid, int32_t tracepoint_id)
 {
 	if (fd < 0) {

runtime/src/bpftime_shm_internal.hpp

@@ -95,6 +95,7 @@ class bpftime_shm {
 	// create a bpf map fd
 	int add_bpf_map(int fd, const char *name, bpftime::bpf_map_attr attr);
 	uint32_t bpf_map_value_size(int fd) const;
+
 	const void *bpf_map_lookup_elem(int fd, const void *key,
 					bool from_userspace) const;
 
@@ -112,9 +113,13 @@ class bpftime_shm {
 		       bool retprobe, size_t ref_ctr_off);
 	// create a tracepoint fd
 	int add_tracepoint(int fd, int pid, int32_t tracepoint_id);
+	// create a software perf event fd, typically for a perf event
 	int add_software_perf_event(int cpu, int32_t sample_type,
 				    int64_t config);
 
+	// add replace function fd
+	int add_ureplace(int fd, int pid, const char *name, uint64_t offset);
+
 	// check and attach a perf event to a bpf program
 	int attach_perf_to_bpf(int perf_fd, int bpf_fd);
 

runtime/src/handler/perf_event_handler.hpp

@@ -131,13 +131,16 @@ struct bpf_perf_event_handler {
 
 	std::optional<software_perf_event_weak_ptr>
 	try_get_software_perf_data_weak_ptr() const;
+
 	std::optional<void *>
 	try_get_software_perf_data_raw_buffer(size_t buffer_size) const;
+
 	// attach to replace or filter self define types
 	bpf_perf_event_handler(bpf_event_type type, uint64_t offset, int pid,
 			       const char *module_name,
 			       boost::interprocess::managed_shared_memory &mem,
 			       bool default_enabled = false);
+
 	// create uprobe/uretprobe with new perf event attr
 	bpf_perf_event_handler(bool is_retprobe, uint64_t offset, int pid,
 			       const char *module_name, size_t ref_ctr_off,

runtime/syscall-server/syscall_context.cpp

@@ -43,20 +43,21 @@ long syscall_context::handle_sysbpf(int cmd, union bpf_attr *attr, size_t size)
 	switch (cmd) {
 	case BPF_MAP_CREATE: {
 		spdlog::debug("Creating map");
-		int id = bpftime_maps_create(-1/* let the shm alloc fd for us */,
-			attr->map_name, bpftime::bpf_map_attr{
-						(int)attr->map_type,
-						attr->key_size,
-						attr->value_size,
-						attr->max_entries,
-						attr->map_flags,
-						attr->map_ifindex,
-						attr->btf_vmlinux_value_type_id,
-						attr->btf_id,
-						attr->btf_key_type_id,
-						attr->btf_value_type_id,
-						attr->map_extra,
-					});
+		int id = bpftime_maps_create(
+			-1 /* let the shm alloc fd for us */, attr->map_name,
+			bpftime::bpf_map_attr{
+				(int)attr->map_type,
+				attr->key_size,
+				attr->value_size,
+				attr->max_entries,
+				attr->map_flags,
+				attr->map_ifindex,
+				attr->btf_vmlinux_value_type_id,
+				attr->btf_id,
+				attr->btf_key_type_id,
+				attr->btf_value_type_id,
+				attr->map_extra,
+			});
 		spdlog::debug(
 			"Created map {}, type={}, name={}, key_size={}, value_size={}",
 			id, attr->map_type, attr->map_name, attr->key_size,
@@ -159,7 +160,8 @@ long syscall_context::handle_sysbpf(int cmd, union bpf_attr *attr, size_t size)
 				}
 			}
 #endif
-			int id = bpftime_progs_create(-1/* let the shm alloc fd for us */,
+			int id = bpftime_progs_create(
+				-1 /* let the shm alloc fd for us */,
 				(ebpf_inst *)(uintptr_t)attr->insns,
 				(size_t)attr->insn_cnt, attr->prog_name,
 				attr->prog_type);
@@ -171,7 +173,9 @@ long syscall_context::handle_sysbpf(int cmd, union bpf_attr *attr, size_t size)
 		auto prog_fd = attr->link_create.prog_fd;
 		auto target_fd = attr->link_create.target_fd;
 		spdlog::debug("Creating link {} -> {}", prog_fd, target_fd);
-		int id = bpftime_link_create(-1/* let the shm alloc fd for us */, prog_fd, target_fd);
+		int id = bpftime_link_create(
+			-1 /* let the shm alloc fd for us */, prog_fd,
+			target_fd);
 		spdlog::debug("Created link {}", id);
 		return id;
 	}
@@ -237,26 +241,35 @@ int syscall_context::handle_perfevent(perf_event_attr *attr, pid_t pid, int cpu,
 		spdlog::debug(
 			"Creating uprobe name {} offset {} retprobe {} ref_ctr_off {} attr->config={:x}",
 			name, offset, retprobe, ref_ctr_off, attr->config);
-		int id = bpftime_uprobe_create(-1/* let the shm alloc fd for us */, pid, name, offset, retprobe,
-					       ref_ctr_off);
+		int id = bpftime_uprobe_create(
+			-1 /* let the shm alloc fd for us */, pid, name, offset,
+			retprobe, ref_ctr_off);
 		// std::cout << "Created uprobe " << id << std::endl;
 		spdlog::debug("Created uprobe {}", id);
 		return id;
 	} else if ((int)attr->type ==
-		   (int)bpf_event_type::
-			   PERF_TYPE_TRACEPOINT) {
+		   (int)bpf_event_type::PERF_TYPE_TRACEPOINT) {
 		spdlog::debug("Detected tracepoint perf event creation");
-		int fd = bpftime_tracepoint_create(-1/* let the shm alloc fd for us */, pid, (int32_t)attr->config);
+		int fd = bpftime_tracepoint_create(
+			-1 /* let the shm alloc fd for us */, pid,
+			(int32_t)attr->config);
 		spdlog::debug("Created tracepoint perf event with fd {}", fd);
 		return fd;
-	} else if ((int)attr->type ==
-		   (int)bpf_event_type::
-			   PERF_TYPE_SOFTWARE) {
+	} else if ((int)attr->type == (int)bpf_event_type::PERF_TYPE_SOFTWARE) {
 		spdlog::debug("Detected software perf event creation");
 		int fd = bpftime_add_software_perf_event(cpu, attr->sample_type,
 							 attr->config);
 		spdlog::debug("Created software perf event with fd {}", fd);
 		return fd;
+	} else if ((int)attr->type == (int)bpf_event_type::BPF_TYPE_UREPLACE) {
+		spdlog::debug("Detected ureplace hook");
+		const char *name = (const char *)(uintptr_t)attr->config1;
+		uint64_t offset = attr->config2;
+		int fd = bpftime_add_ureplace(
+			-1 /* let the shm alloc fd for us */, pid, name,
+			offset);
+		spdlog::debug("Created software perf event with fd {}", fd);
+		return fd;
 	}
 	spdlog::info("Calling original perf event open");
 	return orig_syscall_fn(__NR_perf_event_open, (uint64_t)(uintptr_t)attr,