add basic ARM64 support

commit_hash:ac6f12aba192034e41c01a7c18c030f277bb7e6c

Author: lexmach

perforator/agent/collector/pkg/dso/bpf/unwindtable/manager.go

@@ -579,7 +579,7 @@ func (b *pageTableBuilder) flushNodes() error {
 }
 
 // FIXME(sskvor): Generate this from the BTF
-const dwarfUnwindRBPRuleUndefined = 0x7f
+const dwarfUnwindRuleUndefined = 0x7f
 
 func fillRule(row row, page *unwinder.UnwindTablePageLeaf, idx int) {
 	rule := unwinder.UnwindRule{}
@@ -588,8 +588,10 @@ func fillRule(row row, page *unwinder.UnwindTablePageLeaf, idx int) {
 	if rbp := row.RBP(); rbp != nil && rbp.GetCfaPlusOffset() != nil {
 		offset := rbp.GetCfaPlusOffset().GetOffset()
 		rule.Rbp = unwinder.RbpUnwindRule{Offset: int8(offset)}
+	} else if rbp != nil && rbp.GetCfaMinus8() != nil {
+		rule.Rbp = unwinder.RbpUnwindRule{Offset: int8(-8)}
 	} else {
-		rule.Rbp = unwinder.RbpUnwindRule{Offset: dwarfUnwindRBPRuleUndefined}
+		rule.Rbp = unwinder.RbpUnwindRule{Offset: dwarfUnwindRuleUndefined}
 	}
 
 	// Fill CFA rule
@@ -601,6 +603,16 @@ func fillRule(row row, page *unwinder.UnwindTablePageLeaf, idx int) {
 		rule.Cfa.Kind = unwinder.UnwindRuleUnsupported
 	}
 
+	// Should we really use separate rule for CfaMinus8?
+	if ra := row.RA(); ra != nil && ra.GetCfaPlusOffset() != nil {
+		offset := ra.GetCfaPlusOffset().GetOffset()
+		rule.Ra = unwinder.RaUnwindRule{Offset: int8(offset)}
+	} else if ra != nil && ra.GetCfaMinus8() != nil {
+		rule.Ra = unwinder.RaUnwindRule{Offset: int8(-8)}
+	} else {
+		rule.Ra = unwinder.RaUnwindRule{Offset: dwarfUnwindRuleUndefined}
+	}
+
 	page.Pc[idx] = uint32(row.StartPC())
 	page.Ranges[idx] = uint32(row.PCRange())
 	page.Rules[idx] = rule

perforator/agent/collector/progs/unwinder/arch/arm/dwarf.h

@@ -0,0 +1,121 @@
+#pragma once
+
+#include <bpf/bpf.h>
+
+#include "../../dwarf-fwd.h"
+
+////////////////////////////////////////////////////////////////////////////////
+
+enum {
+    DWARF_CFI_UNKNOWN_REGISTER = 0xfffffffffffffffd,
+
+    DWARF_CFI_STACK_REGISTER_NUMBER = 31,
+    DWARF_CFI_FRAME_REGISTER_NUMBER = 29
+};
+
+struct dwarf_cfi_context {
+    u64 cfa;
+    u64 fp;
+    u64 ip;
+
+    u64 lr;
+};
+
+static void ALWAYS_INLINE dwarf_cfi_context_init_next(struct dwarf_cfi_context* ctx) {
+    ctx->cfa = DWARF_CFI_UNKNOWN_REGISTER;
+    ctx->fp = DWARF_CFI_UNKNOWN_REGISTER;
+    ctx->pc = DWARF_CFI_UNKNOWN_REGISTER;
+    ctx->lr = DWARF_CFI_UNKNOWN_REGISTER;
+}
+
+static ALWAYS_INLINE void dwarf_unwind_setup_userspace_registers(
+    struct dwarf_cfi_context* cfi,
+    struct user_regs* regs
+) {
+    cfi->cfa = regs->sp;
+    cfi->fp = regs->fp;
+    cfi->ip = regs->pc;
+
+    cfi->lr = regs->lr;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+// FIXME: we are fully dependendent on Link register here, but it might be invalidated
+// See: https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst#note-8
+// Currently not a single observed binary has this DWARF expression
+ALWAYS_INLINE bool dwarf_cfi_eval_ra(
+    struct dwarf_cfi_context* prev,
+    struct dwarf_cfi_context* next,
+    struct ra_unwind_rule* rule
+) {
+    if (rule->offset == DWARF_UNWIND_CFA_RULE_UNDEFINED) {
+        DWARF_TRACE("no need to update LR");
+        next->lr = prev->lr;
+        next->ip = prev->lr;
+        return true;
+    }
+
+    u64 address = next->cfa + rule->offset;
+    if (!read_return_address((void*)address, &next->lr)) {
+        return false;
+    }
+    next->ip = next->lr;
+
+    return true;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+// There is no canonical prolouge/epilogue:
+// See: https://www.codalogic.com/blog/2022/10/20/Aarch64-Stack-Frames-Again
+//
+// Clang function prologue and epilogue:
+// foo:
+//      sub sp, sp, #size
+//      stp x29, x30, [sp, #(size - 16)]
+//      add x29, sp, #(size - 16)
+//      ...
+//      ldp x29, x30, [sp, #(size - 16)]
+//      add sp, sp, #size
+//      ret
+//
+// Stack layout:
+// |                     |
+// +---------------------+
+// |          lr         |
+// +---------------------+
+// |    original fp      | <- fp
+// +---------------------+
+// |                     |
+// |                     |
+// |     ...space...     |
+// |                     |
+// |                     | <- sp
+// +---------------------+
+static NOINLINE enum dwarf_unwind_step_result dwarf_unwind_step_fp(struct dwarf_cfi_context* cfi, u32* framepointers) {
+    if (cfi == NULL || framepointers == NULL) {
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+
+    (*framepointers)++;
+
+    cfi->ip = cfi->lr;
+    if (!read_return_address((void*)(cfi->fp + 8), &cfi->lr)) {
+        metric_increment(METRIC_FP_ERROR_READ_RETURNADDRESS_COUNT);
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+
+    cfi->cfa = cfi->fp + 16;
+
+    u64 prev_fp = 0;
+    int err = bpf_probe_read_user(&prev_fp, sizeof(prev_fp), (void*)cfi->fp);
+    if (err != 0) {
+        DWARF_TRACE("fp: bpf_probe_read_user failed: %d\n", err);
+        metric_increment(METRIC_FP_ERROR_READ_BASEPOINTER_COUNT);
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+    cfi->fp = prev_fp;
+
+    return DWARF_UNWIND_STEP_CONTINUE;
+}

perforator/agent/collector/progs/unwinder/arch/arm/regs.h

@@ -0,0 +1,92 @@
+#pragma once
+
+#include <bpf/attrs.h>
+#include <bpf/core.h>
+#include <bpf/types.h>
+
+#include "../../core.h"
+#include "../../linux.h"
+#include "../../task.h"
+
+////////////////////////////////////////////////////////////////////////////////
+
+struct user_regs {
+    u64 sp;
+    u64 fp;
+    u64 pc;
+    u64 lr;
+};
+
+static ALWAYS_INLINE u64 regs_get_current_instruction(struct user_regs* regs) {
+    return regs->pc;
+}
+
+// FIXME: this is suboptimal, we are using only part of user-spaced regs
+struct pt_regs___kernel {
+    u64 regs[31];
+    u64 sp;
+    u64 pc;
+};
+
+////////////////////////////////////////////////////////////////////////////////
+
+// See https://www.kernel.org/doc/Documentation/arm64/memory.txt
+ALWAYS_INLINE bool is_kernel_pc(u64 pc) {
+    return pc > 0xffff000000000000;
+}
+
+// See https://github.com/iovisor/bcc/issues/2073#issuecomment-446844179
+// And https://elixir.bootlin.com/linux/v5.4.254/source/arch/arm/include/asm/ptrace.h#L16
+// And https://elixir.bootlin.com/linux/v5.4.254/source/arch/arm/include/asm/processor.h#L98
+static NOINLINE bool extract_saved_userspace_registers(struct user_regs* regs) {
+    struct pt_regs___kernel* kregs = 0;
+    if (bpf_core_enum_value_exists(enum bpf_func_id, BPF_FUNC_task_pt_regs)) {
+        struct task_struct* task = bpf_get_current_task_btf();
+        if (task == NULL) {
+            return false;
+        }
+
+        kregs = (void*)bpf_task_pt_regs(task);
+        if (kregs == 0) {
+            return false;
+        }
+    } else {
+        struct task_struct* task = get_current_task();
+        if (task == NULL) {
+            return false;
+        }
+
+        void* ptr = BPF_CORE_READ(task, stack);
+        if (ptr == NULL) {
+            return false;
+        }
+
+        ptr += THREAD_START_SP;
+        kregs = (void*)((struct user_pt_regs*)(ptr) - 1);
+    }
+
+    regs->pc = BPF_CORE_READ(kregs, pc);
+    regs->fp = BPF_CORE_READ(kregs, ARM_FP);
+    regs->sp = BPF_CORE_READ(kregs, sp);
+    regs->lr = BPF_CORE_READ(kregs, ARM_LR);
+
+    return true;
+}
+
+// FIXME: bpf_perf_event_data contains only user_pt_regs, not full regs
+static NOINLINE bool find_task_userspace_registers_bpf(struct user_pt_regs* kregs, struct user_regs* uregs) {
+    if (is_kernel_pc(kregs->pc)) {
+        return extract_saved_userspace_registers(uregs);
+    }
+
+    uregs->sp = kregs->sp;
+    uregs->fp = kregs->ARM_FP;
+    uregs->pc = kregs->pc;
+    uregs->lr = kregs->ARM_LR;
+
+    return true;
+}
+
+static ALWAYS_INLINE bool find_task_userspace_registers(struct pt_regs* kregs, struct user_regs* uregs) {
+    return find_task_userspace_registers_bpf(&kregs->user_regs, uregs);
+}

perforator/agent/collector/progs/unwinder/arch/arm/thread.h

@@ -0,0 +1,8 @@
+#pragma once
+
+#include "../../core.h"
+
+static ALWAYS_INLINE unsigned long get_tcb_pointer() {
+    struct task_struct* task = (void*)bpf_get_current_task();
+    return BPF_CORE_READ(task, thread.uw.tp_value);
+}

perforator/agent/collector/progs/unwinder/arch/x86/dwarf.h

@@ -0,0 +1,94 @@
+#pragma once
+
+#include <bpf/bpf.h>
+
+#include "../../dwarf-fwd.h"
+
+////////////////////////////////////////////////////////////////////////////////
+
+enum {
+    DWARF_CFI_UNKNOWN_REGISTER = 0xfffffffffffffffd,
+
+    DWARF_CFI_STACK_REGISTER_NUMBER = 7,
+    DWARF_CFI_FRAME_REGISTER_NUMBER = 6
+};
+
+struct dwarf_cfi_context {
+    u64 cfa;
+    u64 fp;
+    u64 ip;
+};
+
+static void ALWAYS_INLINE dwarf_cfi_context_init_next(struct dwarf_cfi_context* ctx) {
+    ctx->cfa = DWARF_CFI_UNKNOWN_REGISTER;
+    ctx->fp = DWARF_CFI_UNKNOWN_REGISTER;
+    ctx->ip = DWARF_CFI_UNKNOWN_REGISTER;
+}
+
+static ALWAYS_INLINE void dwarf_unwind_setup_userspace_registers(
+    struct dwarf_cfi_context* cfi,
+    struct user_regs* regs
+) {
+    cfi->cfa = regs->rsp;
+    cfi->fp = regs->rbp;
+    cfi->ip = regs->rip;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+ALWAYS_INLINE bool dwarf_cfi_eval_ra(
+    struct dwarf_cfi_context* prev,
+    struct dwarf_cfi_context* next,
+    struct ra_unwind_rule* rule
+) {
+    u64 address = next->cfa - 8;
+    return read_return_address((void*)address, &next->ip);
+}
+
+// Canonical function prologue and epilogue:
+// foo:
+//      push %rbp
+//      mov %rsp, %rbp
+//      ...
+//      mov %rbp, %rsp
+//      pop %rbp
+//      ret
+//
+// Stack layout:
+// rsp0    -> [....]
+// rsp0-8  -> [ra0 ]
+// rsp0-16 -> [rbp0]
+// ...
+// rsp1    -> [....]
+// rsp1-8  -> [ra1 ]
+// rsp1-16 -> [rbp1]
+// ...
+// rsp2    -> [....]
+// rsp2-8  -> [ra2 ]
+// rsp2-16 -> [rbp2]
+static NOINLINE enum dwarf_unwind_step_result dwarf_unwind_step_fp(struct dwarf_cfi_context* cfi, u32* framepointers) {
+    if (cfi == NULL || framepointers == NULL) {
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+
+    (*framepointers)++;
+    if (!read_return_address((void*)(cfi->fp + 8), &cfi->ip)) {
+        metric_increment(METRIC_FP_ERROR_READ_RETURNADDRESS_COUNT);
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+
+    // We need to restore rsp in order to support mixed dwarf and frame pointers unwinding.
+    // Previous rsp is equal to current rbp + 2*sizeof(register): look at the stack layout.
+    cfi->cfa = cfi->fp + 16;
+
+    u64 prev_rbp = 0;
+    int err = bpf_probe_read_user(&prev_rbp, sizeof(prev_rbp), (void*)cfi->fp);
+    if (err != 0) {
+        DWARF_TRACE("fp: bpf_probe_read_user failed: %d\n", err);
+        metric_increment(METRIC_FP_ERROR_READ_BASEPOINTER_COUNT);
+        return DWARF_UNWIND_STEP_FAILED;
+    }
+    cfi->fp = prev_rbp;
+
+    return DWARF_UNWIND_STEP_CONTINUE;
+}

perforator/agent/collector/progs/unwinder/arch/x86/regs.h

@@ -16,6 +16,10 @@ struct user_regs {
     u64 rip;
 };
 
+static ALWAYS_INLINE u64 regs_get_current_instruction(struct user_regs* regs) {
+    return regs->rip;
+}
+
 struct pt_regs___kernel {
     u64 ip;
     u64 sp;
@@ -78,4 +82,8 @@ static NOINLINE bool find_task_userspace_registers(struct pt_regs* kregs, struct
     return true;
 }
 
+static ALWAYS_INLINE bool find_task_userspace_registers_bpf(struct pt_regs* kregs, struct user_regs* uregs) {
+    return find_task_userspace_registers(kregs, uregs);
+}
+
 ////////////////////////////////////////////////////////////////////////////////

perforator/agent/collector/progs/unwinder/arch/x86/thread.h

@@ -0,0 +1,8 @@
+#pragma once
+
+#include "../../core.h"
+
+static ALWAYS_INLINE unsigned long get_tcb_pointer() {
+    struct task_struct* task = (void*)bpf_get_current_task();
+    return BPF_CORE_READ(task, thread.fsbase);
+}

perforator/agent/collector/progs/unwinder/binary.h

@@ -6,4 +6,4 @@ typedef u64 binary_id;
 
 enum binary_storage_params : u32 {
     MAX_BINARIES = 1024 * 1024
-};
+};