| Message ID | 20230221234500.2653976-1-deso@posteo.net (mailing list archive) |
|---|---|
| Headers | show |
| Series | Make uprobe attachment APK aware | expand |
The changelog ended up in a different file. Added it below now. On Tue, Feb 21, 2023 at 11:44:57PM +0000, Daniel Müller wrote: > On Android, APKs (android packages; zip packages with somewhat > prescriptive contents) are first class citizens in the system: the > shared objects contained in them don't exist in unpacked form on the > file system. Rather, they are mmaped directly from within the archive > and the archive is also what the kernel is aware of. > > For users that complicates the process of attaching a uprobe to a > function contained in a shared object in one such APK: they'd have to > find the byte offset of said function from the beginning of the archive. > That is cumbersome to do manually and can be fragile, because various > changes could invalidate said offset. > > That is why for uprobes inside ELF files (not inside an APK), commit > d112c9ce249b ("libbpf: Support function name-based attach uprobes") added > support for attaching to symbols by name. On Android, that mechanism > currently does not work, because this logic is not APK aware. > > This patch set introduces first class support for attaching uprobes to > functions inside ELF objects contained in APKs via function names. We > add support for recognizing the following syntax for a binary path: > <archive>!/<binary-in-archive> > > (e.g., /system/app/test-app.apk!/lib/arm64-v8a/libc++.so) > > This syntax is common in the Android eco system and used by tools such > as simpleperf. It is also what is being proposed for bcc [0]. > > If the user provides such a binary path, we find <binary-in-archive> > (lib/arm64-v8a/libc++.so in the example) inside of <archive> > (/system/app/test-app.apk). We perform the regular ELF offset search > inside the binary and add that to the offset within the archive itself, > to retrieve the offset at which to attach the uprobe. > > [0] https://github.com/iovisor/bcc/pull/4440 Changelog --------- v1->v2: - removed unaligned_* types - switched to using __u32 and __u16 - switched to using errno constants instead of hard-coded negative values - added another pr_debug() message - shortened central_directory_* to cd_* - inlined cd_file_header_at_offset() function - bunch of syntactical changes > Daniel Müller (3): > libbpf: Implement basic zip archive parsing support > libbpf: Introduce elf_find_func_offset_from_file() function > libbpf: Add support for attaching uprobes to shared objects in APKs > > tools/lib/bpf/Build | 2 +- > tools/lib/bpf/libbpf.c | 142 ++++++++++++++---- > tools/lib/bpf/zip.c | 326 +++++++++++++++++++++++++++++++++++++++++ > tools/lib/bpf/zip.h | 47 ++++++ > 4 files changed, 489 insertions(+), 28 deletions(-) > create mode 100644 tools/lib/bpf/zip.c > create mode 100644 tools/lib/bpf/zip.h > > -- > 2.30.2 >
On Android, APKs (android packages; zip packages with somewhat prescriptive contents) are first class citizens in the system: the shared objects contained in them don't exist in unpacked form on the file system. Rather, they are mmaped directly from within the archive and the archive is also what the kernel is aware of. For users that complicates the process of attaching a uprobe to a function contained in a shared object in one such APK: they'd have to find the byte offset of said function from the beginning of the archive. That is cumbersome to do manually and can be fragile, because various changes could invalidate said offset. That is why for uprobes inside ELF files (not inside an APK), commit d112c9ce249b ("libbpf: Support function name-based attach uprobes") added support for attaching to symbols by name. On Android, that mechanism currently does not work, because this logic is not APK aware. This patch set introduces first class support for attaching uprobes to functions inside ELF objects contained in APKs via function names. We add support for recognizing the following syntax for a binary path: <archive>!/<binary-in-archive> (e.g., /system/app/test-app.apk!/lib/arm64-v8a/libc++.so) This syntax is common in the Android eco system and used by tools such as simpleperf. It is also what is being proposed for bcc [0]. If the user provides such a binary path, we find <binary-in-archive> (lib/arm64-v8a/libc++.so in the example) inside of <archive> (/system/app/test-app.apk). We perform the regular ELF offset search inside the binary and add that to the offset within the archive itself, to retrieve the offset at which to attach the uprobe. [0] https://github.com/iovisor/bcc/pull/4440 Daniel Müller (3): libbpf: Implement basic zip archive parsing support libbpf: Introduce elf_find_func_offset_from_file() function libbpf: Add support for attaching uprobes to shared objects in APKs tools/lib/bpf/Build | 2 +- tools/lib/bpf/libbpf.c | 142 ++++++++++++++---- tools/lib/bpf/zip.c | 326 +++++++++++++++++++++++++++++++++++++++++ tools/lib/bpf/zip.h | 47 ++++++ 4 files changed, 489 insertions(+), 28 deletions(-) create mode 100644 tools/lib/bpf/zip.c create mode 100644 tools/lib/bpf/zip.h