Introduce build target initramfs.gz

`make initramfs.gz` builds an `initramfs.gz` that contains all quark utilities statically compiled, as well as a super simple init that sets the environment so that quark can run. The purpose is to be able to test different kernels and run `quark-mon` or `quark-btf` as you run normally. This is the main infrastructure for the future `quark-test` which will be a single binary that tests "everything", it forks, execs, and whatnot. How to test it: $ make initramfs.gz $ qemu-system-x86_64 -initrd initramfs.gz -kernel linux-image-x86_64-5.10.92-2 \ -nographic --append "console=ttyS0 quark-mon -kvvv" You can pass parameters normally to the binary, see `append` above.
elastic · Oct 15, 2024 · b6beeea · b6beeea
1 parent 1d3f164
commit b6beeea
Show file tree

Hide file tree

Showing 7 changed files with 114 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,12 +4,17 @@
 *.svg
 cscope.*
 quark-mon
+quark-mon-static
 quark-btf
+quark-btf-static
+init
 libquark.a
 libquark_big.a
 bpf_prog_skel.h
 manhtml/*.html
 elftoolchain/libelf/libelf_pic.a
+initramfs/
+initramfs.gz
 # include is where we install libbpf headers
 include
 # These are autogenerated

diff --git a/Makefile b/Makefile
@@ -74,7 +74,14 @@ EEBPF_INCLUDES:= -Ielastic-ebpf/GPL/Events -Ielastic-ebpf/contrib/vmlinux/$(ARCH
 
 # LIBQUARK
 LIBQUARK_DEPS:= $(wildcard *.h) bpf_prog_skel.h $(EEBPF_FILES) include
-LIBQUARK_SRCS:= $(filter-out bpf_prog.c quark-mon.c quark-btf.c,$(wildcard *.c))
+LIBQUARK_SRCS:=			\
+	bpf_queue.c		\
+	btf.c			\
+	btfhub.c		\
+	compat.c		\
+	kprobe_queue.c		\
+	quark.c			\
+	qutil.c
 LIBQUARK_OBJS:= $(patsubst %.c,%.o,$(LIBQUARK_SRCS))
 LIBQUARK_STATIC:= libquark.a
 LIBQUARK_STATIC_BIG:= libquark_big.a
@@ -256,6 +263,19 @@ include: $(LIBBPF_DEPS)
 
 svg: $(SVGS)
 
+initramfs:
+	mkdir initramfs
+
+initramfs.gz: init quark-mon-static quark-btf-static initramfs
+	cp init initramfs/
+	cp quark-mon-static initramfs/quark-mon
+	cp quark-btf-static initramfs/quark-btf
+	cd initramfs && find . -print0 | cpio -0 -ov --format=newc | gzip -9 > ../$@
+
+init: init.c
+	$(call msg,CC,$@)
+	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) $(CDIAGFLAGS) -static -o $@ $^
+
 quark-mon: quark-mon.c $(LIBQUARK_STATIC_BIG)
 	$(call msg,CC,$@)
 	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) $(CDIAGFLAGS) -o $@ $^
@@ -264,6 +284,14 @@ quark-btf: quark-btf.c $(LIBQUARK_STATIC_BIG)
 	$(call msg,CC,$@)
 	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) $(CDIAGFLAGS) -o $@ $^
 
+quark-mon-static: quark-mon.c $(LIBQUARK_STATIC_BIG)
+	$(call msg,CC,$@)
+	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -DNO_PRIVDROP $(CDIAGFLAGS) -static -o $@ $^
+
+quark-btf-static: quark-btf.c $(LIBQUARK_STATIC_BIG)
+	$(call msg,CC,$@)
+	$(Q)$(CC) $(CFLAGS) $(CPPFLAGS) $(CDIAGFLAGS) -static -o $@ $^
+
 docs/index.html: docs/quark.7.html
 	$(call msg,CP,index.html)
 	$(Q)cp $< $@
@@ -295,7 +323,16 @@ eebpf-sync:
 
 clean:
 	$(call msg,CLEAN)
-	$(Q)rm -f *.o *.a quark-mon quark-btf bpf_prog_skel.h
+	$(Q)rm -f			\
+		*.o			\
+		*.a			\
+		quark-mon		\
+		quark-mon-static	\
+		quark-btf		\
+		quark-btf-static	\
+		btf_prog_skel.h		\
+		init
+	$(Q)rm -rf initramfs
 
 clean-all: clean
 	$(call msg,CLEAN-ALL)
@@ -332,6 +369,7 @@ clean-docs:
 	docker			\
 	docker-cross-arm64	\
 	docker-image		\
-	docker-shell
+	docker-shell		\
+	initramfs.gz
 
 .SUFFIXES:
diff --git a/docs/index.html b/docs/index.html
@@ -217,7 +217,16 @@ <h1 class="Sh" id="BUILDING"><a class="permalink" href="#BUILDING">BUILDING</a><
   <dd>Copies the files from EEBPF_PATH used by <code class="Nm">quark</code>.
       Usage:
     <div class="Bd Pp Li">
-    <pre>make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf</pre>
+    <pre>$ make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf</pre>
+    </div>
+  </dd>
+  <dt id="initramfs.gz"><a class="permalink" href="#initramfs.gz"><i class="Em">initramfs.gz</i></a></dt>
+  <dd>Build a initramfs file containing all quark binaries so that it can be run
+      as the init process on boot, useful for testing any kernel under qemu,
+      notice how you can pass parameters normally to quark-mon:
+    <div class="Bd Pp Li">
+    <pre>$ make initramfs.gz
+$ qemu-system-x86_64 -initrd initramfs.gz -kernel linux-image-x86_64-5.10.92-2 -nographic --append &quot;console=ttyS0 quark-mon -kvvv&quot;</pre>
     </div>
   </dd>
 </dl>
@@ -378,7 +387,7 @@ <h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">October 14, 2024</td>
+    <td class="foot-date">October 15, 2024</td>
     <td class="foot-os">Linux</td>
   </tr>
 </table>

diff --git a/docs/quark.7.html b/docs/quark.7.html
@@ -217,7 +217,16 @@ <h1 class="Sh" id="BUILDING"><a class="permalink" href="#BUILDING">BUILDING</a><
   <dd>Copies the files from EEBPF_PATH used by <code class="Nm">quark</code>.
       Usage:
     <div class="Bd Pp Li">
-    <pre>make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf</pre>
+    <pre>$ make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf</pre>
+    </div>
+  </dd>
+  <dt id="initramfs.gz"><a class="permalink" href="#initramfs.gz"><i class="Em">initramfs.gz</i></a></dt>
+  <dd>Build a initramfs file containing all quark binaries so that it can be run
+      as the init process on boot, useful for testing any kernel under qemu,
+      notice how you can pass parameters normally to quark-mon:
+    <div class="Bd Pp Li">
+    <pre>$ make initramfs.gz
+$ qemu-system-x86_64 -initrd initramfs.gz -kernel linux-image-x86_64-5.10.92-2 -nographic --append &quot;console=ttyS0 quark-mon -kvvv&quot;</pre>
     </div>
   </dd>
 </dl>
@@ -378,7 +387,7 @@ <h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">October 14, 2024</td>
+    <td class="foot-date">October 15, 2024</td>
     <td class="foot-os">Linux</td>
   </tr>
 </table>

diff --git a/init.c b/init.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: Apache-2.0
+/* Copyright (c) 2024 Elastic NV */
+
+#include <err.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <sys/mount.h>
+#include <sys/stat.h>
+
+int
+main(int argc, char *argv[])
+{
+	if (argc < 2)
+		err(1, "no binary to execute");
+
+	argc--;
+	argv++;
+
+	if (mkdir("/proc", 0666) != 0)
+		err(1, "mkdir /proc");
+	if (mkdir("/sys", 0666) != 0)
+		err(1, "mkdir /sys");
+
+	if (mount("proc", "/proc", "proc", 0, NULL) == -1)
+		err(1, "mount /proc");
+	if (mount(NULL, "/sys", "sysfs", 0, NULL) == -1)
+		err(1, "mount /sys");
+	if (mount(NULL, "/sys/kernel/tracing", "tracefs", 0, NULL) == -1)
+		err(1, "mount /sys/kernel/tracing");
+
+	return (execv(argv[0], argv));
+}
diff --git a/quark-mon.c b/quark-mon.c
@@ -37,6 +37,9 @@ sigint_handler(int sig)
 static void
 priv_drop(void)
 {
+#ifdef NO_PRIVDROP
+	err(1, "built with NO_PRIVDROP");
+#else
 	struct passwd	*pw;
 
 	/* getpwnam_r is too painful for a demo */
@@ -56,6 +59,7 @@ priv_drop(void)
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		err(1, "error dropping privileges");
+#endif
 }
 
 static void

diff --git a/quark.7 b/quark.7
@@ -234,7 +234,15 @@ Copies the files from EEBPF_PATH used by
 .Nm .
 Usage:
 .Bd -literal
-make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf
+$ make eebpf-sync EEBPF_PATH=/my/path/to/elastic/ebpf
+.Ed
+.It Em initramfs.gz
+Build a initramfs file containing all quark binaries so that it can be run as
+the init process on boot, useful for testing any kernel under qemu, notice how
+you can pass parameters normally to quark-mon:
+.Bd -literal
+$ make initramfs.gz
+$ qemu-system-x86_64 -initrd initramfs.gz -kernel linux-image-x86_64-5.10.92-2 -nographic --append "console=ttyS0 quark-mon -kvvv"
 .Ed
 .El
 .Pp