* [PATCH v5] libbpf: kprobe.multi: Filter with available_filter_functions
@ 2023-05-26 12:20 Jackie Liu
0 siblings, 0 replies; 4+ messages in thread
From: Jackie Liu @ 2023-05-26 12:20 UTC (permalink / raw)
To: olsajiri, andrii; +Cc: martin.lau, song, yhs, bpf, liuyun01
From: Jackie Liu <liuyun01@kylinos.cn>
When using regular expression matching with "kprobe multi", it scans all
the functions under "/proc/kallsyms" that can be matched. However, not all
of them can be traced by kprobe.multi. If any one of the functions fails
to be traced, it will result in the failure of all functions. The best
approach is to filter out the functions that cannot be traced to ensure
proper tracking of the functions.
Use available_filter_functions check first, if failed, fallback to
kallsyms.
Here is the test eBPF program [1].
[1] https://github.com/JackieLiu1/ketones/commit/a9e76d1ba57390e533b8b3eadde97f7a4535e867
Suggested-by: Jiri Olsa <olsajiri@gmail.com>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
---
tools/lib/bpf/libbpf.c | 100 ++++++++++++++++++++++++++++++++++++++---
1 file changed, 93 insertions(+), 7 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index ad1ec893b41b..0914b7e98e30 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10106,6 +10106,12 @@ static const char *tracefs_uprobe_events(void)
return use_debugfs() ? DEBUGFS"/uprobe_events" : TRACEFS"/uprobe_events";
}
+static const char *tracefs_available_filter_functions(void)
+{
+ return use_debugfs() ? DEBUGFS"/available_filter_functions" :
+ TRACEFS"/available_filter_functions";
+}
+
static void gen_kprobe_legacy_event_name(char *buf, size_t buf_sz,
const char *kfunc_name, size_t offset)
{
@@ -10417,13 +10423,14 @@ static bool glob_match(const char *str, const char *pat)
struct kprobe_multi_resolve {
const char *pattern;
unsigned long *addrs;
+ const char **syms;
size_t cap;
size_t cnt;
};
static int
-resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
- const char *sym_name, void *ctx)
+kallsyms_resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
+ const char *sym_name, void *ctx)
{
struct kprobe_multi_resolve *res = ctx;
int err;
@@ -10440,6 +10447,77 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
return 0;
}
+static int ftrace_resolve_kprobe_multi_cb(const char *sym_name, void *ctx)
+{
+ struct kprobe_multi_resolve *res = ctx;
+ int err;
+ char *name;
+
+ if (!glob_match(sym_name, res->pattern))
+ return 0;
+
+ err = libbpf_ensure_mem((void **) &res->syms, &res->cap,
+ sizeof(const char *), res->cnt + 1);
+ if (err)
+ return err;
+
+ name = strdup(sym_name);
+ if (!name)
+ return -errno;
+
+ res->syms[res->cnt++] = name;
+ return 0;
+}
+
+typedef int (*available_kprobe_cb_t)(const char *sym_name, void *ctx);
+
+static int
+libbpf_available_kprobes_parse(available_kprobe_cb_t cb, void *ctx)
+{
+ char sym_name[256];
+ FILE *f;
+ int ret, err = 0;
+ const char *available_path = tracefs_available_filter_functions();
+
+ f = fopen(available_path, "r");
+ if (!f) {
+ err = -errno;
+ pr_warn("failed to open %s, fallback to /proc/kallsyms.\n",
+ available_path);
+ return err;
+ }
+
+ while (true) {
+ ret = fscanf(f, "%255s%*[^\n]\n", sym_name);
+ if (ret == EOF && feof(f))
+ break;
+ if (ret != 1) {
+ pr_warn("failed to read available kprobe entry: %d\n",
+ ret);
+ err = -EINVAL;
+ break;
+ }
+
+ err = cb(sym_name, ctx);
+ if (err)
+ break;
+ }
+
+ fclose(f);
+ return err;
+}
+
+static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
+{
+ while (res->syms && res->cnt)
+ free((char *)res->syms[--res->cnt]);
+
+ free(res->syms);
+ free(res->addrs);
+ /* reset cap to zero, when fallback */
+ res->cap = 0;
+}
+
struct bpf_link *
bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
const char *pattern,
@@ -10476,13 +10554,21 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
return libbpf_err_ptr(-EINVAL);
if (pattern) {
- err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
- if (err)
- goto error;
+ err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
+ &res);
+ if (err) {
+ /* fallback to kallsyms */
+ kprobe_multi_resolve_free(&res);
+ err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
+ &res);
+ if (err)
+ goto error;
+ }
if (!res.cnt) {
err = -ENOENT;
goto error;
}
+ syms = res.syms;
addrs = res.addrs;
cnt = res.cnt;
}
@@ -10511,12 +10597,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
goto error;
}
link->fd = link_fd;
- free(res.addrs);
+ kprobe_multi_resolve_free(&res);
return link;
error:
free(link);
- free(res.addrs);
+ kprobe_multi_resolve_free(&res);
return libbpf_err_ptr(err);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v5] libbpf: kprobe.multi: Filter with available_filter_functions
2023-05-26 9:53 ` Jiri Olsa
@ 2023-05-26 12:18 ` Jackie Liu
0 siblings, 0 replies; 4+ messages in thread
From: Jackie Liu @ 2023-05-26 12:18 UTC (permalink / raw)
To: Jiri Olsa; +Cc: andrii, martin.lau, song, yhs, bpf, liuyun01
在 2023/5/26 17:53, Jiri Olsa 写道:
> On Fri, May 26, 2023 at 10:10:47AM +0800, Jackie Liu wrote:
>
> SNIP
>
>> -resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
>> - const char *sym_name, void *ctx)
>> +kallsyms_resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
>> + const char *sym_name, void *ctx)
>> {
>> struct kprobe_multi_resolve *res = ctx;
>> int err;
>> @@ -10431,8 +10438,8 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
>> if (!glob_match(sym_name, res->pattern))
>> return 0;
>>
>> - err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long),
>> - res->cnt + 1);
>> + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap,
>> + sizeof(unsigned long), res->cnt + 1);
>
> hum, looks like this is just formatting change, AFAICS we don't need that
>
>> if (err)
>> return err;
>>
>> @@ -10440,6 +10447,75 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
>> return 0;
>> }
>>
>
> SNIP
>
>> +
>> +static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
>> +{
>> + while (res->syms && res->cnt)
>> + free((char *)res->syms[--res->cnt]);
>> +
>> + free(res->syms);
>> + free(res->addrs);
>
> we should set cnt and cap to zero for the fallback sake
It is necessary to set cap to 0, cnt is already 0, if syms exists.
>
>> +}
>> +
>> struct bpf_link *
>> bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> const char *pattern,
>> @@ -10476,13 +10552,20 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> return libbpf_err_ptr(-EINVAL);
>>
>> if (pattern) {
>> - err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
>> - if (err)
>> - goto error;
>> + err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
>> + &res);
>> + if (err) {
>> + /* fallback to kallsyms */
>
> we need to call kprobe_multi_resolve_free in here and set
> cnt/cap to zero in kprobe_multi_resolve_free
Yes.
>
> jirka
>
>> + err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
>> + &res);
>> + if (err)
>> + goto error;
>> + }
>> if (!res.cnt) {
>> err = -ENOENT;
>> goto error;
>> }
>> + syms = res.syms;
>> addrs = res.addrs;
>> cnt = res.cnt;
>> }
>> @@ -10511,12 +10594,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> goto error;
>> }
>> link->fd = link_fd;
>> - free(res.addrs);
>> + kprobe_multi_resolve_free(&res);
>> return link;
>>
>> error:
>> free(link);
>> - free(res.addrs);
>> + kprobe_multi_resolve_free(&res);
>> return libbpf_err_ptr(err);
>> }
>>
>> --
>> 2.25.1
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v5] libbpf: kprobe.multi: Filter with available_filter_functions
2023-05-26 2:10 ` [PATCH v5] " Jackie Liu
@ 2023-05-26 9:53 ` Jiri Olsa
2023-05-26 12:18 ` Jackie Liu
0 siblings, 1 reply; 4+ messages in thread
From: Jiri Olsa @ 2023-05-26 9:53 UTC (permalink / raw)
To: Jackie Liu; +Cc: olsajiri, andrii, martin.lau, song, yhs, bpf, liuyun01
On Fri, May 26, 2023 at 10:10:47AM +0800, Jackie Liu wrote:
SNIP
> -resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
> - const char *sym_name, void *ctx)
> +kallsyms_resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
> + const char *sym_name, void *ctx)
> {
> struct kprobe_multi_resolve *res = ctx;
> int err;
> @@ -10431,8 +10438,8 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
> if (!glob_match(sym_name, res->pattern))
> return 0;
>
> - err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long),
> - res->cnt + 1);
> + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap,
> + sizeof(unsigned long), res->cnt + 1);
hum, looks like this is just formatting change, AFAICS we don't need that
> if (err)
> return err;
>
> @@ -10440,6 +10447,75 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
> return 0;
> }
>
SNIP
> +
> +static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
> +{
> + while (res->syms && res->cnt)
> + free((char *)res->syms[--res->cnt]);
> +
> + free(res->syms);
> + free(res->addrs);
we should set cnt and cap to zero for the fallback sake
> +}
> +
> struct bpf_link *
> bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> const char *pattern,
> @@ -10476,13 +10552,20 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> return libbpf_err_ptr(-EINVAL);
>
> if (pattern) {
> - err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
> - if (err)
> - goto error;
> + err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
> + &res);
> + if (err) {
> + /* fallback to kallsyms */
we need to call kprobe_multi_resolve_free in here and set
cnt/cap to zero in kprobe_multi_resolve_free
jirka
> + err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
> + &res);
> + if (err)
> + goto error;
> + }
> if (!res.cnt) {
> err = -ENOENT;
> goto error;
> }
> + syms = res.syms;
> addrs = res.addrs;
> cnt = res.cnt;
> }
> @@ -10511,12 +10594,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> goto error;
> }
> link->fd = link_fd;
> - free(res.addrs);
> + kprobe_multi_resolve_free(&res);
> return link;
>
> error:
> free(link);
> - free(res.addrs);
> + kprobe_multi_resolve_free(&res);
> return libbpf_err_ptr(err);
> }
>
> --
> 2.25.1
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v5] libbpf: kprobe.multi: Filter with available_filter_functions
2023-05-25 20:43 [PATCH v4] " Andrii Nakryiko
@ 2023-05-26 2:10 ` Jackie Liu
2023-05-26 9:53 ` Jiri Olsa
0 siblings, 1 reply; 4+ messages in thread
From: Jackie Liu @ 2023-05-26 2:10 UTC (permalink / raw)
To: olsajiri, andrii; +Cc: martin.lau, song, yhs, bpf, liuyun01
From: Jackie Liu <liuyun01@kylinos.cn>
When using regular expression matching with "kprobe multi", it scans all
the functions under "/proc/kallsyms" that can be matched. However, not all
of them can be traced by kprobe.multi. If any one of the functions fails
to be traced, it will result in the failure of all functions. The best
approach is to filter out the functions that cannot be traced to ensure
proper tracking of the functions.
Use available_filter_functions check first, if failed, fallback to
kallsyms.
Here is the test eBPF program [1].
[1] https://github.com/JackieLiu1/ketones/commit/a9e76d1ba57390e533b8b3eadde97f7a4535e867
Suggested-by: Jiri Olsa <olsajiri@gmail.com>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
---
tools/lib/bpf/libbpf.c | 101 +++++++++++++++++++++++++++++++++++++----
1 file changed, 92 insertions(+), 9 deletions(-)
diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index ad1ec893b41b..5aac8fe76c0a 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10106,6 +10106,12 @@ static const char *tracefs_uprobe_events(void)
return use_debugfs() ? DEBUGFS"/uprobe_events" : TRACEFS"/uprobe_events";
}
+static const char *tracefs_available_filter_functions(void)
+{
+ return use_debugfs() ? DEBUGFS"/available_filter_functions" :
+ TRACEFS"/available_filter_functions";
+}
+
static void gen_kprobe_legacy_event_name(char *buf, size_t buf_sz,
const char *kfunc_name, size_t offset)
{
@@ -10417,13 +10423,14 @@ static bool glob_match(const char *str, const char *pat)
struct kprobe_multi_resolve {
const char *pattern;
unsigned long *addrs;
+ const char **syms;
size_t cap;
size_t cnt;
};
static int
-resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
- const char *sym_name, void *ctx)
+kallsyms_resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
+ const char *sym_name, void *ctx)
{
struct kprobe_multi_resolve *res = ctx;
int err;
@@ -10431,8 +10438,8 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
if (!glob_match(sym_name, res->pattern))
return 0;
- err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long),
- res->cnt + 1);
+ err = libbpf_ensure_mem((void **) &res->addrs, &res->cap,
+ sizeof(unsigned long), res->cnt + 1);
if (err)
return err;
@@ -10440,6 +10447,75 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
return 0;
}
+static int ftrace_resolve_kprobe_multi_cb(const char *sym_name, void *ctx)
+{
+ struct kprobe_multi_resolve *res = ctx;
+ int err;
+ char *name;
+
+ if (!glob_match(sym_name, res->pattern))
+ return 0;
+
+ err = libbpf_ensure_mem((void **) &res->syms, &res->cap,
+ sizeof(const char *), res->cnt + 1);
+ if (err)
+ return err;
+
+ name = strdup(sym_name);
+ if (!name)
+ return -errno;
+
+ res->syms[res->cnt++] = name;
+ return 0;
+}
+
+typedef int (*available_kprobe_cb_t)(const char *sym_name, void *ctx);
+
+static int
+libbpf_available_kprobes_parse(available_kprobe_cb_t cb, void *ctx)
+{
+ char sym_name[256];
+ FILE *f;
+ int ret, err = 0;
+ const char *available_path = tracefs_available_filter_functions();
+
+ f = fopen(available_path, "r");
+ if (!f) {
+ err = -errno;
+ pr_warn("failed to open %s, fallback to /proc/kallsyms.\n",
+ available_path);
+ return err;
+ }
+
+ while (true) {
+ ret = fscanf(f, "%255s%*[^\n]\n", sym_name);
+ if (ret == EOF && feof(f))
+ break;
+ if (ret != 1) {
+ pr_warn("failed to read available kprobe entry: %d\n",
+ ret);
+ err = -EINVAL;
+ break;
+ }
+
+ err = cb(sym_name, ctx);
+ if (err)
+ break;
+ }
+
+ fclose(f);
+ return err;
+}
+
+static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
+{
+ while (res->syms && res->cnt)
+ free((char *)res->syms[--res->cnt]);
+
+ free(res->syms);
+ free(res->addrs);
+}
+
struct bpf_link *
bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
const char *pattern,
@@ -10476,13 +10552,20 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
return libbpf_err_ptr(-EINVAL);
if (pattern) {
- err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
- if (err)
- goto error;
+ err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
+ &res);
+ if (err) {
+ /* fallback to kallsyms */
+ err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
+ &res);
+ if (err)
+ goto error;
+ }
if (!res.cnt) {
err = -ENOENT;
goto error;
}
+ syms = res.syms;
addrs = res.addrs;
cnt = res.cnt;
}
@@ -10511,12 +10594,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
goto error;
}
link->fd = link_fd;
- free(res.addrs);
+ kprobe_multi_resolve_free(&res);
return link;
error:
free(link);
- free(res.addrs);
+ kprobe_multi_resolve_free(&res);
return libbpf_err_ptr(err);
}
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-05-26 12:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-26 12:20 [PATCH v5] libbpf: kprobe.multi: Filter with available_filter_functions Jackie Liu
-- strict thread matches above, loose matches on Subject: below --
2023-05-25 20:43 [PATCH v4] " Andrii Nakryiko
2023-05-26 2:10 ` [PATCH v5] " Jackie Liu
2023-05-26 9:53 ` Jiri Olsa
2023-05-26 12:18 ` Jackie Liu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).