bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Yafang Shao <laoar.shao@gmail.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: ast@kernel.org, daniel@iogearbox.net, john.fastabend@gmail.com,
	 andrii@kernel.org, martin.lau@linux.dev, song@kernel.org,
	yhs@fb.com,  kpsingh@kernel.org, sdf@google.com,
	haoluo@google.com, jolsa@kernel.org,  quentin@isovalent.com,
	rostedt@goodmis.org, mhiramat@kernel.org,  bpf@vger.kernel.org,
	linux-trace-kernel@vger.kernel.org
Subject: Re: [PATCH v5 bpf-next 09/11] bpf: Support ->fill_link_info for perf_event
Date: Sun, 25 Jun 2023 22:35:29 +0800	[thread overview]
Message-ID: <CALOAHbD3y9P6kXBNdU-zVsVtUDv138D+dJi2=Vn0ryxVYAMJ_g@mail.gmail.com> (raw)
In-Reply-To: <CAEf4Bzadyzhncvqv85W=tF+EZLjnUww_ZRCAr6mf-aL5p9P1SA@mail.gmail.com>

On Sat, Jun 24, 2023 at 5:55 AM Andrii Nakryiko
<andrii.nakryiko@gmail.com> wrote:
>
> On Fri, Jun 23, 2023 at 7:16 AM Yafang Shao <laoar.shao@gmail.com> wrote:
> >
> > By introducing support for ->fill_link_info to the perf_event link, users
> > gain the ability to inspect it using `bpftool link show`. While the current
> > approach involves accessing this information via `bpftool perf show`,
> > consolidating link information for all link types in one place offers
> > greater convenience. Additionally, this patch extends support to the
> > generic perf event, which is not currently accommodated by
> > `bpftool perf show`. While only the perf type and config are exposed to
> > userspace, other attributes such as sample_period and sample_freq are
> > ignored. It's important to note that if kptr_restrict is not permitted, the
> > probed address will not be exposed, maintaining security measures.
> >
> > A new enum bpf_perf_event_type is introduced to help the user understand
> > which struct is relevant.
> >
> > Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> > ---
> >  include/uapi/linux/bpf.h       |  35 +++++++++++++
> >  kernel/bpf/syscall.c           | 115 +++++++++++++++++++++++++++++++++++++++++
> >  tools/include/uapi/linux/bpf.h |  35 +++++++++++++
> >  3 files changed, 185 insertions(+)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index 23691ea..1c579d5 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -1056,6 +1056,14 @@ enum bpf_link_type {
> >         MAX_BPF_LINK_TYPE,
> >  };
> >
> > +enum bpf_perf_event_type {
> > +       BPF_PERF_EVENT_UNSPEC = 0,
> > +       BPF_PERF_EVENT_UPROBE = 1,
> > +       BPF_PERF_EVENT_KPROBE = 2,
> > +       BPF_PERF_EVENT_TRACEPOINT = 3,
> > +       BPF_PERF_EVENT_EVENT = 4,
> > +};
> > +
> >  /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
> >   *
> >   * NONE(default): No further bpf programs allowed in the subtree.
> > @@ -6443,6 +6451,33 @@ struct bpf_link_info {
> >                         __u32 count;
> >                         __u32 flags;
> >                 } kprobe_multi;
> > +               struct {
> > +                       __u32 type; /* enum bpf_perf_event_type */
> > +                       __u32 :32;
> > +                       union {
> > +                               struct {
> > +                                       __aligned_u64 file_name; /* in/out */
> > +                                       __u32 name_len;
> > +                                       __u32 offset;/* offset from file_name */
> > +                                       __u32 flags;
> > +                               } uprobe; /* BPF_PERF_EVENT_UPROBE */
> > +                               struct {
> > +                                       __aligned_u64 func_name; /* in/out */
> > +                                       __u32 name_len;
> > +                                       __u32 offset;/* offset from func_name */
> > +                                       __u64 addr;
> > +                                       __u32 flags;
> > +                               } kprobe; /* BPF_PERF_EVENT_KPROBE */
> > +                               struct {
> > +                                       __aligned_u64 tp_name;   /* in/out */
> > +                                       __u32 name_len;
> > +                               } tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
> > +                               struct {
> > +                                       __u64 config;
> > +                                       __u32 type;
> > +                               } event; /* BPF_PERF_EVENT_EVENT */
> > +                       };
> > +               } perf_event;
> >         };
> >  } __attribute__((aligned(8)));
> >
> > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> > index c863d39..02dad3c 100644
> > --- a/kernel/bpf/syscall.c
> > +++ b/kernel/bpf/syscall.c
> > @@ -3394,9 +3394,124 @@ static int bpf_perf_link_fill_common(const struct perf_event *event,
> >         return 0;
> >  }
> >
> > +#ifdef CONFIG_KPROBE_EVENTS
> > +static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
> > +                                    struct bpf_link_info *info)
> > +{
> > +       char __user *uname;
> > +       u64 addr, offset;
> > +       u32 ulen, type;
> > +       int err;
> > +
> > +       uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
> > +       ulen = info->perf_event.kprobe.name_len;
> > +       info->perf_event.type = BPF_PERF_EVENT_KPROBE;
> > +       err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> > +                                       &type);
> > +       if (err)
> > +               return err;
> > +
> > +       info->perf_event.kprobe.offset = offset;
> > +       if (type == BPF_FD_TYPE_KRETPROBE)
> > +               info->perf_event.kprobe.flags = 1;
>
> hm... ok, sorry, I didn't realize that these flags are not part of
> UAPI. I don't think just randomly defining 1 to mean retprobe is a
> good approach. Let's drop flags if there are actually no flags.
>
> How about in addition to BPF_PERF_EVENT_UPROBE add
> BPF_PERF_EVENT_URETPROBE, and for BPF_PERF_EVENT_KPROBE add also
> BPF_PERF_EVENT_KRETPROBE. They will share respective perf_event.uprobe
> and perf_event.kprobe sections in bpf_link_info.
>
> It seems consistent with what we did for bpf_task_fd_type enum.

Good idea. Will do it.


-- 
Regards
Yafang

  reply	other threads:[~2023-06-25 14:36 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-23 14:15 [PATCH v5 bpf-next 00/11] bpf: Support ->fill_link_info for kprobe_multi and perf_event links Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 01/11] bpf: Support ->fill_link_info for kprobe_multi Yafang Shao
2023-06-23 21:45   ` Andrii Nakryiko
2023-06-25 14:34     ` Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 02/11] bpftool: Dump the kernel symbol's module name Yafang Shao
2023-06-23 16:48   ` Quentin Monnet
2023-06-23 14:15 ` [PATCH v5 bpf-next 03/11] bpftool: Show kprobe_multi link info Yafang Shao
2023-06-23 16:48   ` Quentin Monnet
2023-06-25 14:29     ` Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 04/11] bpf: Protect probed address based on kptr_restrict setting Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 05/11] bpf: Clear the probe_addr for uprobe Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 06/11] bpf: Expose symbol's respective address Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 07/11] bpf: Add a common helper bpf_copy_to_user() Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 08/11] bpf: Add bpf_perf_link_fill_common() Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 09/11] bpf: Support ->fill_link_info for perf_event Yafang Shao
2023-06-23 21:55   ` Andrii Nakryiko
2023-06-25 14:35     ` Yafang Shao [this message]
2023-06-23 14:15 ` [PATCH v5 bpf-next 10/11] bpftool: Add perf event names Yafang Shao
2023-06-23 16:49   ` Quentin Monnet
2023-06-25 14:30     ` Yafang Shao
2023-06-23 14:15 ` [PATCH v5 bpf-next 11/11] bpftool: Show perf link info Yafang Shao
2023-06-23 16:49   ` Quentin Monnet
2023-06-25 14:31     ` Yafang Shao
2023-06-23 17:13   ` Alexei Starovoitov
2023-06-25 14:32     ` Yafang Shao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALOAHbD3y9P6kXBNdU-zVsVtUDv138D+dJi2=Vn0ryxVYAMJ_g@mail.gmail.com' \
    --to=laoar.shao@gmail.com \
    --cc=andrii.nakryiko@gmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=haoluo@google.com \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mhiramat@kernel.org \
    --cc=quentin@isovalent.com \
    --cc=rostedt@goodmis.org \
    --cc=sdf@google.com \
    --cc=song@kernel.org \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).