From: Yonghong Song <yhs@fb.com>
To: Hengqi Chen <hengqi.chen@gmail.com>, <bpf@vger.kernel.org>,
<andrii@kernel.org>
Subject: Re: [PATCH bpf-next 1/2] libbpf: Add BPF_KPROBE_SYSCALL/BPF_KRETPROBE_SYSCALL macros
Date: Tue, 21 Dec 2021 07:53:51 -0800 [thread overview]
Message-ID: <5e8cf0c3-1d76-848a-cad0-f39d0167e347@fb.com> (raw)
In-Reply-To: <20211221055312.3371414-2-hengqi.chen@gmail.com>
On 12/20/21 9:53 PM, Hengqi Chen wrote:
> Add syscall-specific variants of BPF_KPROBE/BPF_KRETPROBE named
> BPF_KPROBE_SYSCALL/BPF_KRETPROBE_SYSCALL ([0]). These new macros
> hide the underlying way of getting syscall input arguments and
> return values. With these new macros, the following code:
>
> SEC("kprobe/__x64_sys_close")
> int BPF_KPROBE(do_sys_close, struct pt_regs *regs)
> {
> int fd;
>
> fd = PT_REGS_PARM1_CORE(regs);
> /* do something with fd */
> }
>
> can be written as:
>
> SEC("kprobe/__x64_sys_close")
> int BPF_KPROBE_SYSCALL(do_sys_close, int fd)
> {
> /* do something with fd */
> }
>
> [0] Closes: https://github.com/libbpf/libbpf/issues/425
>
> Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
> ---
> tools/lib/bpf/bpf_tracing.h | 45 +++++++++++++++++++++++++++++++++++++
> 1 file changed, 45 insertions(+)
>
> diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
> index db05a5937105..eb4b567e443f 100644
> --- a/tools/lib/bpf/bpf_tracing.h
> +++ b/tools/lib/bpf/bpf_tracing.h
> @@ -489,4 +489,49 @@ typeof(name(0)) name(struct pt_regs *ctx) \
> } \
> static __always_inline typeof(name(0)) ____##name(struct pt_regs *ctx, ##args)
>
> +#define ___bpf_syscall_args0() ctx, regs
> +#define ___bpf_syscall_args1(x) \
> + ___bpf_syscall_args0(), (void *)PT_REGS_PARM1_CORE(regs)
> +#define ___bpf_syscall_args2(x, args...) \
> + ___bpf_syscall_args1(args), (void *)PT_REGS_PARM2_CORE(regs)
> +#define ___bpf_syscall_args3(x, args...) \
> + ___bpf_syscall_args2(args), (void *)PT_REGS_PARM3_CORE(regs)
> +#define ___bpf_syscall_args4(x, args...) \
> + ___bpf_syscall_args3(args), (void *)PT_REGS_PARM4_CORE(regs)
We probably need to use a syscall variant of PT_REGS_PARAM4 here, see
https://lore.kernel.org/bpf/TYCPR01MB59360988D96E23FBA97DAE0AF57C9@TYCPR01MB5936.jpnprd01.prod.outlook.com/
> +#define ___bpf_syscall_args5(x, args...) \
> + ___bpf_syscall_args4(args), (void *)PT_REGS_PARM5_CORE(regs)
> +#define ___bpf_syscall_args(args...) \
> + ___bpf_apply(___bpf_syscall_args, ___bpf_narg(args))(args)
> +
> +/*
> + * BPF_KPROBE_SYSCALL is a variant of BPF_KPROBE, which is intended for
> + * tracing syscall functions. It hides the underlying platform-specific
> + * low-level way of getting syscall input arguments from struct pt_regs, and
> + * provides a familiar typed and named function arguments syntax and
> + * semantics of accessing syscall input paremeters.
> + *
> + * Original struct pt_regs* context is preserved as 'ctx' argument. This might
> + * be necessary when using BPF helpers like bpf_perf_event_output().
> + */
> +#define BPF_KPROBE_SYSCALL(name, args...) \
> +name(struct pt_regs *ctx); \
> +static __attribute__((always_inline)) typeof(name(0)) \
> +____##name(struct pt_regs *ctx, struct pt_regs *regs, ##args); \
> +typeof(name(0)) name(struct pt_regs *ctx) \
> +{ \
> + _Pragma("GCC diagnostic push") \
> + _Pragma("GCC diagnostic ignored \"-Wint-conversion\"") \
> + struct pt_regs *regs = PT_REGS_PARM1(ctx); \
> + return ____##name(___bpf_syscall_args(args)); \
> + _Pragma("GCC diagnostic pop") \
> +} \
> +static __attribute__((always_inline)) typeof(name(0)) \
> +____##name(struct pt_regs *ctx, struct pt_regs *regs, ##args)
> +
> +/*
> + * BPF_KRETPROBE_SYSCALL is just an alias to BPF_KRETPROBE,
> + * it provides optional return value (in addition to `struct pt_regs *ctx`)
> + */
> +#define BPF_KRETPROBE_SYSCALL BPF_KRETPROBE
> +
> #endif
> --
> 2.30.2
next prev parent reply other threads:[~2021-12-21 15:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 5:53 [PATCH bpf-next 0/2] libbpf: Add syscall-specific variants of BPF_KPROBE/BPF_KRETPROBE Hengqi Chen
2021-12-21 5:53 ` [PATCH bpf-next 1/2] libbpf: Add BPF_KPROBE_SYSCALL/BPF_KRETPROBE_SYSCALL macros Hengqi Chen
2021-12-21 15:53 ` Yonghong Song [this message]
2021-12-22 0:18 ` Andrii Nakryiko
2021-12-23 12:11 ` Hengqi Chen
2022-01-06 20:27 ` Andrii Nakryiko
2021-12-21 5:53 ` [PATCH bpf-next 2/2] selftests/bpf: Test " Hengqi Chen
2021-12-22 0:34 ` Andrii Nakryiko
2021-12-22 0:37 ` Andrii Nakryiko
2021-12-23 12:16 ` Hengqi Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5e8cf0c3-1d76-848a-cad0-f39d0167e347@fb.com \
--to=yhs@fb.com \
--cc=andrii@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=hengqi.chen@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.