From: Jiri Olsa <jolsa@redhat.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>,
lkml <linux-kernel@vger.kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
Yonghong Song <yhs@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@chromium.org>,
Steven Rostedt <rostedt@goodmis.org>,
Jiri Olsa <olsajiri@gmail.com>
Subject: Re: [PATCH 1/8] bpf: Add support to attach kprobe program with fprobe
Date: Tue, 8 Feb 2022 09:56:01 +0100 [thread overview]
Message-ID: <YgIwISCfw+DfIBTR@krava> (raw)
In-Reply-To: <CAEf4BzZYepTYLN6LrPAAaOXUtCBv07bQQJzgarntu03L+cj2GQ@mail.gmail.com>
On Mon, Feb 07, 2022 at 10:59:14AM -0800, Andrii Nakryiko wrote:
> On Wed, Feb 2, 2022 at 5:53 AM Jiri Olsa <jolsa@redhat.com> wrote:
> >
> > Adding new link type BPF_LINK_TYPE_FPROBE that attaches kprobe program
> > through fprobe API.
> >
> > The fprobe API allows to attach probe on multiple functions at once very
> > fast, because it works on top of ftrace. On the other hand this limits
> > the probe point to the function entry or return.
> >
> > The kprobe program gets the same pt_regs input ctx as when it's attached
> > through the perf API.
> >
> > Adding new attach type BPF_TRACE_FPROBE that enables such link for kprobe
> > program.
> >
> > User provides array of addresses or symbols with count to attach the kprobe
> > program to. The new link_create uapi interface looks like:
> >
> > struct {
> > __aligned_u64 syms;
> > __aligned_u64 addrs;
> > __u32 cnt;
> > __u32 flags;
> > } fprobe;
> >
> > The flags field allows single BPF_F_FPROBE_RETURN bit to create return fprobe.
> >
> > Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
> > Signed-off-by: Jiri Olsa <jolsa@kernel.org>
> > ---
> > include/linux/bpf_types.h | 1 +
> > include/uapi/linux/bpf.h | 13 ++
> > kernel/bpf/syscall.c | 248 ++++++++++++++++++++++++++++++++-
> > tools/include/uapi/linux/bpf.h | 13 ++
> > 4 files changed, 270 insertions(+), 5 deletions(-)
> >
>
> [...]
>
> >
> > +#ifdef CONFIG_FPROBE
> > +
> > +struct bpf_fprobe_link {
> > + struct bpf_link link;
> > + struct fprobe fp;
> > + unsigned long *addrs;
> > +};
> > +
> > +static void bpf_fprobe_link_release(struct bpf_link *link)
> > +{
> > + struct bpf_fprobe_link *fprobe_link;
> > +
> > + fprobe_link = container_of(link, struct bpf_fprobe_link, link);
> > + unregister_fprobe(&fprobe_link->fp);
> > +}
> > +
> > +static void bpf_fprobe_link_dealloc(struct bpf_link *link)
> > +{
> > + struct bpf_fprobe_link *fprobe_link;
> > +
> > + fprobe_link = container_of(link, struct bpf_fprobe_link, link);
> > + kfree(fprobe_link->addrs);
> > + kfree(fprobe_link);
> > +}
> > +
> > +static const struct bpf_link_ops bpf_fprobe_link_lops = {
> > + .release = bpf_fprobe_link_release,
> > + .dealloc = bpf_fprobe_link_dealloc,
> > +};
> > +
>
> should this whole new link implementation (including
> fprobe_link_prog_run() below) maybe live in kernel/trace/bpf_trace.c?
> Seems a bit more fitting than kernel/bpf/syscall.c
right, it's trace related
>
> > +static int fprobe_link_prog_run(struct bpf_fprobe_link *fprobe_link,
> > + struct pt_regs *regs)
> > +{
> > + int err;
> > +
> > + if (unlikely(__this_cpu_inc_return(bpf_prog_active) != 1)) {
> > + err = 0;
> > + goto out;
> > + }
> > +
> > + rcu_read_lock();
> > + migrate_disable();
> > + err = bpf_prog_run(fprobe_link->link.prog, regs);
> > + migrate_enable();
> > + rcu_read_unlock();
> > +
> > + out:
> > + __this_cpu_dec(bpf_prog_active);
> > + return err;
> > +}
> > +
> > +static void fprobe_link_entry_handler(struct fprobe *fp, unsigned long entry_ip,
> > + struct pt_regs *regs)
> > +{
> > + unsigned long saved_ip = instruction_pointer(regs);
> > + struct bpf_fprobe_link *fprobe_link;
> > +
> > + /*
> > + * Because fprobe's regs->ip is set to the next instruction of
> > + * dynamic-ftrace insturction, correct entry ip must be set, so
> > + * that the bpf program can access entry address via regs as same
> > + * as kprobes.
> > + */
> > + instruction_pointer_set(regs, entry_ip);
> > +
> > + fprobe_link = container_of(fp, struct bpf_fprobe_link, fp);
> > + fprobe_link_prog_run(fprobe_link, regs);
> > +
> > + instruction_pointer_set(regs, saved_ip);
> > +}
> > +
> > +static void fprobe_link_exit_handler(struct fprobe *fp, unsigned long entry_ip,
> > + struct pt_regs *regs)
>
> isn't it identical to fprobe_lnk_entry_handler? Maybe use one callback
> for both entry and exit?
heh, did not notice that :) yep, looks that way, will check
>
> > +{
> > + unsigned long saved_ip = instruction_pointer(regs);
> > + struct bpf_fprobe_link *fprobe_link;
> > +
> > + instruction_pointer_set(regs, entry_ip);
> > +
> > + fprobe_link = container_of(fp, struct bpf_fprobe_link, fp);
> > + fprobe_link_prog_run(fprobe_link, regs);
> > +
> > + instruction_pointer_set(regs, saved_ip);
> > +}
> > +
> > +static int fprobe_resolve_syms(const void *usyms, u32 cnt,
> > + unsigned long *addrs)
> > +{
> > + unsigned long addr, size;
> > + const char **syms;
> > + int err = -ENOMEM;
> > + unsigned int i;
> > + char *func;
> > +
> > + size = cnt * sizeof(*syms);
> > + syms = kzalloc(size, GFP_KERNEL);
>
> any reason not to use kvzalloc() here?
probably just my ignorance ;-) will check
>
> > + if (!syms)
> > + return -ENOMEM;
> > +
>
> [...]
>
> > +
> > +static int bpf_fprobe_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
> > +{
> > + struct bpf_fprobe_link *link = NULL;
> > + struct bpf_link_primer link_primer;
> > + unsigned long *addrs;
> > + u32 flags, cnt, size;
> > + void __user *uaddrs;
> > + void __user *usyms;
> > + int err;
> > +
> > + /* no support for 32bit archs yet */
> > + if (sizeof(u64) != sizeof(void *))
> > + return -EINVAL;
>
> -EOPNOTSUPP?
ok
>
> > +
> > + if (prog->expected_attach_type != BPF_TRACE_FPROBE)
> > + return -EINVAL;
> > +
> > + flags = attr->link_create.fprobe.flags;
> > + if (flags & ~BPF_F_FPROBE_RETURN)
> > + return -EINVAL;
> > +
> > + uaddrs = u64_to_user_ptr(attr->link_create.fprobe.addrs);
> > + usyms = u64_to_user_ptr(attr->link_create.fprobe.syms);
> > + if ((!uaddrs && !usyms) || (uaddrs && usyms))
> > + return -EINVAL;
>
> !!uaddrs == !!usyms ?
ah right, will change
>
> > +
> > + cnt = attr->link_create.fprobe.cnt;
> > + if (!cnt)
> > + return -EINVAL;
> > +
> > + size = cnt * sizeof(*addrs);
> > + addrs = kzalloc(size, GFP_KERNEL);
>
> same, why not kvzalloc? Also, aren't you overwriting each addrs entry
> anyway, so "z" is not necessary, right?
true, no need for zeroing
thanks,
jirka
next prev parent reply other threads:[~2022-02-08 8:56 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 13:53 [PATCH 0/8] bpf: Add fprobe link Jiri Olsa
2022-02-02 13:53 ` [PATCH 1/8] bpf: Add support to attach kprobe program with fprobe Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-08 8:56 ` Jiri Olsa [this message]
2022-02-02 13:53 ` [PATCH 2/8] bpf: Add bpf_get_func_ip kprobe helper for fprobe link Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-07 21:01 ` Alexei Starovoitov
2022-02-09 15:01 ` Jiri Olsa
2022-02-09 16:05 ` Andrii Nakryiko
2022-02-09 19:14 ` Jiri Olsa
2022-02-02 13:53 ` [PATCH 3/8] bpf: Add bpf_cookie support to fprobe Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-08 9:07 ` Jiri Olsa
2022-02-08 23:35 ` Andrii Nakryiko
2022-02-08 23:46 ` Jiri Olsa
2022-02-08 23:53 ` Andrii Nakryiko
2022-02-02 13:53 ` [PATCH 4/8] libbpf: Add libbpf__kallsyms_parse function Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-08 9:08 ` Jiri Olsa
2022-02-02 13:53 ` [PATCH 5/8] libbpf: Add bpf_link_create support for multi kprobes Jiri Olsa
2022-02-02 13:53 ` [PATCH 6/8] libbpf: Add bpf_program__attach_kprobe_opts " Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-08 9:12 ` Jiri Olsa
2022-02-02 13:53 ` [PATCH 7/8] selftest/bpf: Add fprobe attach test Jiri Olsa
2022-02-02 13:53 ` [PATCH 8/8] selftest/bpf: Add fprobe test for bpf_cookie values Jiri Olsa
2022-02-07 18:59 ` Andrii Nakryiko
2022-02-08 9:15 ` Jiri Olsa
2022-02-08 23:24 ` Andrii Nakryiko
2022-02-02 17:09 ` [PATCH 0/8] bpf: Add fprobe link Alexei Starovoitov
2022-02-02 17:24 ` Jiri Olsa
2022-02-02 17:30 ` Alexei Starovoitov
2022-02-03 15:06 ` Jiri Olsa
2022-02-04 0:46 ` Masami Hiramatsu
2022-02-04 1:34 ` Alexei Starovoitov
2022-02-04 2:07 ` Masami Hiramatsu
2022-02-04 2:12 ` Alexei Starovoitov
2022-02-04 2:19 ` Steven Rostedt
2022-02-04 2:42 ` Alexei Starovoitov
2022-02-04 3:17 ` Masami Hiramatsu
2022-02-04 3:59 ` Masami Hiramatsu
2022-02-15 13:21 ` Jiri Olsa
2022-02-16 18:27 ` Andrii Nakryiko
2022-02-17 14:03 ` Masami Hiramatsu
2022-02-17 22:01 ` Andrii Nakryiko
2022-02-18 4:07 ` Masami Hiramatsu
2022-02-18 19:46 ` Andrii Nakryiko
2022-02-19 2:10 ` Alexei Starovoitov
2022-02-21 7:18 ` Masami Hiramatsu
2022-02-22 12:42 ` Jiri Olsa
2022-02-04 3:14 ` Masami Hiramatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgIwISCfw+DfIBTR@krava \
--to=jolsa@redhat.com \
--cc=andrii.nakryiko@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kpsingh@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=olsajiri@gmail.com \
--cc=rostedt@goodmis.org \
--cc=songliubraving@fb.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.