From: John Fastabend <john.fastabend@gmail.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>,
Rafael David Tinoco <rafaeldtinoco@ubuntu.com>
Cc: LKML BPF <bpf@vger.kernel.org>
Subject: Re: [PATCH v2 bpf-next][RFC] libbpf: introduce legacy kprobe events support
Date: Thu, 08 Apr 2021 16:59:16 -0700 [thread overview]
Message-ID: <606f98d48115_c8b9208f9@john-XPS-13-9370.notmuch> (raw)
In-Reply-To: <CAEf4BzbPdH+pV9NpCW+piROOfCme=erGQOHs8XcA_e=pYcV2=g@mail.gmail.com>
Andrii Nakryiko wrote:
> On Tue, Apr 6, 2021 at 9:49 PM Rafael David Tinoco
> <rafaeldtinoco@ubuntu.com> wrote:
> >
> > Sorry taking so long for replying on this… have been working in:
> > https://github.com/rafaeldtinoco/conntracker/tree/main/ebpf
> > as a consumer for the work being proposed by this patch.
> >
> > Current working version at:
> > https://github.com/rafaeldtinoco/conntracker/blob/main/ebpf/patches/libbpf-introduce-legacy-kprobe-events-support.patch
> > About to be changed with suggestions from this thread.
> >
Just catching up on this thread now.
> > > don't get why you need this function either...
> >
> > Because of /sys/kernel/debug/tracing/events/kprobes/%s/enable. I’m
> > toggling it to OFF before removing the kprobe in kprobe_events, like
> > showed above.
>
> Alright, see above about enable files, it doesn't seem necessary,
> actually. You use poke_kprobe_events() to add or remove kprobe to the
> kernel. That gives you event_name and its id (from
> /sys/kernel/debug/tracing/events/kprobes/%s/id). You then use that id
> to create perf_event and activate BPF program:
>
> struct perf_event_attr attr;
> struct bpf_link* link;
> int fd = -1, err, id;
> FILE* f = NULL;
>
> err = poke_kprobe_events(true /*add*/, func_name, is_kretprobe);
> if (err) {
> fprintf(stderr, "failed to create kprobe event: %d\n", err);
> return NULL;
> }
>
> snprintf(
> fname,
> sizeof(fname),
> "/sys/kernel/debug/tracing/events/kprobes/%s/id",
> func_name);
> f = fopen(fname, "r");
> if (!f) {
> fprintf(stderr, "failed to open kprobe id file '%s': %d\n", fname, -errno);
> goto err_out;
> }
>
> if (fscanf(f, "%d\n", &id) != 1) {
> fprintf(stderr, "failed to read kprobe id from '%s': %d\n", fname, -errno);
> goto err_out;
> }
>
> fclose(f);
> f = NULL;
>
> memset(&attr, 0, sizeof(attr));
> attr.size = sizeof(attr);
> attr.config = id;
> attr.type = PERF_TYPE_TRACEPOINT;
> attr.sample_period = 1;
> attr.wakeup_events = 1;
>
> fd = syscall(__NR_perf_event_open, &attr, -1, 0, -1, PERF_FLAG_FD_CLOEXEC);
> if (fd < 0) {
> fprintf(
> stderr,
> "failed to create perf event for kprobe ID %d: %d\n",
> id,
> -errno);
> goto err_out;
> }
>
> link = bpf_program__attach_perf_event(prog, fd);
>
> And that should be it. It doesn't seem like either BCC or my example
> (which I'm sure worked last time) does anything with /enable files and
> I'm sure all that works.
FWIW I also have a similar patch on my stack that does this and was
working fine for us. I've got a note here to submit it, but its
been stuck on the todo list.
I'll post it here maybe its helpful,
+static int write_to_kprobe_events(const char *name,
+ uint64_t offset, int pid, bool retprobe)
+{
+ const char *kprobe_events = "/sys/kernel/debug/tracing/kprobe_events";
+ int fd = open(kprobe_events, O_WRONLY | O_APPEND, 0);
+ char buf[PATH_MAX];
+ int err;
+
+ if (fd < 0) {
+ err = -errno;
+ pr_warn("Failed open kprobe_events: %s\n", strerror(errno));
+ return err;
+ }
+ snprintf(buf, sizeof(buf), "%c:kprobes/%s %s",
+ retprobe ? 'r' : 'p', name, name);
+ err = write(fd, buf, strlen(buf));
+ close(fd);
+ if (err < 0) {
+ err = -errno;
+ pr_warn("Failed write kprobe_events: %s\n", strerror(errno));
+ return err;
+ }
+ return 0;
+}
+
+/* If we do not have an event_source/../kprobes then we can try to use
+ * kprobe-base event tracing, for details see documentation kprobetrace.rst
+ */
+static int perf_event_open_probe_debugfs(bool uprobe, bool retprobe, const char *name,
+ uint64_t offset, int pid)
+{
+ const char *kprobes_dir = "/sys/kernel/debug/tracing/events/kprobes/";
+ struct perf_event_attr attr = {};
+ char errmsg[STRERR_BUFSIZE];
+ char file[PATH_MAX];
+ int pfd, err, id;
+
+ if (uprobe) {
+ return -EOPNOTSUPP;
+ } else {
+ err = write_to_kprobe_events(name, offset, pid, retprobe);
+ if (err < 0)
+ return err;
+ err = snprintf(file, sizeof(file), "%s/%s/id", kprobes_dir, name);
+ if (err < 0)
+ return -errno;
+ id = parse_uint_from_file(file, "%d\n");
+ if (id < 0)
+ return err;
+ attr.size = sizeof(attr);
+ attr.type = PERF_TYPE_TRACEPOINT;
+ attr.config = id;
+ }
+
+ /* pid filter is meaningful only for uprobes */
+ pfd = syscall(__NR_perf_event_open, &attr,
+ pid < 0 ? -1 : pid /* pid */,
+ pid == -1 ? 0 : -1 /* cpu */,
+ -1 /* group_fd */, PERF_FLAG_FD_CLOEXEC);
+ if (pfd < 0) {
+ err = -errno;
+ pr_warn("%s perf_event_open_probe_debugfs() failed: %s\n",
+ uprobe ? "uprobe" : "kprobe",
+ libbpf_strerror_r(err, errmsg, sizeof(errmsg)));
+ return err;
+ }
+ return pfd;
+}
>
> [...]
>
> > >>> return bpf_program__attach_kprobe(prog, retprobe, func_name);
next prev parent reply other threads:[~2021-04-08 23:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-18 6:25 [RFC][PATCH] libbpf: support kprobe/kretprobe events in legacy environments Rafael David Tinoco
2021-03-18 19:31 ` [PATCH] libbpf: allow bpf object kern_version to be overridden Rafael David Tinoco
2021-03-18 19:46 ` Andrii Nakryiko
2021-03-18 20:56 ` Daniel Borkmann
2021-03-19 4:38 ` Rafael David Tinoco
2021-03-19 4:51 ` [RFC][PATCH] libbpf: support kprobe/kretprobe events in legacy environments Andrii Nakryiko
2021-03-22 18:04 ` [PATCH v2 bpf-next][RFC] libbpf: introduce legacy kprobe events support Rafael David Tinoco
2021-03-22 18:25 ` Rafael David Tinoco
2021-03-26 20:50 ` Andrii Nakryiko
2021-04-07 4:49 ` Rafael David Tinoco
2021-04-07 22:33 ` Andrii Nakryiko
2021-04-08 23:59 ` John Fastabend [this message]
2021-04-14 14:30 ` Rafael David Tinoco
2021-04-14 20:06 ` Rafael David Tinoco
2021-04-14 23:23 ` Andrii Nakryiko
2021-04-15 5:53 ` Rafael David Tinoco
2021-04-15 22:48 ` Andrii Nakryiko
2021-06-25 4:44 ` [PATCH bpf-next v3] " Rafael David Tinoco
2021-06-25 5:01 ` Rafael David Tinoco
2021-07-07 13:38 ` Rafael David Tinoco
2021-07-07 21:52 ` Andrii Nakryiko
2021-07-19 1:59 ` Rafael David Tinoco
2021-07-20 0:10 ` Andrii Nakryiko
2021-07-20 4:16 ` Rafael David Tinoco
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=606f98d48115_c8b9208f9@john-XPS-13-9370.notmuch \
--to=john.fastabend@gmail.com \
--cc=andrii.nakryiko@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=rafaeldtinoco@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).