bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions
@ 2023-05-30  1:08 Jackie Liu
  2023-05-30  3:44 ` Ratheesh Kannoth
  2023-05-30  6:07 ` Jackie Liu
  0 siblings, 2 replies; 3+ messages in thread
From: Jackie Liu @ 2023-05-30  1:08 UTC (permalink / raw)
  To: olsajiri, andrii; +Cc: martin.lau, song, yhs, bpf, liuyun01

From: Jackie Liu <liuyun01@kylinos.cn>

When using regular expression matching with "kprobe multi", it scans all
the functions under "/proc/kallsyms" that can be matched. However, not all
of them can be traced by kprobe.multi. If any one of the functions fails
to be traced, it will result in the failure of all functions. The best
approach is to filter out the functions that cannot be traced to ensure
proper tracking of the functions.

Use available_filter_functions check first, if failed, fallback to
kallsyms.

Here is the test eBPF program [1].
[1] https://github.com/JackieLiu1/ketones/commit/a9e76d1ba57390e533b8b3eadde97f7a4535e867

Suggested-by: Jiri Olsa <jolsa@kernel.org>
Acked-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Jackie Liu <liuyun01@kylinos.cn>
---
 tools/lib/bpf/libbpf.c | 104 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 97 insertions(+), 7 deletions(-)

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index ad1ec893b41b..a7f64c5f3a3b 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10106,6 +10106,12 @@ static const char *tracefs_uprobe_events(void)
 	return use_debugfs() ? DEBUGFS"/uprobe_events" : TRACEFS"/uprobe_events";
 }
 
+static const char *tracefs_available_filter_functions(void)
+{
+	return use_debugfs() ? DEBUGFS"/available_filter_functions" :
+			       TRACEFS"/available_filter_functions";
+}
+
 static void gen_kprobe_legacy_event_name(char *buf, size_t buf_sz,
 					 const char *kfunc_name, size_t offset)
 {
@@ -10417,13 +10423,14 @@ static bool glob_match(const char *str, const char *pat)
 struct kprobe_multi_resolve {
 	const char *pattern;
 	unsigned long *addrs;
+	const char **syms;
 	size_t cap;
 	size_t cnt;
 };
 
 static int
-resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
-			const char *sym_name, void *ctx)
+kallsyms_resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
+				 const char *sym_name, void *ctx)
 {
 	struct kprobe_multi_resolve *res = ctx;
 	int err;
@@ -10440,6 +10447,81 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type,
 	return 0;
 }
 
+static int ftrace_resolve_kprobe_multi_cb(const char *sym_name, void *ctx)
+{
+	struct kprobe_multi_resolve *res = ctx;
+	int err;
+	char *name;
+
+	if (!glob_match(sym_name, res->pattern))
+		return 0;
+
+	err = libbpf_ensure_mem((void **) &res->syms, &res->cap,
+				sizeof(const char *), res->cnt + 1);
+	if (err)
+		return err;
+
+	name = strdup(sym_name);
+	if (!name)
+		return -errno;
+
+	res->syms[res->cnt++] = name;
+	return 0;
+}
+
+typedef int (*available_kprobe_cb_t)(const char *sym_name, void *ctx);
+
+static int
+libbpf_available_kprobes_parse(available_kprobe_cb_t cb, void *ctx)
+{
+	char sym_name[256];
+	FILE *f;
+	int ret, err = 0;
+	const char *available_path = tracefs_available_filter_functions();
+
+	f = fopen(available_path, "r");
+	if (!f) {
+		err = -errno;
+		pr_warn("failed to open %s, fallback to /proc/kallsyms.\n",
+			available_path);
+		return err;
+	}
+
+	while (true) {
+		ret = fscanf(f, "%255s%*[^\n]\n", sym_name);
+		if (ret == EOF && feof(f))
+			break;
+		if (ret != 1) {
+			pr_warn("failed to read available kprobe entry: %d\n",
+				ret);
+			err = -EINVAL;
+			break;
+		}
+
+		err = cb(sym_name, ctx);
+		if (err)
+			break;
+	}
+
+	fclose(f);
+	return err;
+}
+
+static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
+{
+	while (res->syms && res->cnt)
+		free((char *)res->syms[--res->cnt]);
+
+	free(res->syms);
+	free(res->addrs);
+
+	/* reset to zero, when fallback */
+	res->cap = 0;
+	res->cnt = 0;
+	res->syms = NULL;
+	res->addrs = NULL;
+}
+
 struct bpf_link *
 bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
 				      const char *pattern,
@@ -10476,13 +10558,21 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
 		return libbpf_err_ptr(-EINVAL);
 
 	if (pattern) {
-		err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
-		if (err)
-			goto error;
+		err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
+						     &res);
+		if (err) {
+			/* fallback to kallsyms */
+			kprobe_multi_resolve_free(&res);
+			err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
+						    &res);
+			if (err)
+				goto error;
+		}
 		if (!res.cnt) {
 			err = -ENOENT;
 			goto error;
 		}
+		syms = res.syms;
 		addrs = res.addrs;
 		cnt = res.cnt;
 	}
@@ -10511,12 +10601,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
 		goto error;
 	}
 	link->fd = link_fd;
-	free(res.addrs);
+	kprobe_multi_resolve_free(&res);
 	return link;
 
 error:
 	free(link);
-	free(res.addrs);
+	kprobe_multi_resolve_free(&res);
 	return libbpf_err_ptr(err);
 }
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions
  2023-05-30  1:08 [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions Jackie Liu
@ 2023-05-30  3:44 ` Ratheesh Kannoth
  2023-05-30  6:07 ` Jackie Liu
  1 sibling, 0 replies; 3+ messages in thread
From: Ratheesh Kannoth @ 2023-05-30  3:44 UTC (permalink / raw)
  To: liu.yun, olsajiri, andrii; +Cc: bpf, liuyun01, martin.lau, song, yhs

From: Jackie Liu <liu.yun@linux.dev>

>+
>+	if (!glob_match(sym_name, res->pattern))
>+		return 0;
>+
>+	err = libbpf_ensure_mem((void **) &res->syms, &res->cap,
>+				sizeof(const char *), res->cnt + 1);
>+	if (err)
>+		return err;
>+
>+	name = strdup(sym_name);
>+	if (!name)
>+		return -errno;
>+
>+	res->syms[res->cnt++] = name;
>+	return 0;
>+}
>+
>+typedef int (*available_kprobe_cb_t)(const char *sym_name, void *ctx);
>+
>+static int
>+libbpf_available_kprobes_parse(available_kprobe_cb_t cb, void *ctx)
>+{
>+	char sym_name[256];
>+	FILE *f;
>+	int ret, err = 0;
>+	const char *available_path = tracefs_available_filter_functions();
Dont we need to follow reverse x-mas tree ?

>+
>+	f = fopen(available_path, "r");
>+	if (!f) {
>+		err = -errno;
>+		pr_warn("failed to open %s, fallback to /proc/kallsyms.\n",
>+			available_path);
>+		return err;
>+	}
>+
>+	while (true) {
>+		ret = fscanf(f, "%255s%*[^\n]\n", sym_name);
>+		if (ret == EOF && feof(f))
>+			break;
why fscanf() is not setting EOF. Why did you use feof() ?

>+		if (ret != 1) {
>+			pr_warn("failed to read available kprobe entry: %d\n",
>+				ret);
>+			err = -EINVAL;
>+			break;
>+		}
>+
>+		err = cb(sym_name, ctx);
>+		if (err)
>+			break;
>+	}
>+
>+	fclose(f);
>+	return err;
>+}
>+
>+static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
>+{
>+	while (res->syms && res->cnt)
>+		free((char *)res->syms[--res->cnt]);
>+
>+	free(res->syms);
>+	free(res->addrs);

it looks odd to do allocation in libbpf_xxx (libbpf_ensure_mem ) function and
freeing in a static function.

>+
>+	/* reset to zero, when fallback */
>+	res->cap = 0;
>+	res->cnt = 0;
>+	res->syms = NULL;
>+	res->addrs = NULL;
>+}
>+
> struct bpf_link *
> bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> 				      const char *pattern,
>@@ -10476,13 +10558,21 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> 		return libbpf_err_ptr(-EINVAL);
>
> 	if (pattern) {
>-		err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
>-		if (err)
>-			goto error;
>+		err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
>+						     &res);
>+		if (err) {
>+			/* fallback to kallsyms */
>+			kprobe_multi_resolve_free(&res);
>+			err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
>+						    &res);
>+			if (err)
>+				goto error;
>+		}
> 		if (!res.cnt) {
> 			err = -ENOENT;
> 			goto error;
> 		}
>+		syms = res.syms;
> 		addrs = res.addrs;
> 		cnt = res.cnt;
> 	}
>@@ -10511,12 +10601,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
> 		goto error;
> 	}
> 	link->fd = link_fd;
>-	free(res.addrs);
>+	kprobe_multi_resolve_free(&res);
> 	return link;
>
> error:
> 	free(link);
>-	free(res.addrs);
>+	kprobe_multi_resolve_free(&res);
> 	return libbpf_err_ptr(err);
> }
>
>--
>2.25.1

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions
  2023-05-30  1:08 [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions Jackie Liu
  2023-05-30  3:44 ` Ratheesh Kannoth
@ 2023-05-30  6:07 ` Jackie Liu
  1 sibling, 0 replies; 3+ messages in thread
From: Jackie Liu @ 2023-05-30  6:07 UTC (permalink / raw)
  To: Ratheesh Kannoth, olsajiri, andrii; +Cc: bpf, liuyun01, martin.lau, song, yhs



在 2023/5/30 11:44, Ratheesh Kannoth 写道:
> From: Jackie Liu <liu.yun@linux.dev>
> 
>> +
>> +	if (!glob_match(sym_name, res->pattern))
>> +		return 0;
>> +
>> +	err = libbpf_ensure_mem((void **) &res->syms, &res->cap,
>> +				sizeof(const char *), res->cnt + 1);
>> +	if (err)
>> +		return err;
>> +
>> +	name = strdup(sym_name);
>> +	if (!name)
>> +		return -errno;
>> +
>> +	res->syms[res->cnt++] = name;
>> +	return 0;
>> +}
>> +
>> +typedef int (*available_kprobe_cb_t)(const char *sym_name, void *ctx);
>> +
>> +static int
>> +libbpf_available_kprobes_parse(available_kprobe_cb_t cb, void *ctx)
>> +{
>> +	char sym_name[256];
>> +	FILE *f;
>> +	int ret, err = 0;
>> +	const char *available_path = tracefs_available_filter_functions();
> Dont we need to follow reverse x-mas tree ?
> 
>> +
>> +	f = fopen(available_path, "r");
>> +	if (!f) {
>> +		err = -errno;
>> +		pr_warn("failed to open %s, fallback to /proc/kallsyms.\n",
>> +			available_path);
>> +		return err;
>> +	}
>> +
>> +	while (true) {
>> +		ret = fscanf(f, "%255s%*[^\n]\n", sym_name);
>> +		if (ret == EOF && feof(f))
>> +			break;
> why fscanf() is not setting EOF. Why did you use feof() ?

The fscanf function returns EOF (End of File) when one of the following 
conditions is met:

End of file is reached: When fscanf reaches the end of the file being 
read, it returns EOF. This indicates that there are no more characters 
to read from the file.

Input error occurs: If fscanf encounters an error while reading input, 
such as a format mismatch or inability to read the expected data type, 
it returns EOF.

Stream error occurs: If an error occurs with the stream itself, such as 
an error in the underlying file system or I/O error, fscanf may return EOF.

-- 
Jackie Liu

> 
>> +		if (ret != 1) {
>> +			pr_warn("failed to read available kprobe entry: %d\n",
>> +				ret);
>> +			err = -EINVAL;
>> +			break;
>> +		}
>> +
>> +		err = cb(sym_name, ctx);
>> +		if (err)
>> +			break;
>> +	}
>> +
>> +	fclose(f);
>> +	return err;
>> +}
>> +
>> +static void kprobe_multi_resolve_free(struct kprobe_multi_resolve *res)
>> +{
>> +	while (res->syms && res->cnt)
>> +		free((char *)res->syms[--res->cnt]);
>> +
>> +	free(res->syms);
>> +	free(res->addrs);
> 
> it looks odd to do allocation in libbpf_xxx (libbpf_ensure_mem ) function and
> freeing in a static function.
> 
>> +
>> +	/* reset to zero, when fallback */
>> +	res->cap = 0;
>> +	res->cnt = 0;
>> +	res->syms = NULL;
>> +	res->addrs = NULL;
>> +}
>> +
>> struct bpf_link *
>> bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> 				      const char *pattern,
>> @@ -10476,13 +10558,21 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> 		return libbpf_err_ptr(-EINVAL);
>>
>> 	if (pattern) {
>> -		err = libbpf_kallsyms_parse(resolve_kprobe_multi_cb, &res);
>> -		if (err)
>> -			goto error;
>> +		err = libbpf_available_kprobes_parse(ftrace_resolve_kprobe_multi_cb,
>> +						     &res);
>> +		if (err) {
>> +			/* fallback to kallsyms */
>> +			kprobe_multi_resolve_free(&res);
>> +			err = libbpf_kallsyms_parse(kallsyms_resolve_kprobe_multi_cb,
>> +						    &res);
>> +			if (err)
>> +				goto error;
>> +		}
>> 		if (!res.cnt) {
>> 			err = -ENOENT;
>> 			goto error;
>> 		}
>> +		syms = res.syms;
>> 		addrs = res.addrs;
>> 		cnt = res.cnt;
>> 	}
>> @@ -10511,12 +10601,12 @@ bpf_program__attach_kprobe_multi_opts(const struct bpf_program *prog,
>> 		goto error;
>> 	}
>> 	link->fd = link_fd;
>> -	free(res.addrs);
>> +	kprobe_multi_resolve_free(&res);
>> 	return link;
>>
>> error:
>> 	free(link);
>> -	free(res.addrs);
>> +	kprobe_multi_resolve_free(&res);
>> 	return libbpf_err_ptr(err);
>> }
>>
>> --
>> 2.25.1

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-05-30  6:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-30  1:08 [PATCH v7] libbpf: kprobe.multi: Filter with available_filter_functions Jackie Liu
2023-05-30  3:44 ` Ratheesh Kannoth
2023-05-30  6:07 ` Jackie Liu

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).