From: Quentin Monnet <quentin@isovalent.com>
To: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Cc: Andrii Nakryiko <andriin@fb.com>, bpf <bpf@vger.kernel.org>,
Networking <netdev@vger.kernel.org>,
Alexei Starovoitov <ast@fb.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Kernel Team <kernel-team@fb.com>, Hao Luo <haoluo@google.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Song Liu <songliubraving@fb.com>
Subject: Re: [PATCH bpf-next 8/9] tools/bpftool: show info for processes holding BPF map/prog/link/btf FDs
Date: Thu, 18 Jun 2020 08:51:11 +0100 [thread overview]
Message-ID: <f8ba3a62-0bca-a2b3-9b17-1209c6cf42bb@isovalent.com> (raw)
In-Reply-To: <CAEf4BzbwKObO7CTrC8DJJo-M2trrB94spn2Ta0-GDWJ82uE41A@mail.gmail.com>
2020-06-17 23:01 UTC-0700 ~ Andrii Nakryiko <andrii.nakryiko@gmail.com>
> On Wed, Jun 17, 2020 at 5:24 PM Quentin Monnet <quentin@isovalent.com> wrote:
>>
>> 2020-06-17 09:18 UTC-0700 ~ Andrii Nakryiko <andriin@fb.com>
>>> Add bpf_iter-based way to find all the processes that hold open FDs against
>>> BPF object (map, prog, link, btf). bpftool always attempts to discover this,
>>> but will silently give up if kernel doesn't yet support bpf_iter BPF programs.
>>> Process name and PID are emitted for each process (task group).
>>>
>>> Sample output for each of 4 BPF objects:
>>>
>>> $ sudo ./bpftool prog show
>>> 2694: cgroup_device tag 8c42dee26e8cd4c2 gpl
>>> loaded_at 2020-06-16T15:34:32-0700 uid 0
>>> xlated 648B jited 409B memlock 4096B
>>> pids systemd(1)
>>> 2907: cgroup_skb name egress tag 9ad187367cf2b9e8 gpl
>>> loaded_at 2020-06-16T18:06:54-0700 uid 0
>>> xlated 48B jited 59B memlock 4096B map_ids 2436
>>> btf_id 1202
>>> pids test_progs(2238417), test_progs(2238445)
>>>
>>> $ sudo ./bpftool map show
>>> 2436: array name test_cgr.bss flags 0x400
>>> key 4B value 8B max_entries 1 memlock 8192B
>>> btf_id 1202
>>> pids test_progs(2238417), test_progs(2238445)
>>> 2445: array name pid_iter.rodata flags 0x480
>>> key 4B value 4B max_entries 1 memlock 8192B
>>> btf_id 1214 frozen
>>> pids bpftool(2239612)
>>>
>>> $ sudo ./bpftool link show
>>> 61: cgroup prog 2908
>>> cgroup_id 375301 attach_type egress
>>> pids test_progs(2238417), test_progs(2238445)
>>> 62: cgroup prog 2908
>>> cgroup_id 375344 attach_type egress
>>> pids test_progs(2238417), test_progs(2238445)
>>>
>>> $ sudo ./bpftool btf show
>>> 1202: size 1527B prog_ids 2908,2907 map_ids 2436
>>> pids test_progs(2238417), test_progs(2238445)
>>> 1242: size 34684B
>>> pids bpftool(2258892)
>>>
>>> Signed-off-by: Andrii Nakryiko <andriin@fb.com>
>>> ---
>>
>> [...]
>>
>>> diff --git a/tools/bpf/bpftool/pids.c b/tools/bpf/bpftool/pids.c
>>> new file mode 100644
>>> index 000000000000..3474a91743ff
>>> --- /dev/null
>>> +++ b/tools/bpf/bpftool/pids.c
>>> @@ -0,0 +1,229 @@
>>
>> [...]
>>
>>> +int build_obj_refs_table(struct obj_refs_table *table, enum bpf_obj_type type)
>>> +{
>>> + char buf[4096];
>>> + struct pid_iter_bpf *skel;
>>> + struct pid_iter_entry *e;
>>> + int err, ret, fd = -1, i;
>>> + libbpf_print_fn_t default_print;
>>> +
>>> + hash_init(table->table);
>>> + set_max_rlimit();
>>> +
>>> + skel = pid_iter_bpf__open();
>>> + if (!skel) {
>>> + p_err("failed to open PID iterator skeleton");
>>> + return -1;
>>> + }
>>> +
>>> + skel->rodata->obj_type = type;
>>> +
>>> + /* we don't want output polluted with libbpf errors if bpf_iter is not
>>> + * supported
>>> + */
>>> + default_print = libbpf_set_print(libbpf_print_none);
>>> + err = pid_iter_bpf__load(skel);
>>> + libbpf_set_print(default_print);
>>> + if (err) {
>>> + /* too bad, kernel doesn't support BPF iterators yet */
>>> + err = 0;
>>> + goto out;
>>> + }
>>> + err = pid_iter_bpf__attach(skel);
>>> + if (err) {
>>> + /* if we loaded above successfully, attach has to succeed */
>>> + p_err("failed to attach PID iterator: %d", err);
>>
>> Nit: What about using strerror(err) for the error messages, here and
>> below? It's easier to read than an integer value.
>
> I'm actually against it. Just a pure string message for error is often
> quite confusing. It's an extra step, and sometimes quite a quest in
> itself, to find what's the integer value of errno it was, just to try
> to understand what kind of error it actually is. So I certainly prefer
> having integer value, optionally with a string error message.
>
> But that's too much hassle for this "shouldn't happen" type of errors.
> If they happen, the user is unlikely to infer anything useful and fix
> the problem by themselves. They will most probably have to ask on the
> mailing list and paste error messages verbatim and let people like me
> and you try to guess what's going on. In such cases, having an errno
> number is much more helpful.
Ok, fair enough.
>>> + goto out;
>>> + }
>>> +
>>> + fd = bpf_iter_create(bpf_link__fd(skel->links.iter));
>>> + if (fd < 0) {
>>> + err = -errno;
>>> + p_err("failed to create PID iterator session: %d", err);
>>> + goto out;
>>> + }
>>> +
>>> + while (true) {
>>> + ret = read(fd, buf, sizeof(buf));
>>> + if (ret < 0) {
>>> + err = -errno;
>>> + p_err("failed to read PID iterator output: %d", err);
>>> + goto out;
>>> + }
>>> + if (ret == 0)
>>> + break;
>>> + if (ret % sizeof(*e)) {
>>> + err = -EINVAL;
>>> + p_err("invalid PID iterator output format");
>>> + goto out;
>>> + }
>>> + ret /= sizeof(*e);
>>> +
>>> + e = (void *)buf;
>>> + for (i = 0; i < ret; i++, e++) {
>>> + add_ref(table, e);
>>> + }
>>> + }
>>> + err = 0;
>>> +out:
>>> + if (fd >= 0)
>>> + close(fd);
>>> + pid_iter_bpf__destroy(skel);
>>> + return err;
>>> +}
>>
>> [...]
>>
>>> diff --git a/tools/bpf/bpftool/skeleton/pid_iter.bpf.c b/tools/bpf/bpftool/skeleton/pid_iter.bpf.c
>>> new file mode 100644
>>> index 000000000000..f560e48add07
>>> --- /dev/null
>>> +++ b/tools/bpf/bpftool/skeleton/pid_iter.bpf.c
>>> @@ -0,0 +1,80 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>
>> This would make it the only file not dual-licensed GPL/BSD in bpftool.
>> We've had issues with that before [0], although linking to libbfd is no
>> more a hard requirement. But I see you used a dual-license in the
>> corresponding header file pid_iter.h, so is the single license
>> intentional here? Or would you consider GPL/BSD?
>>
>
> The other BPF program (skeleton/profiler.bpf.c) is also GPL-2.0, we
> should probably switch both.
Oh I missed that one :(. Yeah, if this is possible, that would be great!
>> [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896165#38
>>
>>> +// Copyright (c) 2020 Facebook
>>> +#include <vmlinux.h>
>>> +#include <bpf/bpf_helpers.h>
>>> +#include <bpf/bpf_core_read.h>
>>> +#include <bpf/bpf_tracing.h>
>>> +#include "pid_iter.h"
>>
>> [...]
>>
>>> +
>>> +char LICENSE[] SEC("license") = "GPL";
>
> I wonder if leaving this as GPL would be ok, if the source code itself
> is dual GPL/BSD?
If the concern is to pass the verifier, it accepts a handful of
different strings (see include/linux/license.h), one of which is "Dual
BSD/GPL" and should probably be used in that case. Or did you have
something else in mind?
next prev parent reply other threads:[~2020-06-18 7:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-17 16:18 [PATCH bpf-next 0/9] libbpf ksym support and bpftool show PIDs Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 1/9] libbpf: generalize libbpf externs support Andrii Nakryiko
2020-06-18 7:38 ` Hao Luo
2020-06-18 17:51 ` Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 2/9] libbpf: add support for extracting kernel symbol addresses Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 3/9] selftests/bpf: add __ksym extern selftest Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 4/9] tools/bpftool: move map/prog parsing logic into common Andrii Nakryiko
2020-06-18 0:30 ` Quentin Monnet
2020-06-17 16:18 ` [PATCH bpf-next 5/9] tools/bpftool: minimize bootstrap bpftool Andrii Nakryiko
2020-06-18 0:30 ` Quentin Monnet
2020-06-17 16:18 ` [PATCH bpf-next 6/9] tools/bpftool: generalize BPF skeleton support and generate vmlinux.h Andrii Nakryiko
2020-06-18 0:30 ` Quentin Monnet
2020-06-17 16:18 ` [PATCH bpf-next 7/9] libbpf: wrap source argument of BPF_CORE_READ macro in parentheses Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 8/9] tools/bpftool: show info for processes holding BPF map/prog/link/btf FDs Andrii Nakryiko
2020-06-18 0:24 ` Quentin Monnet
2020-06-18 6:01 ` Andrii Nakryiko
2020-06-18 7:51 ` Quentin Monnet [this message]
2020-06-18 17:53 ` Andrii Nakryiko
2020-06-17 16:18 ` [PATCH bpf-next 9/9] tools/bpftool: add documentation and sample output for process info Andrii Nakryiko
2020-06-18 0:25 ` Quentin Monnet
2020-06-18 5:51 ` Andrii Nakryiko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f8ba3a62-0bca-a2b3-9b17-1209c6cf42bb@isovalent.com \
--to=quentin@isovalent.com \
--cc=acme@kernel.org \
--cc=andrii.nakryiko@gmail.com \
--cc=andriin@fb.com \
--cc=ast@fb.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
--cc=songliubraving@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).