This patchset adds the following APIs to allow attaching BPF programs to tracing entities: - bpf_program__attach_perf_event for attaching to any opened perf event FD, allowing users full control; - bpf_program__attach_kprobe for attaching to kernel probes (both entry and return probes); - bpf_program__attach_uprobe for attaching to user probes (both entry/return); - bpf_program__attach_tracepoint for attaching to kernel tracepoints; - bpf_program__attach_raw_tracepoint for attaching to raw kernel tracepoint (wrapper around bpf_raw_tracepoint_open); This set of APIs makes libbpf more useful for tracing applications. All attach APIs return abstract struct bpf_link that encapsulates logic of detaching BPF program. See patch #2 for details. bpf_assoc was considered as an alternative name for this opaque "handle", but bpf_link seems to be appropriate semantically and is nice and short. Pre-patch #1 makes internal libbpf_strerror_r helper function work w/ negative error codes, lifting the burder off callers to keep track of error sign. Patch #2 adds bpf_link abstraction. Patch #3 adds attach_perf_event, which is the base for all other APIs. Patch #4 adds kprobe/uprobe APIs. Patch #5 adds tracepoint API. Patch #6 adds raw_tracepoint API. Patch #7 converts one existing test to use attach_perf_event. Patch #8 adds new kprobe/uprobe tests. Patch #9 converts some selftests currently using tracepoint to new APIs. v4->v5: - typo and small nits (Yonghong); - validate pfd in attach_perf_event (Yonghong); - parse_uint_from_file fixes (Yonghong); - check for malloc failure in attach_raw_tracepoint (Yonghong); - attach_probes selftests clean up fixes (Yonghong); v3->v4: - proper errno handling (Stanislav); - bpf_fd -> prog_fd (Stanislav); - switch to fprintf (Song); v2->v3: - added bpf_link concept (Daniel); - didn't add generic bpf_link__attach_program for reasons described in [0]; - dropped Stanislav's Reviewed-by from patches #2-#6, in case he doesn't like the change; v1->v2: - preserve errno before close() call (Stanislav); - use libbpf_perf_event_disable_and_close in selftest (Stanislav); - remove unnecessary memset (Stanislav); [0] https://lore.kernel.org/bpf/CAEf4BzZ7EM5eP2eaZn7T2Yb5QgVRiwAs+epeLR1g01TTx-6m6Q@xxxxxxxxxxxxxx/ Andrii Nakryiko (9): libbpf: make libbpf_strerror_r agnostic to sign of error libbpf: introduce concept of bpf_link libbpf: add ability to attach/detach BPF program to perf event libbpf: add kprobe/uprobe attach API libbpf: add tracepoint attach API libbpf: add raw tracepoint attach API selftests/bpf: switch test to new attach_perf_event API selftests/bpf: add kprobe/uprobe selftests selftests/bpf: convert existing tracepoint tests to new APIs tools/lib/bpf/libbpf.c | 367 ++++++++++++++++++ tools/lib/bpf/libbpf.h | 21 + tools/lib/bpf/libbpf.map | 8 +- tools/lib/bpf/str_error.c | 2 +- .../selftests/bpf/prog_tests/attach_probe.c | 166 ++++++++ .../bpf/prog_tests/stacktrace_build_id.c | 55 +-- .../bpf/prog_tests/stacktrace_build_id_nmi.c | 31 +- .../selftests/bpf/prog_tests/stacktrace_map.c | 43 +- .../bpf/prog_tests/stacktrace_map_raw_tp.c | 15 +- .../selftests/bpf/progs/test_attach_probe.c | 55 +++ 10 files changed, 664 insertions(+), 99 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/attach_probe.c create mode 100644 tools/testing/selftests/bpf/progs/test_attach_probe.c -- 2.17.1
