hi,
adding support to attach both entry and return bpf program on single
kprobe multi link.
Having entry together with return probe for given function is common
use case for tetragon, bpftrace and most likely for others.
At the moment if we want both entry and return probe to execute bpf
program we need to create two (entry and return probe) links. The link
for return probe creates extra entry probe to setup the return probe.
The extra entry probe execution could be omitted if we had a way to
use just single link for both entry and exit probe.
In addition it's possible to control the execution of the return probe
with the return value of the entry bpf program. If the entry program
returns 0 the return probe is installed and executed, otherwise it's
skip.
I'm still working on the tetragon change, so I'll be sending non-RFC
version once that's ready, meanwhile any ideas and feedback on the
approach would be great.
The change in bpftrace [1] using the new interface shows speed increase
with tracing perf bench messaging:
# perf bench sched messaging -l 100000
having system wide bpftrace:
# bpftrace -e 'kprobe:ksys_write { }, kretprobe:ksys_write { }'
without bpftrace:
# Running 'sched/messaging' benchmark:
# 20 sender and receiver processes per group
# 10 groups == 400 processes run
Total time: 119.595 [sec]
Performance counter stats for 'perf bench sched messaging -l 100000':
102,419,967,282 cycles:u
5,652,444,107,001 cycles:k
5,782,645,019,612 cycles
22,187,151,206 instructions:u # 0.22 insn per cycle
2,979,040,498,455 instructions:k # 0.53 insn per cycle
119.671169829 seconds time elapsed
94.959198000 seconds user
1815.371616000 seconds sys
with current bpftrace:
# Running 'sched/messaging' benchmark:
# 20 sender and receiver processes per group
# 10 groups == 400 processes run
Total time: 221.153 [sec]
Performance counter stats for 'perf bench sched messaging -l 100000':
125,292,164,504 cycles:u
10,315,020,393,735 cycles:k
10,501,379,274,042 cycles
22,187,583,545 instructions:u # 0.18 insn per cycle
4,856,893,111,303 instructions:k # 0.47 insn per cycle
221.229234283 seconds time elapsed
103.792498000 seconds user
3432.643302000 seconds sys
with bpftrace using the new interface:
# Running 'sched/messaging' benchmark:
# 20 sender and receiver processes per group
# 10 groups == 400 processes run
Total time: 157.825 [sec]
Performance counter stats for 'perf bench sched messaging -l 100000':
102,423,112,279 cycles:u
7,450,856,354,744 cycles:k
7,584,769,726,693 cycles
22,187,270,661 instructions:u # 0.22 insn per cycle
3,985,522,383,425 instructions:k # 0.53 insn per cycle
157.900787760 seconds time elapsed
97.953898000 seconds user
2425.314753000 seconds sys
thanks,
jirka
[1] https://github.com/bpftrace/bpftrace/pull/2984
---
Jiri Olsa (4):
fprobe: Add entry/exit callbacks types
bpf: Add return prog to kprobe multi
libbpf: Add return_prog_fd to kprobe multi opts
selftests/bpf: Add kprobe multi return prog test
include/linux/fprobe.h | 18 ++++++++++------
include/uapi/linux/bpf.h | 4 +++-
kernel/trace/bpf_trace.c | 50 ++++++++++++++++++++++++++++++++-----------
tools/include/uapi/linux/bpf.h | 4 +++-
tools/lib/bpf/bpf.c | 1 +
tools/lib/bpf/bpf.h | 1 +
tools/lib/bpf/libbpf.c | 5 +++++
tools/lib/bpf/libbpf.h | 6 +++++-
tools/testing/selftests/bpf/prog_tests/kprobe_multi_test.c | 53 +++++++++++++++++++++++++++++++++++++++++++++
tools/testing/selftests/bpf/progs/kprobe_multi_return_prog.c | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
10 files changed, 226 insertions(+), 21 deletions(-)
create mode 100644 tools/testing/selftests/bpf/progs/kprobe_multi_return_prog.c
