Re: [PATCH bpf-next] bpf: Add drgn script to list progs/maps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


> On Feb 26, 2020, at 6:32 PM, Andrey Ignatov <rdna@xxxxxx> wrote:
> 
> drgn is a debugger that reads kernel memory and uses DWARF to get types
> and symbols. See [1], [2] and [3] for more details on drgn.
> 
> Since drgn operates on kernel memory it has access to kernel internals
> that user space doesn't. It allows to get extended info about various
> kernel data structures.
> 
> Introduce bpf.py drgn script to list BPF programs and maps and their
> properties unavailable to user space via kernel API.
> 
> The main use-case bpf.py covers is to show BPF programs attached to
> other BPF programs via freplace/fentry/fexit mechanisms introduced
> recently. There is no user-space API to get this info and e.g. bpftool
> can only show all BPF programs but can't show if program A replaces a
> function in program B.

IIUC, bpftool misses features to show fireplace/fentry/fexit relations? 
I think we should enable that in bpftool. 

> 
> Example:
> 
>  % sudo tools/bpf/bpf.py p | grep test_pkt_access
>     650: BPF_PROG_TYPE_SCHED_CLS          test_pkt_access
>     654: BPF_PROG_TYPE_TRACING            test_main                        linked:[650->25: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access()]
>     655: BPF_PROG_TYPE_TRACING            test_subprog1                    linked:[650->29: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog1()]
>     656: BPF_PROG_TYPE_TRACING            test_subprog2                    linked:[650->31: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog2()]
>     657: BPF_PROG_TYPE_TRACING            test_subprog3                    linked:[650->21: BPF_TRAMP_FEXIT test_pkt_access->test_pkt_access_subprog3()]
>     658: BPF_PROG_TYPE_EXT                new_get_skb_len                  linked:[650->16: BPF_TRAMP_REPLACE test_pkt_access->get_skb_len()]
>     659: BPF_PROG_TYPE_EXT                new_get_skb_ifindex              linked:[650->23: BPF_TRAMP_REPLACE test_pkt_access->get_skb_ifindex()]
>     660: BPF_PROG_TYPE_EXT                new_get_constant                 linked:[650->19: BPF_TRAMP_REPLACE test_pkt_access->get_constant()]
> 
> It can be seen that there is a program test_pkt_access, id 650 and there
> are multiple other tracing and ext programs attached to functions in
> test_pkt_access.
> 
> For example the line:
> 
>     658: BPF_PROG_TYPE_EXT                new_get_skb_len                  linked:[650->16: BPF_TRAMP_REPLACE test_pkt_access->get_skb_len()]
> 
> means that BPF program new_get_skb_len, id 658, type BPF_PROG_TYPE_EXT
> replaces (BPF_TRAMP_REPLACE) function get_skb_len() that has BTF id 16
> in BPF program test_pkt_access, prog id 650.
> 
> Just very simple output is supported now but it can be extended in the
> future if needed.
> 
> The script is extendable and currently implements two subcommands:
> * prog (alias: p) to list all BPF programs;
> * map (alias: m) to list all BPF maps;
> 
> Developer can simply tweak the script to print interesting pieces of programs
> or maps.
> 
> The name bpf.py is not super authentic. I'm open to better options.

Maybe call it bpftool.py? Or bpfshow.py?

> 
> The script can be sent to drgn repo where it's easier to maintain its
> "drgn-ness", but in kernel tree it should be easier to maintain BPF
> functionality itself what can be more important in this case.
> 
> The script depends on drgn revision [4] where BPF helpers were added.
> 
> More examples of output:
> 
>  % sudo tools/bpf/bpf.py p | shuf -n 3
>      81: BPF_PROG_TYPE_CGROUP_SOCK_ADDR   tw_ipt_bind
>      94: BPF_PROG_TYPE_CGROUP_SOCK_ADDR   tw_ipt_bind
>      43: BPF_PROG_TYPE_KPROBE             kprobe__tcp_reno_cong_avoid
> 
>  % sudo tools/bpf/bpf.py m | shuf -n 3
>     213: BPF_MAP_TYPE_HASH                errors
>      30: BPF_MAP_TYPE_ARRAY               sslwall_setting
>      41: BPF_MAP_TYPE_LRU_HASH            flow_to_snd
> 
> Help:
> 
>  % sudo tools/bpf/bpf.py
>  usage: bpf.py [-h] {prog,p,map,m} ...
> 
>  drgn script to list BPF programs or maps and their properties
>  unavailable via kernel API.
> 
>  See https://github.com/osandov/drgn/ for more details on drgn.
> 
>  optional arguments:
>    -h, --help      show this help message and exit
> 
>  subcommands:
>    {prog,p,map,m}
>      prog (p)      list BPF programs
>      map (m)       list BPF maps
> 
> [1] https://github.com/osandov/drgn/
> [2] https://drgn.readthedocs.io/en/latest/index.html
> [3] https://lwn.net/Articles/789641/
> [4] https://github.com/osandov/drgn/commit/c8ef841768032e36581d45648e42fc2a5489d8f2
> 
> Signed-off-by: Andrey Ignatov <rdna@xxxxxx>

The code looks good to me (with name TBD). 

Acked-by: Song Liu <songliubraving@xxxxxx>
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux