The program is made in a way that everytime an execve syscall
is executed it prints Hello, BPF World!
This is inspired and based on the code example for the book
Linux Observability with BPF [1], load_bpf_file() has been
removed after commit ceb5dea56543 ("samples: bpf: Remove
bpf_load loader completely"), so the old version can not
work in the latest mainline kernel.
Since it is very simple and useful for newbies, I think it is
necessary to be upstreamed.
[1] https://github.com/bpftools/linux-observability-with-bpf/tree/master/code/chapter-2/hello_world
Signed-off-by: Tiezhu Yang <yangtiezhu@xxxxxxxxxxx>
---
samples/bpf/Makefile | 3 +++
samples/bpf/hello_kern.c | 14 ++++++++++++++
samples/bpf/hello_user.c | 42 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 59 insertions(+)
create mode 100644 samples/bpf/hello_kern.c
create mode 100644 samples/bpf/hello_user.c
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index 45ceca4..fd17cbd 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -55,6 +55,7 @@ tprogs-y += task_fd_query
tprogs-y += xdp_sample_pkts
tprogs-y += ibumad
tprogs-y += hbm
+tprogs-y += hello
# Libbpf dependencies
LIBBPF = $(TOOLS_PATH)/lib/bpf/libbpf.a
@@ -113,6 +114,7 @@ task_fd_query-objs := task_fd_query_user.o $(TRACE_HELPERS)
xdp_sample_pkts-objs := xdp_sample_pkts_user.o
ibumad-objs := ibumad_user.o
hbm-objs := hbm.o $(CGROUP_HELPERS)
+hello-objs := hello_user.o $(TRACE_HELPERS)
# Tell kbuild to always build the programs
always-y := $(tprogs-y)
@@ -174,6 +176,7 @@ always-y += ibumad_kern.o
always-y += hbm_out_kern.o
always-y += hbm_edt_kern.o
always-y += xdpsock_kern.o
+always-y += hello_kern.o
ifeq ($(ARCH), arm)
# Strip all except -D__LINUX_ARM_ARCH__ option needed to handle linux
diff --git a/samples/bpf/hello_kern.c b/samples/bpf/hello_kern.c
new file mode 100644
index 0000000..b841029
--- /dev/null
+++ b/samples/bpf/hello_kern.c
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+
+SEC("tracepoint/syscalls/sys_enter_execve")
+int trace_enter_execve(void *ctx)
+{
+ static const char msg[] = "Hello, BPF World!\n";
+
+ bpf_trace_printk(msg, sizeof(msg));
+ return 0;
+}
+
+char _license[] SEC("license") = "GPL";
diff --git a/samples/bpf/hello_user.c b/samples/bpf/hello_user.c
new file mode 100644
index 0000000..9423bbb
--- /dev/null
+++ b/samples/bpf/hello_user.c
@@ -0,0 +1,42 @@
+// SPDX-License-Identifier: GPL-2.0
+#include <stdio.h>
+#include <bpf/libbpf.h>
+#include "trace_helpers.h"
+
+int main(int argc, char **argv)
+{
+ struct bpf_link *link = NULL;
+ struct bpf_program *prog;
+ struct bpf_object *obj;
+
+ obj = bpf_object__open_file("hello_kern.o", NULL);
+ if (libbpf_get_error(obj)) {
+ fprintf(stderr, "ERROR: opening BPF object file failed\n");
+ return 0;
+ }
+
+ if (bpf_object__load(obj)) {
+ fprintf(stderr, "ERROR: loading BPF object file failed\n");
+ goto cleanup;
+ }
+
+ prog = bpf_object__find_program_by_name(obj, "trace_enter_execve");
+ if (!prog) {
+ fprintf(stderr, "ERROR: finding a prog in obj file failed\n");
+ goto cleanup;
+ }
+
+ link = bpf_program__attach(prog);
+ if (libbpf_get_error(link)) {
+ fprintf(stderr, "ERROR: bpf_program__attach failed\n");
+ link = NULL;
+ goto cleanup;
+ }
+
+ read_trace_pipe();
+
+cleanup:
+ bpf_link__destroy(link);
+ bpf_object__close(obj);
+ return 0;
+}
--
2.1.0
