This patch set implements an ability for users to specify custom black box u64 value for each BPF program attachment, which is available to BPF program at runtime. This is a feature that's critically missing for cases when some sort of generic processing needs to be done by the common BPF program logic (or even exactly the same BPF program) across multiple BPF hooks (e.g., many uniformly handled kprobes) and it's important to be able to distinguish between each BPF hook at runtime (e.g., for additional configuration lookup). Currently, something like that can be only achieved through: - code-generation and BPF program cloning, which is very complicated and unmaintainable; - on-the-fly C code generation and further runtime compilation, which is what BCC uses and allows to do pretty simply. The big downside is a very heavy-weight Clang/LLVM dependency and inefficient memory usage (due to many BPF program clones and the compilation process itself); - in some cases (kprobes and sometimes uprobes) it's possible to do function IP lookup to get function-specific configuration. This doesn't work for all the cases (e.g., when attaching uprobes to shared libraries) and has higher runtime overhead and additional programming complexity due to BPF_MAP_TYPE_HASHMAP lookups. Up until recently, before bpf_get_func_ip() BPF helper was added, it was also very complicated and unstable (API-wise) to get traced function's IP from fentry/fexit and kretprobe. With libbpf and BPF CO-RE, runtime compilation is not an option, so to be able to build generic tracing tooling simply and efficiently, ability to provide additional user context value for each *attachment* (as opposed to each BPF program) is extremely important. Two immediate users of this functionality are going to be libbpf-based USDT library (currently in development) and retsnoop ([0]), but I'm sure more applications will come once users get this feature in their kernels. To achieve above described, all perf_event-based BPF hooks are made available through a new BPF_LINK_TYPE_PERF_EVENT BPF link, which allows to use common LINK_CREATE command for program attachments and generally brings perf_event-based attachments into a common BPF link infrastructure. With that, LINK_CREATE gets ability to pass throught user_ctx value during link creation (BPF program attachment) time. bpf_get_user_ctx() BPF helper is added to allow fetching this value at runtime from BPF program side. user_ctx is stored either on struct perf_event itself and fetched from the BPF program context, or is passed through ambient BPF run context, added in c7603cfa04e7 ("bpf: Add ambient BPF runtime context stored in current"). On the libbpf side of things, BPF perf link is utilized whenever is supported by the kernel instead of using PERF_EVENT_IOC_SET_BPF ioctl on perf_event FD. All the tracing attach APIs are extended with OPTS and user_ctx is passed through corresponding opts structs. Last part of the patch set adds few self-tests utilizing new APIs. There are also a few refactorings along the way to make things cleaner and easier to work with, both in kernel (BPF_PROG_RUN and BPF_PROG_RUN_ARRAY), and throughout libbpf and selftests. Follow-up patches will extend user_ctx to fentry/fexit programs. [0] https://github.com/anakryiko/retsnoop Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx> # for perf_event changes v1->v2: - fix build failures on non-x86 arches by gating on CONFIG_PERF_EVENTS. Andrii Nakryiko (14): bpf: refactor BPF_PROG_RUN into a function bpf: refactor BPF_PROG_RUN_ARRAY family of macros into functions bpf: refactor perf_event_set_bpf_prog() to use struct bpf_prog input bpf: implement minimal BPF perf link bpf: allow to specify user-provided context value for BPF perf links bpf: add bpf_get_user_ctx() BPF helper to access user_ctx value libbpf: re-build libbpf.so when libbpf.map changes libbpf: remove unused bpf_link's destroy operation, but add dealloc libbpf: use BPF perf link when supported by kernel libbpf: add user_ctx support to bpf_link_create() API libbpf: add user_ctx to perf_event, kprobe, uprobe, and tp attach APIs selftests/bpf: test low-level perf BPF link API selftests/bpf: extract uprobe-related helpers into trace_helpers.{c,h} selftests/bpf: add user_ctx selftests for high-level APIs drivers/media/rc/bpf-lirc.c | 4 +- include/linux/bpf.h | 206 ++++++++------ include/linux/bpf_types.h | 3 + include/linux/filter.h | 63 +++-- include/linux/perf_event.h | 1 + include/linux/trace_events.h | 7 +- include/uapi/linux/bpf.h | 25 ++ kernel/bpf/cgroup.c | 32 +-- kernel/bpf/core.c | 29 +- kernel/bpf/syscall.c | 105 +++++++- kernel/events/core.c | 72 ++--- kernel/trace/bpf_trace.c | 45 +++- tools/include/uapi/linux/bpf.h | 25 ++ tools/lib/bpf/Makefile | 10 +- tools/lib/bpf/bpf.c | 32 ++- tools/lib/bpf/bpf.h | 8 +- tools/lib/bpf/libbpf.c | 196 +++++++++++--- tools/lib/bpf/libbpf.h | 71 ++++- tools/lib/bpf/libbpf.map | 3 + tools/lib/bpf/libbpf_internal.h | 32 ++- .../selftests/bpf/prog_tests/attach_probe.c | 61 +---- .../selftests/bpf/prog_tests/perf_link.c | 89 ++++++ .../selftests/bpf/prog_tests/user_ctx.c | 254 ++++++++++++++++++ .../selftests/bpf/progs/test_perf_link.c | 16 ++ .../selftests/bpf/progs/test_user_ctx.c | 85 ++++++ tools/testing/selftests/bpf/trace_helpers.c | 66 +++++ tools/testing/selftests/bpf/trace_helpers.h | 3 + 27 files changed, 1230 insertions(+), 313 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/perf_link.c create mode 100644 tools/testing/selftests/bpf/prog_tests/user_ctx.c create mode 100644 tools/testing/selftests/bpf/progs/test_perf_link.c create mode 100644 tools/testing/selftests/bpf/progs/test_user_ctx.c -- 2.30.2