Re: [PATCH v2 bpf-next 0/5] Add SEC("ksyscall") support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/14, Andrii Nakryiko wrote:
Add SEC("ksyscall")/SEC("kretsyscall") sections and corresponding
bpf_program__attach_ksyscall() API that simplifies tracing kernel syscalls
through kprobe mechanism. Kprobing syscalls isn't trivial due to varying
syscall handler names in the kernel and various ways syscall argument are
passed, depending on kernel architecture and configuration. SEC("ksyscall")
allows user to not care about such details and just get access to syscall
input arguments, while libbpf takes care of necessary feature detection logic.

There are still more quirks that are not straightforward to hide completely
(see comments about mmap(), clone() and compat syscalls), so in such more
advanced scenarios user might need to fall back to plain SEC("kprobe")
approach, but for absolute majority of users SEC("ksyscall") is a big
improvement.

As part of this patch set libbpf adds two more virtual __kconfig externs, in
addition to existing LINUX_KERNEL_VERSION: LINUX_HAS_BPF_COOKIE and
LINUX_HAS_SYSCALL_WRAPPER, which let's libbpf-provided BPF-side code minimize external dependencies and assumptions and let's user-space part of libbpf to
perform all the feature detection logic. This benefits USDT support code,
which now doesn't depend on BPF CO-RE for its functionality.

v1->v2:
- normalize extern variable-related warn and debug message formats (Alan);

For the series:

Reviewed-by: Stanislav Fomichev <sdf@xxxxxxxxxx>

rfc->v1:
- drop dependency on kallsyms and speed up SYSCALL_WRAPPER detection (Alexei);
   - drop dependency on /proc/config.gz in bpf_tracing.h (Yaniv);
- add doc comment and ephasize mmap(), clone() and compat quirks that are
     not supported (Ilya);
- use mechanism similar to LINUX_KERNEL_VERSION to also improve USDT code.

Andrii Nakryiko (5):
   libbpf: generalize virtual __kconfig externs and use it for USDT
   selftests/bpf: add test of __weak unknown virtual __kconfig extern
   libbpf: improve BPF_KPROBE_SYSCALL macro and rename it to BPF_KSYSCALL
   libbpf: add ksyscall/kretsyscall sections support for syscall kprobes
   selftests/bpf: use BPF_KSYSCALL and SEC("ksyscall") in selftests

  tools/lib/bpf/bpf_tracing.h                   |  51 +++--
  tools/lib/bpf/libbpf.c                        | 214 ++++++++++++++----
  tools/lib/bpf/libbpf.h                        |  46 ++++
  tools/lib/bpf/libbpf.map                      |   1 +
  tools/lib/bpf/libbpf_internal.h               |   2 +
  tools/lib/bpf/usdt.bpf.h                      |  16 +-
  .../selftests/bpf/prog_tests/core_extern.c    |  17 +-
  .../selftests/bpf/progs/bpf_syscall_macro.c   |   6 +-
  .../selftests/bpf/progs/test_attach_probe.c   |  15 +-
  .../selftests/bpf/progs/test_core_extern.c    |   3 +
  .../selftests/bpf/progs/test_probe_user.c     |  27 +--
  11 files changed, 289 insertions(+), 109 deletions(-)

--
2.30.2




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux