On 07/14, Andrii Nakryiko wrote:
Add SEC("ksyscall")/SEC("kretsyscall") sections and corresponding
bpf_program__attach_ksyscall() API that simplifies tracing kernel syscalls
through kprobe mechanism. Kprobing syscalls isn't trivial due to varying
syscall handler names in the kernel and various ways syscall argument are
passed, depending on kernel architecture and configuration.
SEC("ksyscall")
allows user to not care about such details and just get access to syscall
input arguments, while libbpf takes care of necessary feature detection
logic.
There are still more quirks that are not straightforward to hide
completely
(see comments about mmap(), clone() and compat syscalls), so in such more
advanced scenarios user might need to fall back to plain SEC("kprobe")
approach, but for absolute majority of users SEC("ksyscall") is a big
improvement.
As part of this patch set libbpf adds two more virtual __kconfig externs,
in
addition to existing LINUX_KERNEL_VERSION: LINUX_HAS_BPF_COOKIE and
LINUX_HAS_SYSCALL_WRAPPER, which let's libbpf-provided BPF-side code
minimize
external dependencies and assumptions and let's user-space part of libbpf
to
perform all the feature detection logic. This benefits USDT support code,
which now doesn't depend on BPF CO-RE for its functionality.
v1->v2:
- normalize extern variable-related warn and debug message formats
(Alan);
For the series:
Reviewed-by: Stanislav Fomichev <sdf@xxxxxxxxxx>
rfc->v1:
- drop dependency on kallsyms and speed up SYSCALL_WRAPPER detection
(Alexei);
- drop dependency on /proc/config.gz in bpf_tracing.h (Yaniv);
- add doc comment and ephasize mmap(), clone() and compat quirks that
are
not supported (Ilya);
- use mechanism similar to LINUX_KERNEL_VERSION to also improve USDT
code.
Andrii Nakryiko (5):
libbpf: generalize virtual __kconfig externs and use it for USDT
selftests/bpf: add test of __weak unknown virtual __kconfig extern
libbpf: improve BPF_KPROBE_SYSCALL macro and rename it to BPF_KSYSCALL
libbpf: add ksyscall/kretsyscall sections support for syscall kprobes
selftests/bpf: use BPF_KSYSCALL and SEC("ksyscall") in selftests
tools/lib/bpf/bpf_tracing.h | 51 +++--
tools/lib/bpf/libbpf.c | 214 ++++++++++++++----
tools/lib/bpf/libbpf.h | 46 ++++
tools/lib/bpf/libbpf.map | 1 +
tools/lib/bpf/libbpf_internal.h | 2 +
tools/lib/bpf/usdt.bpf.h | 16 +-
.../selftests/bpf/prog_tests/core_extern.c | 17 +-
.../selftests/bpf/progs/bpf_syscall_macro.c | 6 +-
.../selftests/bpf/progs/test_attach_probe.c | 15 +-
.../selftests/bpf/progs/test_core_extern.c | 3 +
.../selftests/bpf/progs/test_probe_user.c | 27 +--
11 files changed, 289 insertions(+), 109 deletions(-)
--
2.30.2
