Re: [PATCH bpf-next] bpf: Add bpf_read_raw_record() helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Aug 23, 2022, at 2:03 PM, Namhyung Kim <namhyung@xxxxxxxxxx> wrote:
> 
> The helper is for BPF programs attached to perf_event in order to read
> event-specific raw data.  I followed the convention of the
> bpf_read_branch_records() helper so that it can tell the size of
> record using BPF_F_GET_RAW_RECORD flag.
> 
> The use case is to filter perf event samples based on the HW provided
> data which have more detailed information about the sample.
> 
> Note that it only reads the first fragment of the raw record.  But it
> seems mostly ok since all the existing PMU raw data have only single
> fragment and the multi-fragment records are only for BPF output attached
> to sockets.  So unless it's used with such an extreme case, it'd work
> for most of tracing use cases.
> 
> Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxxx>
> ---
> I don't know how to test this.  As the raw data is available on some
> hardware PMU only (e.g. AMD IBS).  I tried a tracepoint event but it was
> rejected by the verifier.  Actually it needs a bpf_perf_event_data
> context so that's not an option IIUC.

Can we add a software event that generates raw data for testing? 

Thanks,
Song


> 
> include/uapi/linux/bpf.h | 23 ++++++++++++++++++++++
> kernel/trace/bpf_trace.c | 41 ++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 64 insertions(+)
> 
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 934a2a8beb87..af7f70564819 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -5355,6 +5355,23 @@ union bpf_attr {
>  *	Return
>  *		Current *ktime*.
>  *
> + * long bpf_read_raw_record(struct bpf_perf_event_data *ctx, void *buf, u32 size, u64 flags)
> + *	Description
> + *		For an eBPF program attached to a perf event, retrieve the
> + *		raw record associated to *ctx* and store it in the buffer
> + *		pointed by *buf* up to size *size* bytes.
> + *	Return
> + *		On success, number of bytes written to *buf*. On error, a
> + *		negative value.
> + *
> + *		The *flags* can be set to **BPF_F_GET_RAW_RECORD_SIZE** to
> + *		instead return the number of bytes required to store the raw
> + *		record. If this flag is set, *buf* may be NULL.
> + *
> + *		**-EINVAL** if arguments invalid or **size** not a multiple
> + *		of **sizeof**\ (u64\ ).
> + *
> + *		**-ENOENT** if the event does not have raw records.
>  */
> #define __BPF_FUNC_MAPPER(FN)		\
> 	FN(unspec),			\
> @@ -5566,6 +5583,7 @@ union bpf_attr {
> 	FN(tcp_raw_check_syncookie_ipv4),	\
> 	FN(tcp_raw_check_syncookie_ipv6),	\
> 	FN(ktime_get_tai_ns),		\
> +	FN(read_raw_record),		\
> 	/* */
> 
> /* integer value in 'imm' field of BPF_CALL instruction selects which helper
> @@ -5749,6 +5767,11 @@ enum {
> 	BPF_F_EXCLUDE_INGRESS	= (1ULL << 4),
> };
> 
> +/* BPF_FUNC_read_raw_record flags. */
> +enum {
> +	BPF_F_GET_RAW_RECORD_SIZE	= (1ULL << 0),
> +};
> +
> #define __bpf_md_ptr(type, name)	\
> union {					\
> 	type name;			\
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 68e5cdd24cef..db172b12e5f8 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -20,6 +20,7 @@
> #include <linux/fprobe.h>
> #include <linux/bsearch.h>
> #include <linux/sort.h>
> +#include <linux/perf_event.h>
> 
> #include <net/bpf_sk_storage.h>
> 
> @@ -1532,6 +1533,44 @@ static const struct bpf_func_proto bpf_read_branch_records_proto = {
> 	.arg4_type      = ARG_ANYTHING,
> };
> 
> +BPF_CALL_4(bpf_read_raw_record, struct bpf_perf_event_data_kern *, ctx,
> +	   void *, buf, u32, size, u64, flags)
> +{
> +	struct perf_raw_record *raw = ctx->data->raw;
> +	struct perf_raw_frag *frag;
> +	u32 to_copy;
> +
> +	if (unlikely(flags & ~BPF_F_GET_RAW_RECORD_SIZE))
> +		return -EINVAL;
> +
> +	if (unlikely(!raw))
> +		return -ENOENT;
> +
> +	if (flags & BPF_F_GET_RAW_RECORD_SIZE)
> +		return raw->size;
> +
> +	if (!buf || (size % sizeof(u32) != 0))
> +		return -EINVAL;
> +
> +	frag = &raw->frag;
> +	WARN_ON_ONCE(!perf_raw_frag_last(frag));
> +
> +	to_copy = min_t(u32, frag->size, size);
> +	memcpy(buf, frag->data, to_copy);
> +
> +	return to_copy;
> +}
> +
> +static const struct bpf_func_proto bpf_read_raw_record_proto = {
> +	.func           = bpf_read_raw_record,
> +	.gpl_only       = true,
> +	.ret_type       = RET_INTEGER,
> +	.arg1_type      = ARG_PTR_TO_CTX,
> +	.arg2_type      = ARG_PTR_TO_MEM_OR_NULL,
> +	.arg3_type      = ARG_CONST_SIZE_OR_ZERO,
> +	.arg4_type      = ARG_ANYTHING,
> +};
> +
> static const struct bpf_func_proto *
> pe_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> {
> @@ -1548,6 +1587,8 @@ pe_prog_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> 		return &bpf_read_branch_records_proto;
> 	case BPF_FUNC_get_attach_cookie:
> 		return &bpf_get_attach_cookie_proto_pe;
> +	case BPF_FUNC_read_raw_record:
> +		return &bpf_read_raw_record_proto;
> 	default:
> 		return bpf_tracing_func_proto(func_id, prog);
> 	}
> -- 
> 2.37.2.609.g9ff673ca1a-goog
> 




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux