BPF: Add helpers for BPF links and BTF objects, update tools/ script to work with Linux 5.10+#152
BPF: Add helpers for BPF links and BTF objects, update tools/ script to work with Linux 5.10+#152qmonnet wants to merge 2 commits intoosandov:mainfrom
Conversation
osandov
left a comment
osandov
left a comment
There was a problem hiding this comment.
Thanks for the fix! I left a few minor comments.
(This is a good reminder that the BPF helpers need unit tests so that we catch version breakages, but that's for another PR.)
qmonnet
force-pushed
the
pr/bpf-updates
branch
from
77adcb9 to
7008d74
Compare
|
Thanks a lot for the feedback and review, and apologies for the delay. I'm still working on this PR. I fixed the issues you reported some time ago, but so far I've been unable to find the time to test the latest changes properly. I'm pushing my code anyway but marking as draft, until I get a chance to check that it works correctly. |
|
Hi @qmonnet, I'm catching up on my backlog of PRs and I'm revisiting this one. I just merged the first commit from this PR adding the For the second commit fixing For the third commit, do the |
Thanks a lot! Sorry for failing to follow-up here. The new tests look neat!
I wanted to make sure that printing trampolines/target programs would still work as expected on “all” kernel versions. We've got 3 cases after this patch: pre-5.5, 5.5 <= x < 5.10, and >= 5.10. I tested the last case (with 5.15) on my laptop and created a VM to try the first case (5.4), but I never found the time to create a second VM to test the remaining case. Although, given that we have not changed how the script behaves for kernels < 5.10 and that it works as expected on 5.4, I wouldn't expect too many bad surprises and maybe we're good to (rebase and) merge this change. It would probably be a good idea to have a test with showing programs with the helper, and checking the target program when used with a trampoline. I haven't dug enough yet to check if you had this already, or to check how you are running your CI. Do you cover several kernel versions?
The listing from Obviously that's your call. If you prefer to leave them aside, I guess we could skip that patch. |
Since Linux 5.10 and commit 3aac1ead5eb6 ("bpf: Move
prog->aux->linked_prog and trampoline into bpf_link on attach"), the
kernel "struct bpf_prog_aux" no longer has a "trampoline" attribute.
Instead, it got a "dst_trampoline" attribute, but the latter cannot be
used as a drop-in remplacement, because the reference from the tracing
program to the target is removed after attaching (and this pointer is
NULL).
To retrieve the target program, we must instead loop on the existing
links, find their parent "struct bpf_tracing_link" object, and get the
target program from there. Let's adjust the script accordingly, but keep
compatibility for older kernels too.
Signed-off-by: Quentin Monnet <quentin@isovalent.com>
|
[Rebased on current |
Add two commands to the BPF script, "b" and "l", to list the BTF objects and the BPF link (respectively) loaded on the system. These commands make use of the recently introduced helpers for iterating over those objects. Older kernels do not have eBPF links, so make sure we handle the lookup exception properly. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
Yup, the CI tests a bunch of kernel versions: https://github.com/osandov/drgn/blob/main/setup.py#L134. The design is documented here: https://github.com/osandov/drgn/tree/main/vmtest. drgn's test suite doesn't have any test cases for tools yet, so that's something I'd like to figure out. If you can give me an example of how to create some BPF trampolines (perhaps with |
Thanks for the pointers
I don't have a minimal example to point you to :/ and it seems to be a bit more involved. All examples I can think of are using libbpf (usually with BPF skeletons). For testing here on my side, I ran profiled an eBPF program (any should do) with bpftool ( I think that in libbpf, it calls |
2 participants
bpf_prog.aux.member_("trampoline")is no longer available starting from kernel 5.10, and the BPF tool script fails to display the linked functions properly on new systems. This PR fixes the issue by retrieving the link and tracing link associated to the program, to access the target.Since we need to iterate over BPF links to do that, add the relevant iterator; and do one for BTF links as well, since they're all pretty similar. Update the BPF tool script so it can use new those iterators to list links and BTF objects.
Please refer to individual commit descriptions for more details.