Add support for freplace programs

[zeffron]

Test base program, extension program, loader, and associated vmlinux.h can be found in this gist

Key changes:

• FreplaceLink and associated AttachFreplace are added to the link package
• A BTF id is now returned with Program.Info
• btf.Specs can be constructed from loaded BTF
• There were some syscall things I needed to reimplement in the btf package because they’re implemented in the ebpf package and I couldn’t create an import cycle.
• AttachTarget was added to ProgramSpec as extension programs need to specify both the file handle of the intended (or a template) attach program and provide the name of the function to attach so BTF ID can be located.

[ti-mo]

Thank you! This change should probably be broken up into smaller PRs so they can be reviewed separately. (for example, the new APIs in internal/btf: NewProgram, *Handle* etc.)

[...] I couldn’t create an import cycle. I’d like to lift those into internal. (In fact, I wonder if all non-exported, non-specific use-case syscall wrappers should maybe be lifted into internal.

Agreed, this will be necessary for #235 as well and should also go into a separate PR. Perhaps this should be left to @lmb, but not sure about his current time budget.

I'll mark this as a draft for now.

[lmb]

Thanks for investing so much work already :) Here are my takeaways:

• Freplace itself seems not too complicated. The worst bit is that we need a BTF ID to attach to. We don't have a good way of specifying that right now.
• The current code has problems with resource ownership / lifetime management. ProgramInfo mustn't contain *btf.Handle. We shouldn't use a plain int for AttachTarget.
• We can drop the feature test and with that BTF writing. It's nice if a user gets a decent error, but the cost of maintaining BTF writing isn't worth it.

[lmb]

We should keep stringTable a read-only structure and add a stringTableBuilder instead. We only need to modify it when building BTF on the fly, which is rare.

[zeffron]

Will keep in mind for a future PR to reintroduce this functionality, but, as discussed, this is not needed for the functionality this PR is trying to introduce so it has been removed.

[lmb]

Not necessary I think.

[zeffron]

I could make a function that goes directly from ID to Spec, but it seemed likely that once the BTF library is exported that there will be desire for going from a BTF ID to a Handle in other use cases as well.

[lmb]

It's been a while, but I think I meant the call to haveBTF is probably superfluous here.

[zeffron]

Ah, yes. I think I had that for when it was possible to construct BTF specs from a consumer of the library (when I had all of the type changes) since this could have been the first entry to BTF in the kernel in that case. It is not needed now that all of that is gone. Will remove.

[zeffron]

Addressed in b87cf4a

[lmb]

can this call loadNakedSpec instead?

[zeffron]

Ah, maybe! I saw that loadNakedSpec took section information. Didn't realize it was valid to pass nil for that.

[zeffron]

Addressed in 3df3789

[zeffron]

My apologies for having to put this down for so long. I appreciate all of the excellent feedback and am going through it now.

[zeffron]

PR updated. Original version is maintained at zeffron/freplace.old in my fork for reference for the BTF types code.
I've left this as a draft as I believe there's still some polishing work to be done. Also because it needs unit tests.

[zeffron]

I believe the TestLibBPFCompat/test_trace_ext.o is failing because the 5.10 kernel does not have freplace support. Without the probe, I could use internal.KernelVersion() to check for the minimum kernel version, but it does seem like feature probes are preferred. Thoughts?

[zeffron]

Ah. I misunderstood the failure situation. They weren't failing the attach, they were failing the load because they require a second program to be attached to. I'll have to figure out how to update the unit tests for that.

[zeffron]

And I misunderstood again. Those object files wouldn't be there if they couldn't be loaded, so the kernel version isn't the issue. Which means it's just the missing attach target part that needs to be worked out.

[lmb]

This is the same logic as in resolveBTFType? What happens if the name (and ultimately the BTF ID) here is different than what was passed at load time? It's a shame that we need this twice.

[zeffron]

This prompted me to go through a deeper dive on how libbpf and the kernel handles this. I think there's a way to avoid this duplicate execution in the common case (but not the duplicate code). I should have an updated PR sometime this week.

[zeffron]

To answer your question more specifically, it looks like libbpf and the kernel optionally only actually do this lookup once. If it's done at load time, it gets cached on the kernel program object. If the at link time, no program and function name are provided, then the cached values are used. If a program and function name are provided, they override the cached values (in which case the name and program provided at load time are completely wasted). As long as the final target function (supplied at load time or link time) has a matching signature to the extension function, the link is successfully created.

[zeffron]

Agreed that it's a shame to need it twice. We could potentially create a function to get BTF from a program and put it into a package that's accessible from both link and ebpf. Maybe put it into the btf package?

[zeffron]

Just re-discovered that extension programs MUST provide attachment information at load time. It can still be overridden at link time (this allows replacing two different functions with the same program, for example).

[lmb]

This should be btf.TypeID I think.

[zeffron]

Why make this a btf.TypeID instead of a btf.Type? Other fields here use the Go native type instead of the ID, such as Program.
(The comment about it being 0 is incorrect based on current implementation. It should have said nil, but I think it also doesn't need to be said.)

[lmb]

My thinking was this (if I remember correctly): most of the code we have constructs a *Func to pass here, only for the Go type to be discarded. To look at it another way: since this is a low-level interface (hence the Raw in the name) it's better to stay close to the kernel interface.

[lmb]

I think this is looking really good! Left some nits, the only open question for me is the behaviour of CO-RE relocations as mentioned in one of the comments.

[lmb]

I think this else if branch needs to move into spec.AttachTo != "".

• opts.TargetBTF specifies the location of the vmlinux BTF (for environments where that isn't available from a convenient location)
• Even if opts.TargetBTF is specified, we need to use spec.AttachTarget to resolve the type ID for freplace programs.

targetBTF = nil
if opts.TargetBTF {
    targetBTF = ...
}

if spec.BTF {
    btf.ProgramFixups(spec.BTF, targetBTF)
}

if spec.AttachTo {
    if spec.AttachTarget {
        targetBTF = ...
    }
    resolveBTFType(targetBTF)
}

1. btf.ProgramFixups is always invoked with the kernel BTF or nil
2. resolveBTFType is invoked with the kernel BTF, the AttachTarget BTF or nil

The implication is that freplace programs are CO-RE relocated against the kernel, not against the program they are attaching to. Is that the correct behaviour?

[lmb]

Thank you for your hard work, and sorry the review took so long!

[zeffron]

Thank you for the quality review. I think we ended up in a pretty good place. 😀