From 6a38917d36414b64e29f6d992b1b0511a5b342db Mon Sep 17 00:00:00 2001
From: Timo Beckers <timo@isovalent.com>
Date: Wed, 30 Mar 2022 11:50:36 +0200
Subject: [PATCH] examples: fentry - add comments to illustrate difference with
 tcprtt

The tcprtt example was added recently, which relies on CO-RE information
to work across different kernel versions. fentry, on the other hand, will
break if structs change in the running kernel, so document this fact.

Replaced unused fields with padding and addressed some nits.

Signed-off-by: Timo Beckers <timo@isovalent.com>
---
 examples/fentry/bpf_bpfeb.o | Bin 3512 -> 3496 bytes
 examples/fentry/bpf_bpfel.o | Bin 3520 -> 3504 bytes
 examples/fentry/fentry.c    |  35 +++++++++++++++++++++++++++++------
 3 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/examples/fentry/bpf_bpfeb.o b/examples/fentry/bpf_bpfeb.o
index 9e1a3a305da32b5562795b7a71a0d46fb673d5d1..e111a042a17fca02edba2dc480333b303a25908e 100644
GIT binary patch
delta 800
zcmYk4&r2Io5XWa;T$5}Xf23{Hu1G`=iUmFN&_k&R1;wUf588l2f<Ge!5gO4$AUSvt
z=^-$e+-ffpD3)pt_SW2bDG1`B^wg_R`X@-gv-<)Wm^YvA%)GZdZ}*#5_o|aTb}`k>
z(KL}!|J|75AugM@9YhWh4I=jr@i81`R<R`E74RBjKfDUgBM!h%!Mm25;9>*<_7Hqv
z`4PCpL0*HO4h34*1eJ;KeCk2tiQUu(uG&q;);`)AUdWtTegZzX?13A0kDix;Zgv4+
zIGa#1Kf3+s=P;~q5uN&HTfv^^ztBzNLukcBv)RJV`sVKYP5I}XFv&sZLYbfGm1*-f
z{1fqWy()cDOLv0x%2Zzyr{joof#wA9qShC!9wp9=f-`M80nS;yOuV7>d`p*+(1tym
zI3mt#!(p4&dd2EX;sU+}9k*$%SFOGyF6vd+18q{oCDqM9Q;~v!A$^my+bg%>KHitV
z;n{)Ly}>WkDr?kvmn0pT7=8-UX*=LB^9qY{ORqL+ku5gatlUS(WzwB@^w$f?jGJ_$
zpMh#6Id!i%BbnF;zmZbxyQ8zS-^5dX3pp?4kLz(kUc@}kOYOll@5wK$HR+E}b6qO2
Uq<nGX&IbC8ZZ+YrQj4el1CCl?00000

delta 822
zcmYjPKS&#46o2naE_b;zHMTXep4Jo{DirGIP;d}2rM4AB5giN;R*IBhTM#=Wln$Xo
zIe2r61qZ>!m_eu3rBF(tjt(7Nx^-}H^!M(*10TG5zd!HY_vdaeJPxCWJl-Db=KLa&
z(LC!^`7Sqze2U{HwC7nO2W$X%9<`KMW(l>7Y(lT0-a$sdYpDIm9pDX%Pk=W)5X5cZ
zw-)yTZ*!t+iRBE|PvaH<)~6yGTXv`q_>&zn*86NdY{=|d90KoKtebD!8GT;`{M!ux
z1l~=s%#ZH465WR|s15@2=2vPYJl1tXr=4bI*|;;0C#RmxP06|QQR=y;4LZ~7(uH3j
zzY_h`E7Mg{o&&}yV*ZEde*w6faK@Eis6T7@2yu1<7@tS`Svh*BX88iKr~Z1%8xXXi
zZiNrTUD~j9jjP|Z{E)baZ$hnWT>Z%Mf5d%y&3g$q72=BWlZ4Y7N)8MfhdlCo<hNVq
zcXIAd55De6exKCVs^^`9?n*Hz%ZgXLHx5Nlokb#yo?dav*E^B7#&Ve-&Dq-?@@HHk
z{RuPDc1wP~1E}#{BL9eMQVoXriEISlomWsfZsM`Hg`BFK`XRrR2SLbnX?0ETmi)wX
bN4&xWA4okY$rr!itfJrOsBw>_Rj6D6RNY~5

diff --git a/examples/fentry/bpf_bpfel.o b/examples/fentry/bpf_bpfel.o
index 56f2daa2940a5ef8262221aeffd2687bb248efdf..b85cb601a2cb3b4ddfd0a3b2a974a9dfdc6fd6fd 100644
GIT binary patch
delta 766
zcmYk4!D|yy5XNWL>^9kSwcVzTb;VXF#Da%{9y}RR1U)p;9@GlOO>2u0VksE0hd>hW
z)Kg?G=45;ECZyei-pox8g+gyF{sSJpc<wj5PuPL)&G&n=^LF2RI}8Rv?-nl{&Ig=Z
zvWQgYQI%(SeFfGg%3LR+XYiBA8f)-V$Q@_{{wi`0s>4qs??c<h58<2ei0lN0_r@3C
zTXJRvZ67WJjX`^+T7>T<o;7Lhv#IHuzZicF{;Tl;e3W?B^=6@A!k4w5p`T#nE3l-y
zLfoJ%#^Y2$SwovnqmP$fSh+B4ynea0{dP<K*?UaVb{@Cya@_d}PaQy0_c-qO&kk4*
zM)?HtmY5zH_VEqQGSjl*Iq+PKX*I<@xMujN);F2zDQ^3i*fA3y^np6lZi;<y$M6yA
zg$BpBq#va0gFl)2AF$PA8W^6%aab*;Uxu5=Ha46Jsk-Cxd!)ec<nPEs>Ett$<NCLl
z@JxOpE7{V`+sQq|_w1nZAjNuDYf(S@hOICZ$DOwq7Z<`iQgO?1NxE(^7v+-mT5{li
z<C;9rm$)k3{14ud%IFN=mvxK{spN~8>5rCqSI#i*%d}Uv2ilEwCS>4_@uqaWB7c{@
GSGoY#w_^(c

delta 763
zcmYk3ziU%b6vxkb&3k$8CC|p!*jJ6x2!+_K!NtjxO0j`fD@7?Cv^Z!eR;+Cyv_pa@
zSO;l6i;GafL2zl!prA+=L0xok$RIcu931=u{GQw^=EC=!@8_QT<8bd@p<UQM#pC;<
z1rFvNB2}j~!^7MlGr}18BBouU)N%OB@PoFv0H44&p+)$k$lK5j_+!Ys&@JoR@OR-c
z{5-<C^+(`0jAzy&gdsnjpfLcGf^yJ9yM74%v0bl8YtL*=dwF4f0sfWs+V{TktmhS>
z4~7rve!cf27`Y#oPG}(Vy3Kr%<-UZ!wI1|cb<)$-bCVb5Cgqp=Nb259qhlJriPg`c
z!5^lff9!#^Vdbw-^qXkPa*W%&KSZ;ZN5CT~ruiO@!Hbr!Xx(S3^>8D`#2q_vUl(MV
z>OCBTo0earp3iajhqNK(82r@M55Ue4)1KubUc@OfeX_iU>~;|T4>=nimhb62Z^}XX
zJg-XGPk2tMe(B^H^S<5x^RQ#KhxHF?tsQ@vpM;~4c~Y95m>9cuTFPNX#zU7EWF<_3
zcY(R=p6rBgxF*$1Nyhw?tYzNwZ7FAmc}gxJE=f6)a9y^t6>iFB#Fr9875A;~$4LXS
Q8|L`BtV9X7Wh*NE1t!pBkpKVy

diff --git a/examples/fentry/fentry.c b/examples/fentry/fentry.c
index 220bd1764..b08994cfa 100644
--- a/examples/fentry/fentry.c
+++ b/examples/fentry/fentry.c
@@ -8,8 +8,25 @@
 #define AF_INET 2
 #define TASK_COMM_LEN 16
 
-char LICENSE[] SEC("license") = "Dual MIT/GPL";
+char __license[] SEC("license") = "Dual MIT/GPL";
 
+/**
+ * This example copies parts of struct sock_common and struct sock from
+ * the Linux kernel, but doesn't cause any CO-RE information to be emitted
+ * into the ELF object. This requires the struct layout (up until the fields
+ * that are being accessed) to match the kernel's, and the example will break
+ * or misbehave when this is no longer the case.
+ *
+ * Also note that BTF-enabled programs like fentry, fexit, fmod_ret, tp_btf,
+ * lsm, etc. declared using the BPF_PROG macro can read kernel memory without
+ * needing to call bpf_probe_read*().
+ */
+
+/**
+ * struct sock_common reflects the start of the kernel's struct sock_common.
+ * It only contains the fields up until skc_family that are accessed in the
+ * program, with padding to match the kernel's declaration.
+ */
 struct sock_common {
 	union {
 		struct {
@@ -18,8 +35,8 @@ struct sock_common {
 		};
 	};
 	union {
-		unsigned int skc_hash;
-		__u16 skc_u16hashes[2];
+		// Padding out union skc_hash.
+		__u32 _;
 	};
 	union {
 		struct {
@@ -30,6 +47,9 @@ struct sock_common {
 	short unsigned int skc_family;
 };
 
+/**
+ * struct sock reflects the start of the kernel's struct sock.
+ */
 struct sock {
 	struct sock_common __sk_common;
 };
@@ -39,9 +59,11 @@ struct {
 	__uint(max_entries, 1 << 24);
 } events SEC(".maps");
 
-// Force emitting struct event into the ELF.
-const struct event *unused __attribute__((unused));
-
+/**
+ * The sample submitted to userspace over a ring buffer.
+ * Emit struct event's type info into the ELF's BTF so bpf2go
+ * can generate a Go type from it.
+ */
 struct event {
 	u8 comm[16];
 	__u16 sport;
@@ -49,6 +71,7 @@ struct event {
 	__be32 saddr;
 	__be32 daddr;
 };
+struct event *unused __attribute__((unused));
 
 SEC("fentry/tcp_connect")
 int BPF_PROG(tcp_connect, struct sock *sk) {