bpf: Support ->show_fdinfo and ->fill_link_info for kprobe prog #5129
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![kernel-patches-daemon-bpf[bot]](https://avatars.githubusercontent.com/u/70728002?s=60&v=4){kind=small}
Currently, there is no way to check which functions are attached to a
kprobe_multi link, causing confusion for users. It is important that we
provide a means to expose these functions. The expected result is as follows,
$ cat /proc/10936/fdinfo/9
pos: 0
flags: 02000000
mnt_id: 15
ino: 2094
link_type: kprobe_multi
link_id: 2
prog_tag: a04f5eef06a7f555
prog_id: 11
func_count: 4
func_addrs: ffffffffaad475c0
ffffffffaad47600
ffffffffaad47640
ffffffffaad47680
$ cat /proc/10936/fdinfo/9 | grep "func_addrs" -A 4 | \
awk '{ if (NR ==1) {print $2} else {print $1}}' | \
awk '{"grep " $1 " /proc/kallsyms"| getline f; print f}'
ffffffffaad475c0 T schedule_timeout_interruptible
ffffffffaad47600 T schedule_timeout_killable
ffffffffaad47640 T schedule_timeout_uninterruptible
ffffffffaad47680 T schedule_timeout_idle
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
By adding support for ->fill_link_info to the kprobe_multi link, users will be able to inspect it using `bpftool link show`. This enhancement will expose both the count of probed functions and their respective addresses to the user. Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Show the already expose kprobe_multi link info in bpftool. The result as
follows,
$ bpftool link show
2: kprobe_multi prog 11
func_cnt 4 addrs ffffffffaad475c0 ffffffffaad47600
ffffffffaad47640 ffffffffaad47680
pids trace(10936)
$ bpftool link show -j
[{"id":1,"type":"perf_event","prog_id":5,"bpf_cookie":0,"pids":[{"pid":10658,"comm":"trace"}]},{"id":2,"type":"kprobe_multi","prog_id":11,"func_cnt":4,"addrs":[18446744072280634816,18446744072280634880,18446744072280634944,18446744072280635008],"pids":[{"pid":10936,"comm":"trace"}]},{"id":120,"type":"iter","prog_id":266,"target_name":"bpf_map"},{"id":121,"type":"iter","prog_id":267,"target_name":"bpf_prog"}]
$ bpftool link show | grep -A 1 "func_cnt" | \
awk '{if (NR == 1) {print $4; print $5;} else {print $1; print $2} }' | \
awk '{"grep " $1 " /proc/kallsyms" | getline f; print f;}'
ffffffffaad475c0 T schedule_timeout_interruptible
ffffffffaad47600 T schedule_timeout_killable
ffffffffaad47640 T schedule_timeout_uninterruptible
ffffffffaad47680 T schedule_timeout_idle
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Since different symbols can share the same name, it is insufficient to only expose the symbol name. It is essential to also expose the symbol address so that users can accurately identify which one is being probed. Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
By adding support for ->show_fdinfo to the perf_event link, users will be able to examine it through the task's fdinfo. The expected result is as follows: $ cat /proc/9637/fdinfo/11 pos: 0 flags: 02000000 mnt_id: 15 ino: 2094 link_type: perf link_id: 1 prog_tag: a04f5eef06a7f555 prog_id: 5 func: kernel_clone addr: ffffffff8d0bc310 offset: 0 Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Add a common helper bpf_copy_to_user(), which will be used at multiple places. Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
By adding support for ->fill_link_info to the perf_event link, users will be able to inspect it using `bpftool link show`. While users can currently access this information via `bpftool perf show`, consolidating the link information for all link types in one place would be more convenient. Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Show the exposed perf_event link info in bpftool. The result as follows,
$ bpftool link show
1: perf_event prog 5
func kernel_clone addr ffffffffb40bc310 offset 0
bpf_cookie 0
pids trace(9726)
$ bpftool link show -j
[{"id":1,"type":"perf_event","prog_id":5,"func":"kernel_clone","addr":18446744072435254032,"offset":0,"bpf_cookie":0,"pids":[{"pid":9726,"comm":"trace"}]}]
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
|
Upstream branch: 4266f41 |
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=751666 expired. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: Support ->show_fdinfo and ->fill_link_info for kprobe prog
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=751666