Add BTF type finder #162
Add BTF type finder #162
Conversation
Add btf.h copied from linux 5.17. Also, add btf.c which contains my own implementation of indexing BTF types using the btf.h definitions. Add a drgn type finder which currently has only a definition for integer types. Integrate it all with a Python binding to add BTF definitions given their address (__start_BTF, __end_BTF).
There's a lot here. If I was really composing a nice branch this would be several commits: refactor the type handler to use integers, add qualifiers, etc. But for now, this is good enough.
It seems bit_field_size should only be set for integers. Further, types like const, restrict, volatile, and typedef should be skipped past to get to their concrete integer type. Create an improved function for determining bit_field_size and fix up the compound type creation routine.
|
As part of this development process I've learned that, although BTF specifies a type kind for variable declarations, the kernel's BTF only includes information for percpu variables. This restriction seems to be hardcoded into the BTF encoder of For the purpose of using BTF as a fallback source of type information in a debugger, this seriously limits its utility. |
|
I'm closing this out -- the amount of functionality I want to add (BTF, kallsyms, and some odds and ends) is too big for a single pull request, and the work in this draft is outdated. I'll be sending PRs for individual parts of this. |
This is an early (ugly) draft of a type finder based on BTF! I'm hoping to get some advice on direction if possible, and once we have an idea of where to take this, I can clean up the branch into logical changes and we can move it out of the draft state.
Currently, this supports the basics:
It is missing:
The way I've been able to exercise the functionality is by adding
prog.add_btf_info(address, bytes), which will read the data from the program memory and interpret it as BTF, registering the type finder. So right now, I'm able to load a normal vmcore with debuginfo, get the addresses of__start_BTFand__stop_BTFsymbols, and then run drgn again without the debuginfo, callingprog.add_btf_info(__start_BTF, __stop_BTF - __start_BTF).I've tested it on some large/interesting structs within the kernel (
task_struct,dentry,dentry_operations,inode), by runningprint(prog.type("...")). They all look correct to me.I have a few specific questions (corresponding with TODOs or other outlined issues in comments):
may not be fully up-to-date. So I grabbed a copy from linux 5.17. The license
identifier on <linux/btf.h> is GPLv2, is this an issue for inclusion?
that in drgn?
there any good way to create such a type without relying on the language's
name? This is for inclusion in the "compatible_type" field of the enum.
However, the biggest question I have is if you can recommend a direction for
me to go next? For the most part, this has been an "automatic" process of
reading and implementing the BTF spec, while also learning the drgn type system.
Now that a large chunk of this is complete, I'm unsure how to integrate this
module with the rest of drgn. Should the BTF registry have a pointer in
prog.dbinfo?Using the BTF integration automatically seems to be a ways off. After all, we
still need kallsyms support, and at least a few new symbols in the vmcoreinfo
note to help us find the kallsyms in the vmcore. Without both pieces, the BTF
code is pretty unhelpful. To find the BTF information, you need a symbol table,
and if you have that you probably have DWARF info too. Plus, even if you find
the BTF information, you'll still want the symbol table so you can find data
structures to analyze with the BTF types. So would the best way forward right
now be to expose this as some sort of Python interface (cleaned up from what I
have here)?