From: "Daniel T. Lee" <danieltimlee@gmail.com>
To: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>
Cc: Martin KaFai Lau <martin.lau@linux.dev>,
Song Liu <song@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Stanislav Fomichev <sdf@google.com>, Hao Luo <haoluo@google.com>,
Jiri Olsa <jolsa@kernel.org>, Jens Axboe <axboe@kernel.dk>,
Johannes Thumshirn <johannes.thumshirn@wdc.com>,
netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: [bpf-next 5/9] samples/bpf: make tracing programs to be more CO-RE centric
Date: Fri, 18 Aug 2023 18:01:15 +0900 [thread overview]
Message-ID: <20230818090119.477441-6-danieltimlee@gmail.com> (raw)
In-Reply-To: <20230818090119.477441-1-danieltimlee@gmail.com>
The existing tracing programs have been developed for a considerable
period of time and, as a result, do not properly incorporate the
features of the current libbpf, such as CO-RE. This is evident in
frequent usage of functions like PT_REGS* and the persistence of "hack"
methods using underscore-style bpf_probe_read_kernel from the past.
These programs are far behind the current level of libbpf and can
potentially confuse users. Therefore, this commit aims to convert the
outdated BPF programs to be more CO-RE centric.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
---
samples/bpf/offwaketime.bpf.c | 18 +++++-------------
samples/bpf/test_overhead_kprobe.bpf.c | 20 +++++++-------------
samples/bpf/tracex1.bpf.c | 17 +++++------------
samples/bpf/tracex5.bpf.c | 5 +++--
4 files changed, 20 insertions(+), 40 deletions(-)
diff --git a/samples/bpf/offwaketime.bpf.c b/samples/bpf/offwaketime.bpf.c
index 3200a0f44969..5f008f328836 100644
--- a/samples/bpf/offwaketime.bpf.c
+++ b/samples/bpf/offwaketime.bpf.c
@@ -8,18 +8,12 @@
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
#ifndef PERF_MAX_STACK_DEPTH
#define PERF_MAX_STACK_DEPTH 127
#endif
-#define _(P) \
- ({ \
- typeof(P) val; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
-
#define MINBLOCK_US 1
#define MAX_ENTRIES 10000
@@ -68,11 +62,9 @@ struct {
SEC("kprobe/try_to_wake_up")
int waker(struct pt_regs *ctx)
{
- struct task_struct *p = (void *) PT_REGS_PARM1(ctx);
+ struct task_struct *p = (void *)PT_REGS_PARM1_CORE(ctx);
+ u32 pid = BPF_CORE_READ(p, pid);
struct wokeby_t woke;
- u32 pid;
-
- pid = _(p->pid);
bpf_get_current_comm(&woke.name, sizeof(woke.name));
woke.ret = bpf_get_stackid(ctx, &stackmap, STACKID_FLAGS);
@@ -121,9 +113,9 @@ int oncpu(struct trace_event_raw_sched_switch *ctx)
SEC("kprobe.multi/finish_task_switch*")
int oncpu(struct pt_regs *ctx)
{
- struct task_struct *p = (void *) PT_REGS_PARM1(ctx);
+ struct task_struct *p = (void *)PT_REGS_PARM1_CORE(ctx);
/* record previous thread sleep time */
- u32 pid = _(p->pid);
+ u32 pid = BPF_CORE_READ(p, pid);
#endif
u64 delta, ts, *tsp;
diff --git a/samples/bpf/test_overhead_kprobe.bpf.c b/samples/bpf/test_overhead_kprobe.bpf.c
index c3528731e0e1..668cf5259c60 100644
--- a/samples/bpf/test_overhead_kprobe.bpf.c
+++ b/samples/bpf/test_overhead_kprobe.bpf.c
@@ -8,13 +8,7 @@
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
-
-#define _(P) \
- ({ \
- typeof(P) val = 0; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
+#include <bpf/bpf_core_read.h>
SEC("kprobe/__set_task_comm")
int prog(struct pt_regs *ctx)
@@ -26,14 +20,14 @@ int prog(struct pt_regs *ctx)
u16 oom_score_adj;
u32 pid;
- tsk = (void *)PT_REGS_PARM1(ctx);
+ tsk = (void *)PT_REGS_PARM1_CORE(ctx);
- pid = _(tsk->pid);
- bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm);
- bpf_probe_read_kernel_str(newcomm, sizeof(newcomm),
+ pid = BPF_CORE_READ(tsk, pid);
+ bpf_core_read_str(oldcomm, sizeof(oldcomm), &tsk->comm);
+ bpf_core_read_str(newcomm, sizeof(newcomm),
(void *)PT_REGS_PARM2(ctx));
- signal = _(tsk->signal);
- oom_score_adj = _(signal->oom_score_adj);
+ signal = BPF_CORE_READ(tsk, signal);
+ oom_score_adj = BPF_CORE_READ(signal, oom_score_adj);
return 0;
}
diff --git a/samples/bpf/tracex1.bpf.c b/samples/bpf/tracex1.bpf.c
index f3be14a03964..889bed5480ac 100644
--- a/samples/bpf/tracex1.bpf.c
+++ b/samples/bpf/tracex1.bpf.c
@@ -8,15 +8,9 @@
#include "net_shared.h"
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_core_read.h>
#include <bpf/bpf_tracing.h>
-#define _(P) \
- ({ \
- typeof(P) val = 0; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
-
/* kprobe is NOT a stable ABI
* kernel functions can be removed, renamed or completely change semantics.
* Number of arguments and their positions can change, etc.
@@ -34,12 +28,11 @@ int bpf_prog1(struct pt_regs *ctx)
struct sk_buff *skb;
int len;
- /* non-portable! works for the given kernel only */
- bpf_probe_read_kernel(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx));
- dev = _(skb->dev);
- len = _(skb->len);
+ bpf_core_read(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx));
+ dev = BPF_CORE_READ(skb, dev);
+ len = BPF_CORE_READ(skb, len);
- bpf_probe_read_kernel(devname, sizeof(devname), dev->name);
+ BPF_CORE_READ_STR_INTO(&devname, dev, name);
if (devname[0] == 'l' && devname[1] == 'o') {
char fmt[] = "skb %p len %d\n";
diff --git a/samples/bpf/tracex5.bpf.c b/samples/bpf/tracex5.bpf.c
index 8cd697ee7047..4d3d6c9b25fa 100644
--- a/samples/bpf/tracex5.bpf.c
+++ b/samples/bpf/tracex5.bpf.c
@@ -10,6 +10,7 @@
#include <uapi/linux/unistd.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
#define __stringify(x) #x
#define PROG(F) SEC("kprobe/"__stringify(F)) int bpf_func_##F
@@ -46,7 +47,7 @@ PROG(SYS__NR_write)(struct pt_regs *ctx)
{
struct seccomp_data sd;
- bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
+ bpf_core_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
if (sd.args[2] == 512) {
char fmt[] = "write(fd=%d, buf=%p, size=%d)\n";
bpf_trace_printk(fmt, sizeof(fmt),
@@ -59,7 +60,7 @@ PROG(SYS__NR_read)(struct pt_regs *ctx)
{
struct seccomp_data sd;
- bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
+ bpf_core_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
if (sd.args[2] > 128 && sd.args[2] <= 1024) {
char fmt[] = "read(fd=%d, buf=%p, size=%d)\n";
bpf_trace_printk(fmt, sizeof(fmt),
--
2.34.1
next prev parent reply other threads:[~2023-08-18 9:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-18 9:01 [bpf-next 0/9] samples/bpf: make BPF programs more libbpf aware Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 1/9] samples/bpf: fix warning with ignored-attributes Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 2/9] samples/bpf: convert to vmlinux.h with tracing programs Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 3/9] samples/bpf: unify bpf program suffix to .bpf " Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 4/9] samples/bpf: fix symbol mismatch by compiler optimization Daniel T. Lee
2023-08-18 9:01 ` Daniel T. Lee [this message]
2023-08-18 9:01 ` [bpf-next 6/9] samples/bpf: fix bio latency check with tracepoint Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 7/9] samples/bpf: fix broken map lookup probe Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 8/9] samples/bpf: refactor syscall tracing programs using BPF_KSYSCALL macro Daniel T. Lee
2023-08-18 9:01 ` [bpf-next 9/9] samples/bpf: simplify spintest with kprobe.multi Daniel T. Lee
2023-08-21 22:50 ` [bpf-next 0/9] samples/bpf: make BPF programs more libbpf aware patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230818090119.477441-6-danieltimlee@gmail.com \
--to=danieltimlee@gmail.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=axboe@kernel.dk \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=johannes.thumshirn@wdc.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=sdf@google.com \
--cc=song@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).