From: Yonghong Song <yhs@fb.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: <ast@fb.com>, <daniel@iogearbox.net>, <netdev@vger.kernel.org>,
<kernel-team@fb.com>
Subject: Re: [PATCH bpf-next 2/7] bpf: introduce bpf subcommand BPF_PERF_EVENT_QUERY
Date: Wed, 16 May 2018 14:59:11 -0700 [thread overview]
Message-ID: <63ef8aa3-1e01-e0cb-1f81-d41d87db0565@fb.com> (raw)
In-Reply-To: <20180516112734.GE12217@hirez.programming.kicks-ass.net>
On 5/16/18 4:27 AM, Peter Zijlstra wrote:
> On Tue, May 15, 2018 at 04:45:16PM -0700, Yonghong Song wrote:
>> Currently, suppose a userspace application has loaded a bpf program
>> and attached it to a tracepoint/kprobe/uprobe, and a bpf
>> introspection tool, e.g., bpftool, wants to show which bpf program
>> is attached to which tracepoint/kprobe/uprobe. Such attachment
>> information will be really useful to understand the overall bpf
>> deployment in the system.
>>
>> There is a name field (16 bytes) for each program, which could
>> be used to encode the attachment point. There are some drawbacks
>> for this approaches. First, bpftool user (e.g., an admin) may not
>> really understand the association between the name and the
>> attachment point. Second, if one program is attached to multiple
>> places, encoding a proper name which can imply all these
>> attachments becomes difficult.
>>
>> This patch introduces a new bpf subcommand BPF_PERF_EVENT_QUERY.
>> Given a pid and fd, if the <pid, fd> is associated with a
>> tracepoint/kprobe/uprobea perf event, BPF_PERF_EVENT_QUERY will return
>> . prog_id
>> . tracepoint name, or
>> . k[ret]probe funcname + offset or kernel addr, or
>> . u[ret]probe filename + offset
>> to the userspace.
>> The user can use "bpftool prog" to find more information about
>> bpf program itself with prog_id.
>>
>> Signed-off-by: Yonghong Song <yhs@fb.com>
>> ---
>> include/linux/trace_events.h | 15 ++++++
>> include/uapi/linux/bpf.h | 25 ++++++++++
>> kernel/bpf/syscall.c | 113 +++++++++++++++++++++++++++++++++++++++++++
>> kernel/trace/bpf_trace.c | 53 ++++++++++++++++++++
>> kernel/trace/trace_kprobe.c | 29 +++++++++++
>> kernel/trace/trace_uprobe.c | 22 +++++++++
>> 6 files changed, 257 insertions(+)
>
> Why is the command called *_PERF_EVENT_* ? Are there not a lot of !perf
> places to attach BPF proglets?
Just gave a complete picture, the below are major places to attach
BPF programs:
. perf based (through perf ioctl)
. raw tracepoint based (through bpf interface)
. netlink interface for tc, xdp, tunneling
. setsockopt for socket filters
. cgroup based (bpf attachment subcommand)
mostly networking and io devices
. some other networking socket related (sk_skb stream/parser/verdict,
sk_msg verdict) through bpf attachment subcommand.
Currently, for cgroup based attachment, we have BPF_PROG_QUERY with
input cgroup file descriptor. For other networking based queries, we
may need to enumerate tc filters, networking devices, open sockets, etc.
to get the attachment information.
So to have one BPF_QUERY command line may be too complex to
cover all cases.
But you are right that BPF_PERF_EVENT_QUERY name is too narrow since
it should be used for other (pid, fd) based queries as well (e.g.,
socket, or other potential uses in the future).
How about the subcommand name BPF_TASK_FD_QUERY and make
bpf_attr.task_fd_query extensible?
Thanks!
next prev parent reply other threads:[~2018-05-16 21:59 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-15 23:45 [PATCH bpf-next 0/7] bpf: implement BPF_PERF_EVENT_QUERY for perf event query Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 1/7] perf/core: add perf_get_event() to return perf_event given a struct file Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 2/7] bpf: introduce bpf subcommand BPF_PERF_EVENT_QUERY Yonghong Song
2018-05-16 11:27 ` Peter Zijlstra
2018-05-16 21:59 ` Yonghong Song [this message]
2018-05-17 15:32 ` Daniel Borkmann
2018-05-17 17:50 ` Yonghong Song
2018-05-17 23:52 ` kbuild test robot
2018-05-15 23:45 ` [PATCH bpf-next 3/7] tools/bpf: sync kernel header bpf.h and add bpf_trace_event_query in libbpf Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 4/7] tools/bpf: add ksym_get_addr() in trace_helpers Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 5/7] samples/bpf: add a samples/bpf test for BPF_PERF_EVENT_QUERY Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 6/7] tools/bpf: add two BPF_PERF_EVENT_QUERY tests in test_progs Yonghong Song
2018-05-15 23:45 ` [PATCH bpf-next 7/7] tools/bpftool: add perf subcommand Yonghong Song
2018-05-16 4:41 ` Jakub Kicinski
2018-05-16 5:54 ` Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=63ef8aa3-1e01-e0cb-1f81-d41d87db0565@fb.com \
--to=yhs@fb.com \
--cc=ast@fb.com \
--cc=daniel@iogearbox.net \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox