- 09 Nov, 2017 2 commits
-
-
Yonghong Song authored
Kernel Commit 29e48ce87f1e ("task_struct: Allow randomized layout") (https://patchwork.kernel.org/patch/9797817/) permits to randomize a section of kernel task_struct data structure. This only takes effect when CONFIG_GCC_PLUGINS and CONFIG_GCC_PLUGIN_RANDSTRUCT are set. When randomization does not happen, an anonymous struct is introduced in task_struct data structure by gcc when compiling the kernel. To make field offset compatible, task_struct will have the same anonymous struct. The patch is at http://www.spinics.net/lists/kernel/msg2644958.html. Otherwise, bpf program may get wrong data from the kernel. Currently, bcc bpf_probe_read rewriter does not support anonymous struct/union. For example, with the above compiler-clang.h patch, examples/tracing/task_switch.py will have the following error: /virtual/main.c:16:18: error: internal error: opLoc is invalid while preparing probe rewrite key.prev_pid = prev->pid; ^ For anonymous structure, opcode source location ("->") is not available and hence the above failure. We could use memberLoc ("pid") which is available for anonymous struct/union. For example, for struct sock *skp; ...; u32 saddr = skp->__sk_common.skc_rcv_saddr; The old way for bpf_probe_read rewrite: bpf_probe_read(&_val, sizeof(_val), (u64)skp + offsetof(struct sock, __sk_common.skc_rcv_saddr)); The new way: bpf_probe_read(&_val, sizeof(_val), (u64)&skp->__sk_common.skc_rcv_saddr); The new way is similar to what typical bpf programs may do manually. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Gary Lin authored
When BPFModule finalized the module, it set UseOrcMCJITReplacement to true to use OrcJIT for ExecutionEngine. However, this never worked. First, in clang_libs.cmake, mcjit is in the library list instead of orcjit, so ExecutionEngine always fell back to MCJIT. Second, even if OrcJIT was linked correctly, it actually broke bcc. For OrcJIT, finalizeObject() is just an empty function. The code generation is delayed till getPointerToFunction() or runFunction(), so the current implementation of BPFModule won't work for OrcJIT. This bug was covered when using the separate LLVM share libraries. If the system builds LLVM into an unified share library, then OrcJIT will be used and bcc would fail to generate BPF bytecodes without any warning. Signed-off-by: Gary Lin <glin@suse.com>
-
- 08 Nov, 2017 6 commits
- 06 Nov, 2017 1 commit
-
-
William Stewart authored
-
- 04 Nov, 2017 1 commit
-
-
Yonghong Song authored
In fc26, kernel config enables CONFIG_FORTIFY_SOURCE in 4.13 kernel. This is not available in fc25. This config is used to detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes. When enabled, this option provides an implementation (body) for certain string function. For example, in /lib/modules/4.13.10-200.fc26.x86_64/build/include/linux/string.h, you can find ... extern void * memcpy(void *,const void *,__kernel_size_t); ... __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size) { size_t p_size = __builtin_object_size(p, 0); size_t q_size = __builtin_object_size(q, 0); if (__builtin_constant_p(size)) { if (p_size < size) __write_overflow(); if (q_size < size) __read_overflow2(); } if (p_size < size || q_size < size) fortify_panic(__func__); return __builtin_memcpy(p, q, size); } In current clang frontend, we treat an external function with function body as a rewritable target. We also assume the declaration of this external function, if body is present, must have named arguments. This is largely true for functions in bpf program file/text itself as these external functions often do not have declarations. We should not try to rewrite string/memory functions exposed by CONFIG_FORTIFY_SOURCE. This patch adds restriction for rewritable function only if the corresponding file is the main file with bpf program itself. I discovered that it is possible file name is empty for tracepoint functions, e.g., TRACEPOINT_PROBE(irq, softirq_entry) The reason could be function name itself is derived from helpers.h while function declaration/body is in the main file after macro expansion. Note that function name is still correctly derived by the compiler. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 02 Nov, 2017 1 commit
-
-
yonghong-song authored
Fix Module display for unreadable Modules
-
- 01 Nov, 2017 4 commits
-
-
4ast authored
softirqs: focus CPU as disector
-
Teng Qin authored
-
Rafael Fonseca authored
-
yonghong-song authored
Fix minor compilation issue in bps
-
- 31 Oct, 2017 1 commit
-
-
Teng Qin authored
-
- 29 Oct, 2017 1 commit
-
-
4ast authored
Linter cleanups
-
- 28 Oct, 2017 1 commit
-
-
4ast authored
bpf: make test py_test_tools_smoke pass on arm64
-
- 27 Oct, 2017 5 commits
-
-
4ast authored
Add usdt support for ARM64
-
yonghong-song authored
mdflush: fix for Linux 4.14
-
yonghong-song authored
Trace external pointers through maps
-
yonghong-song authored
Fix exception handling in python3
-
Yonghong Song authored
Changes include: . Add PT_REGS_FP to access base(FP) register in x64 . Use macros, intead of directly ctx-><reg_name> in a few places . Let userspace fill in the value of PAGE_SIZE. Otherwise, arm64 needs additional headers to get this value for kernel. . In tools/wakeuptime.py, arm64 and x86_64 have the same stack walker mechanism. But they have different symbol/macro to represent kernel start address. With these changes, the test py_test_tools_smoke can pass on arm64. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 26 Oct, 2017 6 commits
-
-
Yonghong Song authored
Specifically the following argument patterns will be supported: ``` [-]<size>@<value> [-]<size>@<reg> [-]<size>@[<reg>] [-]<size>@[<reg>,<offset>] ``` I did not use std regex library as the old gcc (e.g. 4.8.5) does not have a good support for it. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Rafael Fonseca authored
-
Paul Chaignon authored
-
Paul Chaignon authored
The bcc rewriter currently traces external pointers using ProbeVisitor in order to replace dereferences with calls to bpf_probe_read. It is, however, unable to trace them through maps. This commit remedy this for simple (yet common) cases. Through a first traversal of the Clang AST, MapVisitor looks for calls to update (and insert) to find maps with an external pointer as value. When ProbeVisitor runs, in a second time, it looks for calls to lookup (and lookup_or_init). If the map was registered as having an external pointer as value, the l-value of the lookup assignment is marked as being an external pointer. Two traversals of the Clang AST are needed because the update of a map may happen after the lookup in the AST. Therefore, the first traversal makes sure we inspect all updates before acting on lookups. To implement this two-stage traversal without parsing the AST twice, ProbeConsumer and BTypeConsumer now implement HandleTranslationUnit, which is called after a whole translation unit has been parsed.
-
4ast authored
Exit on EPIPE
-
4ast authored
bpf: fix a couple of issues related to arm64
-
- 25 Oct, 2017 1 commit
-
-
yonghong-song authored
Introduce Bpf Program Snapshot (bps)
-
- 24 Oct, 2017 5 commits
-
-
Martin KaFai Lau authored
A simple program to list all bpf programs of a system. [root@arch-fb-vm1 bcc]# ./build/introspection/bps -h BPF Program Snapshot (bps): List of all BPF programs loaded into the system. Usage: bps [bpf-prog-id] [bpf-prog-id] If specified, it shows the details info of the bpf-prog * List all bpf programs * [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 82 kprobe 0 1 Oct19/23:52 map_perf_test 83 kprobe 0 1 Oct19/23:52 map_perf_test 84 kprobe 0 1 Oct19/23:52 map_perf_test 85 kprobe 0 1 Oct19/23:52 map_perf_test 86 kprobe 0 4 Oct19/23:52 map_perf_test 87 kprobe 0 1 Oct19/23:52 map_perf_test 88 kprobe 0 1 Oct19/23:52 map_perf_test 89 kprobe 0 1 Oct19/23:52 map_perf_test * List a particular bpf program * [root@arch-fb-vm1 bcc]# ./build/introspection/bps 86 BID TYPE UID #MAPS LoadTime NAME 86 kprobe 0 4 Oct19/23:52 map_perf_test MID TYPE FLAGS KeySz ValueSz MaxEnts NAME 120 lru hash 0x0 4 8 10000 lru_hash_map 129 lru hash 0x0 4 8 43 lru_hash_lookup 123 array of maps 0x0 4 4 1024 array_of_lru_ha 121 lru hash 0x2 4 8 10000 nocommon_lru_ha * JIT disabled * [root@arch-fb-vm1 bpf]# sysctl -w net.core.bpf_jit_enable=0 [root@arch-fb-vm1 bpf]# ./test_progs [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 94- socket filter 0 1 Oct19/23:55 test_obj_id 95- socket filter 0 1 Oct19/23:55 test_obj_id * Run without CAP_SYS_ADMIN * [kafai@arch-fb-vm1 ~]$ ./bps 1 Require CAP_SYS_ADMIN capability. Please retry as root * Older kernel * [root@arch-fb-vm2 build]# uname -r 4.12.14 [root@arch-fb-vm2 build]# ./introspection/bps 1 Kernel does not support BPF introspection Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
Martin KaFai Lau authored
This patch adds the following helpers to libbpf: int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id); int bpf_prog_get_fd_by_id(uint32_t id); int bpf_map_get_fd_by_id(uint32_t id); It also changes the info_len arg of the existing bpf_obj_get_info() from int to uint32_t. Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
Martin KaFai Lau authored
This patch adds support for prog_name and map_name. For libbpf.{h,c}, the new functions, bpf_prog_load_name() and bpf_create_map_name() is created to avoid breaking the existing libbpf.{a,so} user. libbcc.py is also modified accordingly to reflect the availability of the new functions in libbpf. clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are modified to take advantage of the prog and map name also. Run the following tests in new and old kernel (old kernel in the sense that it does not support the prog/map name): 1) tools/trace.py -K sys_clone 2) examples/cpp/HelloWorld Here is the output of the bpf (BPF Snapshot) that will be introduced in the later patch: [root@arch-fb-vm1 bcc]# ./tools/biosnoop.py [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 113 kprobe 0 1 Oct20/13:11 trace_pid_start 114 kprobe 0 1 Oct20/13:11 trace_req_start 115 kprobe 0 3 Oct20/13:11 trace_req_compl [root@arch-fb-vm1 bcc]# ./build/introspection/bps 113 BID TYPE UID #MAPS LoadTime NAME 113 kprobe 0 1 Oct20/13:11 trace_pid_start MID TYPE FLAGS KeySz ValueSz MaxEnts NAME 186 hash 0x0 8 20 10240 infobyreq Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
yonghong-song authored
Explain possible reason of an error in scripts that rely on /proc/kallsyms (fixes #1391)
-
Yonghong Song authored
The linux arm64 header linux:arch/arm64/include/asm/sysreg.h contains asm statement outside the function, ======== asm( " .irp num,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30\n" " .equ .L__reg_num_x\\num, \\num\n" " .endr\n" " .equ .L__reg_num_xzr, 31\n" "\n" " .macro mrs_s, rt, sreg\n" __emit_inst(0xd5200000|(\\sreg)|(.L__reg_num_\\rt)) " .endm\n" "\n" " .macro msr_s, sreg, rt\n" __emit_inst(0xd5000000|(\\sreg)|(.L__reg_num_\\rt)) " .endm\n" ); ======== The compiler cannot remove them since they are file scope. This patch adds bpf asm parser to handle this, otherwise, llvm will complain with compilation failure. Since none of macros/defines are used in bpf program, there is no impact in compilation result. Another change is to add AARCH64 value to ld_cache processing. The value is taken from glibc:sysdeps/generic/ldconfig.h. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 23 Oct, 2017 2 commits
-
-
Paul Chaignon authored
Starting Linux 4.14, there's one less indirection layer to get the disk name. Use the bio_dev macro to discriminate between versions.
-
Aleksander Alekseev authored
-
- 20 Oct, 2017 2 commits
-
-
Martin KaFai Lau authored
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
- 19 Oct, 2017 1 commit
-
-
4ast authored
bpf: rename helper function bpf_get_stackid
-