1. 09 Nov, 2017 2 commits
    • Yonghong Song's avatar
      change frontend rewriter to better handle anonymous struct/union · 94d15bc8
      Yonghong Song authored
      Kernel Commit 29e48ce87f1e ("task_struct: Allow randomized layout")
      (https://patchwork.kernel.org/patch/9797817/)
      permits to randomize a section of kernel task_struct data
      structure. This only takes effect when CONFIG_GCC_PLUGINS and
      CONFIG_GCC_PLUGIN_RANDSTRUCT are set.
      
      When randomization does not happen, an anonymous struct
      is introduced in task_struct data structure by gcc when compiling
      the kernel. To make field offset compatible, task_struct will
      have the same anonymous struct. The patch is at
      http://www.spinics.net/lists/kernel/msg2644958.html.
      Otherwise, bpf program may get wrong data from the kernel.
      
      Currently, bcc bpf_probe_read rewriter does not support
      anonymous struct/union. For example, with the above
      compiler-clang.h patch, examples/tracing/task_switch.py
      will have the following error:
        /virtual/main.c:16:18: error: internal error: opLoc is invalid while preparing probe rewrite
          key.prev_pid = prev->pid;
                         ^
      
      For anonymous structure, opcode source location ("->") is not available
      and hence the above failure. We could use memberLoc ("pid") which is
      available for anonymous struct/union. For example, for
        struct sock *skp; ...; u32 saddr = skp->__sk_common.skc_rcv_saddr;
      The old way for bpf_probe_read rewrite:
        bpf_probe_read(&_val, sizeof(_val), (u64)skp + offsetof(struct sock, __sk_common.skc_rcv_saddr));
      The new way:
        bpf_probe_read(&_val, sizeof(_val), (u64)&skp->__sk_common.skc_rcv_saddr);
      
      The new way is similar to what typical bpf programs may do manually.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      94d15bc8
    • Gary Lin's avatar
      bpf: use MCJIT explicitly for ExecutionEngine · 1d0f2925
      Gary Lin authored
      When BPFModule finalized the module, it set UseOrcMCJITReplacement to
      true to use OrcJIT for ExecutionEngine. However, this never worked.
      First, in clang_libs.cmake, mcjit is in the library list instead of
      orcjit, so ExecutionEngine always fell back to MCJIT.
      Second, even if OrcJIT was linked correctly, it actually broke bcc.
      For OrcJIT, finalizeObject() is just an empty function. The code
      generation is delayed till getPointerToFunction() or runFunction(), so
      the current implementation of BPFModule won't work for OrcJIT.
      
      This bug was covered when using the separate LLVM share libraries. If
      the system builds LLVM into an unified share library, then OrcJIT will
      be used and bcc would fail to generate BPF bytecodes without any
      warning.
      Signed-off-by: default avatarGary Lin <glin@suse.com>
      1d0f2925
  2. 08 Nov, 2017 6 commits
  3. 06 Nov, 2017 1 commit
  4. 04 Nov, 2017 1 commit
    • Yonghong Song's avatar
      fix clang frontend issues for fc26 · 6fc8d15c
      Yonghong Song authored
      In fc26, kernel config enables CONFIG_FORTIFY_SOURCE
      in 4.13 kernel. This is not available in fc25.
      This config is used to detect overflows of buffers in common string
      and memory functions where the compiler can determine and
      validate the buffer sizes.
      
      When enabled, this option provides an implementation (body)
      for certain string function. For example, in
      /lib/modules/4.13.10-200.fc26.x86_64/build/include/linux/string.h,
      you can find
      ...
      extern void * memcpy(void *,const void *,__kernel_size_t);
      ...
      __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size)
      {
              size_t p_size = __builtin_object_size(p, 0);
              size_t q_size = __builtin_object_size(q, 0);
              if (__builtin_constant_p(size)) {
                      if (p_size < size)
                              __write_overflow();
                      if (q_size < size)
                              __read_overflow2();
              }
              if (p_size < size || q_size < size)
                      fortify_panic(__func__);
              return __builtin_memcpy(p, q, size);
      }
      
      In current clang frontend, we treat an external function with function body
      as a rewritable target. We also assume the declaration of this external function,
      if body is present, must have named arguments. This is largely true
      for functions in bpf program file/text itself as these external functions often
      do not have declarations.
      
      We should not try to rewrite string/memory functions exposed by
      CONFIG_FORTIFY_SOURCE. This patch adds restriction for rewritable function
      only if the corresponding file is the main file with bpf program itself.
      
      I discovered that it is possible file name is empty for tracepoint
      functions, e.g.,
        TRACEPOINT_PROBE(irq, softirq_entry)
      The reason could be function name itself is derived from helpers.h while
      function declaration/body is in the main file after macro expansion.
      Note that function name is still correctly derived by the compiler.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      6fc8d15c
  5. 02 Nov, 2017 1 commit
  6. 01 Nov, 2017 4 commits
  7. 31 Oct, 2017 1 commit
  8. 29 Oct, 2017 1 commit
  9. 28 Oct, 2017 1 commit
  10. 27 Oct, 2017 5 commits
  11. 26 Oct, 2017 6 commits
    • Yonghong Song's avatar
      Add usdt support for ARM64 · c2d9880f
      Yonghong Song authored
      Specifically the following argument patterns will be
      supported:
      ```
         [-]<size>@<value>
         [-]<size>@<reg>
         [-]<size>@[<reg>]
         [-]<size>@[<reg>,<offset>]
      ```
      
      I did not use std regex library as the old gcc (e.g. 4.8.5)
      does not have a good support for it.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      c2d9880f
    • Rafael Fonseca's avatar
      Fix exception handling in python3 · 6be6e2c0
      Rafael Fonseca authored
      6be6e2c0
    • Paul Chaignon's avatar
      Merge BType, Map, and Probe Consumers · e67cb561
      Paul Chaignon authored
      e67cb561
    • Paul Chaignon's avatar
      Trace external pointers through maps · eae0acfb
      Paul Chaignon authored
      The bcc rewriter currently traces external pointers using
      ProbeVisitor in order to replace dereferences with calls to
      bpf_probe_read. It is, however, unable to trace them through maps.
      
      This commit remedy this for simple (yet common) cases. Through a
      first traversal of the Clang AST, MapVisitor looks for calls to
      update (and insert) to find maps with an external pointer as value.
      When ProbeVisitor runs, in a second time, it looks for calls to
      lookup (and lookup_or_init). If the map was registered as having an
      external pointer as value, the l-value of the lookup assignment is
      marked as being an external pointer.
      
      Two traversals of the Clang AST are needed because the update of a
      map may happen after the lookup in the AST. Therefore, the first
      traversal makes sure we inspect all updates before acting on lookups.
      To implement this two-stage traversal without parsing the AST twice,
      ProbeConsumer and BTypeConsumer now implement HandleTranslationUnit,
      which is called after a whole translation unit has been parsed.
      eae0acfb
    • 4ast's avatar
      Merge pull request #1393 from pchaigno/handle-epipe · fbbe6d6e
      4ast authored
      Exit on EPIPE
      fbbe6d6e
    • 4ast's avatar
      Merge pull request #1411 from iovisor/yhs_dev · 1e7dc399
      4ast authored
      bpf: fix a couple of issues related to arm64
      1e7dc399
  12. 25 Oct, 2017 1 commit
  13. 24 Oct, 2017 5 commits
    • Martin KaFai Lau's avatar
      Introduce BPF Program Snapshot helper (bps) · f89cb40b
      Martin KaFai Lau authored
      A simple program to list all bpf programs of a system.
      
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps -h
      BPF Program Snapshot (bps):
      List of all BPF programs loaded into the system.
      
      Usage: bps [bpf-prog-id]
          [bpf-prog-id] If specified, it shows the details info of the bpf-prog
      
      * List all bpf programs *
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps
            BID TYPE                 UID  #MAPS LoadTime     NAME
             82 kprobe                 0      1 Oct19/23:52  map_perf_test
             83 kprobe                 0      1 Oct19/23:52  map_perf_test
             84 kprobe                 0      1 Oct19/23:52  map_perf_test
             85 kprobe                 0      1 Oct19/23:52  map_perf_test
             86 kprobe                 0      4 Oct19/23:52  map_perf_test
             87 kprobe                 0      1 Oct19/23:52  map_perf_test
             88 kprobe                 0      1 Oct19/23:52  map_perf_test
             89 kprobe                 0      1 Oct19/23:52  map_perf_test
      
      * List a particular bpf program *
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps 86
            BID TYPE                 UID  #MAPS LoadTime     NAME
             86 kprobe                 0      4 Oct19/23:52  map_perf_test
      
           MID TYPE            FLAGS         KeySz  ValueSz  MaxEnts NAME
           120 lru hash        0x0               4        8    10000 lru_hash_map
           129 lru hash        0x0               4        8       43 lru_hash_lookup
           123 array of maps   0x0               4        4     1024 array_of_lru_ha
           121 lru hash        0x2               4        8    10000 nocommon_lru_ha
      
      * JIT disabled *
      [root@arch-fb-vm1 bpf]# sysctl -w net.core.bpf_jit_enable=0
      [root@arch-fb-vm1 bpf]# ./test_progs
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps
            BID TYPE                 UID  #MAPS LoadTime     NAME
            94- socket filter          0      1 Oct19/23:55  test_obj_id
            95- socket filter          0      1 Oct19/23:55  test_obj_id
      
      * Run without CAP_SYS_ADMIN *
      [kafai@arch-fb-vm1 ~]$ ./bps 1
      Require CAP_SYS_ADMIN capability.  Please retry as root
      
      * Older kernel *
      [root@arch-fb-vm2 build]# uname -r
      4.12.14
      [root@arch-fb-vm2 build]# ./introspection/bps 1
      Kernel does not support BPF introspection
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      f89cb40b
    • Martin KaFai Lau's avatar
      Add a few introspection helpers · 3c24ad96
      Martin KaFai Lau authored
      This patch adds the following helpers to libbpf:
      int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id);
      int bpf_prog_get_fd_by_id(uint32_t id);
      int bpf_map_get_fd_by_id(uint32_t id);
      
      It also changes the info_len arg of the existing bpf_obj_get_info()
      from int to uint32_t.
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      3c24ad96
    • Martin KaFai Lau's avatar
      bpf: Add support for prog_name and map_name · df36816a
      Martin KaFai Lau authored
      This patch adds support for prog_name and map_name.
      
      For libbpf.{h,c}, the new functions, bpf_prog_load_name()
      and bpf_create_map_name() is created to avoid breaking the
      existing libbpf.{a,so} user.
      
      libbcc.py is also modified accordingly to reflect the
      availability of the new functions in libbpf.
      
      clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are
      modified to take advantage of the prog and map name also.
      
      Run the following tests in new and old kernel (old kernel
      in the sense that it does not support the prog/map name):
      
      1) tools/trace.py -K sys_clone
      2) examples/cpp/HelloWorld
      
      Here is the output of the bpf (BPF Snapshot) that
      will be introduced in the later patch:
      [root@arch-fb-vm1 bcc]# ./tools/biosnoop.py
      
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps
            BID TYPE                 UID  #MAPS LoadTime     NAME
            113 kprobe                 0      1 Oct20/13:11  trace_pid_start
            114 kprobe                 0      1 Oct20/13:11  trace_req_start
            115 kprobe                 0      3 Oct20/13:11  trace_req_compl
      
      [root@arch-fb-vm1 bcc]# ./build/introspection/bps 113
            BID TYPE                 UID  #MAPS LoadTime     NAME
            113 kprobe                 0      1 Oct20/13:11  trace_pid_start
      
           MID TYPE            FLAGS         KeySz  ValueSz  MaxEnts NAME
           186 hash            0x0               8       20    10240 infobyreq
      Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
      df36816a
    • yonghong-song's avatar
      Merge pull request #1408 from afiskon/master · ae194a1e
      yonghong-song authored
      Explain possible reason of an error in scripts that rely on /proc/kallsyms (fixes #1391)
      ae194a1e
    • Yonghong Song's avatar
      bpf: fix a couple of issues related to arm64 · 7abe63a0
      Yonghong Song authored
      The linux arm64 header linux:arch/arm64/include/asm/sysreg.h
      contains asm statement outside the function,
      
      ========
      asm(
      "       .irp    num,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30\n"
      "       .equ    .L__reg_num_x\\num, \\num\n"
      "       .endr\n"
      "       .equ    .L__reg_num_xzr, 31\n"
      "\n"
      "       .macro  mrs_s, rt, sreg\n"
              __emit_inst(0xd5200000|(\\sreg)|(.L__reg_num_\\rt))
      "       .endm\n"
      "\n"
      "       .macro  msr_s, sreg, rt\n"
              __emit_inst(0xd5000000|(\\sreg)|(.L__reg_num_\\rt))
      "       .endm\n"
      );
      ========
      
      The compiler cannot remove them since they are file scope.
      This patch adds bpf asm parser to handle this, otherwise,
      llvm will complain with compilation failure. Since none of
      macros/defines are used in bpf program, there is no impact
      in compilation result.
      
      Another change is to add AARCH64 value to ld_cache processing.
      The value is taken from glibc:sysdeps/generic/ldconfig.h.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      7abe63a0
  14. 23 Oct, 2017 2 commits
  15. 20 Oct, 2017 2 commits
  16. 19 Oct, 2017 1 commit