On 05/24/2018 08:21 PM, Yonghong Song wrote: > Currently, suppose a userspace application has loaded a bpf program > and attached it to a tracepoint/kprobe/uprobe, and a bpf > introspection tool, e.g., bpftool, wants to show which bpf program > is attached to which tracepoint/kprobe/uprobe. Such attachment > information will be really useful to understand the overall bpf > deployment in the system. > > There is a name field (16 bytes) for each program, which could > be used to encode the attachment point. There are some drawbacks > for this approaches. First, bpftool user (e.g., an admin) may not > really understand the association between the name and the > attachment point. Second, if one program is attached to multiple > places, encoding a proper name which can imply all these > attachments becomes difficult. > > This patch introduces a new bpf subcommand BPF_TASK_FD_QUERY. > Given a pid and fd, this command will return bpf related information > to user space. Right now it only supports tracepoint/kprobe/uprobe > perf event fd's. For such a fd, BPF_TASK_FD_QUERY will return > . prog_id > . tracepoint name, or > . k[ret]probe funcname + offset or kernel addr, or > . u[ret]probe filename + offset > to the userspace. > The user can use "bpftool prog" to find more information about > bpf program itself with prog_id. > > Patch #1 adds function perf_get_event() in kernel/events/core.c. > Patch #2 implements the bpf subcommand BPF_TASK_FD_QUERY. > Patch #3 syncs tools bpf.h header and also add bpf_task_fd_query() > in the libbpf library for samples/selftests/bpftool to use. > Patch #4 adds ksym_get_addr() utility function. > Patch #5 add a test in samples/bpf for querying k[ret]probes and > u[ret]probes. > Patch #6 add a test in tools/testing/selftests/bpf for querying > raw_tracepoint and tracepoint. > Patch #7 add a new subcommand "perf" to bpftool. > > Changelogs: > v4 -> v5: > . return strlen(buf) instead of strlen(buf) + 1 > in the attr.buf_len. As long as user provides > non-empty buffer, it will be filed with empty > string, truncated string, or full string > based on the buffer size and the length of > to-be-copied string. > v3 -> v4: > . made attr buf_len input/output. The length of > actual buffter is written to buf_len so user space knows > what is actually needed. If user provides a buffer > with length >= 1 but less than required, do partial > copy and return -ENOSPC. > . code simplification with put_user. > . changed query result attach_info to fd_type. > . add tests at selftests/bpf to test zero len, null buf and > insufficient buf. > v2 -> v3: > . made perf_get_event() return perf_event pointer const. > this was to ensure that event fields are not meddled. > . detect whether newly BPF_TASK_FD_QUERY is supported or > not in "bpftool perf" and warn users if it is not. > v1 -> v2: > . changed bpf subcommand name from BPF_PERF_EVENT_QUERY > to BPF_TASK_FD_QUERY. > . fixed various "bpftool perf" issues and added documentation > and auto-completion. > > Yonghong Song (7): > perf/core: add perf_get_event() to return perf_event given a struct > file > bpf: introduce bpf subcommand BPF_TASK_FD_QUERY > tools/bpf: sync kernel header bpf.h and add bpf_task_fd_query in > libbpf > tools/bpf: add ksym_get_addr() in trace_helpers > samples/bpf: add a samples/bpf test for BPF_TASK_FD_QUERY > tools/bpf: add two BPF_TASK_FD_QUERY tests in test_progs > tools/bpftool: add perf subcommand > > include/linux/perf_event.h | 5 + > include/linux/trace_events.h | 17 + > include/uapi/linux/bpf.h | 26 ++ > kernel/bpf/syscall.c | 131 ++++++++ > kernel/events/core.c | 8 + > kernel/trace/bpf_trace.c | 48 +++ > kernel/trace/trace_kprobe.c | 29 ++ > kernel/trace/trace_uprobe.c | 22 ++ > samples/bpf/Makefile | 4 + > samples/bpf/task_fd_query_kern.c | 19 ++ > samples/bpf/task_fd_query_user.c | 382 > +++++++++++++++++++++++ > tools/bpf/bpftool/Documentation/bpftool-perf.rst | 81 +++++ > tools/bpf/bpftool/Documentation/bpftool.rst | 5 +- > tools/bpf/bpftool/bash-completion/bpftool | 9 + > tools/bpf/bpftool/main.c | 3 +- > tools/bpf/bpftool/main.h | 1 + > tools/bpf/bpftool/perf.c | 246 +++++++++++++++ > tools/include/uapi/linux/bpf.h | 26 ++ > tools/lib/bpf/bpf.c | 23 ++ > tools/lib/bpf/bpf.h | 3 + > tools/testing/selftests/bpf/test_progs.c | 158 ++++++++++ > tools/testing/selftests/bpf/trace_helpers.c | 12 + > tools/testing/selftests/bpf/trace_helpers.h | 1 + > 23 files changed, 1257 insertions(+), 2 deletions(-) > create mode 100644 samples/bpf/task_fd_query_kern.c > create mode 100644 samples/bpf/task_fd_query_user.c > create mode 100644 tools/bpf/bpftool/Documentation/bpftool-perf.rst > create mode 100644 tools/bpf/bpftool/perf.c
LGTM, series: Acked-by: Daniel Borkmann <dan...@iogearbox.net>
