[08/10] bpf samples: Add utils.[ch] for using BPF

Message ID	1450329794-161948-9-git-send-email-wangnan0@huawei.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; From: Wang Nan <wangnan0@huawei.com> To: <ast@kernel.org>, <agartrell@fb.com>, <acme@redhat.com>, <bblanco@plumgrid.com>, <daniel@iogearbox.net>, <daniel.wagner@bmw-carit.de>, <davem@davemloft.net>, <mingo@kernel.org>, <jolsa@kernel.org>, <xiakaixu@huawei.com>, <holzheu@linux.vnet.ibm.com>, <yang.shi@linaro.org> CC: <linux-kernel@vger.kernel.org>, <pi3orama@163.com>, Wang Nan <wangnan0@huawei.com> Subject: [PATCH 08/10] bpf samples: Add utils.[ch] for using BPF Date: Thu, 17 Dec 2015 05:23:12 +0000 Message-ID: <1450329794-161948-9-git-send-email-wangnan0@huawei.com> In-Reply-To: <1450329794-161948-1-git-send-email-wangnan0@huawei.com> References: <1450329794-161948-1-git-send-email-wangnan0@huawei.com> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk

Message ID

1450329794-161948-9-git-send-email-wangnan0@huawei.com

State

New

Headers

Received-SPF: pass (google.com: best guess record for domain of
	linux-kernel-owner@vger.kernel.org designates 209.132.180.67
	as permitted sender) client-ip=209.132.180.67; 
From: Wang Nan <wangnan0@huawei.com>
To: <ast@kernel.org>, <agartrell@fb.com>, <acme@redhat.com>,
	<bblanco@plumgrid.com>, <daniel@iogearbox.net>,
	<daniel.wagner@bmw-carit.de>, <davem@davemloft.net>,
	<mingo@kernel.org>, <jolsa@kernel.org>, <xiakaixu@huawei.com>,
	<holzheu@linux.vnet.ibm.com>, <yang.shi@linaro.org>
CC: <linux-kernel@vger.kernel.org>, <pi3orama@163.com>,
	Wang Nan <wangnan0@huawei.com>
Subject: [PATCH 08/10] bpf samples: Add utils.[ch] for using BPF
Date: Thu, 17 Dec 2015 05:23:12 +0000
Message-ID: <1450329794-161948-9-git-send-email-wangnan0@huawei.com>
In-Reply-To: <1450329794-161948-1-git-send-email-wangnan0@huawei.com>
References: <1450329794-161948-1-git-send-email-wangnan0@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Wang Nan Dec. 17, 2015, 5:23 a.m. UTC

We are going to uses libbpf to replace old libbpf.[ch] and
bpf_load.[ch]. This is the first patch of this work. In this patch,
several macros and helpers in libbpf.[ch] and bpf_load.[ch] are
merged into utils.[ch]. utils.[ch] utilizes libbpf in tools/lib to
deal with BPF related things. They would be compiled after Makefile
changes.

Signed-off-by: Wang Nan <wangnan0@huawei.com>

Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Alex Gartrell <agartrell@fb.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Brenden Blanco <bblanco@plumgrid.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
Cc: David S. Miller <davem@davemloft.net>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Kaixu Xia <xiakaixu@huawei.com>
Cc: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Cc: Yang Shi <yang.shi@linaro.org>
---
 samples/bpf/include/linux/err.h |  56 ++++++++
 samples/bpf/utils.c             | 276 ++++++++++++++++++++++++++++++++++++++++
 samples/bpf/utils.h             | 217 +++++++++++++++++++++++++++++++
 3 files changed, 549 insertions(+)
 create mode 100644 samples/bpf/include/linux/err.h
 create mode 100644 samples/bpf/utils.c
 create mode 100644 samples/bpf/utils.h

-- 
1.8.3.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Comments

Wang Nan Dec. 18, 2015, 1:47 a.m. UTC | #1

On 2015/12/18 7:11, Alexei Starovoitov wrote:
> On Thu, Dec 17, 2015 at 05:23:12AM +0000, Wang Nan wrote:

>> We are going to uses libbpf to replace old libbpf.[ch] and

>> bpf_load.[ch]. This is the first patch of this work. In this patch,

>> several macros and helpers in libbpf.[ch] and bpf_load.[ch] are

>> merged into utils.[ch]. utils.[ch] utilizes libbpf in tools/lib to

>> deal with BPF related things. They would be compiled after Makefile

>> changes.

>>

>> Signed-off-by: Wang Nan <wangnan0@huawei.com>

> ...

>> +#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)

>> +

>> +static inline void * __must_check ERR_PTR(long error_)

>> +{

>> +	return (void *) error_;

>> +}

>> +

>> +static inline long __must_check PTR_ERR(__force const void *ptr)

>> +{

>> +	return (long) ptr;

>> +}

>> +

>> +static inline bool __must_check IS_ERR(__force const void *ptr)

>> +{

>> +	return IS_ERR_VALUE((unsigned long)ptr);

>> +}

> why copy paste this? I don't see the code that uses that.


This is a limitation in tools/lib/bpf/libbpf.h, which has a #include 
<linux/err.h>
in its header.

libbpf.h requires this include because its API uses ERR_PTR() to encode 
error code.
For example, when calling bpf_object__open(), caller should use IS_ERR() 
to check its
return value instead of compare with NULL, and use PTR_ERR() to retrive 
error number.

However, linux/err.h is not a part of uapi. To make libbpf work, one has 
to create its
own err.h.

Now I'm thinking provide LIBBPF_{IS_ERR,PTR_ERR}(),  in libbpf itself.

>> +	bpf_object__for_each_program(prog, obj) {

>> +		const char *event = bpf_program__title(prog, false);

>> +		int fd, err;

>> +

>> +		LIBBPF_PTR_ASSERT(event, goto errout);

>> +		__LIBBPF_ASSERT(fd = bpf_program__nth_fd(prog, 0),

>> +				>= 0,

>> +				goto errout);

>> +

>> +		if (strncmp(event, "kprobe/", 7) == 0)

>> +			err = create_kprobes(fd, event + 7, true);

>> +		else if (strncmp(event, "kretprobe/", 10) == 0)

>> +			err = create_kprobes(fd, event + 10, false);

> I have a feeling that all bpf+socket, tcbpf1_kernc and trace_output_*.c

> are broken, since I don't see a code that attaches programs to sockets

> and to perf_event.

> How did you test it?


I tested all samples (except tcbpf1_kern, because it is loaded by tc but tc
has not switched to libbpf) in my environment. They are okay for me. There's
no socket attaching code in this patchset because they are in sockex?_user.c
like this:

         obj = load_bpf_file(filename);
         if (!obj)
                 return 1;
         ...
         prog_fd = get_prog_fd(obj, 0);
         ...
         sock = open_raw_sock("lo");

         assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd,
                           sizeof(prog_fd)) == 0);

And I don't touch the setsockopt in all patches.

>> diff --git a/samples/bpf/utils.h b/samples/bpf/utils.h

>> new file mode 100644

>> index 0000000..5962a68

>> --- /dev/null

>> +++ b/samples/bpf/utils.h

>> @@ -0,0 +1,217 @@

>> +#ifndef __SAMPELS_UTILS_H

>> +#define __SAMPELS_UTILS_H

>> +

>> +#include <bpf/libbpf.h>

>> +#include <bpf/bpf.h>

>> +

>> +/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */

>> +

>> +#define BPF_ALU64_REG(OP, DST, SRC)				\

>> +	((struct bpf_insn) {					\

>> +		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_X,	\

>> +		.dst_reg = DST,					\

>> +		.src_reg = SRC,					\

>> +		.off   = 0,					\

>> +		.imm   = 0 })

> this probably belongs in tools/lib/bpf/bpf.h instead of samples.


Orignally they are macros defined in linux/filter.h. We have 3
filter.h in kernel tree:

include/linux/filter.h
include/uapi/linux/filter.h
tools/include/linux/filter.h

These macros belong to include/linux/filter.h, not part of uapi,
so we have to do things like what we have done for
tools/include/linux/filter.h.

What about moving them into include/uapi/linux/filter.h ? Then
normal user programs like those in samples/bpf can access
them easier.

> The whole set depends on changes in perf/core tree, but

> in net-next we have extra commit 30b50aa612018, so I don't see an easy way

> to route this patch without creating across-tree merge conflicts during

> merge window.

> I'd suggest to apply all required work to tools/lib/bpf/ into perf/core

> and leave samples/bpf/ after merge window.

Good suggestion.

I'll resend them after the PowerPC building breakage fixing is
collected.

Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Wang Nan Dec. 18, 2015, 7:04 a.m. UTC | #2

On 2015/12/18 14:19, Alexei Starovoitov wrote:
> On Fri, Dec 18, 2015 at 09:47:11AM +0800, Wangnan (F) wrote:

>> This is a limitation in tools/lib/bpf/libbpf.h, which has a #include

>> <linux/err.h>

>> in its header.

>>

>> libbpf.h requires this include because its API uses ERR_PTR() to encode

>> error code.

>> For example, when calling bpf_object__open(), caller should use IS_ERR() to

>> check its

>> return value instead of compare with NULL, and use PTR_ERR() to retrive

>> error number.

>>

>> However, linux/err.h is not a part of uapi. To make libbpf work, one has to

>> create its

>> own err.h.

> Why tools/include/linux/err.h is not suitable for everyone?

>

>> Now I'm thinking provide LIBBPF_{IS_ERR,PTR_ERR}(),  in libbpf itself.

> seems odd. we already have user space err.h in tools/include.


Currently samples/bpf doesn't have an -I$(srctree)/tools/include.

I tried to add it into CFLAGS of samples/bpf. It causes other problems,
This is what I get:

In file included from 
/home/w00229757/kernel-hydrogen/samples/bpf/sock_example.c:27:0:
/usr/include/linux/ip.h:101:2: error: unknown type name ‘__sum16’
   __sum16 check;
   ^
make[3]: *** [samples/bpf/sock_example.o] Error 1
make[2]: *** [samples/bpf/] Error 2
make[1]: *** [sub-make] Error 2
make: *** [__sub-make] Error 2

And after fixing __sum16 in linux/types.h:

   HOSTCC  samples/bpf/tracex4_user.o
   HOSTLD  samples/bpf/tracex4
   HOSTCC  samples/bpf/tracex5_user.o
/kernel/samples/bpf/tracex5_user.c: In function 
‘install_accept_all_seccomp’:
/kernel/samples/bpf/tracex5_user.c:15:21: error: array type has 
incomplete element type
   struct sock_filter filter[] = {
                      ^
/kernel/samples/bpf/tracex5_user.c:16:3: warning: implicit declaration 
of function ‘BPF_STMT’ [-Wimplicit-function-declaration]
    BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
    ^
/kernel/samples/bpf/tracex5_user.c:18:9: error: variable ‘prog’ has 
initializer but incomplete type
   struct sock_fprog prog = {
          ^

Finally we need to add sock_filter, sock_fprog, BPF_STMT into 
tools/include/linux/filter.h.

It is okay, but different from what I really want to do. I'll discuss 
this later.
>> And I don't touch the setsockopt in all patches.

> ok, but where is the bit that does attach to perf_event to make trace_output work?


I didn't change this test_bpf_perf_event() function (only the function 
name).
It creates a bpf-output perf event. This event is inserted into a
BPF_MAP_TYPE_PERF_EVENT_ARRAY by bpf_map_update_elem().

static void test_bpf_perf_event(int map_fd)
{
         struct perf_event_attr attr = {
                 .sample_type = PERF_SAMPLE_RAW,
                 .type = PERF_TYPE_SOFTWARE,
                 .config = PERF_COUNT_SW_BPF_OUTPUT,
         };
         int key = 0;

         pmu_fd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, 
-1/*group_fd*/, 0);

         assert(pmu_fd >= 0);
         assert(bpf_map_update_elem(map_fd, &key, &pmu_fd, BPF_ANY) == 0);
         ioctl(pmu_fd, PERF_EVENT_IOC_ENABLE, 0);
}

And you read from this pmu_fd, get results. The logical is unchanged.

>

>> Orignally they are macros defined in linux/filter.h.

> no. they were never part of offical filter.h. Only in my earlier versions

> of bpf patches, but we decided to drop them before they got into net-next.

>

>> What about moving them into include/uapi/linux/filter.h ? Then

>> normal user programs like those in samples/bpf can access

>> them easier.

> we don't want to add these macros to uapi.

> Why not to add it to

> tools/include/linux/filter.h

> instead?


What I want to do in this patchset is not only removing original libbpf.c
and bpf_load.c. In fact I want libbpf in tools/lib/bpf becomes a public
available library for other userspace tools (tc for example). Switching
samples/bpf into libbpf is the first step of this goal. From doing this
I found and fixed some limitation, like those missed BPF map operations.
Making libbpf.h and bpf.h available for normal userspace programs is also
important.

Having the above goal, I think you can understand why improving 
tools/include
is not a good idea. You don't want to force a normal userspace program setup
a similar header environment for using libbpf. It is relatively a small
library. So it would be good if bpf.h and libbpf.h only depend on what can
be found in uapi.

Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Wang Nan Dec. 18, 2015, 7:10 a.m. UTC | #3

On 2015/12/18 15:04, Wangnan (F) wrote:
>

>

> On 2015/12/18 14:19, Alexei Starovoitov wrote:

>> On Fri, Dec 18, 2015 at 09:47:11AM +0800, Wangnan (F) wrote:

>>> This is a limitation in tools/lib/bpf/libbpf.h, which has a #include

>>> <linux/err.h>

>>> in its header.

>>>

>>> libbpf.h requires this include because its API uses ERR_PTR() to encode

>>> error code.

>>> For example, when calling bpf_object__open(), caller should use 

>>> IS_ERR() to

>>> check its

>>> return value instead of compare with NULL, and use PTR_ERR() to retrive

>>> error number.

>>>

>>> However, linux/err.h is not a part of uapi. To make libbpf work, one 

>>> has to

>>> create its

>>> own err.h.

>>

[SNIP]
>>> What about moving them into include/uapi/linux/filter.h ? Then

>>> normal user programs like those in samples/bpf can access

>>> them easier.

>> we don't want to add these macros to uapi.

>> Why not to add it to

>> tools/include/linux/filter.h

>> instead?

>

> What I want to do in this patchset is not only removing original libbpf.c

> and bpf_load.c. In fact I want libbpf in tools/lib/bpf becomes a public

> available library for other userspace tools (tc for example). Switching

> samples/bpf into libbpf is the first step of this goal. From doing this

> I found and fixed some limitation, like those missed BPF map operations.

> Making libbpf.h and bpf.h available for normal userspace programs is also

> important.

>

> Having the above goal, I think you can understand why improving 

> tools/include

> is not a good idea. You don't want to force a normal userspace program 

> setup

> a similar header environment for using libbpf. It is relatively a small

> library. So it would be good if bpf.h and libbpf.h only depend on what 

> can

> be found in uapi.

>


I suddenly realized that only linux/err.h causes problem. Those macros from
filter.h are never accessed by libbpf. So we can drop those filter.h by 
making
samples/bpf include from tools/include. However we still need a wrapper in
libbpf to avoid including linux/err.h.

Thank you.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

diff --git a/samples/bpf/include/linux/err.h b/samples/bpf/include/linux/err.h
new file mode 100644
index 0000000..671b874
--- /dev/null
+++ b/samples/bpf/include/linux/err.h
@@ -0,0 +1,56 @@ 
+#ifndef __TOOLS_LINUX_ERR_H
+#define __TOOLS_LINUX_ERR_H
+
+#include <asm/errno.h>
+
+#ifndef __must_check
+# define __must_check
+#endif
+#ifndef __force
+# define __force
+#endif
+#ifndef unlikely
+# define unlikely(x) x
+#endif
+
+/*
+ * Original kernel header comment:
+ *
+ * Kernel pointers have redundant information, so we can use a
+ * scheme where we can return either an error code or a normal
+ * pointer with the same return value.
+ *
+ * This should be a per-architecture thing, to allow different
+ * error and pointer decisions.
+ *
+ * Userspace note:
+ * The same principle works for userspace, because 'error' pointers
+ * fall down to the unused hole far from user space, as described
+ * in Documentation/x86/x86_64/mm.txt for x86_64 arch:
+ *
+ * 0000000000000000 - 00007fffffffffff (=47 bits) user space, different per mm hole caused by [48:63] sign extension
+ * ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole
+ *
+ * It should be the same case for other architectures, because
+ * this code is used in generic kernel code.
+ */
+#define MAX_ERRNO	4095
+
+#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
+
+static inline void * __must_check ERR_PTR(long error_)
+{
+	return (void *) error_;
+}
+
+static inline long __must_check PTR_ERR(__force const void *ptr)
+{
+	return (long) ptr;
+}
+
+static inline bool __must_check IS_ERR(__force const void *ptr)
+{
+	return IS_ERR_VALUE((unsigned long)ptr);
+}
+
+#endif /* _LINUX_ERR_H */
diff --git a/samples/bpf/utils.c b/samples/bpf/utils.c
new file mode 100644
index 0000000..73262a9
--- /dev/null
+++ b/samples/bpf/utils.c
@@ -0,0 +1,276 @@ 
+/* eBPF mini library */
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <linux/unistd.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <string.h>
+#include <linux/netlink.h>
+#include <linux/bpf.h>
+#include <errno.h>
+#include <net/ethernet.h>
+#include <net/if.h>
+#include <linux/if_packet.h>
+#include <arpa/inet.h>
+#include <linux/perf_event.h>
+#include "utils.h"
+
+#define DEBUGFS "/sys/kernel/debug/tracing/"
+
+int open_raw_sock(const char *name)
+{
+	struct sockaddr_ll sll;
+	int sock;
+
+	sock = socket(PF_PACKET, SOCK_RAW | SOCK_NONBLOCK | SOCK_CLOEXEC, htons(ETH_P_ALL));
+	if (sock < 0) {
+		printf("cannot create raw socket\n");
+		return -1;
+	}
+
+	memset(&sll, 0, sizeof(sll));
+	sll.sll_family = AF_PACKET;
+	sll.sll_ifindex = if_nametoindex(name);
+	sll.sll_protocol = htons(ETH_P_ALL);
+	if (bind(sock, (struct sockaddr *)&sll, sizeof(sll)) < 0) {
+		printf("bind to %s: %s\n", name, strerror(errno));
+		close(sock);
+		return -1;
+	}
+
+	return sock;
+}
+
+void read_trace_pipe(void)
+{
+	int trace_fd;
+
+	trace_fd = open(DEBUGFS "trace_pipe", O_RDONLY, 0);
+	if (trace_fd < 0)
+		return;
+
+	while (1) {
+		static char buf[4096];
+		ssize_t sz;
+
+		sz = read(trace_fd, buf, sizeof(buf));
+		if (sz > 0) {
+			buf[sz] = 0;
+			puts(buf);
+		}
+	}
+}
+
+int perf_event_open(struct perf_event_attr *attr, int pid, int cpu,
+		    int group_fd, unsigned long flags)
+{
+	return syscall(__NR_perf_event_open, attr, pid, cpu,
+		       group_fd, flags);
+}
+
+static int prog_load_prep(struct bpf_program *prog, int n,
+			  struct bpf_insn *insns, int insns_cnt,
+			  struct bpf_prog_prep_result *res)
+{
+	enum bpf_prog_type prog_type;
+	int is_socket, is_kprobe, is_kretprobe;
+	const char *event = bpf_program__title(prog, false);
+
+	LIBBPF_PTR_ASSERT(event, return -1);
+
+	is_socket = strncmp(event, "socket", 6) == 0;
+	is_kprobe = strncmp(event, "kprobe/", 7) == 0;
+	is_kretprobe = strncmp(event, "kretprobe/", 10) == 0;
+
+	if (is_socket) {
+		prog_type = BPF_PROG_TYPE_SOCKET_FILTER;
+	} else if (is_kprobe || is_kretprobe) {
+		prog_type = BPF_PROG_TYPE_KPROBE;
+	} else {
+		fprintf(stderr, "Unknown event '%s'\n", event);
+		return -1;
+	}
+
+	LIBBPF_ASSERT(bpf_program__set_type(prog, prog_type), return -1);
+	res->new_insn_ptr = insns;
+	res->new_insn_cnt = insns_cnt;
+	return 0;
+}
+
+static int populate_prog_array(int map_fd, struct bpf_object *obj)
+{
+	struct bpf_program *prog;
+
+	if (map_fd < 0) {
+		fprintf(stderr, "Invalid map fd\n");
+		return -1;
+	}
+
+	bpf_object__for_each_program(prog, obj) {
+		const char *event = bpf_program__title(prog, false);
+		int ind, prog_fd;
+		const char *ptr;
+
+		LIBBPF_PTR_ASSERT(event, return -1);
+		ptr = event + strlen(event) - 1;
+		while (isdigit(*ptr))
+			ptr--;
+		ptr++;
+		if (!isdigit(*ptr)) {
+			fprintf(stderr, "Invalid event: %s\n", event);
+			return -1;
+		}
+
+		ind = atoi(ptr);
+
+		__LIBBPF_ASSERT(prog_fd = bpf_program__nth_fd(prog, 0),
+				>= 0, return -1);
+		LIBBPF_ASSERT(bpf_map_update_elem(map_fd, &ind,
+						  &prog_fd, BPF_ANY),
+			      return -1);
+	}
+	return 0;
+}
+
+static int create_kprobes(int fd, const char *event, bool is_kprobe)
+{
+	char buf[256];
+	int efd, err, id;
+	struct perf_event_attr attr = {};
+
+	if (isdigit(event[0]))
+		return 0;
+
+	attr.type = PERF_TYPE_TRACEPOINT;
+	attr.sample_type = PERF_SAMPLE_RAW;
+	attr.sample_period = 1;
+	attr.wakeup_events = 1;
+
+	snprintf(buf, sizeof(buf),
+		 "echo '%c:%s %s' >> /sys/kernel/debug/tracing/kprobe_events",
+		 is_kprobe ? 'p' : 'r', event, event);
+
+	err = system(buf);
+	if (err < 0) {
+		fprintf(stderr, "failed to create kprobe '%s' error '%s'\n",
+				event, strerror(errno));
+		return -1;
+	}
+
+	strcpy(buf, DEBUGFS);
+	strcat(buf, "events/kprobes/");
+	strcat(buf, event);
+	strcat(buf, "/id");
+
+	efd = open(buf, O_RDONLY, 0);
+	if (efd < 0) {
+		fprintf(stderr, "failed to open event %s\n", event);
+		return -1;
+	}
+
+	err = read(efd, buf, sizeof(buf));
+	if (err < 0 || err >= sizeof(buf)) {
+		fprintf(stderr, "read from '%s' failed '%s'\n",
+			event, strerror(errno));
+		return -1;
+	}
+
+	close(efd);
+
+	buf[err] = 0;
+	id = atoi(buf);
+	attr.config = id;
+
+	efd = perf_event_open(&attr, -1/*pid*/, 0/*cpu*/, -1/*group_fd*/, 0);
+	if (efd < 0) {
+		fprintf(stderr, "event %d fd %d err %s\n", id, efd,
+			strerror(errno));
+		return -1;
+	}
+
+	ioctl(efd, PERF_EVENT_IOC_ENABLE, 0);
+	ioctl(efd, PERF_EVENT_IOC_SET_BPF, fd);
+	return 0;
+}
+
+struct bpf_object *load_bpf_file(char *path)
+{
+	struct bpf_program *prog;
+	struct bpf_object *obj;
+	struct bpf_map *map;
+	int err;
+
+	/* clear all kprobes */
+	err = system("echo \"\" > /sys/kernel/debug/tracing/kprobe_events");
+	if (err)
+		fprintf(stderr, "WARNING: clear kprobe_events failed: %s\n", strerror(errno));
+
+	LIBBPF_PTR_ASSERT(obj = bpf_object__open(path), return NULL);
+
+	bpf_object__for_each_program(prog, obj)
+		LIBBPF_ASSERT(bpf_program__set_prep(prog, 1, prog_load_prep),
+			      goto errout);
+
+	LIBBPF_ASSERT(bpf_object__load(obj), goto errout);
+
+	bpf_map__for_each(map, obj) {
+		struct bpf_map_def def;
+
+		LIBBPF_ASSERT(bpf_map__get_def(map, &def), goto errout);
+		if (def.type == BPF_MAP_TYPE_PROG_ARRAY) {
+			if (populate_prog_array(bpf_map__get_fd(map), obj)) {
+				fprintf(stderr, "failed to populate program array\n");
+				goto errout;
+			}
+		}
+	}
+
+	bpf_object__for_each_program(prog, obj) {
+		const char *event = bpf_program__title(prog, false);
+		int fd, err;
+
+		LIBBPF_PTR_ASSERT(event, goto errout);
+		__LIBBPF_ASSERT(fd = bpf_program__nth_fd(prog, 0),
+				>= 0,
+				goto errout);
+
+		if (strncmp(event, "kprobe/", 7) == 0)
+			err = create_kprobes(fd, event + 7, true);
+		else if (strncmp(event, "kretprobe/", 10) == 0)
+			err = create_kprobes(fd, event + 10, false);
+
+		if (err) {
+			fprintf(stderr, "failed to create kprobes\n");
+			goto errout;
+		}
+	}
+
+	return obj;
+errout:
+	bpf_object__close(obj);
+	return NULL;
+}
+
+int get_prog_fd(struct bpf_object *obj, int idx)
+{
+	int i = 0;
+	struct bpf_program *prog;
+
+	bpf_object__for_each_program(prog, obj)
+		if (i++ == idx)
+			return bpf_program__nth_fd(prog, 0);
+	return -1;
+}
+
+int get_map_fd(struct bpf_object *obj, int idx)
+{
+	int i = 0;
+	struct bpf_map *map;
+
+	bpf_map__for_each(map, obj)
+		if (i++ == idx)
+			return bpf_map__get_fd(map);
+	return -1;
+}
diff --git a/samples/bpf/utils.h b/samples/bpf/utils.h
new file mode 100644
index 0000000..5962a68
--- /dev/null
+++ b/samples/bpf/utils.h
@@ -0,0 +1,217 @@ 
+#ifndef __SAMPELS_UTILS_H
+#define __SAMPELS_UTILS_H
+
+#include <bpf/libbpf.h>
+#include <bpf/bpf.h>
+
+/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
+
+#define BPF_ALU64_REG(OP, DST, SRC)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_X,	\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = 0,					\
+		.imm   = 0 })
+
+#define BPF_ALU32_REG(OP, DST, SRC)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU | BPF_OP(OP) | BPF_X,		\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = 0,					\
+		.imm   = 0 })
+
+/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
+
+#define BPF_ALU64_IMM(OP, DST, IMM)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU64 | BPF_OP(OP) | BPF_K,	\
+		.dst_reg = DST,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = IMM })
+
+#define BPF_ALU32_IMM(OP, DST, IMM)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU | BPF_OP(OP) | BPF_K,		\
+		.dst_reg = DST,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = IMM })
+
+/* Short form of mov, dst_reg = src_reg */
+
+#define BPF_MOV64_REG(DST, SRC)					\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU64 | BPF_MOV | BPF_X,		\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = 0,					\
+		.imm   = 0 })
+
+#define BPF_MOV32_REG(DST, SRC)					\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU | BPF_MOV | BPF_X,		\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = 0,					\
+		.imm   = 0 })
+
+/* Short form of mov, dst_reg = imm32 */
+
+#define BPF_MOV64_IMM(DST, IMM)					\
+	((struct bpf_insn) {					\
+		.code  = BPF_ALU64 | BPF_MOV | BPF_K,		\
+		.dst_reg = DST,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = IMM })
+
+/* BPF_LD_IMM64 macro encodes single 'load 64-bit immediate' insn */
+#define BPF_LD_IMM64(DST, IMM)					\
+	BPF_LD_IMM64_RAW(DST, 0, IMM)
+
+#define BPF_LD_IMM64_RAW(DST, SRC, IMM)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_LD | BPF_DW | BPF_IMM,		\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = 0,					\
+		.imm   = (__u32) (IMM) }),			\
+	((struct bpf_insn) {					\
+		.code  = 0, /* zero is reserved opcode */	\
+		.dst_reg = 0,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = ((__u64) (IMM)) >> 32 })
+
+#ifndef BPF_PSEUDO_MAP_FD
+# define BPF_PSEUDO_MAP_FD	1
+#endif
+
+/* pseudo BPF_LD_IMM64 insn used to refer to process-local map_fd */
+#define BPF_LD_MAP_FD(DST, MAP_FD)				\
+	BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD)
+
+
+/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */
+
+#define BPF_LD_ABS(SIZE, IMM)					\
+	((struct bpf_insn) {					\
+		.code  = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS,	\
+		.dst_reg = 0,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = IMM })
+
+/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
+
+#define BPF_LDX_MEM(SIZE, DST, SRC, OFF)			\
+	((struct bpf_insn) {					\
+		.code  = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM,	\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = OFF,					\
+		.imm   = 0 })
+
+/* Memory store, *(uint *) (dst_reg + off16) = src_reg */
+
+#define BPF_STX_MEM(SIZE, DST, SRC, OFF)			\
+	((struct bpf_insn) {					\
+		.code  = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM,	\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = OFF,					\
+		.imm   = 0 })
+
+/* Memory store, *(uint *) (dst_reg + off16) = imm32 */
+
+#define BPF_ST_MEM(SIZE, DST, OFF, IMM)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM,	\
+		.dst_reg = DST,					\
+		.src_reg = 0,					\
+		.off   = OFF,					\
+		.imm   = IMM })
+
+/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
+
+#define BPF_JMP_REG(OP, DST, SRC, OFF)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_JMP | BPF_OP(OP) | BPF_X,		\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = OFF,					\
+		.imm   = 0 })
+
+/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
+
+#define BPF_JMP_IMM(OP, DST, IMM, OFF)				\
+	((struct bpf_insn) {					\
+		.code  = BPF_JMP | BPF_OP(OP) | BPF_K,		\
+		.dst_reg = DST,					\
+		.src_reg = 0,					\
+		.off   = OFF,					\
+		.imm   = IMM })
+
+/* Raw code statement block */
+
+#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM)			\
+	((struct bpf_insn) {					\
+		.code  = CODE,					\
+		.dst_reg = DST,					\
+		.src_reg = SRC,					\
+		.off   = OFF,					\
+		.imm   = IMM })
+
+/* Program exit */
+
+#define BPF_EXIT_INSN()						\
+	((struct bpf_insn) {					\
+		.code  = BPF_JMP | BPF_EXIT,			\
+		.dst_reg = 0,					\
+		.src_reg = 0,					\
+		.off   = 0,					\
+		.imm   = 0 })
+
+#define __LIBBPF_ASSERT(stat, cond, ret) do {	\
+	char ___errbuf[256];			\
+	int ___err = stat;			\
+						\
+	if ((___err) cond)			\
+		break;				\
+	libbpf_strerror(___err, ___errbuf, sizeof(___errbuf));\
+	fprintf(stderr, "libbpf error: %s\n", ___errbuf);\
+	ret;					\
+} while(0)
+
+#define __LIBBPF_PTR_ASSERT(stat, cond, ret) do {	\
+	const void *___ptr = stat;			\
+							\
+	if (!IS_ERR(___ptr) && ___ptr)			\
+		break;					\
+	if (!___ptr)					\
+		___ptr = ERR_PTR(-EEXIST);		\
+	LIBBPF_ASSERT(PTR_ERR(___ptr), ret);		\
+} while(0)
+
+#define LIBBPF_ASSERT(stat, ret) __LIBBPF_ASSERT(stat, == 0, ret)
+#define LIBBPF_PTR_ASSERT(stat, ret) __LIBBPF_PTR_ASSERT(stat, == 0, ret)
+
+/* create RAW socket and bind to interface 'name' */
+int open_raw_sock(const char *name);
+void read_trace_pipe(void);
+
+struct perf_event_attr;
+int perf_event_open(struct perf_event_attr *attr, int pid, int cpu,
+		    int group_fd, unsigned long flags);
+
+int prog_load_prepare(struct bpf_program *prog, int n,
+		      struct bpf_insn *insns, int insns_cnt,
+		      struct bpf_prog_prep_result *res);
+
+struct bpf_object *load_bpf_file(char *path);
+int get_prog_fd(struct bpf_object *obj, int idx);
+int get_map_fd(struct bpf_object *obj, int idx);
+#endif

[08/10] bpf samples: Add utils.[ch] for using BPF

Commit Message

Comments

Patch