lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 27 Feb 2023 13:47:52 -0800
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     menglong8.dong@...il.com
Cc:     alan.maguire@...cle.com, ast@...nel.org, daniel@...earbox.net,
        andrii@...nel.org, martin.lau@...ux.dev, song@...nel.org,
        yhs@...com, john.fastabend@...il.com, kpsingh@...nel.org,
        sdf@...gle.com, haoluo@...gle.com, jolsa@...nel.org,
        benbjiang@...cent.com, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org, Menglong Dong <imagedong@...cent.com>
Subject: Re: [PATCH bpf-next v3 1/3] libbpf: add support to set kprobe/uprobe
 attach mode

On Mon, Feb 20, 2023 at 6:54 PM <menglong8.dong@...il.com> wrote:
>
> From: Menglong Dong <imagedong@...cent.com>
>
> By default, libbpf will attach the kprobe/uprobe eBPF program in the
> latest mode that supported by kernel. In this patch, we add the support
> to let users manually attach kprobe/uprobe in legacy or perf mode.
>
> There are 3 mode that supported by the kernel to attach kprobe/uprobe:
>
>   LEGACY: create perf event in legacy way and don't use bpf_link
>   PERF: create perf event with perf_event_open() and don't use bpf_link
>   LINK: create perf event with perf_event_open() and use bpf_link
>
> Users now can manually choose the mode with
> bpf_program__attach_uprobe_opts()/bpf_program__attach_kprobe_opts().
>
> Link: https://lore.kernel.org/bpf/20230113093427.1666466-1-imagedong@tencent.com/
> Reviewed-by: Biao Jiang <benbjiang@...cent.com>
> Signed-off-by: Menglong Dong <imagedong@...cent.com>
> Reviewed-by: Alan Maguire <alan.maguire@...cle.com>
> ---
> v2:
> - rename no_link to force_ioctl_attach
> - rename probe_mode to probe_attach_mode
> - add more doc for probe_attach_mode
> - return -ENOTSUP when necessray in bpf_program__attach_uprobe_opts and
>   bpf_program__attach_kprobe_opts
> ---
>  tools/lib/bpf/libbpf.c | 42 +++++++++++++++++++++++++++++++++++++++++-
>  tools/lib/bpf/libbpf.h | 31 ++++++++++++++++++++++++++++---
>  2 files changed, 69 insertions(+), 4 deletions(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 05c4db355f28..d07a0d7b9edd 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -9747,7 +9747,7 @@ struct bpf_link *bpf_program__attach_perf_event_opts(const struct bpf_program *p
>         link->link.dealloc = &bpf_link_perf_dealloc;
>         link->perf_event_fd = pfd;
>
> -       if (kernel_supports(prog->obj, FEAT_PERF_LINK)) {
> +       if (kernel_supports(prog->obj, FEAT_PERF_LINK) && !opts->force_ioctl_attach) {

can't access ->force_ioctl_attach directly, please use OPTS_GET()
macro; it handles possibility of old user app passing smaller and
older version of opts struct

>                 DECLARE_LIBBPF_OPTS(bpf_link_create_opts, link_opts,
>                         .perf_event.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0));
>
> @@ -10106,6 +10106,7 @@ bpf_program__attach_kprobe_opts(const struct bpf_program *prog,
>                                 const struct bpf_kprobe_opts *opts)
>  {
>         DECLARE_LIBBPF_OPTS(bpf_perf_event_opts, pe_opts);
> +       enum probe_attach_mode attach_mode;
>         char errmsg[STRERR_BUFSIZE];
>         char *legacy_probe = NULL;
>         struct bpf_link *link;
> @@ -10116,11 +10117,30 @@ bpf_program__attach_kprobe_opts(const struct bpf_program *prog,
>         if (!OPTS_VALID(opts, bpf_kprobe_opts))
>                 return libbpf_err_ptr(-EINVAL);
>
> +       attach_mode = OPTS_GET(opts, attach_mode, PROBE_ATTACH_MODE_DEFAULT);
>         retprobe = OPTS_GET(opts, retprobe, false);
>         offset = OPTS_GET(opts, offset, 0);
>         pe_opts.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0);
>
>         legacy = determine_kprobe_perf_type() < 0;
> +       switch (attach_mode) {
> +       case PROBE_ATTACH_MODE_LEGACY:
> +               legacy = true;
> +               pe_opts.force_ioctl_attach = true;
> +               break;
> +       case PROBE_ATTACH_MODE_PERF:
> +               if (legacy)
> +                       return libbpf_err_ptr(-ENOTSUP);
> +               pe_opts.force_ioctl_attach = true;
> +               break;
> +       case PROBE_ATTACH_MODE_LINK:
> +               if (!kernel_supports(prog->obj, FEAT_PERF_LINK))

just to be on the safe side, let's also check that we are not in
legacy mode here?

> +                       return libbpf_err_ptr(-ENOTSUP);
> +               break;
> +       default:

let's add case PROBE_ATTACH_MODE_DEFAULT: break; explicitly, but for
all other unknown values error out

> +               break;
> +       }
> +
>         if (!legacy) {
>                 pfd = perf_event_open_probe(false /* uprobe */, retprobe,
>                                             func_name, offset,
> @@ -10774,6 +10794,7 @@ bpf_program__attach_uprobe_opts(const struct bpf_program *prog, pid_t pid,
>  {
>         DECLARE_LIBBPF_OPTS(bpf_perf_event_opts, pe_opts);
>         char errmsg[STRERR_BUFSIZE], *legacy_probe = NULL;
> +       enum probe_attach_mode attach_mode;
>         char full_binary_path[PATH_MAX];
>         struct bpf_link *link;
>         size_t ref_ctr_off;
> @@ -10784,6 +10805,7 @@ bpf_program__attach_uprobe_opts(const struct bpf_program *prog, pid_t pid,
>         if (!OPTS_VALID(opts, bpf_uprobe_opts))
>                 return libbpf_err_ptr(-EINVAL);
>
> +       attach_mode = OPTS_GET(opts, attach_mode, PROBE_ATTACH_MODE_DEFAULT);
>         retprobe = OPTS_GET(opts, retprobe, false);
>         ref_ctr_off = OPTS_GET(opts, ref_ctr_offset, 0);
>         pe_opts.bpf_cookie = OPTS_GET(opts, bpf_cookie, 0);
> @@ -10812,6 +10834,24 @@ bpf_program__attach_uprobe_opts(const struct bpf_program *prog, pid_t pid,
>         }
>
>         legacy = determine_uprobe_perf_type() < 0;
> +       switch (attach_mode) {
> +       case PROBE_ATTACH_MODE_LEGACY:
> +               legacy = true;
> +               pe_opts.force_ioctl_attach = true;
> +               break;
> +       case PROBE_ATTACH_MODE_PERF:
> +               if (legacy)
> +                       return libbpf_err_ptr(-ENOTSUP);
> +               pe_opts.force_ioctl_attach = true;
> +               break;
> +       case PROBE_ATTACH_MODE_LINK:
> +               if (!kernel_supports(prog->obj, FEAT_PERF_LINK))
> +                       return libbpf_err_ptr(-ENOTSUP);
> +               break;
> +       default:
> +               break;
> +       }

all the same points as above for kprobe_opts version

> +
>         if (!legacy) {
>                 pfd = perf_event_open_probe(true /* uprobe */, retprobe, binary_path,
>                                             func_offset, pid, ref_ctr_off);
> diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
> index 2efd80f6f7b9..ef8f68da42f9 100644
> --- a/tools/lib/bpf/libbpf.h
> +++ b/tools/lib/bpf/libbpf.h
> @@ -451,8 +451,11 @@ struct bpf_perf_event_opts {
>         size_t sz;
>         /* custom user-provided value fetchable through bpf_get_attach_cookie() */
>         __u64 bpf_cookie;
> +       /* don't use bpf_link when attach eBPF program */
> +       bool force_ioctl_attach;
> +       size_t :0;
>  };
> -#define bpf_perf_event_opts__last_field bpf_cookie
> +#define bpf_perf_event_opts__last_field force_ioctl_attach
>
>  LIBBPF_API struct bpf_link *
>  bpf_program__attach_perf_event(const struct bpf_program *prog, int pfd);
> @@ -461,6 +464,24 @@ LIBBPF_API struct bpf_link *
>  bpf_program__attach_perf_event_opts(const struct bpf_program *prog, int pfd,
>                                     const struct bpf_perf_event_opts *opts);
>
> +
> +/**
> + * enum probe_attach_mode - the mode to attach kprobe/uprobe
> + *
> + * force libbpf to attach kprobe/uprobe in specific mode, -ENOTSUP will
> + * be returned if it is not supported by the kernel.
> + */
> +enum probe_attach_mode {
> +       /* attach probe in latest supported mode by kernel */
> +       PROBE_ATTACH_MODE_DEFAULT = 0,
> +       /* attach probe in legacy mode */

"in legacy mode, using debugfs/tracefs" ?

> +       PROBE_ATTACH_MODE_LEGACY,
> +       /* create perf event with perf_event_open() syscall */
> +       PROBE_ATTACH_MODE_PERF,
> +       /* attach probe with bpf_link */

nit: BPF link (it's a concept, not a struct name)

> +       PROBE_ATTACH_MODE_LINK,
> +};
> +
>  struct bpf_kprobe_opts {
>         /* size of this struct, for forward/backward compatiblity */
>         size_t sz;
> @@ -470,9 +491,11 @@ struct bpf_kprobe_opts {
>         size_t offset;
>         /* kprobe is return probe */
>         bool retprobe;
> +       /* kprobe attach mode */
> +       enum probe_attach_mode attach_mode;
>         size_t :0;
>  };
> -#define bpf_kprobe_opts__last_field retprobe
> +#define bpf_kprobe_opts__last_field attach_mode
>
>  LIBBPF_API struct bpf_link *
>  bpf_program__attach_kprobe(const struct bpf_program *prog, bool retprobe,
> @@ -570,9 +593,11 @@ struct bpf_uprobe_opts {
>          * binary_path.
>          */
>         const char *func_name;
> +       /* uprobe attach mode */
> +       enum probe_attach_mode attach_mode;
>         size_t :0;
>  };
> -#define bpf_uprobe_opts__last_field func_name
> +#define bpf_uprobe_opts__last_field attach_mode
>
>  /**
>   * @brief **bpf_program__attach_uprobe()** attaches a BPF program
> --
> 2.39.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ