lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 28 Jun 2019 10:59:36 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Stanislav Fomichev <sdf@...ichev.me>
Cc:     Andrii Nakryiko <andriin@...com>, Alexei Starovoitov <ast@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        Kernel Team <kernel-team@...com>
Subject: Re: [PATCH v3 bpf-next 3/9] libbpf: add ability to attach/detach BPF
 program to perf event

On Fri, Jun 28, 2019 at 10:54 AM Stanislav Fomichev <sdf@...ichev.me> wrote:
>
> On 06/28, Andrii Nakryiko wrote:
> > On Fri, Jun 28, 2019 at 9:04 AM Stanislav Fomichev <sdf@...ichev.me> wrote:
> > >
> > > On 06/27, Andrii Nakryiko wrote:
> > > > bpf_program__attach_perf_event allows to attach BPF program to existing
> > > > perf event hook, providing most generic and most low-level way to attach BPF
> > > > programs. It returns struct bpf_link, which should be passed to
> > > > bpf_link__destroy to detach and free resources, associated with a link.
> > > >
> > > > Signed-off-by: Andrii Nakryiko <andriin@...com>
> > > > ---
> > > >  tools/lib/bpf/libbpf.c   | 58 ++++++++++++++++++++++++++++++++++++++++
> > > >  tools/lib/bpf/libbpf.h   |  3 +++
> > > >  tools/lib/bpf/libbpf.map |  1 +
> > > >  3 files changed, 62 insertions(+)
> > > >
> > > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > > > index 455795e6f8af..606705f878ba 100644
> > > > --- a/tools/lib/bpf/libbpf.c
> > > > +++ b/tools/lib/bpf/libbpf.c
> > > > @@ -32,6 +32,7 @@
> > > >  #include <linux/limits.h>
> > > >  #include <linux/perf_event.h>
> > > >  #include <linux/ring_buffer.h>
> > > > +#include <sys/ioctl.h>
> > > >  #include <sys/stat.h>
> > > >  #include <sys/types.h>
> > > >  #include <sys/vfs.h>
> > > > @@ -3958,6 +3959,63 @@ int bpf_link__destroy(struct bpf_link *link)
> > > >       return err;
> > > >  }
> > > >
> > > > +struct bpf_link_fd {
> > > > +     struct bpf_link link; /* has to be at the top of struct */
> > > [..]
> > > > +     int fd; /* hook FD */
> > > > +};
> > > Any cons to storing everything in bpf_link, instead of creating a
> > > "subclass"? Less things to worry about.
> >
> > Yes, it's not always enough to just have single FD to detach BPF
> > program. Check bpf_prog_detach and bpf_prog_detach2 in
> > tools/lib/bpf/bpf.c. For some types of attachment you have to provide
> > target_fd+attach_type, for some target_fd+attach_type+attach_bpf_fd.
> > So those two will use their own bpf_link extensions.
> >
> > I haven't implemented those attachment APIs yet, but we should.
> >
> > What should go into bpf_link itself is any information that's common
> > to any kind of attachment (e.g, "kind of attachment" itself). It's
> > conceivable that we might allow "casting" bpf_link into specific
> > variation and having extra "methods" on those. I haven't done that, as
> > I didn't have a need yet.
> You're optimizing for a memory footprint, I guess. I was trying to
> point out that maybe it's easier just to put everything in the bpf_link
> and don't do any castings. Some events would use attach_type, some
> won't. But, OTOH, maybe having a specific bpf_link variation per
> attachment is more readable, idk :-)

Ah, I see, you want to have superset of all possible things that
constitute bpf_link. I generally don't like that, because it becomes
harder to understand what's really used and what's there just in case
:)

Good thing is that all this is libbpf-internal, so we can change any
of that easily without any breakage of users.

>
> > > > +static int bpf_link__destroy_perf_event(struct bpf_link *link)
> > > > +{
> > > > +     struct bpf_link_fd *l = (void *)link;
> > > > +     int err;
> > > > +
> > > > +     if (l->fd < 0)
> > > > +             return 0;
> > > > +
> > > > +     err = ioctl(l->fd, PERF_EVENT_IOC_DISABLE, 0);
> > > > +     close(l->fd);
> > > > +     return err;
> > > > +}
> > > > +
> > > > +struct bpf_link *bpf_program__attach_perf_event(struct bpf_program *prog,
> > > > +                                             int pfd)
> > > > +{
> > > > +     char errmsg[STRERR_BUFSIZE];
> > > > +     struct bpf_link_fd *link;
> > > > +     int bpf_fd, err;
> > > > +
> > > > +     bpf_fd = bpf_program__fd(prog);
> > > > +     if (bpf_fd < 0) {
> > > > +             pr_warning("program '%s': can't attach before loaded\n",
> > > > +                        bpf_program__title(prog, false));
> > > > +             return ERR_PTR(-EINVAL);
> > > > +     }
> > > > +
> > > > +     link = malloc(sizeof(*link));
> > > > +     if (!link)
> > > > +             return ERR_PTR(-ENOMEM);
> > > > +     link->link.destroy = &bpf_link__destroy_perf_event;
> > > > +     link->fd = pfd;
> > > > +
> > > > +     if (ioctl(pfd, PERF_EVENT_IOC_SET_BPF, bpf_fd) < 0) {
> > > > +             err = -errno;
> > > > +             free(link);
> > > > +             pr_warning("program '%s': failed to attach to pfd %d: %s\n",
> > > > +                        bpf_program__title(prog, false), pfd,
> > > > +                        libbpf_strerror_r(err, errmsg, sizeof(errmsg)));
> > > > +             return ERR_PTR(err);
> > > > +     }
> > > > +     if (ioctl(pfd, PERF_EVENT_IOC_ENABLE, 0) < 0) {
> > > > +             err = -errno;
> > > > +             free(link);
> > > > +             pr_warning("program '%s': failed to enable pfd %d: %s\n",
> > > > +                        bpf_program__title(prog, false), pfd,
> > > > +                        libbpf_strerror_r(err, errmsg, sizeof(errmsg)));
> > > > +             return ERR_PTR(err);
> > > > +     }
> > > > +     return (struct bpf_link *)link;
> > > > +}
> > > > +
> > > >  enum bpf_perf_event_ret
> > > >  bpf_perf_event_read_simple(void *mmap_mem, size_t mmap_size, size_t page_size,
> > > >                          void **copy_mem, size_t *copy_size,
> > > > diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h
> > > > index 5082a5ebb0c2..1bf66c4a9330 100644
> > > > --- a/tools/lib/bpf/libbpf.h
> > > > +++ b/tools/lib/bpf/libbpf.h
> > > > @@ -169,6 +169,9 @@ struct bpf_link;
> > > >
> > > >  LIBBPF_API int bpf_link__destroy(struct bpf_link *link);
> > > >
> > > > +LIBBPF_API struct bpf_link *
> > > > +bpf_program__attach_perf_event(struct bpf_program *prog, int pfd);
> > > > +
> > > >  struct bpf_insn;
> > > >
> > > >  /*
> > > > diff --git a/tools/lib/bpf/libbpf.map b/tools/lib/bpf/libbpf.map
> > > > index 3cde850fc8da..756f5aa802e9 100644
> > > > --- a/tools/lib/bpf/libbpf.map
> > > > +++ b/tools/lib/bpf/libbpf.map
> > > > @@ -169,6 +169,7 @@ LIBBPF_0.0.4 {
> > > >       global:
> > > >               bpf_link__destroy;
> > > >               bpf_object__load_xattr;
> > > > +             bpf_program__attach_perf_event;
> > > >               btf_dump__dump_type;
> > > >               btf_dump__free;
> > > >               btf_dump__new;
> > > > --
> > > > 2.17.1
> > > >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ