| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEf4BzZcs6YP067-KJYQRsMJMLooypepq8iiX7wXu7CZwVhD3g@mail.gmail.com>
Date: Tue, 14 Jan 2025 14:32:18 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Yafang Shao <laoar.shao@...il.com>
Cc: andrii@...nel.org, eddyz87@...il.com, ast@...nel.org, daniel@...earbox.net,
martin.lau@...ux.dev, song@...nel.org, yonghong.song@...ux.dev,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
haoluo@...gle.com, jolsa@...nel.org, edumazet@...gle.com, dxu@...uu.xyz,
bpf@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [RFC PATCH v2 0/2] libbpf: Add support for dynamic tracepoints
On Sat, Jan 11, 2025 at 10:45 PM Yafang Shao <laoar.shao@...il.com> wrote:
>
> The primary goal of this change is to enable tracing of inlined kernel
> functions with BPF programs.
>
> Dynamic tracepoints can be created using tools like perf-probe, debugfs, or
> similar utilities. For example:
>
> $ perf probe -a 'tcp_listendrop sk'
> $ ls /sys/kernel/debug/tracing/events/probe/tcp_listendrop/
> enable filter format hist id trigger
>
> Here, tcp_listendrop() is an example of an inlined kernel function.
>
> While these dynamic tracepoints are functional, they cannot be easily
> attached to BPF programs. For instance, attempting to use them with
> bpftrace results in the following error:
>
> $ bpftrace -l 'tracepoint:probe:*'
> tracepoint:probe:tcp_listendrop
>
> $ bpftrace -e 'tracepoint:probe:tcp_listendrop {print(comm)}'
> Attaching 1 probe...
> ioctl(PERF_EVENT_IOC_SET_BPF): Invalid argument
> ERROR: Error attaching probe: tracepoint:probe:tcp_listendrop
>
> The issue lies in how these dynamic tracepoints are implemented: despite
> being exposed as tracepoints, they remain kprobe events internally. As a
> result, loading them as a tracepoint program fails. Instead, they must be
> loaded as kprobe programs.
>
> This change introduces support for such use cases in libbpf by adding a
> new section: SEC("kprobe/SUBSYSTEM/PROBE")
>
> - Future work
> Extend support for dynamic tracepoints in bpftrace.
Seems like the primary motivation is bpftrace support, so let's start
there. I'm hesitant to include this in libbpf right now. The whole
SEC("kprobe") that calls "attach_tracepoint()" underneath makes me
uncomfortable.
You can still attach to such dynamic probe today with pure libbpf
(e.g., if bpftrace needs to do this, for example) by creating
perf_event FD from tracefs' id, and then using
bpf_program__attach_perf_event_opts() to attach to it. It will be on
the user to use either tracepoint or kprobe BPF program for such
attachment.
Yes, this doesn't work "declaratively" with a nice SEC("...") syntax,
but at least it's doable programmatically, and that's what matters for
bpftrace.
>
> Changes:
> v1->v2:
> - Use a new SEC("kprobe/SUBSYSTEM/PROBE") instead (Jiri)
>
> v1: https://lore.kernel.org/bpf/20250105124403.991-1-laoar.shao@gmail.com/
>
> Yafang Shao (2):
> libbpf: Add support for dynamic tracepoint
> selftests/bpf: Add selftest for dynamic tracepoint
>
> tools/lib/bpf/libbpf.c | 29 ++++++++-
> .../bpf/prog_tests/test_dynamic_tp.c | 64 +++++++++++++++++++
> .../testing/selftests/bpf/progs/dynamic_tp.c | 27 ++++++++
> 3 files changed, 119 insertions(+), 1 deletion(-)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/test_dynamic_tp.c
> create mode 100644 tools/testing/selftests/bpf/progs/dynamic_tp.c
>
> --
> 2.43.5
>
Powered by blists - more mailing lists