2018-05-04 22:23:29 +07:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
#ifndef _PERF_BPF_H
|
|
|
|
#define _PERF_BPF_H
|
perf bpf: Include uapi/linux/bpf.h from the 'perf trace' script's bpf.h
The next example scripts need the definition for the BPF functions, i.e.
things like BPF_FUNC_probe_read, and in time will require lots of other
definitions found in uapi/linux/bpf.h, so include it from the bpf.h file
included from the eBPF scripts build with clang via '-e bpf_script.c'
like in this example:
$ tail -8 tools/perf/examples/bpf/5sec.c
#include <bpf.h>
int probe(hrtimer_nanosleep, rqtp->tv_sec)(void *ctx, int err, long sec)
{
return sec == 5;
}
license(GPL);
$
That 'bpf.h' include in the 5sec.c eBPF example will come from a set of
header files crafted for building eBPF objects, that in a end-user
system will come from:
/usr/lib/perf/include/bpf/bpf.h
And will include <uapi/linux/bpf.h> either from the place where the
kernel was built, or from a kernel-devel rpm package like:
-working-directory /lib/modules/4.17.9-100.fc27.x86_64/build
That is set up by tools/perf/util/llvm-utils.c, and can be overriden
by setting the 'kbuild-dir' variable in the "llvm" ~/.perfconfig file,
like:
# cat ~/.perfconfig
[llvm]
kbuild-dir = /home/foo/git/build/linux
This usually doesn't need any change, just documenting here my findings
while working with this code.
In the future we may want to instead just use what is in
/usr/include/linux/bpf.h, that comes from the UAPI provided from the
kernel sources, for now, to avoid getting the kernel's non-UAPI
"linux/bpf.h" file, that will cause clang to fail and is not what we
want anyway (no BPF function definitions, etc), do it explicitely by
asking for "uapi/linux/bpf.h".
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-zd8zeyhr2sappevojdem9xxt@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-08-01 20:50:51 +07:00
|
|
|
|
|
|
|
#include <uapi/linux/bpf.h>
|
|
|
|
|
perf bpf: Add struct bpf_map struct
A helper structure used by eBPF C program to describe map attributes to
elf_bpf loader, to be used initially by the special __bpf_stdout__ map
used to print strings into the perf ring buffer in BPF scripts, e.g.:
Using the upcoming stdio.h and puts() macros to use the __bpf_stdout__
map to add strings to the ring buffer:
# cat tools/perf/examples/bpf/hello.c
#include <stdio.h>
int syscall_enter(openat)(void *args)
{
puts("Hello, world\n");
return 0;
}
license(GPL);
#
# cat ~/.perfconfig
[llvm]
dump-obj = true
# perf trace -e openat,tools/perf/examples/bpf/hello.c/call-graph=dwarf/ cat /etc/passwd > /dev/null
LLVM: dumping tools/perf/examples/bpf/hello.o
0.016 ( ): __bpf_stdout__:Hello, world
0.018 ( 0.010 ms): cat/9079 openat(dfd: CWD, filename: /etc/ld.so.cache, flags: CLOEXEC ) = 3
0.057 ( ): __bpf_stdout__:Hello, world
0.059 ( 0.011 ms): cat/9079 openat(dfd: CWD, filename: /lib64/libc.so.6, flags: CLOEXEC ) = 3
0.417 ( ): __bpf_stdout__:Hello, world
0.419 ( 0.009 ms): cat/9079 openat(dfd: CWD, filename: /etc/passwd ) = 3
#
# file tools/perf/examples/bpf/hello.o
tools/perf/examples/bpf/hello.o: ELF 64-bit LSB relocatable, *unknown arch 0xf7* version 1 (SYSV), not stripped
# readelf -SW tools/perf/examples/bpf/hello.o
There are 10 section headers, starting at offset 0x208:
Section Headers:
[Nr] Name Type Address Off Size ES Flg Lk Inf Al
[ 0] NULL 0000000000000000 000000 000000 00 0 0 0
[ 1] .strtab STRTAB 0000000000000000 000188 00007f 00 0 0 1
[ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4
[ 3] syscalls:sys_enter_openat PROGBITS 0000000000000000 000040 000088 00 AX 0 0 8
[ 4] .relsyscalls:sys_enter_openat REL 0000000000000000 000178 000010 10 9 3 8
[ 5] maps PROGBITS 0000000000000000 0000c8 00001c 00 WA 0 0 4
[ 6] .rodata.str1.1 PROGBITS 0000000000000000 0000e4 00000e 01 AMS 0 0 1
[ 7] license PROGBITS 0000000000000000 0000f2 000004 00 WA 0 0 1
[ 8] version PROGBITS 0000000000000000 0000f8 000004 00 WA 0 0 4
[ 9] .symtab SYMTAB 0000000000000000 000100 000078 18 1 1 8
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
L (link order), O (extra OS processing required), G (group), T (TLS),
C (compressed), x (unknown), o (OS specific), E (exclude),
p (processor specific)
# readelf -s tools/perf/examples/bpf/hello.o
Symbol table '.symtab' contains 5 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 5 __bpf_stdout__
2: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 7 _license
3: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 8 _version
4: 0000000000000000 0 NOTYPE GLOBAL DEFAULT 3 syscall_enter_openat
#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-81fg60om2ifnatsybzwmiga3@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-08-06 19:02:26 +07:00
|
|
|
/*
|
|
|
|
* A helper structure used by eBPF C program to describe map attributes to
|
|
|
|
* elf_bpf loader, taken from tools/testing/selftests/bpf/bpf_helpers.h:
|
|
|
|
*/
|
|
|
|
struct bpf_map {
|
|
|
|
unsigned int type;
|
|
|
|
unsigned int key_size;
|
|
|
|
unsigned int value_size;
|
|
|
|
unsigned int max_entries;
|
|
|
|
unsigned int map_flags;
|
|
|
|
unsigned int inner_map_idx;
|
|
|
|
unsigned int numa_node;
|
|
|
|
};
|
|
|
|
|
2018-05-04 22:23:29 +07:00
|
|
|
#define SEC(NAME) __attribute__((section(NAME), used))
|
2018-05-05 01:18:31 +07:00
|
|
|
|
perf bpf: Add probe() helper to reduce kprobes boilerplate
So that kprobe definitions become:
int probe(function, variables)(void *ctx, int err, var1, var2, ...)
The existing 5sec.c, got converted and goes from:
SEC("func=hrtimer_nanosleep rqtp->tv_sec")
int func(void *ctx, int err, long sec)
{
}
To:
int probe(hrtimer_nanosleep, rqtp->tv_sec)(void *ctx, int err, long sec)
{
}
If we decide to add tv_nsec as well, then it becomes:
$ cat tools/perf/examples/bpf/5sec.c
#include <bpf.h>
int probe(hrtimer_nanosleep, rqtp->tv_sec rqtp->tv_nsec)(void *ctx, int err, long sec, long nsec)
{
return sec == 5;
}
license(GPL);
$
And if we run it, system wide as before and run some 'sleep' with values
for the tv_nsec field, we get:
# perf trace --no-syscalls -e tools/perf/examples/bpf/5sec.c
0.000 perf_bpf_probe:hrtimer_nanosleep:(ffffffff9811b5f0) tv_sec=5 tv_nsec=100000000
9641.650 perf_bpf_probe:hrtimer_nanosleep:(ffffffff9811b5f0) tv_sec=5 tv_nsec=123450001
^C#
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Wang Nan <wangnan0@huawei.com>
Link: https://lkml.kernel.org/n/tip-1v9r8f6ds5av0w9pcwpeknyl@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2018-05-05 01:59:16 +07:00
|
|
|
#define probe(function, vars) \
|
|
|
|
SEC(#function "=" #function " " #vars) function
|
|
|
|
|
2018-08-04 02:28:35 +07:00
|
|
|
#define syscall_enter(name) \
|
|
|
|
SEC("syscalls:sys_enter_" #name) syscall_enter_ ## name
|
|
|
|
|
2018-08-30 18:48:44 +07:00
|
|
|
#define syscall_exit(name) \
|
|
|
|
SEC("syscalls:sys_exit_" #name) syscall_exit_ ## name
|
|
|
|
|
2018-05-05 01:18:31 +07:00
|
|
|
#define license(name) \
|
|
|
|
char _license[] SEC("license") = #name; \
|
|
|
|
int _version SEC("version") = LINUX_VERSION_CODE;
|
|
|
|
|
2018-08-08 01:10:19 +07:00
|
|
|
static int (*probe_read)(void *dst, int size, const void *unsafe_addr) = (void *)BPF_FUNC_probe_read;
|
|
|
|
static int (*probe_read_str)(void *dst, int size, const void *unsafe_addr) = (void *)BPF_FUNC_probe_read_str;
|
|
|
|
|
2018-05-04 22:23:29 +07:00
|
|
|
#endif /* _PERF_BPF_H */
|