Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add btf func_info and line_info support #2191

Merged
merged 2 commits into from
Feb 10, 2019
Merged

add btf func_info and line_info support #2191

merged 2 commits into from
Feb 10, 2019

Conversation

yonghong-song
Copy link
Collaborator 

The libbpf API functions are used to parse/load
.BTF and .BTF.ext ELF sections, and retrieve
func_info and line_info for prog loading.

The LLVM cannot get remapped file source for
line_info. So a postprocessing after compilation
fixed the line_off (offset to the string table
for the line_info) in .BTF.ext and
adjusted string section in .BTF to accommodate
new source lines.

For users using python and C++ API, no changes
to their codes. If .BTF and .BTF.ext are supported
in both compiler and kernel, they will automatically
get benefit, e.g., verifier log annotated with source
code, bpftool showing source annotated jit codes, etc.

For example, with latest bpf-next and llvm trunk,
running `tcpconnect.py`, bpftool (from kernel) is able
to show the following:

      -bash-4.4$ sudo bpftool p d jited id 165
      int trace_connect_v6_return(struct pt_regs * ctx):
      bpf_prog_8937c3924bd93e28_trace_connect_v6_return:
      ; int trace_connect_v6_return(struct pt_regs *ctx)
         0:   push   %rbp
         1:   mov    %rsp,%rbp
         4:   sub    $0x88,%rsp
         b:   sub    $0x28,%rbp
         f:   mov    %rbx,0x0(%rbp)
        13:   mov    %r13,0x8(%rbp)
        17:   mov    %r14,0x10(%rbp)
        1b:   mov    %r15,0x18(%rbp)
        1f:   xor    %eax,%eax
        21:   mov    %rax,0x20(%rbp)
        25:   mov    %rdi,%rbx
      ; int ret = PT_REGS_RC(ctx);
        28:   mov    0x50(%rbx),%r13
      ; u32 pid = bpf_get_current_pid_tgid();
        2c:   callq  0xffffffffe0e4ebfe
      ; u32 pid = bpf_get_current_pid_tgid();
        31:   mov    %eax,-0x4(%rbp)
      ...
      -bash-4.4$ sudo bpftool p d xlated id 165
      int trace_connect_v6_return(struct pt_regs * ctx):
      ; int trace_connect_v6_return(struct pt_regs *ctx)
         0: (bf) r6 = r1
      ; int ret = PT_REGS_RC(ctx);
         1: (79) r7 = *(u64 *)(r6 +80)
      ; u32 pid = bpf_get_current_pid_tgid();
         2: (85) call bpf_get_current_pid_tgid#76208
      ; u32 pid = bpf_get_current_pid_tgid();
         3: (63) *(u32 *)(r10 -4) = r0
      ; skpp = bpf_map_lookup_elem((void *)bpf_pseudo_fd(1, 3), &pid);
         4: (18) r1 = map[id:298]
         6: (bf) r2 = r10

@yonghong-song
enable -g by default for llvm 9
89bf6f7 
This patch introduced two changes so that BTF is available to bcc
starting from LLVM 9:
  . -g to enable BTF generation in LLVM
  . ProcessAllSections for RuntimeDyld so BTF is available to bcc

The bcc will then be able to post process and load BTF into the
kernel.

Signed-off-by: Yonghong Song <[email protected]>
@yonghong-song
add btf func_info and line_info support
48ca781 
The libbpf API functions are used to parse/load
.BTF and .BTF.ext ELF sections, and retrieve
func_info and line_info for prog loading.

The LLVM cannot get remapped file source for
line_info. So a postprocessing after compilation
fixed the line_off (offset to the string table
for the line_info) in .BTF.ext and
adjusted string section in .BTF to accommodate
new source lines.

For users using python and C++ API, no changes
to their codes. If .BTF and .BTF.ext are supported
in both compiler and kernel, they will automatically
get benefit, e.g., verifier log annotated with source
code, bpftool showing source annotated jit codes, etc.

For example, with latest bpf-next and llvm trunk,
running `tcpconnect.py`, bpftool (from kernel) is able
to show the following:
  -bash-4.4$ sudo bpftool p d jited id 165
  int trace_connect_v6_return(struct pt_regs * ctx):
  bpf_prog_8937c3924bd93e28_trace_connect_v6_return:
  ; int trace_connect_v6_return(struct pt_regs *ctx)
     0:   push   %rbp
     1:   mov    %rsp,%rbp
     4:   sub    $0x88,%rsp
     b:   sub    $0x28,%rbp
     f:   mov    %rbx,0x0(%rbp)
    13:   mov    %r13,0x8(%rbp)
    17:   mov    %r14,0x10(%rbp)
    1b:   mov    %r15,0x18(%rbp)
    1f:   xor    %eax,%eax
    21:   mov    %rax,0x20(%rbp)
    25:   mov    %rdi,%rbx
  ; int ret = PT_REGS_RC(ctx);
    28:   mov    0x50(%rbx),%r13
  ; u32 pid = bpf_get_current_pid_tgid();
    2c:   callq  0xffffffffe0e4ebfe
  ; u32 pid = bpf_get_current_pid_tgid();
    31:   mov    %eax,-0x4(%rbp)
  ...
  -bash-4.4$ sudo bpftool p d xlated id 165
  int trace_connect_v6_return(struct pt_regs * ctx):
  ; int trace_connect_v6_return(struct pt_regs *ctx)
     0: (bf) r6 = r1
  ; int ret = PT_REGS_RC(ctx);
     1: (79) r7 = *(u64 *)(r6 +80)
  ; u32 pid = bpf_get_current_pid_tgid();
     2: (85) call bpf_get_current_pid_tgid#76208
  ; u32 pid = bpf_get_current_pid_tgid();
     3: (63) *(u32 *)(r10 -4) = r0
  ; skpp = bpf_map_lookup_elem((void *)bpf_pseudo_fd(1, 3), &pid);
     4: (18) r1 = map[id:298]
     6: (bf) r2 = r10

Signed-off-by: Yonghong Song <[email protected]>
4ast
4ast approved these changes Feb 10, 2019
View reviewed changes
src/cc/bcc_btf.h
uint8_t **new_btf_sec, uintptr_t *new_btf_sec_size);

private:
struct btf *btf_;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think would have been cleaner to create pure c++ wrapper for btf_* where btf__new() would have been a constructor and btf__free() called in destructor. Another pure c++ wrapper for btf_ext__*(). Than this class would be called BCC_BTF, since it has this 'adjust()' workaround and private members at this line would be unique_ptr and unique_ptr<BTF_EXT>.
May be such c++ wrappers should be in github/libbpf/ repo.
Such refactoring can be done later.
Overall great stuff!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree. I think some extensible C++ wrapper will be good for common use. Implementing in libbpf repo certainly is a great way for reusability. As you suggested, will try to refactor later.

@yonghong-song yonghong-song merged commit b374be8 into master Feb 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@4ast 4ast 4ast approved these changes

@drzaeus77 drzaeus77 Awaiting requested review from drzaeus77 drzaeus77 is a code owner

@goldshtn goldshtn Awaiting requested review from goldshtn goldshtn is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@yonghong-song @4ast