1. posterid:1132481
  2. New bcc helpers

New bcc helpers

neirac
 

Hi,

I'm trying to add new helpers to obtain a pid namespace, I'm working on kernel 4.13

--- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.000000000 -0700
+++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c 2017-09-07 18:52:40.839525862 -0700
@@ -18,6 +18,7 @@
 #include <linux/sched.h>
 #include <linux/uidgid.h>
 #include <linux/filter.h>
+#include <linux/pid_namespace.h>
 
 /* If kernel subsystem is allowing eBPF programs to call this function,
  * inside its own verifier_ops->get_func_proto() callback it should return
@@ -179,3 +180,64 @@
  .arg1_type = ARG_PTR_TO_UNINIT_MEM,
  .arg2_type = ARG_CONST_SIZE,
 };
+
+BPF_CALL_0(bpf_get_current_pid_ns)
+{
+#ifdef CONFIG_PID_NS
+ struct pid_namespace *current_ns =
+  task_active_pid_ns(current);
+
+ if (unlikely(!current_ns))
+  return -EINVAL;
+
+ return (long) current_ns;
+#else
+
+ return 0;
+#endif
+
+}
+
+const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
+ .func  = bpf_get_current_pid_ns,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+};
+
+BPF_CALL_0(bpf_get_current_ns_id)
+{
+ struct task_struct *ts = current;
+
+ if (unlikely(!ts))
+  return -EINVAL;
+
+ return (unsigned int)
+  ts->nsproxy->pid_ns_for_children->ns.inum;
+
+}
+
+const struct bpf_func_proto bpf_get_current_ns_id_proto = {
+ .func  = bpf_get_current_ns_id,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+};
+
+BPF_CALL_0(bpf_get_current_pid)
+{
+ struct task_struct *ts = current;
+
+ if (unlikely(!ts))
+  return -EINVAL;
+
+ pid_t pid = task_pid_vnr(ts);
+
+ return (u64) ts->tgid << 32 | pid;
+}
+
+const struct bpf_func_proto bpf_get_current_pid_proto = {
+ .func  = bpf_get_current_pid,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+};
+
+
I wanted to integrate this on bcc tools, so I added these helpers on
bcc/src/cc/compat/linux/virtual_bpf.h     
bcc/src/cc/compat/linux/bpf.h    
bcc/src/cc/export/helpers.h
bcc/src/cc/export/helpers.h

then just  to test one of them I modified bcc/tools/funccount.py 

--- funccount.py 2017-09-08 12:14:57.601604654 -0700
+++ /home/cnb/bcc-new-helpers/bcc/tools/funccount.py 2017-09-07 20:27:32.982815146 -0700
@@ -185,7 +185,7 @@
         # the top 32 bits of bpf_get_current_pid_tgid().
         if self.pid:
             trace_count_text = trace_count_text.replace('FILTER',
-                """u32 pid = bpf_get_current_pid_tgid() >> 32;
+                """u32 pid = bpf_get_current_pid() >> 32;
                    if (pid != %d) { return 0; }""" % self.pid)
         else:
             trace_count_text = trace_count_text.replace('FILTER', '')

 
but I'm getting this error 

cnb@Debian9:~/bcc/tools$ sudo /usr/share/bcc/tools/funccount -p 385  c:malloc
bpf: Invalid argument
0: (85) call unknown#51
invalid func unknown#51
Failed to load BPF program trace_count_0: Invalid argument


Is something that I'm missing on the bcc side or on bpf side ?

Bests
Join {iovisor-dev@lists.iovisor.org to automatically receive all group messages.