Reading Pinned maps in eBPF Programs

Home Messages Hashtags Subgroups

#1892

Reading Pinned maps in eBPF Programs

Ian #1892 Hello BPF Community! Hope you are all doing well. I am trying to have a user space program create a BPF Hash map with a single element containing its PID. This map could then be read by all the BPF programs loaded by the user space program. Any event the BPF programs would handle would first compare the PID with the user space program. If the PIDs matched (this is a single threaded application) the event will be thrown out to eliminate events being processed that are from the user space programs own feedback. I was doing some research into this and found a similar post here: https://lists.iovisor.org/g/iovisor-dev/message/1389?p=,,,20,0,0,0::Created,,Userspace+Maps,20,2,0,23673879 that discusses the possibility of this in C++ and BCC. I am curious as to how this could be possible using the standard BPF functions and Libbpf library on Ubuntu 20.04 and Linux Kernel v5.4. NOTE: BTF is not currently compiled into this kernel. I have created and pinned the map in my user space program like this: char map_name[] = "pid_map"; int fd = bpf_create_map_name(BPF_MAP_TYPE_HASH, &map_name, sizeof(u32), sizeof(u32), 1, 0) }; u32 key = 1; bpf_map_update_elem(fd, &key, &PID, BPF_ANY); char pid_map_path[] = "/sys/fs/bpf/pid_map"; bpf_obj_pin(fd, &pid_map_path); NOTE: Error checking and some syntax stuff was removed for brevity. In my BPF programs I know I cannot "open" a map using bpf_obj_open. Therefore, I need a reference. I looked into the link provided above, essentially in the BPF program all they did was define the map as an extern map def. So I reproduced this in my BPF program like this: u32 *pid = bpf_map_lookup_elem(&pid_map, &key); extern struct bpf_map_def pid_map; To see if the BPF Loading process would catch the matching map names. Interestingly this would result in a libbpf error: libbpf: failed to find BTF for extern 'pid_map': -3 Looking at this error message it would appear that there is a way to get this kind of functionality using BTF. The error message to implies that some sort of BTF metadata is being searched in some location to match the extern map I have declared. Knowing this I am curious as to how I can create a reference for multiple BPF programs that could read the data in the pid_map to prevent feedback issues. I have looked into libbpf and the standard BPF.h functions but couldn't really find anything that seemed plausible. One thing I did see and am also curious about is the usage of BPF_ANNOTATE_KV_PAIR. This macro seemed like a possibility but my lack of understanding of BTF has not been able to confirm it. I also wasn't sure if using bpf_helpers.h in a user space program was ideal. Thank you so much in advance for any response! I really have been amazed at how responsive the community is here. You all have helped me learn so much about BPF! Ian
More All Messages By This Member

View All 18 Messages In Topic

#1892

Join {iovisor-dev@lists.iovisor.org to automatically receive all group messages.

Home Hashtags Subgroups Terms