[iovisor-dev] New bcc helpers

Y Song ys114321 at gmail.com
Fri Sep 8 21:35:05 UTC 2017


On Fri, Sep 8, 2017 at 12:21 PM, carlos antonio neira bustos via
iovisor-dev <iovisor-dev at lists.iovisor.org> wrote:

> Hi,
>
> I'm trying to add new helpers to obtain a pid namespace, I'm working on
> kernel 4.13
>
> --- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.000000000
> -0700
> +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c 2017-09-07
> 18:52:40.839525862 -0700
> @@ -18,6 +18,7 @@
>  #include <linux/sched.h>
>  #include <linux/uidgid.h>
>  #include <linux/filter.h>
> +#include <linux/pid_namespace.h>
>
>  /* If kernel subsystem is allowing eBPF programs to call this function,
>   * inside its own verifier_ops->get_func_proto() callback it should return
> @@ -179,3 +180,64 @@
>   .arg1_type = ARG_PTR_TO_UNINIT_MEM,
>   .arg2_type = ARG_CONST_SIZE,
>  };
> +
> +BPF_CALL_0(bpf_get_current_pid_ns)
> +{
> +#ifdef CONFIG_PID_NS
> + struct pid_namespace *current_ns =
> +  task_active_pid_ns(current);
> +
> + if (unlikely(!current_ns))
> +  return -EINVAL;
> +
> + return (long) current_ns;
> +#else
> +
> + return 0;
> +#endif
> +
> +}
> +
> +const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
> + .func  = bpf_get_current_pid_ns,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +BPF_CALL_0(bpf_get_current_ns_id)
> +{
> + struct task_struct *ts = current;
> +
> + if (unlikely(!ts))
> +  return -EINVAL;
> +
> + return (unsigned int)
> +  ts->nsproxy->pid_ns_for_children->ns.inum;
> +
> +}
> +
> +const struct bpf_func_proto bpf_get_current_ns_id_proto = {
> + .func  = bpf_get_current_ns_id,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +BPF_CALL_0(bpf_get_current_pid)
> +{
> + struct task_struct *ts = current;
> +
> + if (unlikely(!ts))
> +  return -EINVAL;
> +
> + pid_t pid = task_pid_vnr(ts);
> +
> + return (u64) ts->tgid << 32 | pid;
> +}
> +
> +const struct bpf_func_proto bpf_get_current_pid_proto = {
> + .func  = bpf_get_current_pid,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +
> I wanted to integrate this on bcc tools, so I added these helpers on
> bcc/src/cc/compat/linux/virtual_bpf.h
> bcc/src/cc/compat/linux/bpf.h
> bcc/src/cc/export/helpers.h
> bcc/src/cc/export/helpers.h
>
> then just  to test one of them I modified bcc/tools/funccount.py
>
> --- funccount.py 2017-09-08 12:14:57.601604654 -0700
> +++ /home/cnb/bcc-new-helpers/bcc/tools/funccount.py 2017-09-07
> 20:27:32.982815146 -0700
> @@ -185,7 +185,7 @@
>          # the top 32 bits of bpf_get_current_pid_tgid().
>          if self.pid:
>              trace_count_text = trace_count_text.replace('FILTER',
> -                """u32 pid = bpf_get_current_pid_tgid() >> 32;
> +                """u32 pid = bpf_get_current_pid() >> 32;
>                     if (pid != %d) { return 0; }""" % self.pid)
>          else:
>              trace_count_text = trace_count_text.replace('FILTER', '')
>
>
> but I'm getting this error
>
> cnb at Debian9:~/bcc/tools$ sudo /usr/share/bcc/tools/funccount -p 385
> c:malloc
> bpf: Invalid argument
> 0: (85) call unknown#51
> invalid func unknown#51
> Failed to load BPF program trace_count_0: Invalid argument
>
>
> Is something that I'm missing on the bcc side or on bpf side ?
>

In kernel, you need to add your function proto to kprobe_prog_func_proto
in kernel/trace/bpf_trace.c


>
> Bests
>
>
> _______________________________________________
> iovisor-dev mailing list
> iovisor-dev at lists.iovisor.org
> https://lists.iovisor.org/mailman/listinfo/iovisor-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.iovisor.org/pipermail/iovisor-dev/attachments/20170908/0452576d/attachment.html>


More information about the iovisor-dev mailing list