summaryrefslogtreecommitdiff
path: root/samples/bpf
AgeCommit message (Collapse)Author
2023-08-24samples/bpf: Add note to README about the XDP utilities moved to xdp-toolsToke Høiland-Jørgensen
To help users find the XDP utilities, add a note to the README about the new location and the conversion documentation in the commit messages. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-8-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Cleanup .gitignoreToke Høiland-Jørgensen
Remove no longer present XDP utilities from .gitignore. Apart from the recently removed XDP utilities this also includes the previously removed xdpsock and xsk utilities. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-7-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Remove the xdp_sample_pkts utilityToke Høiland-Jørgensen
The functionality of this utility is covered by the xdpdump utility in xdp-tools. There's a slight difference in usage as the xdpdump utility's main focus is to dump packets before or after they are processed by an existing XDP program. However, xdpdump also has the --load-xdp-program switch, which will make it attach its own program if no existing program is loaded. With this, xdp_sample_pkts usage can be converted as: xdp_sample_pkts eth0 --> xdpdump --load-xdp-program eth0 To get roughly equivalent behaviour. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-6-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Remove the xdp1 and xdp2 utilitiesToke Høiland-Jørgensen
The functionality of these utilities have been incorporated into the xdp-bench utility in xdp-tools. Equivalent functionality is: xdp1 eth0 --> xdp-bench drop -p parse-ip -l load-bytes eth0 xdp2 eth0 --> xdp-bench drop -p swap-macs eth0 Note that there's a slight difference in behaviour of those examples: the swap-macs operation of xdp-bench doesn't use the bpf_xdp_load_bytes() helper to load the packet data, whereas the xdp2 utility did so unconditionally. For the parse-ip action the use of bpf_xdp_load_bytes() can be selected by the '-l load-bytes' switch, with the difference that the xdp-bench utility will perform two separate calls to the helper, one to load the ethernet header and another to load the IP header; where the xdp1 utility only performed one call always loading 60 bytes of data. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-5-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Remove the xdp_rxq_info utilityToke Høiland-Jørgensen
The functionality of this utility has been incorporated into the xdp-bench utility in xdp-tools, by way of the --rxq-stats argument to the 'drop', 'pass' and 'tx' commands of xdp-bench. Some examples of how to convert xdp_rxq_info invocations into equivalent xdp-bench commands: xdp_rxq_info -d eth0 --> xdp-bench pass --rxq-stats eth0 xdp_rxq_info -d eth0 -a XDP_DROP -m --> xdp-bench drop --rxq-stats -p swap-macs eth0 Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-4-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Remove the xdp_redirect* utilitiesToke Høiland-Jørgensen
These utilities have all been ported to xdp-tools as functions of the xdp-bench utility. The four different utilities in samples are incorporated as separate subcommands to xdp-bench, with most of the command line parameters left intact, except that mandatory arguments are always positional in xdp-bench. For full usage details see the --help output of each command, or the xdp-bench man page. Some examples of how to convert usage to xdp-bench are: xdp_redirect eth0 eth1 --> xdp-bench redirect eth0 eth1 xdp_redirect_map eth0 eth1 --> xdp-bench redirect-map eth0 eth1 xdp_redirect_map_multi eth0 eth1 eth2 eth3 --> xdp-bench redirect-multi eth0 eth1 eth2 eth3 xdp_redirect_cpu -d eth0 -c 0 -c 1 --> xdp-bench redirect-cpu -c 0 -c 1 eth0 xdp_redirect_cpu -d eth0 -c 0 -c 1 -r eth1 --> xdp-bench redirect-cpu -c 0 -c 1 eth0 -r redirect -D eth1 Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-3-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-24samples/bpf: Remove the xdp_monitor utilityToke Høiland-Jørgensen
This utility has been ported as-is to xdp-tools as 'xdp-monitor'. The only difference in usage between the samples and xdp-tools versions is that the '-v' command line parameter has been changed to '-e' in the xdp-tools version for consistency with the other utilities. Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Link: https://lore.kernel.org/r/20230824102255.1561885-2-toke@redhat.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: simplify spintest with kprobe.multiDaniel T. Lee
With the introduction of kprobe.multi, it is now possible to attach multiple kprobes to a single BPF program without the need for multiple definitions. Additionally, this method supports wildcard-based matching, allowing for further simplification of BPF programs. In here, an asterisk (*) wildcard is used to map to all symbols relevant to spin_{lock|unlock}. Furthermore, since kprobe.multi handles symbol matching, this commit eliminates the need for the previous logic of reading the ksym table to verify the existence of symbols. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-10-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: refactor syscall tracing programs using BPF_KSYSCALL macroDaniel T. Lee
This commit refactors the syscall tracing programs by adopting the BPF_KSYSCALL macro. This change aims to enhance the clarity and simplicity of the BPF programs by reducing the complexity of argument parsing from pt_regs. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-9-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: fix broken map lookup probeDaniel T. Lee
In the commit 7c4cd051add3 ("bpf: Fix syscall's stackmap lookup potential deadlock"), a potential deadlock issue was addressed, which resulted in *_map_lookup_elem not triggering BPF programs. (prior to lookup, bpf_disable_instrumentation() is used) To resolve the broken map lookup probe using "htab_map_lookup_elem", this commit introduces an alternative approach. Instead, it utilize "bpf_map_copy_value" and apply a filter specifically for the hash table with map_type. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Fixes: 7c4cd051add3 ("bpf: Fix syscall's stackmap lookup potential deadlock") Link: https://lore.kernel.org/r/20230818090119.477441-8-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: fix bio latency check with tracepointDaniel T. Lee
Recently, a new tracepoint for the block layer, specifically the block_io_start/done tracepoints, was introduced in commit 5a80bd075f3b ("block: introduce block_io_start/block_io_done tracepoints"). Previously, the kprobe entry used for this purpose was quite unstable and inherently broke relevant probes [1]. Now that a stable tracepoint is available, this commit replaces the bio latency check with it. One of the changes made during this replacement is the key used for the hash table. Since 'struct request' cannot be used as a hash key, the approach taken follows that which was implemented in bcc/biolatency [2]. (uses dev:sector for the key) [1]: https://github.com/iovisor/bcc/issues/4261 [2]: https://github.com/iovisor/bcc/pull/4691 Fixes: 450b7879e345 ("block: move blk_account_io_{start,done} to blk-mq.c") Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-7-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: make tracing programs to be more CO-RE centricDaniel T. Lee
The existing tracing programs have been developed for a considerable period of time and, as a result, do not properly incorporate the features of the current libbpf, such as CO-RE. This is evident in frequent usage of functions like PT_REGS* and the persistence of "hack" methods using underscore-style bpf_probe_read_kernel from the past. These programs are far behind the current level of libbpf and can potentially confuse users. Therefore, this commit aims to convert the outdated BPF programs to be more CO-RE centric. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-6-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: fix symbol mismatch by compiler optimizationDaniel T. Lee
Currently, multiple kprobe programs are suffering from symbol mismatch due to compiler optimization. These optimizations might induce additional suffix to the symbol name such as '.isra' or '.constprop'. # egrep ' finish_task_switch| __netif_receive_skb_core' /proc/kallsyms ffffffff81135e50 t finish_task_switch.isra.0 ffffffff81dd36d0 t __netif_receive_skb_core.constprop.0 ffffffff8205cc0e t finish_task_switch.isra.0.cold ffffffff820b1aba t __netif_receive_skb_core.constprop.0.cold To avoid this, this commit replaces the original kprobe section to kprobe.multi in order to match symbol with wildcard characters. Here, asterisk is used for avoiding symbol mismatch. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-5-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: unify bpf program suffix to .bpf with tracing programsDaniel T. Lee
Currently, BPF programs typically have a suffix of .bpf.c. However, some programs still utilize a mixture of _kern.c suffix alongside the naming convention. In order to achieve consistency in the naming of these programs, this commit unifies the inconsistency in the naming convention of BPF kernel programs. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-4-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: convert to vmlinux.h with tracing programsDaniel T. Lee
This commit replaces separate headers with a single vmlinux.h to tracing programs. Thanks to that, we no longer need to define the argument structure for tracing programs directly. For example, argument for the sched_switch tracpepoint (sched_switch_args) can be replaced with the vmlinux.h provided trace_event_raw_sched_switch. Additional defines have been added to the BPF program either directly or through the inclusion of net_shared.h. Defined values are PERF_MAX_STACK_DEPTH, IFNAMSIZ constants and __stringify() macro. This change enables the BPF program to access internal structures with BTF generated "vmlinux.h" header. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-3-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-08-21samples/bpf: fix warning with ignored-attributesDaniel T. Lee
Currently, compiling the bpf programs will result the warning with the ignored attribute as follows. This commit fixes the warning by adding cf-protection option. In file included from ./arch/x86/include/asm/linkage.h:6: ./arch/x86/include/asm/ibt.h:77:8: warning: 'nocf_check' attribute ignored; use -fcf-protection to enable the attribute [-Wignored-attributes] extern __noendbr u64 ibt_save(bool disable); ^ ./arch/x86/include/asm/ibt.h:32:34: note: expanded from macro '__noendbr' ^ Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-2-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-07-18samples/bpf: README: Update build dependencies requiredAnh Tuan Phan
Update samples/bpf/README.rst to add pahole to the build dependencies list. Add the reference to "Documentation/process/changes.rst" for minimum version required so that the version required will not be outdated in the future. Signed-off-by: Anh Tuan Phan <tuananhlfc@gmail.com> Link: https://lore.kernel.org/r/aecaf7a2-9100-cd5b-5cf4-91e5dbb2c90d@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-07-11samples/bpf: syscall_tp: Aarch64 no open syscallRong Tao
__NR_open never exist on AArch64. Signed-off-by: Rong Tao <rongtao@cestc.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/tencent_C6AD4AD72BEFE813228FC188905F96C6A506@qq.com
2023-06-29bpf: Replace deprecated -target with --target= for ClangFangrui Song
The -target option has been deprecated since clang 3.4 in 2013. Therefore, use the preferred --target=bpf form instead. This also matches how we use --target= in scripts/Makefile.clang. Signed-off-by: Fangrui Song <maskray@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Acked-by: Quentin Monnet <quentin@isovalent.com> Link: https://github.com/llvm/llvm-project/commit/274b6f0c87a6a1798de0a68135afc7f95def6277 Link: https://lore.kernel.org/bpf/20230624001856.1903733-1-maskray@google.com
2023-05-31samples/bpf: xdp1 and xdp2 reduce XDPBUFSIZE to 60Jesper Dangaard Brouer
Default samples/pktgen scripts send 60 byte packets as hardware adds 4-bytes FCS checksum, which fulfils minimum Ethernet 64 bytes frame size. XDP layer will not necessary have access to the 4-bytes FCS checksum. This leads to bpf_xdp_load_bytes() failing as it tries to copy 64-bytes from an XDP packet that only have 60-bytes available. Fixes: 772251742262 ("samples/bpf: fixup some tools to be able to support xdp multibuffer") Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Tariq Toukan <tariqt@nvidia.com> Link: https://lore.kernel.org/bpf/168545704139.2996228.2516528552939485216.stgit@firesoul
2023-05-25Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski
Cross-merge networking fixes after downstream PR. Conflicts: net/ipv4/raw.c 3632679d9e4f ("ipv{4,6}/raw: fix output xfrm lookup wrt protocol") c85be08fc4fa ("raw: Stop using RTO_ONLINK.") https://lore.kernel.org/all/20230525110037.2b532b83@canb.auug.org.au/ Adjacent changes: drivers/net/ethernet/freescale/fec_main.c 9025944fddfe ("net: fec: add dma_wmb to ensure correct descriptor values") 144470c88c5d ("net: fec: using the standard return codes when xdp xmit errors") Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2023-05-16samples/bpf: Drop unnecessary fallthroughAndrii Nakryiko
__fallthrough is now not supported. Instead of renaming it to now-canonical ([0]) fallthrough pseudo-keyword, just get rid of it and equate 'h' case to default case, as both emit usage information and succeed. [0] https://www.kernel.org/doc/html/latest/process/deprecated.html?highlight=fallthrough#implicit-switch-case-fall-through Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20230516001718.317177-1-andrii@kernel.org
2023-05-05samples/bpf: Fix buffer overflow in tcp_baserttPengcheng Yang
Using sizeof(nv) or strlen(nv)+1 is correct. Fixes: c890063e4404 ("bpf: sample BPF_SOCKET_OPS_BASE_RTT program") Signed-off-by: Pengcheng Yang <yangpc@wangsu.com> Link: https://lore.kernel.org/r/1683276658-2860-1-git-send-email-yangpc@wangsu.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-04-13samples/bpf: sampleip: Replace PAGE_OFFSET with _text addressRong Tao
Macro PAGE_OFFSET(0xffff880000000000) in sampleip_user.c is inaccurate, for example, in aarch64 architecture, this value depends on the CONFIG_ARM64_VA_BITS compilation configuration, this value defaults to 48, the corresponding PAGE_OFFSET is 0xffff800000000000, if we use the value defined in sampleip_user.c, then all KSYMs obtained by sampleip are (user) Symbol error due to PAGE_OFFSET error: $ sudo ./sampleip 1 Sampling at 99 Hertz for 1 seconds. Ctrl-C also ends. ADDR KSYM COUNT 0xffff80000810ceb8 (user) 1 0xffffb28ec880 (user) 1 0xffff8000080c82b8 (user) 1 0xffffb23fed24 (user) 1 0xffffb28944fc (user) 1 0xffff8000084628bc (user) 1 0xffffb2a935c0 (user) 1 0xffff80000844677c (user) 1 0xffff80000857a3a4 (user) 1 ... A few examples of addresses in the CONFIG_ARM64_VA_BITS=48 environment in the aarch64 environment: $ sudo head /proc/kallsyms ffff8000080a0000 T _text ffff8000080b0000 t gic_handle_irq ffff8000080b0000 T _stext ffff8000080b0000 T __irqentry_text_start ffff8000080b00b0 t gic_handle_irq ffff8000080b0230 t gic_handle_irq ffff8000080b03b4 T __irqentry_text_end ffff8000080b03b8 T __softirqentry_text_start ffff8000080b03c0 T __do_softirq ffff8000080b0718 T __entry_text_start We just need to replace the PAGE_OFFSET with the address _text in /proc/kallsyms to solve this problem: $ sudo ./sampleip 1 Sampling at 99 Hertz for 1 seconds. Ctrl-C also ends. ADDR KSYM COUNT 0xffffb2892ab0 (user) 1 0xffffb2b1edfc (user) 1 0xffff800008462834 __arm64_sys_ppoll 1 0xffff8000084b87f4 eventfd_read 1 0xffffb28e6788 (user) 1 0xffff8000081e96d8 rcu_all_qs 1 0xffffb2ada878 (user) 1 ... Signed-off-by: Rong Tao <rongtao@cestc.cn> Link: https://lore.kernel.org/r/tencent_A0E82E0BEE925285F8156D540731DF805F05@qq.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-04-13samples/bpf: Fix fout leak in hbm's run_bpf_progHao Zeng
Fix fout being fopen'ed but then not subsequently fclose'd. In the affected branch, fout is otherwise going out of scope. Signed-off-by: Hao Zeng <zenghao@kylinos.cn> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20230411084349.1999628-1-zenghao@kylinos.cn
2023-03-13bpf: use canonical ftrace pathRoss Zwisler
The canonical location for the tracefs filesystem is at /sys/kernel/tracing. But, from Documentation/trace/ftrace.rst: Before 4.1, all ftrace tracing control files were within the debugfs file system, which is typically located at /sys/kernel/debug/tracing. For backward compatibility, when mounting the debugfs file system, the tracefs file system will be automatically mounted at: /sys/kernel/debug/tracing Many comments and samples in the bpf code still refer to this older debugfs path, so let's update them to avoid confusion. There are a few spots where the bpf code explicitly checks both tracefs and debugfs (tools/bpf/bpftool/tracelog.c and tools/lib/api/fs/fs.c) and I've left those alone so that the tools can continue to work with both paths. Signed-off-by: Ross Zwisler <zwisler@google.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org> Link: https://lore.kernel.org/r/20230313205628.1058720-2-zwisler@kernel.org Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-02-16samples/bpf: Use bpf_{btf,link,map,prog}_get_info_by_fd()Ilya Leoshkevich
Use the new type-safe wrappers around bpf_obj_get_info_by_fd(). Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20230214231221.249277-5-iii@linux.ibm.com
2023-02-08samples/bpf: Add openat2() enter/exit tracepoint to syscall_tp sampleRong Tao
Commit fe3300897cbf("samples: bpf: fix syscall_tp due to unused syscall") added openat() syscall tracepoints. This patch adds support for openat2() as well. Signed-off-by: Rong Tao <rongtao@cestc.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/tencent_9381CB1A158ED7ADD12C4406034E21A3AC07@qq.com
2023-01-15samples/bpf: change _kern suffix to .bpf with BPF test programsDaniel T. Lee
This commit changes the _kern suffix to .bpf with the BPF test programs. With this modification, test programs will inherit the benefit of the new CLANG-BPF compile target. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-11-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: use vmlinux.h instead of implicit headers in BPF test programDaniel T. Lee
This commit applies vmlinux.h to BPF functionality testing program. Macros that were not defined despite migration to "vmlinux.h" were defined separately in individual files. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-10-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: replace BPF programs header with net_shared.hDaniel T. Lee
This commit applies "net_shared.h" to BPF programs to remove existing network related header dependencies. Also, this commit removes unnecessary headers before applying "vmlinux.h" to the BPF programs. Mostly, endianness conversion function has been applied to the source. In addition, several macros have been defined to fulfill the INET, TC-related constants. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-9-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: split common macros to net_shared.hDaniel T. Lee
Currently, many programs under sample/bpf often include individual macros by directly including the header under "linux/" rather than using the "vmlinux.h" header. However, there are some problems with migrating to "vmlinux.h" because there is no definition for utility functions such as endianness conversion (ntohs/htons). Fortunately, the xdp_sample program already has a function that can be replaced to solve this problem. Therefore, this commit attempts to separate these functions into a file called net_shared.h to make them universally available. Additionally, this file includes network-related macros that are not defined in "vmlinux.h". (inspired by 'selftests' bpf_tracing_net.h) Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-8-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: replace legacy map with the BTF-defined mapDaniel T. Lee
With libbpf 1.0 release, support for legacy BPF map declaration syntax had been dropped. If you run a program using legacy BPF in the latest libbpf, the following error will be output. libbpf: map 'lwt_len_hist_map' (legacy): legacy map definitions are deprecated, use BTF-defined maps instead libbpf: Use of BPF_ANNOTATE_KV_PAIR is deprecated, use BTF-defined maps in .maps section instead This commit replaces legacy map with the BTF-defined map. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-7-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: replace broken overhead microbenchmark with fib_table_lookupDaniel T. Lee
The test_overhead bpf program is designed to compare performance between tracepoint and kprobe. Initially it used task_rename and urandom_read tracepoint. However, commit 14c174633f34 ("random: remove unused tracepoints") removed urandom_read tracepoint, and for this reason the test_overhead got broken. This commit introduces new microbenchmark using fib_table_lookup. This microbenchmark sends UDP packets to localhost in order to invoke fib_table_lookup. In a nutshell: fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); addr.sin_addr.s_addr = inet_addr(DUMMY_IP); addr.sin_port = htons(DUMMY_PORT); for() { sendto(fd, buf, strlen(buf), 0, (struct sockaddr *)&addr, sizeof(addr)); } on 4 cpus in parallel: lookup per sec base (no tracepoints, no kprobes) 381k with kprobe at fib_table_lookup() 325k with tracepoint at fib:fib_table_lookup 330k with raw_tracepoint at fib:fib_table_lookup 365k Fixes: 14c174633f34 ("random: remove unused tracepoints") Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-6-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: fix broken cgroup socket testingDaniel T. Lee
Currently, executing test_cgrp2_sock2 fails due to wrong section header. This 'cgroup/sock1' style section is previously used at 'samples/bpf_load' (deprecated) BPF loader. Because this style isn't supported in libbpf, this commit fixes this problem by correcting the section header. $ sudo ./test_cgrp2_sock2.sh libbpf: prog 'bpf_prog1': missing BPF prog type, check ELF section name 'cgroup/sock1' libbpf: prog 'bpf_prog1': failed to load: -22 libbpf: failed to load object './sock_flags_kern.o' ERROR: loading BPF object file failed In addition, this BPF program filters ping packets by comparing whether the socket type uses SOCK_RAW. However, after the ICMP socket[1] was developed, ping sends ICMP packets using SOCK_DGRAM. Therefore, in this commit, the packet filtering is changed to use SOCK_DGRAM instead of SOCK_RAW. $ strace --trace socket ping -6 -c1 -w1 ::1 socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6) = 3 [1]: https://lwn.net/Articles/422330/ Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-5-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: fix broken lightweight tunnel testingDaniel T. Lee
The test_lwt_bpf is a script that tests the functionality of BPF through the output of the ftrace with bpf_trace_printk. Currently, this program is not operating normally for several reasons. First of all, this test script can't parse the ftrace results properly. GNU sed tries to be as greedy as possible when attempting pattern matching. Due to this, cutting metadata (such as timestamp) from the log entry of ftrace doesn't work properly, and also desired log isn't extracted properly. To make sed stripping clearer, 'nocontext-info' option with the ftrace has been used to remove metadata from the log. Also, instead of using unclear pattern matching, this commit specifies an explicit parse pattern. Also, unlike before when this test was introduced, the way bpf_trace_printk behaves has changed[1]. The previous bpf_trace_printk had to always have '\n' in order to print newline, but now that the bpf_trace_printk call includes newline by default, so '\n' is no longer needed. Lastly with the lwt ENCAP_BPF out, the context information with the sk_buff protocol is preserved. Therefore, this commit changes the previous test result from 'protocol 0' to 'protocol 8', which means ETH_P_IP. [1]: commit ac5a72ea5c89 ("bpf: Use dedicated bpf_trace_printk event instead of trace_printk()") Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-4-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: refactor BPF functionality testing scriptsDaniel T. Lee
Currently, some test scripts are experiencing minor errors related to executing tests. $ sudo ./test_cgrp2_sock.sh ./test_cgrp2_sock.sh: 22: test_cgrp2_sock: not found This problem occurs because the path to the execution target is not properly specified. Therefore, this commit solves this problem by specifying a relative path to its executables. This commit also makes a concise refactoring of hard-coded BPF program names. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-3-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-01-15samples/bpf: ensure ipv6 is enabled before running testsDaniel T. Lee
Currently, a few of BPF tests use ipv6 functionality. The problem here is that if ipv6 is disabled, these tests will fail, and even if the test fails, it will not tell you why it failed. $ sudo ./test_cgrp2_sock2.sh RTNETLINK answers: Permission denied In order to fix this, this commit ensures ipv6 is enabled prior to running tests. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-2-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-12-29samples/bpf: Use BPF_KSYSCALL macro in syscall tracing programsDaniel T. Lee
This commit enhances the syscall tracing programs by using the BPF_SYSCALL macro to reduce the inconvenience of parsing arguments from pt_regs. By simplifying argument extraction, bpf program will become clear to understand. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221224071527.2292-6-danieltimlee@gmail.com
2022-12-29samples/bpf: Fix tracex2 by using BPF_KSYSCALL macroDaniel T. Lee
Currently, there is a problem with tracex2, as it doesn't print the histogram properly and the results are misleading. (all results report as 0) The problem is caused by a change in arguments of the function to which the kprobe connects. This tracex2 bpf program uses kprobe (attached to __x64_sys_write) to figure out the size of the write system call. In order to achieve this, the third argument 'count' must be intact. The following is a prototype of the sys_write variant. (checked with pfunct) ~/git/linux$ pfunct -P fs/read_write.o | grep sys_write ssize_t ksys_write(unsigned int fd, const char * buf, size_t count); long int __x64_sys_write(const struct pt_regs * regs); ... cross compile with s390x ... long int __s390_sys_write(struct pt_regs * regs); Since the nature of SYSCALL_WRAPPER function wraps the argument once, additional process of argument extraction is required to properly parse the argument. #define BPF_KSYSCALL(name, args...) ... snip ... struct pt_regs *regs = LINUX_HAS_SYSCALL_WRAPPER \ ? (struct pt_regs *)PT_REGS_PARM1(ctx) \ : ctx; \ In order to fix this problem, the BPF_SYSCALL macro has been used. This reduces the hassle of parsing arguments from pt_regs. Since the macro uses the CORE version of argument extraction, additional portability comes too. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221224071527.2292-5-danieltimlee@gmail.com
2022-12-29samples/bpf: Change _kern suffix to .bpf with syscall tracing programDaniel T. Lee
Currently old compile rule (CLANG-bpf) doesn't contains VMLINUX_H define flag which is essential for the bpf program that includes "vmlinux.h". Also old compile rule doesn't directly specify the compile target as bpf, instead it uses bunch of extra options with clang followed by long chain of commands. (e.g. clang | opt | llvm-dis | llc) In Makefile, there is already new compile rule which is more simple and neat. And it also has -D__VMLINUX_H__ option. By just changing the _kern suffix to .bpf will inherit the benefit of the new CLANG-BPF compile target. Also, this commit adds dummy gnu/stub.h to the samples/bpf directory. As commit 1c2dd16add7e ("selftests/bpf: get rid of -D__x86_64__") noted, compiling with 'clang -target bpf' will raise an error with stubs.h unless workaround (-D__x86_64) is used. This commit solves this problem by adding dummy stub.h to make /usr/include/features.h to follow the expected path as the same way selftests/bpf dealt with. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221224071527.2292-4-danieltimlee@gmail.com
2022-12-29samples/bpf: Use vmlinux.h instead of implicit headers in syscall tracing ↵Daniel T. Lee
program This commit applies vmlinux.h to syscall tracing program. This change allows the bpf program to refer to the internal structure as a single "vmlinux.h" instead of including each header referenced by the bpf program. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221224071527.2292-3-danieltimlee@gmail.com
2022-12-29samples/bpf: Use kyscall instead of kprobe in syscall tracing programDaniel T. Lee
Syscall tracing using kprobe is quite unstable. Since it uses the exact name of the kernel function, the program might broke due to the rename of a function. The problem can also be caused by a changes in the arguments of the function to which the kprobe connects. In this commit, ksyscall is used instead of kprobe. By using ksyscall, libbpf will detect the appropriate kernel function name. (e.g. sys_write -> __s390_sys_write). This eliminates the need to worry about which wrapper function to attach in order to parse arguments. In addition, ksyscall provides more fine method with attaching system call, the coarse SYSCALL helper at trace_common.h can be removed. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20221224071527.2292-2-danieltimlee@gmail.com
2022-12-19samples/bpf: fix uninitialized warning with test_current_task_under_cgroupDaniel T. Lee
Currently, compiling samples/bpf with LLVM warns about the uninitialized use of variable with test_current_task_under_cgroup. ./samples/bpf/test_current_task_under_cgroup_user.c:57:6: warning: variable 'cg2' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] if (setup_cgroup_environment()) ^~~~~~~~~~~~~~~~~~~~~~~~~~ ./samples/bpf/test_current_task_under_cgroup_user.c:106:8: note: uninitialized use occurs here close(cg2); ^~~ ./samples/bpf/test_current_task_under_cgroup_user.c:57:2: note: remove the 'if' if its condition is always false if (setup_cgroup_environment()) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ./samples/bpf/test_current_task_under_cgroup_user.c:19:9: note: initialize the variable 'cg2' to silence this warning int cg2, idx = 0, rc = 1; ^ = 0 1 warning generated. This commit resolve this compiler warning by pre-initialize the variable with error for safeguard. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/r/20221218061453.6287-4-danieltimlee@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
2022-12-19samples/bpf: replace meaningless counter with tracex4Daniel T. Lee
Currently, compiling samples/bpf with LLVM warns about the unused but set variable with tracex4_user. ./samples/bpf/tracex4_user.c:54:14: warning: variable 'i' set but not used [-Wunused-but-set-variable] int map_fd, i, j = 0; ^ 1 warning generated. This commit resolve this compiler warning by replacing the meaningless counter. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/r/20221218061453.6287-3-danieltimlee@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
2022-12-19samples/bpf: remove unused function with test_lru_distDaniel T. Lee
Currently, compiling samples/bpf with LLVM warns about the unused function with test_lru_dist. ./samples/bpf/test_lru_dist.c:45:19: warning: unused function 'list_empty' [-Wunused-function] static inline int list_empty(const struct list_head *head) ^ 1 warning generated. This commit resolve this compiler warning by removing the abandoned function. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/r/20221218061453.6287-2-danieltimlee@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
2022-11-25samples/bpf: Fix wrong allocation size in xdp_router_ipv4_userRong Tao
prefix_key->data allocates three bytes using alloca(), but four bytes are actually accessed in the program. Signed-off-by: Rong Tao <rongtao@cestc.cn> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/tencent_F9E2E81922B0C181D05B96DAE5AB0ACE6B06@qq.com
2022-11-18bpf, samples: Use "grep -E" instead of "egrep"Tiezhu Yang
The latest version of grep (3.8+) claims the egrep is now obsolete so the build now contains warnings that look like: egrep: warning: egrep is obsolescent; using grep -E Fix this up by moving the related file to use "grep -E" instead. Signed-off-by: Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/bpf/1668765001-12477-1-git-send-email-yangtiezhu@loongson.cn
2022-11-07samples/bpf: Fix sockex3 error: Missing BPF prog typeRong Tao
since commit 450b167fb9be("libbpf: clean up SEC() handling"), sec_def_matches() does not recognize "socket/xxx" as "socket", therefore, the BPF program type is not recognized. Instead of sockex3_user.c parsing section names to get the BPF program fd. We use the program array map to assign a static index to each BPF program (get inspired by selftests/bpf progs/test_prog_array_init.c). Therefore, use SEC("socket") as section name instead of SEC("socket/xxx"), so that the BPF program is parsed to SOCKET_FILTER type. The "missing BPF prog type" problem is solved. How to reproduce this error: $ cd samples/bpf $ sudo ./sockex3 libbpf: prog 'bpf_func_PARSE_IP': missing BPF prog type, check ELF section name 'socket/3' libbpf: prog 'bpf_func_PARSE_IP': failed to load: -22 libbpf: failed to load object './sockex3_kern.o' ERROR: loading BPF object file failed Signed-off-by: Rong Tao <rongtao@cestc.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/tencent_EBA3C18864069E42175946973C2ACBAF5408@qq.com
2022-11-04samples/bpf: Fix tracex2 error: No such file or directoryRong Tao
since commit c504e5c2f964("net: skb: introduce kfree_skb_reason()") kfree_skb() is replaced by kfree_skb_reason() and kfree_skb() is set to the inline function. So, we replace kprobe/kfree_skb with kprobe/kfree_skb_reason to solve the tracex2 error. $ cd samples/bpf $ sudo ./tracex2 libbpf: prog 'bpf_prog2': failed to create kprobe 'kfree_skb+0x0' perf event: No such file or directory ERROR: bpf_program__attach failed Signed-off-by: Rong Tao <rongtao@cestc.cn> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/tencent_0F0DAE84C0B3C42E0B550E5E9F47A9114D09@qq.com