- 24 1月, 2019 15 次提交
-
-
由 Eric Dumazet 提交于
This adds the ability to read gso_segs from a BPF program. v3: Use BPF_REG_AX instead of BPF_REG_TMP for the temporary register, as suggested by Martin. v2: refined Eddie Hao patch to address Alexei feedback. Signed-off-by: NEric Dumazet <edumazet@google.com> Cc: Eddie Hao <eddieh@google.com> Cc: Martin KaFai Lau <kafai@fb.com> Acked-by: NMartin KaFai Lau <kafai@fb.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Prashant Bhole 提交于
When 'bpftool feature' is executed it shows incorrect help string. test# bpftool feature Usage: bpftool bpftool probe [COMPONENT] [macros [prefix PREFIX]] bpftool bpftool help COMPONENT := { kernel | dev NAME } Instead of fixing the help text by tweaking argv[] indices, this patch changes the default action to 'probe'. It makes the behavior consistent with other subcommands, where first subcommand without extra parameter results in 'show' action. Signed-off-by: NPrashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Alexei Starovoitov 提交于
Jakub Kicinski says: ==================== This set adds support for complete removal of dead code. Patch 3 contains all the code removal logic, patches 2 and 4 additionally optimize branches around and to dead code. Patches 6 and 7 allow offload JITs to take advantage of the optimization. After a few small clean ups (8, 9, 10) nfp support is added (11, 12). Removing code directly in the verifier makes it easy to adjust the relevant metadata (line info, subprogram info). JITs for code store constrained architectures would have hard time performing such adjustments at JIT level. Removing subprograms or line info is very hard once BPF core finished the verification. For user space to perform dead code removal it would have to perform the execution simulation/analysis similar to what the verifier does. v3: - fix uninitilized var warning in GCC 6 (buildbot). v4: - simplify the linfo-keeping logic (Yonghong). Instead of trying to figure out that we are removing first instruction of a subprogram, just always keep last dead line info, if first live instruction doesn't have one. v5: - improve comments (Martin Lau). ==================== Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Add a verifier callback to the nfp JIT to remove the instructions the verifier deemed to be dead. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Verifier will now optimize out branches to dead code, implement the replace_insn callback to take advantage of that optimization. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Instead of passing env->prog->len around, and trying to adjust for optimized out instructions just save the initial number of instructions in struct nfp_prog. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
We fail program loading if jump lands on a skipped instruction. This is for historical reasons, it used to be that we only skipped instructions optimized out based on prior context, and therefore the optimization would be buggy if we jumped directly to such instruction (because the context would be skipped by the jump). There are cases where instructions can be skipped without any context, for example there is no point in generating code for: r0 |= 0 We will also soon support dropping dead code, so make the skip logic differentiate between "optimized with preceding context" vs other skip types. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Instruction number is meaningless at code gen phase. The target of the instruction is overwritten by nfp_fixup_branches(). The convention is to put the raw offset in target address as a place holder. See cmp_* functions. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Let offload JITs know when instructions are replaced and optimized out, so they can update their state appropriately. The optimizations are best effort, if JIT returns an error from any callback verifier will stop notifying it as state may now be out of sync, but the verifier continues making progress. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
The communication between the verifier and advanced JITs is based on instruction indexes. We have to keep them stable throughout the optimizations otherwise referring to a particular instruction gets messy quickly. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Add tests for newly added dead code elimination. Both verifier and BTF tests are added. BTF test infrastructure has to be extended to be able to account for line info which is eliminated during dead code removal. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Acked-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Unconditional branches by 0 instructions are basically noops but they can result from earlier optimizations, e.g. a conditional jumps which would never be taken or a conditional jump around dead code. Remove those branches. v0.2: - s/opt_remove_dead_branches/opt_remove_nops/ (Jiong). Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NJiong Wang <jiong.wang@netronome.com> Acked-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Instead of overwriting dead code with jmp -1 instructions remove it completely for root. Adjust verifier state and line info appropriately. v2: - adjust func_info (Alexei); - make sure first instruction retains line info (Alexei). v4: (Yonghong) - remove unnecessary if (!insn to remove) checks; - always keep last line info if first live instruction lacks one. v5: (Martin Lau) - improve and clarify comments. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Acked-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
Loading programs with dead code becomes more and more common, as people begin to patch constants at load time. Turn conditional jumps to unconditional ones, to avoid potential branch misprediction penalty. This optimization is enabled for privileged users only. For branches which just fall through we could just mark them as not seen and have dead code removal take care of them, but that seems less clean. v0.2: - don't call capable(CAP_SYS_ADMIN) twice (Jiong). v3: - fix GCC warning; Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Acked-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Jakub Kicinski 提交于
In preparation for code removal change parameters to branch and call adjustment functions to be more universal. The current parameters assume we are patching a single instruction with a longer set. A diagram may help reading the change, this is for the patch single case, patching instruction 1 with a replacement of 4: ____ 0 |____| 1 |____| <-- pos ^ 2 | | <-- end old ^ | 3 | | | delta | len 4 |____| | | (patch region) 5 | | <-- end new v v 6 |____| end_old = pos + 1 end_new = pos + delta + 1 If we are before the patch region - curr variable and the target are fully in old coordinates (hence comparing against end_old). If we are after the region curr is in new coordinates (hence the comparison to end_new) but target is in mixed coordinates, so we just check if it falls before end_new, and if so it needs the adjustment. Note that we will not fix up branches which land in removed region in case of removal, which should be okay, as we are only going to remove dead code. Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com> Acked-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
- 23 1月, 2019 13 次提交
-
-
由 Stanislav Fomichev 提交于
system() is calling shell which should find the appropriate full path via $PATH. On some systems, full path to iptables and/or nc might be different that we one we have hardcoded. Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Taeung Song 提交于
We need to let users check their wrong ELF section name with proper ELF section names when they fail to get a prog/attach type from it. Because users can't realize libbpf guess prog/attach types from given ELF section names. For example, when a 'cgroup' section name of a BPF program is used, show available ELF section names(types). Before: $ bpftool prog load bpf-prog.o /sys/fs/bpf/prog1 Error: failed to guess program type based on ELF section name cgroup After: libbpf: failed to guess program type based on ELF section name 'cgroup' libbpf: supported section(type) names are: socket kprobe/ kretprobe/ classifier action tracepoint/ raw_tracepoint/ xdp perf_event lwt_in lwt_out lwt_xmit lwt_seg6local cgroup_skb/ingress cgroup_skb/egress cgroup/skb cgroup/sock cgroup/post_bind4 cgroup/post_bind6 cgroup/dev sockops sk_skb/stream_parser sk_skb/stream_verdict sk_skb sk_msg lirc_mode2 flow_dissector cgroup/bind4 cgroup/bind6 cgroup/connect4 cgroup/connect6 cgroup/sendmsg4 cgroup/sendmsg6 Signed-off-by: NTaeung Song <treeze.taeung@gmail.com> Cc: Quentin Monnet <quentin.monnet@netronome.com> Cc: Jakub Kicinski <jakub.kicinski@netronome.com> Cc: Andrey Ignatov <rdna@fb.com> Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com> Acked-by: NJakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Yonghong Song 提交于
This patch added documentation for BTF (BPF Debug Format). The document is placed under linux:Documentation/bpf directory. Signed-off-by: NYonghong Song <yhs@fb.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Alexei Starovoitov 提交于
Quentin Monnet says: ==================== Hi, This set adds a new command to bpftool in order to dump a list of eBPF-related parameters for the system (or for a specific network device) to the console. Once again, this is based on a suggestion from Daniel. At this time, output includes: - Availability of bpf() system call - Availability of bpf() system call for unprivileged users - JIT status (enabled or not, with or without debugging traces) - JIT hardening status - JIT kallsyms exports status - Global memory limit for JIT compiler for unprivileged users - Status of kernel compilation options related to BPF features - Availability of known eBPF program types - Availability of known eBPF map types - Availability of known eBPF helper functions There are three different ways to dump this information at this time: - Plain output dumps probe results in plain text. It is the most flexible options for providing descriptive output to the user, but should not be relied upon for parsing the output. - JSON output is supported. - A third mode, available through the "macros" keyword appended to the command line, dumps some of those parameters (not all) as a series of "#define" directives, that can be included into a C header file for example. Probes for supported program and map types, and supported helpers, are directly added to libbpf, so that other applications (or selftests) can reuse them as necessary. If the user does not have root privileges (or more precisely, the CAP_SYS_ADMIN capability) detection will be erroneous for most parameters. Therefore, forbid non-root users to run the command. v5: - Move exported symbols to a new LIBBPF_0.0.2 section in libbpf.map (patches 4 to 6). - Minor fixes on patches 3 and 4. v4: - Probe bpf_jit_limit parameter (patch 2). - Probe some additional kernel config options (patch 3). - Minor fixes on patch 6. v3: - Do not probe kernel version in bpftool (just retrieve it to probe support for kprobes in libbpf). - Change the way results for helper support is displayed: now one list of compatible helpers for each program type (and C-style output gets a HAVE_PROG_TYPE_HELPER(prog_type, helper) macro to help with tests. See patches 6, 7. - Address other comments from feedback from v2 (please refer to individual patches' history). v2 (please also refer to individual patches' history): - Move probes for prog/map types, helpers, from bpftool to libbpf. - Move C-style output as a separate patch, and restrict it to a subset of collected information (bpf() availability, prog/map types, helpers). - Now probe helpers with all supported program types, and display a list of compatible program types (as supported on the system) for each helper. - NOT addressed: grouping compilation options for kernel into subsections (patch 3) (I don't see an easy way of grouping them at the moment, please see also the discussion on v1 thread). ==================== Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Add the bash completion related to the newly introduced "bpftool feature probe" command. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
bpftool gained support for probing the current system in order to see what program and map types, and what helpers are available on that system. This patch adds the possibility to pass an interface index to libbpf (and hence to the kernel) when trying to load the programs or to create the maps, in order to see what items a given network device can support. A new keyword "dev <ifname>" can be used as an alternative to "kernel" to indicate that the given device should be tested. If no target ("dev" or "kernel") is specified bpftool defaults to probing the kernel. Sample output: # bpftool -p feature probe dev lo { "syscall_config": { "have_bpf_syscall": true }, "program_types": { "have_sched_cls_prog_type": false, "have_xdp_prog_type": false }, ... } As the target is a network device, /proc/ parameters and kernel configuration are NOT dumped. Availability of the bpf() syscall is still probed, so we can return early if that syscall is not usable (since there is no point in attempting the remaining probes in this case). Among the program types, only the ones that can be offloaded are probed. All map types are probed, as there is no specific rule telling which one could or could not be supported by a device in the future. All helpers are probed (but only for offload-able program types). Caveat: as bpftool does not attempt to attach programs to the device at the moment, probes do not entirely reflect what the device accepts: typically, for Netronome's nfp, results will announce that TC cls offload is available even if support has been deactivated (with e.g. ethtool -K eth1 hw-tc-offload off). v2: - All helpers are probed, whereas previous version would only probe the ones compatible with an offload-able program type. This is because we do not keep a default compatible program type for each helper anymore. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Make bpftool able to dump a subset of the parameters collected by probing the system as a listing of C-style #define macros, so that external projects can reuse the result of this probing and build BPF-based project in accordance with the features available on the system. The new "macros" keyword is used to select this output. An additional "prefix" keyword is added so that users can select a custom prefix for macro names, in order to avoid any namespace conflict. Sample output: # bpftool feature probe kernel macros prefix FOO_ /*** System call availability ***/ #define FOO_HAVE_BPF_SYSCALL /*** eBPF program types ***/ #define FOO_HAVE_SOCKET_FILTER_PROG_TYPE #define FOO_HAVE_KPROBE_PROG_TYPE #define FOO_HAVE_SCHED_CLS_PROG_TYPE ... /*** eBPF map types ***/ #define FOO_HAVE_HASH_MAP_TYPE #define FOO_HAVE_ARRAY_MAP_TYPE #define FOO_HAVE_PROG_ARRAY_MAP_TYPE ... /*** eBPF helper functions ***/ /* * Use FOO_HAVE_PROG_TYPE_HELPER(prog_type_name, helper_name) * to determine if <helper_name> is available for <prog_type_name>, * e.g. * #if FOO_HAVE_PROG_TYPE_HELPER(xdp, bpf_redirect) * // do stuff with this helper * #elif * // use a workaround * #endif */ #define FOO_HAVE_PROG_TYPE_HELPER(prog_type, helper) \ FOO_BPF__PROG_TYPE_ ## prog_type ## __HELPER_ ## helper ... #define FOO_BPF__PROG_TYPE_socket_filter__HELPER_bpf_probe_read 0 #define FOO_BPF__PROG_TYPE_socket_filter__HELPER_bpf_ktime_get_ns 1 #define FOO_BPF__PROG_TYPE_socket_filter__HELPER_bpf_trace_printk 1 ... v3: - Change output for helpers again: add a HAVE_PROG_TYPE_HELPER(type, helper) macro that can be used to tell if <helper> is available for program <type>. v2: - #define-based output added as a distinct patch. - "HAVE_" prefix appended to macro names. - Output limited to bpf() syscall availability, BPF prog and map types, helper functions. In this version kernel config options, procfs parameter or kernel version are intentionally left aside. - Following the change on helper probes, format for helper probes in this output style has changed (now a list of compatible program types). Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Similarly to what was done for program types and map types, add a set of probes to test the availability of the different eBPF helper functions on the current system. For each known program type, all known helpers are tested, in order to establish a compatibility matrix. Output is provided as a set of lists of available helpers, one per program type. Sample output: # bpftool feature probe kernel ... Scanning eBPF helper functions... eBPF helpers supported for program type socket_filter: - bpf_map_lookup_elem - bpf_map_update_elem - bpf_map_delete_elem ... eBPF helpers supported for program type kprobe: - bpf_map_lookup_elem - bpf_map_update_elem - bpf_map_delete_elem ... # bpftool --json --pretty feature probe kernel { ... "helpers": { "socket_filter_available_helpers": ["bpf_map_lookup_elem", \ "bpf_map_update_elem","bpf_map_delete_elem", ... ], "kprobe_available_helpers": ["bpf_map_lookup_elem", \ "bpf_map_update_elem","bpf_map_delete_elem", ... ], ... } } v5: - In libbpf.map, move global symbol to the new LIBBPF_0.0.2 section. v4: - Use "enum bpf_func_id" instead of "__u32" in bpf_probe_helper() declaration for the type of the argument used to pass the id of the helper to probe. - Undef BPF_HELPER_MAKE_ENTRY after using it. v3: - Do not pass kernel version from bpftool to libbpf probes (kernel version for testing program with kprobes is retrieved directly from libbpf). - Dump one list of available helpers per program type (instead of one list of compatible program types per helper). v2: - Move probes from bpftool to libbpf. - Test all program types for each helper, print a list of working prog types for each helper. - Fall back on include/uapi/linux/bpf.h for names and ids of helpers. - Remove C-style macros output from this patch. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Add new probes for eBPF map types, to detect what are the ones available on the system. Try creating one map of each type, and see if the kernel complains. Sample output: # bpftool feature probe kernel ... Scanning eBPF map types... eBPF map_type hash is available eBPF map_type array is available eBPF map_type prog_array is available ... # bpftool --json --pretty feature probe kernel { ... "map_types": { "have_hash_map_type": true, "have_array_map_type": true, "have_prog_array_map_type": true, ... } } v5: - In libbpf.map, move global symbol to the new LIBBPF_0.0.2 section. v3: - Use a switch with all enum values for setting specific map parameters, so that gcc complains at compile time (-Wswitch-enum) if new map types were added to the kernel but libbpf was not updated. v2: - Move probes from bpftool to libbpf. - Remove C-style macros output from this patch. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Introduce probes for supported BPF program types in libbpf, and call it from bpftool to test what types are available on the system. The probe simply consists in loading a very basic program of that type and see if the verifier complains or not. Sample output: # bpftool feature probe kernel ... Scanning eBPF program types... eBPF program_type socket_filter is available eBPF program_type kprobe is available eBPF program_type sched_cls is available ... # bpftool --json --pretty feature probe kernel { ... "program_types": { "have_socket_filter_prog_type": true, "have_kprobe_prog_type": true, "have_sched_cls_prog_type": true, ... } } v5: - In libbpf.map, move global symbol to a new LIBBPF_0.0.2 section. - Rename (non-API function) prog_load() as probe_load(). v3: - Get kernel version for checking kprobes availability from libbpf instead of from bpftool. Do not pass kernel_version as an argument when calling libbpf probes. - Use a switch with all enum values for setting specific program parameters just before probing, so that gcc complains at compile time (-Wswitch-enum) if new prog types were added to the kernel but libbpf was not updated. - Add a comment in libbpf.h about setrlimit() usage to allow many consecutive probe attempts. v2: - Move probes from bpftool to libbpf. - Remove C-style macros output from this patch. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Add probes to dump a number of options set (or not set) for compiling the kernel image. These parameters provide information about what BPF components should be available on the system. A number of them are not directly related to eBPF, but are in fact used in the kernel as conditions on which to compile, or not to compile, some of the eBPF helper functions. Sample output: # bpftool feature probe kernel Scanning system configuration... ... CONFIG_BPF is set to y CONFIG_BPF_SYSCALL is set to y CONFIG_HAVE_EBPF_JIT is set to y ... # bpftool --pretty --json feature probe kernel { "system_config": { ... "CONFIG_BPF": "y", "CONFIG_BPF_SYSCALL": "y", "CONFIG_HAVE_EBPF_JIT": "y", ... } } v5: - Declare options[] array in probe_kernel_image_config() as static. v4: - Add some options to the list: - CONFIG_TRACING - CONFIG_KPROBE_EVENTS - CONFIG_UPROBE_EVENTS - CONFIG_FTRACE_SYSCALLS - Add comments about those options in the source code. v3: - Add a comment about /proc/config.gz not being supported as a path for the config file at this time. - Use p_info() instead of p_err() on failure to get options from config file, as bpftool keeps probing other parameters and that would possibly create duplicate "error" entries for JSON. v2: - Remove C-style macros output from this patch. - NOT addressed: grouping of those config options into subsections (I don't see an easy way of grouping them at the moment, please see also the discussion on v1 thread). Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Add a set of probes to dump the eBPF-related parameters available from /proc/: availability of bpf() syscall for unprivileged users, JIT compiler status and hardening status, kallsyms exports status. Sample output: # bpftool feature probe kernel Scanning system configuration... bpf() syscall for unprivileged users is enabled JIT compiler is disabled JIT compiler hardening is disabled JIT compiler kallsyms exports are disabled Global memory limit for JIT compiler for unprivileged users \ is 264241152 bytes ... # bpftool --json --pretty feature probe kernel { "system_config": { "unprivileged_bpf_disabled": 0, "bpf_jit_enable": 0, "bpf_jit_harden": 0, "bpf_jit_kallsyms": 0, "bpf_jit_limit": 264241152 }, ... } These probes are skipped if procfs is not mounted. v4: - Add bpf_jit_limit parameter. v2: - Remove C-style macros output from this patch. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
由 Quentin Monnet 提交于
Add a new component and command for bpftool, in order to probe the system to dump a set of eBPF-related parameters so that users can know what features are available on the system. Parameters are dumped in plain or JSON output (with -j/-p options). The current patch introduces probing of one simple parameter: availability of the bpf() system call. Later commits will add other probes. Sample output: # bpftool feature probe kernel Scanning system call availability... bpf() syscall is available # bpftool --json --pretty feature probe kernel { "syscall_config": { "have_bpf_syscall": true } } The optional "kernel" keyword enforces probing of the current system, which is the only possible behaviour at this stage. It can be safely omitted. The feature comes with the relevant man page, but bash completion will come in a dedicated commit. v3: - Do not probe kernel version. Contrarily to what is written below for v2, we can have the kernel version retrieved in libbpf instead of bpftool (in the patch adding probing for program types). v2: - Remove C-style macros output from this patch. - Even though kernel version is no longer needed for testing kprobes availability, note that we still collect it in this patch so that bpftool gets able to probe (in next patches) older kernels as well. Signed-off-by: NQuentin Monnet <quentin.monnet@netronome.com> Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Reviewed-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
-
- 17 1月, 2019 12 次提交
-
-
由 Peter Oskolkov 提交于
An older GCC compiler complains: kernel/bpf/verifier.c: In function 'bpf_check': kernel/bpf/verifier.c:4***:13: error: 'prev_offset' may be used uninitialized in this function [-Werror=maybe-uninitialized] } else if (krecord[i].insn_offset <= prev_offset) { ^ kernel/bpf/verifier.c:4***:38: note: 'prev_offset' was declared here u32 i, nfuncs, urec_size, min_size, prev_offset; Although the compiler is wrong here, the patch makes sure that prev_offset is always initialized, just to silence the warning. v2: fix a spelling error in the commit message. Signed-off-by: NPeter Oskolkov <posk@google.com> Acked-by: NMartin KaFai Lau <kafai@fb.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Daniel Borkmann 提交于
Stanislav Fomichev says: ==================== This patch series add support for queue/stack manipulations. It goes like this: commands by permitting empty keys. v2: * removed unneeded jsonw_null from patch #6 * improved bash completions (and moved them into separate patch #7) ==================== Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
bpftool map peek id <TAB> - suggests only queue and stack map ids bpftool map pop id <TAB> - suggests only stack map ids bpftool map dequeue id <TAB> - suggests only queue map ids bpftool map push id <TAB> - suggests only stack map ids bpftool map enqueue id <TAB> - suggests only queue map ids bpftool map push id 1 <TAB> - suggests 'value', not 'key' bpftool map enqueue id 2 <TAB> - suggests 'value', not 'key' bpftool map update id <stack/queue type> - suggests 'value', not 'key' bpftool map lookup id <stack/queue type> - suggests nothing Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
This is intended to be used with queues and stacks, it pops and prints the last element via bpf_map_lookup_and_delete_elem. Example: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map push pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map pop pinned /sys/fs/bpf/q value: 00 01 02 03 bpftool map pop pinned /sys/fs/bpf/q Error: empty map bpftool map create /sys/fs/bpf/s type stack value 4 entries 10 name s bpftool map enqueue pinned /sys/fs/bpf/s value 0 1 2 3 bpftool map dequeue pinned /sys/fs/bpf/s value: 00 01 02 03 bpftool map dequeue pinned /sys/fs/bpf/s Error: empty map Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
This is intended to be used with queues and stacks and be more user-friendly than 'update' without the key. Example: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map push pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map peek pinned /sys/fs/bpf/q value: 00 01 02 03 bpftool map create /sys/fs/bpf/s type stack value 4 entries 10 name s bpftool map enqueue pinned /sys/fs/bpf/s value 0 1 2 3 bpftool map peek pinned /sys/fs/bpf/s value: 00 01 02 03 Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
This is intended to be used with queues and stacks and be more user-friendly than 'lookup' without key/value. Example: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map peek pinned /sys/fs/bpf/q value: 00 01 02 03 Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
When doing dump or lookup, don't print key if key_size == 0 or value if value_size == 0. The initial usecase is queue and stack, where we have only values. This is for regular output only, json still has all the fields. Before: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map lookup pinned /sys/fs/bpf/q key: value: 00 01 02 03 After: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map lookup pinned /sys/fs/bpf/q value: 00 01 02 03 Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
Bpftool expects key for 'lookup' operations. For some map types, key should not be specified. Support looking up those map types. Before: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map lookup pinned /sys/fs/bpf/q Error: did not find key After: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 bpftool map lookup pinned /sys/fs/bpf/q key: value: 00 01 02 03 Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Stanislav Fomichev 提交于
Bpftool expects both key and value for 'update' operations. For some map types, key should not be specified. Support updating those map types. Before: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 Error: did not find key After: bpftool map create /sys/fs/bpf/q type queue value 4 entries 10 name q bpftool map update pinned /sys/fs/bpf/q value 0 1 2 3 Signed-off-by: NStanislav Fomichev <sdf@google.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Daniel Borkmann 提交于
Yonghong Song says: ==================== Previous maximum supported integer bit width is 64. But the __int128 type has been supported by most (if not all) 64bit architectures including bpf for both gcc and clang. The kernel itself uses __int128 for x64 and arm64. Some bcc tools are using __int128 in bpf programs to describe ipv6 addresses. Without 128bit int support, the vmlinux BTF won't work and those bpf programs using __int128 cannot utilize BTF. This patch set therefore implements BTF __int128 support. ==================== Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Yonghong Song 提交于
For formatted output, currently when json is enabled, the decimal number is required. Similar to kernel bpffs printout, for int128 numbers, only hex numbers are dumped, which are quoted as strings. The below is an example to show plain and json pretty print based on the map in test_btf pretty print test. $ bpftool m s 75: hash name pprint_test_has flags 0x0 key 4B value 112B max_entries 4 memlock 4096B $ bpftool m d id 75 ...... { "key": 3, "value": { "ui32": 3, "ui16": 0, "si32": -3, "unused_bits2a": 0x3, "bits28": 0x3, "unused_bits2b": 0x3, "": { "ui64": 3, "ui8a": [3,0,0,0,0,0,0,0 ] }, "aenum": 3, "ui32b": 4, "bits2c": 0x1, "si128a": 0x3, "si128b": 0xfffffffd, "bits3": 0x3, "bits80": 0x10000000000000003, "ui128": 0x20000000000000003 } }, ...... $ bptfool -p -j m d id 75 ...... { "key": ["0x03","0x00","0x00","0x00" ], "value": ["0x03","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0xfd","0xff","0xff","0xff","0x0f","0x00","0x00","0xc0", "0x03","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x03","0x00","0x00","0x00","0x04","0x00","0x00","0x00", "0x01","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x00","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x03","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x00","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0xfd","0xff","0xff","0xff","0x00","0x00","0x00","0x00", "0x00","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x1b","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x08","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x03","0x00","0x00","0x00","0x00","0x00","0x00","0x00", "0x02","0x00","0x00","0x00","0x00","0x00","0x00","0x00" ], "formatted": { "key": 3, "value": { "ui32": 3, "ui16": 0, "si32": -3, "unused_bits2a": "0x3", "bits28": "0x3", "unused_bits2b": "0x3", "": { "ui64": 3, "ui8a": [3,0,0,0,0,0,0,0 ] }, "aenum": 3, "ui32b": 4, "bits2c": "0x1", "si128a": "0x3", "si128b": "0xfffffffd", "bits3": "0x3", "bits80": "0x10000000000000003", "ui128": "0x20000000000000003" } } } ...... Acked-by: NMartin KaFai Lau <kafai@fb.com> Signed-off-by: NYonghong Song <yhs@fb.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-
由 Yonghong Song 提交于
The bpffs pretty print test is extended to cover int128 types. Tested on an x64 machine. $ test_btf -p ...... BTF pretty print array(#3)......OK PASS:9 SKIP:0 FAIL:0 Acked-by: NMartin KaFai Lau <kafai@fb.com> Signed-off-by: NYonghong Song <yhs@fb.com> Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
-