Google Git
Sign in
kernel/pub/scm/linux/kernel/git/ast/bpf/refs/heads/ksym_bpf
commit
ebbd6cbc6ab26f4475d868a3775a34d2bd876adf
[log]
author
Daniel Borkmann <daniel@iogearbox.net>
Thu Dec 08 23:56:49 2016 +0100
committer
Alexei Starovoitov <ast@fb.com>
Wed Feb 15 15:23:39 2017 -0800
tree
5ed0a19e5565d1d40d6f0164a2bf5864257f93aa
parent
285be0956c5716e25972a2e69b8dfc45b669766a [diff]
bpf: make jited programs visible in traces

As of today, JITed BPF programs are unknown functions to the kernel,
meaning in case of stack traces, they are either not shown at all via
show_stack() (e.g. from WARN() or BUG() invocations) or stack walking
aborts entirely (e.g. perf/tracing). (Programs not JITed will obviously
show __bpf_prog_run() in their traces.)

This work tries to resolve that issue by making the addresses known to
the kernel via implementing a minimal necessary kallsyms backend to
aide in debugging and profiling. The function symbol is therefore
exported as bpf_prog_<tag>(). This facility is currently enabled for
root-only when bpf_jit_kallsyms is set to 1, and disabled if hardening
is active in any mode.

The functions are exposed in {__,}kernel_text_address() so stack walker
doesn't skip them and hooked up to kallsyms, so they are thus dumped
under mentioned restrictions to /proc/kallsyms. The latter is also
useful for tracing with eBPF progs in combination with stack maps when
other eBPF types are part of the callchain, see offwaketime example for
dumping stack from map.

Stack trace visible in tooling like perf script --kallsyms=/proc/kallsyms
shown below as one example.

Before:

  7fff8166889d bpf_clone_redirect+0x80007f0020ed (/lib/modules/4.9.0-rc8+/build/vmlinux)
         f5d80 __sendmsg_nocancel+0xffff006451f1a007 (/usr/lib64/libc-2.18.so)

After:

  7fff816688b7 bpf_clone_redirect+0x80007f002107 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fffa0575728 bpf_prog_33c45a467c9e061a+0x8000600020fb (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fffa07ef1fc cls_bpf_classify+0x8000600020dc (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff81678b68 tc_classify+0x80007f002078 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8164d40b __netif_receive_skb_core+0x80007f0025fb (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8164d718 __netif_receive_skb+0x80007f002018 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8164e565 process_backlog+0x80007f002095 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8164dc71 net_rx_action+0x80007f002231 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff81767461 __softirqentry_text_start+0x80007f0020d1 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff817658ac do_softirq_own_stack+0x80007f00201c (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff810a2c20 do_softirq+0x80007f002050 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff810a2cb5 __local_bh_enable_ip+0x80007f002085 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8168d452 ip_finish_output2+0x80007f002152 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8168ea3d ip_finish_output+0x80007f00217d (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff8168f2af ip_output+0x80007f00203f (/lib/modules/4.9.0-rc8+/build/vmlinux)
  [...]
  7fff81005854 do_syscall_64+0x80007f002054 (/lib/modules/4.9.0-rc8+/build/vmlinux)
  7fff817649eb return_from_SYSCALL_64+0x80007f002000 (/lib/modules/4.9.0-rc8+/build/vmlinux)
         f5d80 __sendmsg_nocancel+0xffff01c484812007 (/usr/lib64/libc-2.18.so)

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: linux-kernel@vger.kernel.org
13 files changed
tree: 5ed0a19e5565d1d40d6f0164a2bf5864257f93aa
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README