diff mbox series

[bpf-next] bpf: print a little more info about maps via cat /sys/fs/bpf/pinned_name

Message ID 20220521075736.1225397-1-zenczykowski@gmail.com (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series [bpf-next] bpf: print a little more info about maps via cat /sys/fs/bpf/pinned_name | expand

Checks

Context Check Description
bpf/vmtest-bpf-next-VM_Test-3 fail Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-PR fail PR summary
netdev/tree_selection success Clearly marked for bpf-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 2 this patch: 2
netdev/cc_maintainers warning 6 maintainers not CCed: kpsingh@kernel.org kafai@fb.com andrii@kernel.org john.fastabend@gmail.com yhs@fb.com songliubraving@fb.com
netdev/build_clang success Errors and warnings before: 10 this patch: 10
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 2 this patch: 2
netdev/checkpatch warning WARNING: line length of 91 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-VM_Test-2 success Logs for Kernel LATEST on ubuntu-latest with llvm-15
bpf/vmtest-bpf-next-VM_Test-1 success Logs for Kernel LATEST on ubuntu-latest with gcc

Commit Message

Maciej Żenczykowski May 21, 2022, 7:57 a.m. UTC 
From: Maciej Żenczykowski <maze@google.com>

While this information can be fetched via bpftool,
the cli tool itself isn't always available on more limited systems.

From the information printed particularly the 'id' is useful since
when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
tracking down which bpf maps a process has open (which can be
useful for tracking down fd leaks).

Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 kernel/bpf/inode.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Alexei Starovoitov May 23, 2022, 7:32 p.m. UTC | #1 
On Sat, May 21, 2022 at 12:57 AM Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
>
> From: Maciej Żenczykowski <maze@google.com>
>
> While this information can be fetched via bpftool,
> the cli tool itself isn't always available on more limited systems.
>
> From the information printed particularly the 'id' is useful since
> when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
> tracking down which bpf maps a process has open (which can be
> useful for tracking down fd leaks).
>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>
> ---
>  kernel/bpf/inode.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> index 4f841e16779e..784266e258fe 100644
> --- a/kernel/bpf/inode.c
> +++ b/kernel/bpf/inode.c
> @@ -257,6 +257,9 @@ static int map_seq_show(struct seq_file *m, void *v)
>         if (unlikely(v == SEQ_START_TOKEN)) {
>                 seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
>                 seq_puts(m, "# WARNING!! The output format will change\n");
> +               seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
> +                          map->map_type, map->key_size, map->value_size, map->max_entries,
> +                          map->id);

Maybe use cat /sys/fs/bpf/maps.debug instead?
It prints map id.
Maciej Żenczykowski May 23, 2022, 8:14 p.m. UTC | #2 
On Mon, May 23, 2022 at 12:32 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Sat, May 21, 2022 at 12:57 AM Maciej Żenczykowski
> <zenczykowski@gmail.com> wrote:
> >
> > From: Maciej Żenczykowski <maze@google.com>
> >
> > While this information can be fetched via bpftool,
> > the cli tool itself isn't always available on more limited systems.
> >
> > From the information printed particularly the 'id' is useful since
> > when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
> > tracking down which bpf maps a process has open (which can be
> > useful for tracking down fd leaks).
> >
> > Signed-off-by: Maciej Żenczykowski <maze@google.com>
> > ---
> >  kernel/bpf/inode.c | 3 +++
> >  1 file changed, 3 insertions(+)
> >
> > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> > index 4f841e16779e..784266e258fe 100644
> > --- a/kernel/bpf/inode.c
> > +++ b/kernel/bpf/inode.c
> > @@ -257,6 +257,9 @@ static int map_seq_show(struct seq_file *m, void *v)
> >         if (unlikely(v == SEQ_START_TOKEN)) {
> >                 seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
> >                 seq_puts(m, "# WARNING!! The output format will change\n");
> > +               seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
> > +                          map->map_type, map->key_size, map->value_size, map->max_entries,
> > +                          map->id);
>
> Maybe use cat /sys/fs/bpf/maps.debug instead?
> It prints map id.

Is this something that was very recently added?
I'm not seeing it on my 5.16 machine with bpffs mounted at /sys/fs/bpf.
Alexei Starovoitov May 23, 2022, 8:21 p.m. UTC | #3 
On Mon, May 23, 2022 at 1:14 PM Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
>
> On Mon, May 23, 2022 at 12:32 PM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> >
> > On Sat, May 21, 2022 at 12:57 AM Maciej Żenczykowski
> > <zenczykowski@gmail.com> wrote:
> > >
> > > From: Maciej Żenczykowski <maze@google.com>
> > >
> > > While this information can be fetched via bpftool,
> > > the cli tool itself isn't always available on more limited systems.
> > >
> > > From the information printed particularly the 'id' is useful since
> > > when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
> > > tracking down which bpf maps a process has open (which can be
> > > useful for tracking down fd leaks).
> > >
> > > Signed-off-by: Maciej Żenczykowski <maze@google.com>
> > > ---
> > >  kernel/bpf/inode.c | 3 +++
> > >  1 file changed, 3 insertions(+)
> > >
> > > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> > > index 4f841e16779e..784266e258fe 100644
> > > --- a/kernel/bpf/inode.c
> > > +++ b/kernel/bpf/inode.c
> > > @@ -257,6 +257,9 @@ static int map_seq_show(struct seq_file *m, void *v)
> > >         if (unlikely(v == SEQ_START_TOKEN)) {
> > >                 seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
> > >                 seq_puts(m, "# WARNING!! The output format will change\n");
> > > +               seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
> > > +                          map->map_type, map->key_size, map->value_size, map->max_entries,
> > > +                          map->id);
> >
> > Maybe use cat /sys/fs/bpf/maps.debug instead?
> > It prints map id.
>
> Is this something that was very recently added?
> I'm not seeing it on my 5.16 machine with bpffs mounted at /sys/fs/bpf.

It was there since 2020.
Make sure you have CONFIG_BPF_PRELOAD.
Maciej Żenczykowski May 25, 2022, 4:14 p.m. UTC | #4 
On Mon, May 23, 2022 at 1:21 PM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Mon, May 23, 2022 at 1:14 PM Maciej Żenczykowski
> <zenczykowski@gmail.com> wrote:
> >
> > On Mon, May 23, 2022 at 12:32 PM Alexei Starovoitov
> > <alexei.starovoitov@gmail.com> wrote:
> > >
> > > On Sat, May 21, 2022 at 12:57 AM Maciej Żenczykowski
> > > <zenczykowski@gmail.com> wrote:
> > > >
> > > > From: Maciej Żenczykowski <maze@google.com>
> > > >
> > > > While this information can be fetched via bpftool,
> > > > the cli tool itself isn't always available on more limited systems.
> > > >
> > > > From the information printed particularly the 'id' is useful since
> > > > when combined with /proc/pid/fd/X and /proc/pid/fdinfo/X it allows
> > > > tracking down which bpf maps a process has open (which can be
> > > > useful for tracking down fd leaks).
> > > >
> > > > Signed-off-by: Maciej Żenczykowski <maze@google.com>
> > > > ---
> > > >  kernel/bpf/inode.c | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
> > > > index 4f841e16779e..784266e258fe 100644
> > > > --- a/kernel/bpf/inode.c
> > > > +++ b/kernel/bpf/inode.c
> > > > @@ -257,6 +257,9 @@ static int map_seq_show(struct seq_file *m, void *v)
> > > >         if (unlikely(v == SEQ_START_TOKEN)) {
> > > >                 seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
> > > >                 seq_puts(m, "# WARNING!! The output format will change\n");
> > > > +               seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
> > > > +                          map->map_type, map->key_size, map->value_size, map->max_entries,
> > > > +                          map->id);
> > >
> > > Maybe use cat /sys/fs/bpf/maps.debug instead?
> > > It prints map id.
> >
> > Is this something that was very recently added?
> > I'm not seeing it on my 5.16 machine with bpffs mounted at /sys/fs/bpf.
>
> It was there since 2020.
> Make sure you have CONFIG_BPF_PRELOAD.

Hmm.  This seems very annoying to use in practice.

* it seems to default to disabled, and as such is disabled on:
- my Debian laptop and desktop (well google's corp Linux distro, but
it should be close enough to Debian here)
- my latest Fedora 36 Desktop and VMs
- our production (server) kernels
- all current Android Common Kernel / Generic Kernel Image / Pixel kernel trees
- Android UML test image kernel build scripts
* enabling it on our server kernels results in a compilation failure
(probably some missing backports, they're backported up the wazoo)
* enabling it on ACK 5.10 tree results in a very different build failure
* enabling it on ACK 5.15 successfully builds, but doesn't seem to work:

# uname -r
5.15.41-04342-g39bba8f6b9fe

# zcat /proc/config.gz  | egrep BPF_PRELOAD
CONFIG_BPF_PRELOAD=y
CONFIG_BPF_PRELOAD_UMD=y

# cat /proc/mounts | egrep sys
none /sys sysfs rw,relatime 0 0
none /sys/fs/bpf bpf rw,relatime 0 0

# cd /sys/fs/bpf
root@uml-x86-64:/sys/fs/bpf# ls -al
total 0
drwxrwxrwt 2 root root 0 May 25 15:13 .
drwxr-xr-x 6 root root 0 May 25 15:13 ..

Perhaps a limitation of UML, or something funky in the build process,
or the files don't show up until maps/progs are pinned?
Hard to say - this is after running our bpf (python) test suite
(though it might not use pinned maps/programs)...

* finally.. I think it increases kernel size by a lot since I see:
120K ./kernel/bpf/preload/bpf_preload_kern.o
and in a different tree:
232K ./kernel/bpf/preload/bpf_preload.ko

I did get it to work by building a net next tree with the option
manually enabled and installing it on some dev servers.
Those by default have some pinned progs/maps, and I do see the debug files.

When it works it's really nice... but I don't think I'm willing to pay
the complexity/memory costs.
Alexei Starovoitov May 25, 2022, 4:32 p.m. UTC | #5 
On Wed, May 25, 2022 at 9:14 AM Maciej Żenczykowski
<zenczykowski@gmail.com> wrote:
>
> When it works it's really nice...

Load your own bpf map iterator program and pin anywhere
in bpffs under name of choice and your own access permissions.
See selftests/bpf/progs/bpf_iter_bpf_map.c
diff mbox series

Patch

diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 4f841e16779e..784266e258fe 100644
--- a/kernel/bpf/inode.c
+++ b/kernel/bpf/inode.c
@@ -257,6 +257,9 @@  static int map_seq_show(struct seq_file *m, void *v)
 	if (unlikely(v == SEQ_START_TOKEN)) {
 		seq_puts(m, "# WARNING!! The output is for debug purpose only\n");
 		seq_puts(m, "# WARNING!! The output format will change\n");
+		seq_printf(m, "# type: %d, key_size: %d, value_size: %d, max_entries: %d, id: %d\n",
+			   map->map_type, map->key_size, map->value_size, map->max_entries,
+			   map->id);
 	} else {
 		map->ops->map_seq_show_elem(map, key, m);
 	}