diff mbox series

[v6,bpf-next,09/11] bpf: Support ->fill_link_info for perf_event

Message ID 20230628115329.248450-10-laoar.shao@gmail.com (mailing list archive)
State Changes Requested
Delegated to: BPF
Headers show
Series bpf: Support ->fill_link_info for kprobe_multi and perf_event links | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for bpf-next, async
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1737 this patch: 1736
netdev/cc_maintainers success CCed 12 of 12 maintainers
netdev/build_clang success Errors and warnings before: 186 this patch: 184
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1736 this patch: 1735
netdev/checkpatch fail ERROR: space prohibited before that ':' (ctx:WxV) WARNING: line length of 95 exceeds 80 columns
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
bpf/vmtest-bpf-next-PR success PR summary
bpf/vmtest-bpf-next-VM_Test-1 success Logs for ShellCheck
bpf/vmtest-bpf-next-VM_Test-4 success Logs for build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-5 success Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-6 success Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-2 success Logs for build for aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-3 success Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-7 success Logs for test_maps on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-9 success Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-10 success Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-14 success Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-17 success Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-18 success Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-19 success Logs for test_progs_no_alu32_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-20 success Logs for test_progs_no_alu32_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-21 success Logs for test_progs_no_alu32_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-22 success Logs for test_progs_parallel on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-23 success Logs for test_progs_parallel on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-24 success Logs for test_progs_parallel on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-25 success Logs for test_verifier on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-27 success Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-28 success Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-29 success Logs for veristat
bpf/vmtest-bpf-next-VM_Test-11 success Logs for test_progs on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-13 success Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-15 success Logs for test_progs_no_alu32 on aarch64 with gcc
bpf/vmtest-bpf-next-VM_Test-26 success Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-12 success Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-16 success Logs for test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-8 success Logs for test_maps on s390x with gcc

Commit Message

Yafang Shao June 28, 2023, 11:53 a.m. UTC
By introducing support for ->fill_link_info to the perf_event link, users
gain the ability to inspect it using `bpftool link show`. While the current
approach involves accessing this information via `bpftool perf show`,
consolidating link information for all link types in one place offers
greater convenience. Additionally, this patch extends support to the
generic perf event, which is not currently accommodated by
`bpftool perf show`. While only the perf type and config are exposed to
userspace, other attributes such as sample_period and sample_freq are
ignored. It's important to note that if kptr_restrict is not permitted, the
probed address will not be exposed, maintaining security measures.

A new enum bpf_perf_event_type is introduced to help the user understand
which struct is relevant.

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
 include/uapi/linux/bpf.h       |  35 ++++++++++
 kernel/bpf/syscall.c           | 117 +++++++++++++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h |  35 ++++++++++
 3 files changed, 187 insertions(+)

Comments

Daniel Borkmann July 5, 2023, 8:46 a.m. UTC | #1
On 6/28/23 1:53 PM, Yafang Shao wrote:
> By introducing support for ->fill_link_info to the perf_event link, users
> gain the ability to inspect it using `bpftool link show`. While the current
> approach involves accessing this information via `bpftool perf show`,
> consolidating link information for all link types in one place offers
> greater convenience. Additionally, this patch extends support to the
> generic perf event, which is not currently accommodated by
> `bpftool perf show`. While only the perf type and config are exposed to
> userspace, other attributes such as sample_period and sample_freq are
> ignored. It's important to note that if kptr_restrict is not permitted, the
> probed address will not be exposed, maintaining security measures.
> 
> A new enum bpf_perf_event_type is introduced to help the user understand
> which struct is relevant.
> 
> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> ---
>   include/uapi/linux/bpf.h       |  35 ++++++++++
>   kernel/bpf/syscall.c           | 117 +++++++++++++++++++++++++++++++++
>   tools/include/uapi/linux/bpf.h |  35 ++++++++++
>   3 files changed, 187 insertions(+)

For ease of review this should be squashed with the prior one which adds
bpf_perf_link_fill_common().

> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 512ba3ba2ed3..7efe51672c15 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -1057,6 +1057,16 @@ enum bpf_link_type {
>   	MAX_BPF_LINK_TYPE,
>   };
>   
> +enum bpf_perf_event_type {
> +	BPF_PERF_EVENT_UNSPEC = 0,
> +	BPF_PERF_EVENT_UPROBE = 1,
> +	BPF_PERF_EVENT_URETPROBE = 2,
> +	BPF_PERF_EVENT_KPROBE = 3,
> +	BPF_PERF_EVENT_KRETPROBE = 4,
> +	BPF_PERF_EVENT_TRACEPOINT = 5,
> +	BPF_PERF_EVENT_EVENT = 6,

Why explicitly defining the values of the enum?

> +};
> +
>   /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
>    *
>    * NONE(default): No further bpf programs allowed in the subtree.
> @@ -6444,6 +6454,31 @@ struct bpf_link_info {
>   			__u32 count;
>   			__u32 flags;
>   		} kprobe_multi;
> +		struct {
> +			__u32 type; /* enum bpf_perf_event_type */
> +			__u32 :32;
> +			union {
> +				struct {
> +					__aligned_u64 file_name; /* in/out */
> +					__u32 name_len;
> +					__u32 offset;/* offset from file_name */

nit: spacing wrt comment, also same further below

> +				} uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
> +				struct {
> +					__aligned_u64 func_name; /* in/out */
> +					__u32 name_len;
> +					__u32 offset;/* offset from func_name */
> +					__u64 addr;
> +				} kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
> +				struct {
> +					__aligned_u64 tp_name;   /* in/out */
> +					__u32 name_len;
> +				} tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
> +				struct {
> +					__u64 config;
> +					__u32 type;
> +				} event; /* BPF_PERF_EVENT_EVENT */
> +			};
> +		} perf_event;
>   	};
>   } __attribute__((aligned(8)));
>   
> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> index 72de91beabbc..05ff0a560f1a 100644
> --- a/kernel/bpf/syscall.c
> +++ b/kernel/bpf/syscall.c
> @@ -3398,9 +3398,126 @@ static int bpf_perf_link_fill_common(const struct perf_event *event,
>   	return 0;
>   }
>   
> +#ifdef CONFIG_KPROBE_EVENTS
> +static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
> +				     struct bpf_link_info *info)
> +{
> +	char __user *uname;
> +	u64 addr, offset;
> +	u32 ulen, type;
> +	int err;
> +
> +	uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
> +	ulen = info->perf_event.kprobe.name_len;
> +	err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> +					&type);
> +	if (err)
> +		return err;
> +	if (type == BPF_FD_TYPE_KRETPROBE)
> +		info->perf_event.type = BPF_PERF_EVENT_KRETPROBE;
> +	else
> +		info->perf_event.type = BPF_PERF_EVENT_KPROBE;
> +
> +	info->perf_event.kprobe.offset = offset;
> +	if (!kallsyms_show_value(current_cred()))
> +		addr = 0;
> +	info->perf_event.kprobe.addr = addr;
> +	return 0;
> +}
> +#endif
> +
> +#ifdef CONFIG_UPROBE_EVENTS
> +static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
> +				     struct bpf_link_info *info)
> +{
> +	char __user *uname;
> +	u64 addr, offset;
> +	u32 ulen, type;
> +	int err;
> +
> +	uname = u64_to_user_ptr(info->perf_event.uprobe.file_name);
> +	ulen = info->perf_event.uprobe.name_len;
> +	err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> +					&type);
> +	if (err)
> +		return err;
> +
> +	if (type == BPF_FD_TYPE_URETPROBE)
> +		info->perf_event.type = BPF_PERF_EVENT_URETPROBE;
> +	else
> +		info->perf_event.type = BPF_PERF_EVENT_UPROBE;
> +	info->perf_event.uprobe.offset = offset;
> +	return 0;
> +}
> +#endif
> +
> +static int bpf_perf_link_fill_probe(const struct perf_event *event,
> +				    struct bpf_link_info *info)
> +{
> +#ifdef CONFIG_KPROBE_EVENTS
> +	if (event->tp_event->flags & TRACE_EVENT_FL_KPROBE)
> +		return bpf_perf_link_fill_kprobe(event, info);
> +#endif
> +#ifdef CONFIG_UPROBE_EVENTS
> +	if (event->tp_event->flags & TRACE_EVENT_FL_UPROBE)
> +		return bpf_perf_link_fill_uprobe(event, info);
> +#endif
> +	return -EOPNOTSUPP;
> +}
> +
> +static int bpf_perf_link_fill_tracepoint(const struct perf_event *event,
> +					 struct bpf_link_info *info)
> +{
> +	char __user *uname;
> +	u64 addr, offset;
> +	u32 ulen, type;
> +
> +	uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name);
> +	ulen = info->perf_event.tracepoint.name_len;
> +	info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT;
> +	return bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> +					 &type);

Perhaps for data we don't care about in these cases, passing NULL would be
more obvious and letting bpf_perf_link_fill_common() handle NULL inputs.

> +}
> +
> +static int bpf_perf_link_fill_perf_event(const struct perf_event *event,
> +					 struct bpf_link_info *info)
> +{
> +	info->perf_event.event.type = event->attr.type;
> +	info->perf_event.event.config = event->attr.config;
> +	info->perf_event.type = BPF_PERF_EVENT_EVENT;
> +	return 0;
> +}
> +
> +static int bpf_perf_link_fill_link_info(const struct bpf_link *link,
> +					struct bpf_link_info *info)
> +{
> +	struct bpf_perf_link *perf_link;
> +	const struct perf_event *event;
> +
> +	perf_link = container_of(link, struct bpf_perf_link, link);
> +	event = perf_get_event(perf_link->perf_file);
> +	if (IS_ERR(event))
> +		return PTR_ERR(event);
> +
> +	if (!event->prog)
> +		return -EINVAL;

nit: In which situations do we run into this, would ENOENT be better error code
here given it's not an invalid arg that user passed to kernel for filling link
info.

> +	switch (event->prog->type) {
> +	case BPF_PROG_TYPE_PERF_EVENT:
> +		return bpf_perf_link_fill_perf_event(event, info);
> +	case BPF_PROG_TYPE_TRACEPOINT:
> +		return bpf_perf_link_fill_tracepoint(event, info);
> +	case BPF_PROG_TYPE_KPROBE:
> +		return bpf_perf_link_fill_probe(event, info);
> +	default:
> +		return -EOPNOTSUPP;
> +	}
> +}
> +
>   static const struct bpf_link_ops bpf_perf_link_lops = {
>   	.release = bpf_perf_link_release,
>   	.dealloc = bpf_perf_link_dealloc,
> +	.fill_link_info = bpf_perf_link_fill_link_info,
>   };
>   
>   static int bpf_perf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index 512ba3ba2ed3..7efe51672c15 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -1057,6 +1057,16 @@ enum bpf_link_type {
>   	MAX_BPF_LINK_TYPE,
>   };
>   
> +enum bpf_perf_event_type {
> +	BPF_PERF_EVENT_UNSPEC = 0,
> +	BPF_PERF_EVENT_UPROBE = 1,
> +	BPF_PERF_EVENT_URETPROBE = 2,
> +	BPF_PERF_EVENT_KPROBE = 3,
> +	BPF_PERF_EVENT_KRETPROBE = 4,
> +	BPF_PERF_EVENT_TRACEPOINT = 5,
> +	BPF_PERF_EVENT_EVENT = 6,
> +};
> +
>   /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
>    *
>    * NONE(default): No further bpf programs allowed in the subtree.
> @@ -6444,6 +6454,31 @@ struct bpf_link_info {
>   			__u32 count;
>   			__u32 flags;
>   		} kprobe_multi;
> +		struct {
> +			__u32 type; /* enum bpf_perf_event_type */
> +			__u32 :32;
> +			union {
> +				struct {
> +					__aligned_u64 file_name; /* in/out */
> +					__u32 name_len;
> +					__u32 offset;/* offset from file_name */
> +				} uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
> +				struct {
> +					__aligned_u64 func_name; /* in/out */
> +					__u32 name_len;
> +					__u32 offset;/* offset from func_name */
> +					__u64 addr;
> +				} kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
> +				struct {
> +					__aligned_u64 tp_name;   /* in/out */
> +					__u32 name_len;
> +				} tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
> +				struct {
> +					__u64 config;
> +					__u32 type;
> +				} event; /* BPF_PERF_EVENT_EVENT */
> +			};
> +		} perf_event;
>   	};
>   } __attribute__((aligned(8)));
>   
>
Yafang Shao July 5, 2023, 10:08 a.m. UTC | #2
On Wed, Jul 5, 2023 at 4:47 PM Daniel Borkmann <daniel@iogearbox.net> wrote:
>
> On 6/28/23 1:53 PM, Yafang Shao wrote:
> > By introducing support for ->fill_link_info to the perf_event link, users
> > gain the ability to inspect it using `bpftool link show`. While the current
> > approach involves accessing this information via `bpftool perf show`,
> > consolidating link information for all link types in one place offers
> > greater convenience. Additionally, this patch extends support to the
> > generic perf event, which is not currently accommodated by
> > `bpftool perf show`. While only the perf type and config are exposed to
> > userspace, other attributes such as sample_period and sample_freq are
> > ignored. It's important to note that if kptr_restrict is not permitted, the
> > probed address will not be exposed, maintaining security measures.
> >
> > A new enum bpf_perf_event_type is introduced to help the user understand
> > which struct is relevant.
> >
> > Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
> > ---
> >   include/uapi/linux/bpf.h       |  35 ++++++++++
> >   kernel/bpf/syscall.c           | 117 +++++++++++++++++++++++++++++++++
> >   tools/include/uapi/linux/bpf.h |  35 ++++++++++
> >   3 files changed, 187 insertions(+)
>
> For ease of review this should be squashed with the prior one which adds
> bpf_perf_link_fill_common().

Sure. Will do it.

>
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index 512ba3ba2ed3..7efe51672c15 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -1057,6 +1057,16 @@ enum bpf_link_type {
> >       MAX_BPF_LINK_TYPE,
> >   };
> >
> > +enum bpf_perf_event_type {
> > +     BPF_PERF_EVENT_UNSPEC = 0,
> > +     BPF_PERF_EVENT_UPROBE = 1,
> > +     BPF_PERF_EVENT_URETPROBE = 2,
> > +     BPF_PERF_EVENT_KPROBE = 3,
> > +     BPF_PERF_EVENT_KRETPROBE = 4,
> > +     BPF_PERF_EVENT_TRACEPOINT = 5,
> > +     BPF_PERF_EVENT_EVENT = 6,
>
> Why explicitly defining the values of the enum?

With these newly introduced enums, the user can easily identify what
kind of perf_event link it is
See also the discussion:
https://lore.kernel.org/bpf/CAEf4BzYEwCZ3J51pFnUfGykEAHtdLwB8Kxi0utvUTVvewz4UCg@mail.gmail.com/

>
> > +};
> > +
> >   /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
> >    *
> >    * NONE(default): No further bpf programs allowed in the subtree.
> > @@ -6444,6 +6454,31 @@ struct bpf_link_info {
> >                       __u32 count;
> >                       __u32 flags;
> >               } kprobe_multi;
> > +             struct {
> > +                     __u32 type; /* enum bpf_perf_event_type */
> > +                     __u32 :32;
> > +                     union {
> > +                             struct {
> > +                                     __aligned_u64 file_name; /* in/out */
> > +                                     __u32 name_len;
> > +                                     __u32 offset;/* offset from file_name */
>
> nit: spacing wrt comment, also same further below

Will change it.

>
> > +                             } uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
> > +                             struct {
> > +                                     __aligned_u64 func_name; /* in/out */
> > +                                     __u32 name_len;
> > +                                     __u32 offset;/* offset from func_name */
> > +                                     __u64 addr;
> > +                             } kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
> > +                             struct {
> > +                                     __aligned_u64 tp_name;   /* in/out */
> > +                                     __u32 name_len;
> > +                             } tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
> > +                             struct {
> > +                                     __u64 config;
> > +                                     __u32 type;
> > +                             } event; /* BPF_PERF_EVENT_EVENT */
> > +                     };
> > +             } perf_event;
> >       };
> >   } __attribute__((aligned(8)));
> >
> > diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
> > index 72de91beabbc..05ff0a560f1a 100644
> > --- a/kernel/bpf/syscall.c
> > +++ b/kernel/bpf/syscall.c
> > @@ -3398,9 +3398,126 @@ static int bpf_perf_link_fill_common(const struct perf_event *event,
> >       return 0;
> >   }
> >
> > +#ifdef CONFIG_KPROBE_EVENTS
> > +static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
> > +                                  struct bpf_link_info *info)
> > +{
> > +     char __user *uname;
> > +     u64 addr, offset;
> > +     u32 ulen, type;
> > +     int err;
> > +
> > +     uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
> > +     ulen = info->perf_event.kprobe.name_len;
> > +     err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> > +                                     &type);
> > +     if (err)
> > +             return err;
> > +     if (type == BPF_FD_TYPE_KRETPROBE)
> > +             info->perf_event.type = BPF_PERF_EVENT_KRETPROBE;
> > +     else
> > +             info->perf_event.type = BPF_PERF_EVENT_KPROBE;
> > +
> > +     info->perf_event.kprobe.offset = offset;
> > +     if (!kallsyms_show_value(current_cred()))
> > +             addr = 0;
> > +     info->perf_event.kprobe.addr = addr;
> > +     return 0;
> > +}
> > +#endif
> > +
> > +#ifdef CONFIG_UPROBE_EVENTS
> > +static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
> > +                                  struct bpf_link_info *info)
> > +{
> > +     char __user *uname;
> > +     u64 addr, offset;
> > +     u32 ulen, type;
> > +     int err;
> > +
> > +     uname = u64_to_user_ptr(info->perf_event.uprobe.file_name);
> > +     ulen = info->perf_event.uprobe.name_len;
> > +     err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> > +                                     &type);
> > +     if (err)
> > +             return err;
> > +
> > +     if (type == BPF_FD_TYPE_URETPROBE)
> > +             info->perf_event.type = BPF_PERF_EVENT_URETPROBE;
> > +     else
> > +             info->perf_event.type = BPF_PERF_EVENT_UPROBE;
> > +     info->perf_event.uprobe.offset = offset;
> > +     return 0;
> > +}
> > +#endif
> > +
> > +static int bpf_perf_link_fill_probe(const struct perf_event *event,
> > +                                 struct bpf_link_info *info)
> > +{
> > +#ifdef CONFIG_KPROBE_EVENTS
> > +     if (event->tp_event->flags & TRACE_EVENT_FL_KPROBE)
> > +             return bpf_perf_link_fill_kprobe(event, info);
> > +#endif
> > +#ifdef CONFIG_UPROBE_EVENTS
> > +     if (event->tp_event->flags & TRACE_EVENT_FL_UPROBE)
> > +             return bpf_perf_link_fill_uprobe(event, info);
> > +#endif
> > +     return -EOPNOTSUPP;
> > +}
> > +
> > +static int bpf_perf_link_fill_tracepoint(const struct perf_event *event,
> > +                                      struct bpf_link_info *info)
> > +{
> > +     char __user *uname;
> > +     u64 addr, offset;
> > +     u32 ulen, type;
> > +
> > +     uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name);
> > +     ulen = info->perf_event.tracepoint.name_len;
> > +     info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT;
> > +     return bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
> > +                                      &type);
>
> Perhaps for data we don't care about in these cases, passing NULL would be
> more obvious and letting bpf_perf_link_fill_common() handle NULL inputs.

Agree. That would be better.
We should let bpf_get_perf_event_info() handle NULL inputs.  As the
change in bpf_get_perf_event_info() is small, I will change it in the
same patch.

>
> > +}
> > +
> > +static int bpf_perf_link_fill_perf_event(const struct perf_event *event,
> > +                                      struct bpf_link_info *info)
> > +{
> > +     info->perf_event.event.type = event->attr.type;
> > +     info->perf_event.event.config = event->attr.config;
> > +     info->perf_event.type = BPF_PERF_EVENT_EVENT;
> > +     return 0;
> > +}
> > +
> > +static int bpf_perf_link_fill_link_info(const struct bpf_link *link,
> > +                                     struct bpf_link_info *info)
> > +{
> > +     struct bpf_perf_link *perf_link;
> > +     const struct perf_event *event;
> > +
> > +     perf_link = container_of(link, struct bpf_perf_link, link);
> > +     event = perf_get_event(perf_link->perf_file);
> > +     if (IS_ERR(event))
> > +             return PTR_ERR(event);
> > +
> > +     if (!event->prog)
> > +             return -EINVAL;
>
> nit: In which situations do we run into this, would ENOENT be better error code
> here given it's not an invalid arg that user passed to kernel for filling link
> info.

In practice there should be no situations. I think we can remove this
judgement directly.
Daniel Borkmann July 5, 2023, 12:30 p.m. UTC | #3
On 7/5/23 12:08 PM, Yafang Shao wrote:
> On Wed, Jul 5, 2023 at 4:47 PM Daniel Borkmann <daniel@iogearbox.net> wrote:
>> On 6/28/23 1:53 PM, Yafang Shao wrote:
>>> By introducing support for ->fill_link_info to the perf_event link, users
>>> gain the ability to inspect it using `bpftool link show`. While the current
>>> approach involves accessing this information via `bpftool perf show`,
>>> consolidating link information for all link types in one place offers
>>> greater convenience. Additionally, this patch extends support to the
>>> generic perf event, which is not currently accommodated by
>>> `bpftool perf show`. While only the perf type and config are exposed to
>>> userspace, other attributes such as sample_period and sample_freq are
>>> ignored. It's important to note that if kptr_restrict is not permitted, the
>>> probed address will not be exposed, maintaining security measures.
>>>
>>> A new enum bpf_perf_event_type is introduced to help the user understand
>>> which struct is relevant.
>>>
>>> Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
[...]
>>>
>>> +enum bpf_perf_event_type {
>>> +     BPF_PERF_EVENT_UNSPEC = 0,
>>> +     BPF_PERF_EVENT_UPROBE = 1,
>>> +     BPF_PERF_EVENT_URETPROBE = 2,
>>> +     BPF_PERF_EVENT_KPROBE = 3,
>>> +     BPF_PERF_EVENT_KRETPROBE = 4,
>>> +     BPF_PERF_EVENT_TRACEPOINT = 5,
>>> +     BPF_PERF_EVENT_EVENT = 6,
>>
>> Why explicitly defining the values of the enum?
> 
> With these newly introduced enums, the user can easily identify what
> kind of perf_event link it is
> See also the discussion:
> https://lore.kernel.org/bpf/CAEf4BzYEwCZ3J51pFnUfGykEAHtdLwB8Kxi0utvUTVvewz4UCg@mail.gmail.com/

No objections to that. I was more wondering why explicitly stating the
numbers here, but I presume it's for quick readability.. looks like in
some of the uapi enums we do it, in some others we don't; fair enough.

Thanks,
Daniel
diff mbox series

Patch

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 512ba3ba2ed3..7efe51672c15 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -1057,6 +1057,16 @@  enum bpf_link_type {
 	MAX_BPF_LINK_TYPE,
 };
 
+enum bpf_perf_event_type {
+	BPF_PERF_EVENT_UNSPEC = 0,
+	BPF_PERF_EVENT_UPROBE = 1,
+	BPF_PERF_EVENT_URETPROBE = 2,
+	BPF_PERF_EVENT_KPROBE = 3,
+	BPF_PERF_EVENT_KRETPROBE = 4,
+	BPF_PERF_EVENT_TRACEPOINT = 5,
+	BPF_PERF_EVENT_EVENT = 6,
+};
+
 /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
  *
  * NONE(default): No further bpf programs allowed in the subtree.
@@ -6444,6 +6454,31 @@  struct bpf_link_info {
 			__u32 count;
 			__u32 flags;
 		} kprobe_multi;
+		struct {
+			__u32 type; /* enum bpf_perf_event_type */
+			__u32 :32;
+			union {
+				struct {
+					__aligned_u64 file_name; /* in/out */
+					__u32 name_len;
+					__u32 offset;/* offset from file_name */
+				} uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
+				struct {
+					__aligned_u64 func_name; /* in/out */
+					__u32 name_len;
+					__u32 offset;/* offset from func_name */
+					__u64 addr;
+				} kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
+				struct {
+					__aligned_u64 tp_name;   /* in/out */
+					__u32 name_len;
+				} tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
+				struct {
+					__u64 config;
+					__u32 type;
+				} event; /* BPF_PERF_EVENT_EVENT */
+			};
+		} perf_event;
 	};
 } __attribute__((aligned(8)));
 
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 72de91beabbc..05ff0a560f1a 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3398,9 +3398,126 @@  static int bpf_perf_link_fill_common(const struct perf_event *event,
 	return 0;
 }
 
+#ifdef CONFIG_KPROBE_EVENTS
+static int bpf_perf_link_fill_kprobe(const struct perf_event *event,
+				     struct bpf_link_info *info)
+{
+	char __user *uname;
+	u64 addr, offset;
+	u32 ulen, type;
+	int err;
+
+	uname = u64_to_user_ptr(info->perf_event.kprobe.func_name);
+	ulen = info->perf_event.kprobe.name_len;
+	err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
+					&type);
+	if (err)
+		return err;
+	if (type == BPF_FD_TYPE_KRETPROBE)
+		info->perf_event.type = BPF_PERF_EVENT_KRETPROBE;
+	else
+		info->perf_event.type = BPF_PERF_EVENT_KPROBE;
+
+	info->perf_event.kprobe.offset = offset;
+	if (!kallsyms_show_value(current_cred()))
+		addr = 0;
+	info->perf_event.kprobe.addr = addr;
+	return 0;
+}
+#endif
+
+#ifdef CONFIG_UPROBE_EVENTS
+static int bpf_perf_link_fill_uprobe(const struct perf_event *event,
+				     struct bpf_link_info *info)
+{
+	char __user *uname;
+	u64 addr, offset;
+	u32 ulen, type;
+	int err;
+
+	uname = u64_to_user_ptr(info->perf_event.uprobe.file_name);
+	ulen = info->perf_event.uprobe.name_len;
+	err = bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
+					&type);
+	if (err)
+		return err;
+
+	if (type == BPF_FD_TYPE_URETPROBE)
+		info->perf_event.type = BPF_PERF_EVENT_URETPROBE;
+	else
+		info->perf_event.type = BPF_PERF_EVENT_UPROBE;
+	info->perf_event.uprobe.offset = offset;
+	return 0;
+}
+#endif
+
+static int bpf_perf_link_fill_probe(const struct perf_event *event,
+				    struct bpf_link_info *info)
+{
+#ifdef CONFIG_KPROBE_EVENTS
+	if (event->tp_event->flags & TRACE_EVENT_FL_KPROBE)
+		return bpf_perf_link_fill_kprobe(event, info);
+#endif
+#ifdef CONFIG_UPROBE_EVENTS
+	if (event->tp_event->flags & TRACE_EVENT_FL_UPROBE)
+		return bpf_perf_link_fill_uprobe(event, info);
+#endif
+	return -EOPNOTSUPP;
+}
+
+static int bpf_perf_link_fill_tracepoint(const struct perf_event *event,
+					 struct bpf_link_info *info)
+{
+	char __user *uname;
+	u64 addr, offset;
+	u32 ulen, type;
+
+	uname = u64_to_user_ptr(info->perf_event.tracepoint.tp_name);
+	ulen = info->perf_event.tracepoint.name_len;
+	info->perf_event.type = BPF_PERF_EVENT_TRACEPOINT;
+	return bpf_perf_link_fill_common(event, uname, ulen, &offset, &addr,
+					 &type);
+}
+
+static int bpf_perf_link_fill_perf_event(const struct perf_event *event,
+					 struct bpf_link_info *info)
+{
+	info->perf_event.event.type = event->attr.type;
+	info->perf_event.event.config = event->attr.config;
+	info->perf_event.type = BPF_PERF_EVENT_EVENT;
+	return 0;
+}
+
+static int bpf_perf_link_fill_link_info(const struct bpf_link *link,
+					struct bpf_link_info *info)
+{
+	struct bpf_perf_link *perf_link;
+	const struct perf_event *event;
+
+	perf_link = container_of(link, struct bpf_perf_link, link);
+	event = perf_get_event(perf_link->perf_file);
+	if (IS_ERR(event))
+		return PTR_ERR(event);
+
+	if (!event->prog)
+		return -EINVAL;
+
+	switch (event->prog->type) {
+	case BPF_PROG_TYPE_PERF_EVENT:
+		return bpf_perf_link_fill_perf_event(event, info);
+	case BPF_PROG_TYPE_TRACEPOINT:
+		return bpf_perf_link_fill_tracepoint(event, info);
+	case BPF_PROG_TYPE_KPROBE:
+		return bpf_perf_link_fill_probe(event, info);
+	default:
+		return -EOPNOTSUPP;
+	}
+}
+
 static const struct bpf_link_ops bpf_perf_link_lops = {
 	.release = bpf_perf_link_release,
 	.dealloc = bpf_perf_link_dealloc,
+	.fill_link_info = bpf_perf_link_fill_link_info,
 };
 
 static int bpf_perf_link_attach(const union bpf_attr *attr, struct bpf_prog *prog)
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 512ba3ba2ed3..7efe51672c15 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -1057,6 +1057,16 @@  enum bpf_link_type {
 	MAX_BPF_LINK_TYPE,
 };
 
+enum bpf_perf_event_type {
+	BPF_PERF_EVENT_UNSPEC = 0,
+	BPF_PERF_EVENT_UPROBE = 1,
+	BPF_PERF_EVENT_URETPROBE = 2,
+	BPF_PERF_EVENT_KPROBE = 3,
+	BPF_PERF_EVENT_KRETPROBE = 4,
+	BPF_PERF_EVENT_TRACEPOINT = 5,
+	BPF_PERF_EVENT_EVENT = 6,
+};
+
 /* cgroup-bpf attach flags used in BPF_PROG_ATTACH command
  *
  * NONE(default): No further bpf programs allowed in the subtree.
@@ -6444,6 +6454,31 @@  struct bpf_link_info {
 			__u32 count;
 			__u32 flags;
 		} kprobe_multi;
+		struct {
+			__u32 type; /* enum bpf_perf_event_type */
+			__u32 :32;
+			union {
+				struct {
+					__aligned_u64 file_name; /* in/out */
+					__u32 name_len;
+					__u32 offset;/* offset from file_name */
+				} uprobe; /* BPF_PERF_EVENT_UPROBE, BPF_PERF_EVENT_URETPROBE */
+				struct {
+					__aligned_u64 func_name; /* in/out */
+					__u32 name_len;
+					__u32 offset;/* offset from func_name */
+					__u64 addr;
+				} kprobe; /* BPF_PERF_EVENT_KPROBE, BPF_PERF_EVENT_KRETPROBE */
+				struct {
+					__aligned_u64 tp_name;   /* in/out */
+					__u32 name_len;
+				} tracepoint; /* BPF_PERF_EVENT_TRACEPOINT */
+				struct {
+					__u64 config;
+					__u32 type;
+				} event; /* BPF_PERF_EVENT_EVENT */
+			};
+		} perf_event;
 	};
 } __attribute__((aligned(8)));