[PATCH 4/8] perf bpf: Attach eBPF filter to perf event

From: Arnaldo Carvalho de Melo
Date: Thu Oct 29 2015 - 19:07:42 EST

Next message: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf trace: Add cmd string table to decode sys_bpf first arg"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 8/8] perf unwind: Pass symbol source to libunwind"
In reply to: Arnaldo Carvalho de Melo: "[PATCH 8/8] perf unwind: Pass symbol source to libunwind"
Next in thread: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf trace: Add cmd string table to decode sys_bpf first arg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Wang Nan <wangnan0@xxxxxxxxxx>

This is the final patch which makes basic BPF filter work. After
applying this patch, users are allowed to use BPF filter like:

# perf record --event ./hello_world.o ls

A bpf_fd field is appended to 'struct evsel', and setup during the
callback function add_bpf_event() for each 'probe_trace_event'.

PERF_EVENT_IOC_SET_BPF ioctl is used to attach eBPF program to a newly
created perf event. The file descriptor of the eBPF program is passed to
perf record using previous patches, and stored into evsel->bpf_fd.

It is possible that different perf event are created for one kprobe
events for different CPUs. In this case, when trying to call the ioctl,
EEXIST will be return. This patch doesn't treat it as an error.

Committer note:

The bpf proggie used so far:

__attribute__((section("fork=_do_fork"), used))
int fork(void *ctx)
{
return 0;
}

char _license[] __attribute__((section("license"), used)) = "GPL";
int _version __attribute__((section("version"), used)) = 0x40300;

failed to produce any samples, even with forks happening and it being
running in system wide mode.

That is because now the filter is being associated, and the code above
always returns zero, meaning that all forks will be probed but filtered
away ;-/

Change it to 'return 1;' instead and after that:

# trace --no-syscalls --event /tmp/foo.o
0.000 perf_bpf_probe:fork:(ffffffff8109be30))
2.333 perf_bpf_probe:fork:(ffffffff8109be30))
3.725 perf_bpf_probe:fork:(ffffffff8109be30))
4.550 perf_bpf_probe:fork:(ffffffff8109be30))
^C#

And it works with all tools, including 'perf trace'.

Signed-off-by: Wang Nan <wangnan0@xxxxxxxxxx>
Tested-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
Cc: Alexei Starovoitov <ast@xxxxxxxxxxxx>
Cc: Brendan Gregg <brendan.d.gregg@xxxxxxxxx>
Cc: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
Cc: David Ahern <dsahern@xxxxxxxxx>
Cc: He Kuang <hekuang@xxxxxxxxxx>
Cc: Jiri Olsa <jolsa@xxxxxxxxxx>
Cc: Kaixu Xia <xiakaixu@xxxxxxxxxx>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@xxxxxxxxxxx>
Cc: Namhyung Kim <namhyung@xxxxxxxxxx>
Cc: Peter Zijlstra <a.p.zijlstra@xxxxxxxxx>
Cc: Zefan Li <lizefan@xxxxxxxxxx>
Cc: pi3orama@xxxxxxx
Link: http://lkml.kernel.org/r/1444826502-49291-8-git-send-email-wangnan0@xxxxxxxxxx
Signed-off-by: Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
---
tools/perf/util/evsel.c | 17 +++++++++++++++++
tools/perf/util/evsel.h | 1 +
tools/perf/util/parse-events.c | 6 ++++++
3 files changed, 24 insertions(+)

diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c
index 3ac4ee9c6a6e..397fb4ed3c97 100644
--- a/tools/perf/util/evsel.c
+++ b/tools/perf/util/evsel.c
@@ -208,6 +208,7 @@ void perf_evsel__init(struct perf_evsel *evsel,
evsel->unit = "";
evsel->scale = 1.0;
evsel->evlist = NULL;
+ evsel->bpf_fd = -1;
INIT_LIST_HEAD(&evsel->node);
INIT_LIST_HEAD(&evsel->config_terms);
perf_evsel__object.init(evsel);
@@ -1356,6 +1357,22 @@ retry_open:
err);
goto try_fallback;
}
+
+ if (evsel->bpf_fd >= 0) {
+ int evt_fd = FD(evsel, cpu, thread);
+ int bpf_fd = evsel->bpf_fd;
+
+ err = ioctl(evt_fd,
+ PERF_EVENT_IOC_SET_BPF,
+ bpf_fd);
+ if (err && errno != EEXIST) {
+ pr_err("failed to attach bpf fd %d: %s\n",
+ bpf_fd, strerror(errno));
+ err = -EINVAL;
+ goto out_close;
+ }
+ }
+
set_rlimit = NO_CHANGE;

/*
diff --git a/tools/perf/util/evsel.h b/tools/perf/util/evsel.h
index 1e8ff1906f71..0e49bd742c63 100644
--- a/tools/perf/util/evsel.h
+++ b/tools/perf/util/evsel.h
@@ -123,6 +123,7 @@ struct perf_evsel {
char *group_name;
bool cmdline_group_boundary;
struct list_head config_terms;
+ int bpf_fd;
};

union u64_swap {
diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c
index d97b03710331..cee8c619ec7e 100644
--- a/tools/perf/util/parse-events.c
+++ b/tools/perf/util/parse-events.c
@@ -542,6 +542,7 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
struct __add_bpf_event_param *param = _param;
struct parse_events_evlist *evlist = param->data;
struct list_head *list = param->list;
+ struct perf_evsel *pos;
int err;

pr_debug("add bpf event %s:%s and attach bpf program %d\n",
@@ -562,6 +563,11 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
}
pr_debug("adding %s:%s\n", tev->group, tev->event);

+ list_for_each_entry(pos, &new_evsels, node) {
+ pr_debug("adding %s:%s to %p\n",
+ tev->group, tev->event, pos);
+ pos->bpf_fd = fd;
+ }
list_splice(&new_evsels, list);
return 0;
}
--
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf trace: Add cmd string table to decode sys_bpf first arg"
Previous message: Arnaldo Carvalho de Melo: "[PATCH 8/8] perf unwind: Pass symbol source to libunwind"
In reply to: Arnaldo Carvalho de Melo: "[PATCH 8/8] perf unwind: Pass symbol source to libunwind"
Next in thread: Arnaldo Carvalho de Melo: "[PATCH 1/8] perf trace: Add cmd string table to decode sys_bpf first arg"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]