[RFC PATCH v3 0/3] Introduce BPF map tracing capability
From: Joe Burton
Date: Mon Nov 01 2021 - 22:14:51 EST
From: Joe Burton <jevburton@xxxxxxxxxx>
This is the third version of a patch series implementing map tracing.
Map tracing enables executing BPF programs upon BPF map updates. This
might be useful to perform upgrades of stateful programs; e.g., tracing
programs can propagate changes to maps that occur during an upgrade
operation.
This version uses trampoline hooks to provide the capability.
fentry/fexit/fmod_ret programs can attach to two new functions:
int bpf_map_trace_update_elem(struct bpf_map* map, void* key,
void* val, u32 flags);
int bpf_map_trace_delete_elem(struct bpf_map* map, void* key);
These hooks work as intended for the following map types:
BPF_MAP_TYPE_ARRAY
BPF_MAP_TYPE_PERCPU_ARRAY
BPF_MAP_TYPE_HASH
BPF_MAP_TYPE_PERCPU_HASH
BPF_MAP_TYPE_LRU_HASH
BPF_MAP_TYPE_LRU_PERCPU_HASH
The only guarantee about the semantics of these hooks is that they execute
before the operation takes place. We cannot call them with locks held
because the hooked program might try to acquire the same locks. Thus they
may be invoked in situations where the traced map is not ultimately
updated.
The original proposal suggested exposing a function for each
(map type) x (access type). The problem I encountered is that e.g.
percpu hashtables use a custom function for some access types
(htab_percpu_map_update_elem) but a common function for others
(htab_map_delete_elem). Thus a userspace application would have to
maintain a unique list of functions to attach to for each map type;
moreover, this list could change across kernel versions. Map tracing is
easier to use with fewer functions, at the cost of tracing programs
being triggered more times.
To prevent the compiler from optimizing out the calls to my tracing
functions, I use the asm("") trick described in gcc's
__attribute__((noinline)) documentation. Experimentally, this trick
works with clang as well.
Joe Burton (3):
bpf: Add map tracing functions and call sites
bpf: Add selftests
bpf: Add real world example for map tracing
kernel/bpf/Makefile | 2 +-
kernel/bpf/arraymap.c | 6 +
kernel/bpf/hashtab.c | 25 ++
kernel/bpf/map_trace.c | 25 ++
kernel/bpf/map_trace.h | 18 +
.../selftests/bpf/prog_tests/map_trace.c | 422 ++++++++++++++++++
.../selftests/bpf/progs/bpf_map_trace.c | 95 ++++
.../bpf/progs/bpf_map_trace_common.h | 12 +
.../progs/bpf_map_trace_real_world_common.h | 125 ++++++
.../bpf_map_trace_real_world_migration.c | 102 +++++
.../bpf/progs/bpf_map_trace_real_world_new.c | 4 +
.../bpf/progs/bpf_map_trace_real_world_old.c | 5 +
12 files changed, 840 insertions(+), 1 deletion(-)
create mode 100644 kernel/bpf/map_trace.c
create mode 100644 kernel/bpf/map_trace.h
create mode 100644 tools/testing/selftests/bpf/prog_tests/map_trace.c
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace.c
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace_common.h
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace_real_world_common.h
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace_real_world_migration.c
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace_real_world_new.c
create mode 100644 tools/testing/selftests/bpf/progs/bpf_map_trace_real_world_old.c
--
2.33.1.1089.g2158813163f-goog