| Message ID | 164191321766.806991.7930388561276940676.stgit@devnote2 (mailing list archive) |
|---|---|
| Headers | show |
| Series | fprobe: Introduce fprobe function entry/exit probe | expand |
On Wed, Jan 12, 2022 at 12:00:17AM +0900, Masami Hiramatsu wrote: > Hi Jiri, > > Here is a short series of patches, which shows what I replied > to your series. > > This introduces the fprobe, the function entry/exit probe with > multiple probe point support. This also introduces the rethook > for hooking function return, which I cloned from kretprobe. > > I also rewrite your [08/13] bpf patch to use this fprobe instead > of kprobes. I didn't tested that one, but the sample module seems > to work. Please test bpf part with your libbpf updates. > > BTW, while implementing the fprobe, I introduced the per-probe > point private data, but I'm not sure why you need it. It seems > that data is not used from bpf... > > If this is good for you, I would like to proceed this with > the rethook and rewrite the kretprobe to use the rethook to > hook the functions. That should be much cleaner (and easy to > prepare for the fgraph tracer integration) What is the speed of attach/detach of thousands fprobes?
Hi Alexei, On Tue, 11 Jan 2022 14:39:44 -0800 Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote: > On Wed, Jan 12, 2022 at 12:00:17AM +0900, Masami Hiramatsu wrote: > > Hi Jiri, > > > > Here is a short series of patches, which shows what I replied > > to your series. > > > > This introduces the fprobe, the function entry/exit probe with > > multiple probe point support. This also introduces the rethook > > for hooking function return, which I cloned from kretprobe. > > > > I also rewrite your [08/13] bpf patch to use this fprobe instead > > of kprobes. I didn't tested that one, but the sample module seems > > to work. Please test bpf part with your libbpf updates. > > > > BTW, while implementing the fprobe, I introduced the per-probe > > point private data, but I'm not sure why you need it. It seems > > that data is not used from bpf... > > > > If this is good for you, I would like to proceed this with > > the rethook and rewrite the kretprobe to use the rethook to > > hook the functions. That should be much cleaner (and easy to > > prepare for the fgraph tracer integration) > > What is the speed of attach/detach of thousands fprobes? I've treaked my example module and it shows below result; /lib/modules/5.16.0-rc4+/kernel/samples/fprobe # time insmod ./fprobe_example.ko symbol='btrfs_*' [ 187.095925] fprobe_init: 1028 symbols found [ 188.521694] fprobe_init: Planted fprobe at btrfs_* real 0m 1.47s user 0m 0.00s sys 0m 1.36s I think using ftrace_set_filter_ips() can make it faster. (maybe it needs to drop per-probe point private data, that prevents fprobe to use that interface) Thank you,
On Wed, 12 Jan 2022 16:33:53 +0900 Masami Hiramatsu <mhiramat@kernel.org> wrote: > Hi Alexei, > > On Tue, 11 Jan 2022 14:39:44 -0800 > Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote: > > > On Wed, Jan 12, 2022 at 12:00:17AM +0900, Masami Hiramatsu wrote: > > > Hi Jiri, > > > > > > Here is a short series of patches, which shows what I replied > > > to your series. > > > > > > This introduces the fprobe, the function entry/exit probe with > > > multiple probe point support. This also introduces the rethook > > > for hooking function return, which I cloned from kretprobe. > > > > > > I also rewrite your [08/13] bpf patch to use this fprobe instead > > > of kprobes. I didn't tested that one, but the sample module seems > > > to work. Please test bpf part with your libbpf updates. > > > > > > BTW, while implementing the fprobe, I introduced the per-probe > > > point private data, but I'm not sure why you need it. It seems > > > that data is not used from bpf... > > > > > > If this is good for you, I would like to proceed this with > > > the rethook and rewrite the kretprobe to use the rethook to > > > hook the functions. That should be much cleaner (and easy to > > > prepare for the fgraph tracer integration) > > > > What is the speed of attach/detach of thousands fprobes? > > I've treaked my example module and it shows below result; > > /lib/modules/5.16.0-rc4+/kernel/samples/fprobe # time insmod ./fprobe_example.ko > symbol='btrfs_*' > [ 187.095925] fprobe_init: 1028 symbols found > [ 188.521694] fprobe_init: Planted fprobe at btrfs_* > real 0m 1.47s > user 0m 0.00s > sys 0m 1.36s > > I think using ftrace_set_filter_ips() can make it faster. > (maybe it needs to drop per-probe point private data, that > prevents fprobe to use that interface) OK, I've updated fprobes to use the ftrace_set_filter_ips() and got below result. /lib/modules/5.16.0-rc4+/kernel/samples/fprobe # time insmod fprobe_example.ko s ymbol='btrfs_*' [ 36.130947] fprobe_init: 1028 symbols found [ 36.177901] fprobe_init: Planted fprobe at btrfs_* real 0m 0.08s user 0m 0.00s sys 0m 0.07s Let me update the series :) Thank you,
Hi Jiri, Here is a short series of patches, which shows what I replied to your series. This introduces the fprobe, the function entry/exit probe with multiple probe point support. This also introduces the rethook for hooking function return, which I cloned from kretprobe. I also rewrite your [08/13] bpf patch to use this fprobe instead of kprobes. I didn't tested that one, but the sample module seems to work. Please test bpf part with your libbpf updates. BTW, while implementing the fprobe, I introduced the per-probe point private data, but I'm not sure why you need it. It seems that data is not used from bpf... If this is good for you, I would like to proceed this with the rethook and rewrite the kretprobe to use the rethook to hook the functions. That should be much cleaner (and easy to prepare for the fgraph tracer integration) Thank you, --- Jiri Olsa (1): bpf: Add kprobe link for attaching raw kprobes Masami Hiramatsu (5): fprobe: Add ftrace based probe APIs rethook: Add a generic return hook rethook: x86: Add rethook x86 implementation fprobe: Add exit_handler support fprobe: Add sample program for fprobe arch/x86/Kconfig | 1 arch/x86/kernel/Makefile | 1 arch/x86/kernel/rethook.c | 115 ++++++++++++++++++++ include/linux/bpf_types.h | 1 include/linux/fprobes.h | 75 +++++++++++++ include/linux/rethook.h | 74 +++++++++++++ include/linux/sched.h | 3 + include/uapi/linux/bpf.h | 12 ++ kernel/bpf/syscall.c | 199 +++++++++++++++++++++++++++++++++- kernel/exit.c | 2 kernel/fork.c | 3 + kernel/trace/Kconfig | 22 ++++ kernel/trace/Makefile | 2 kernel/trace/fprobes.c | 187 ++++++++++++++++++++++++++++++++ kernel/trace/rethook.c | 226 +++++++++++++++++++++++++++++++++++++++ samples/Kconfig | 6 + samples/Makefile | 1 samples/fprobe/Makefile | 3 + samples/fprobe/fprobe_example.c | 103 ++++++++++++++++++ tools/include/uapi/linux/bpf.h | 12 ++ 20 files changed, 1043 insertions(+), 5 deletions(-) create mode 100644 arch/x86/kernel/rethook.c create mode 100644 include/linux/fprobes.h create mode 100644 include/linux/rethook.h create mode 100644 kernel/trace/fprobes.c create mode 100644 kernel/trace/rethook.c create mode 100644 samples/fprobe/Makefile create mode 100644 samples/fprobe/fprobe_example.c -- Masami Hiramatsu (Linaro) <mhiramat@kernel.org>