| Message ID | 20220808140626.422731-1-jolsa@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | bpf: Add tracing multi link | expand |
On Mon, Aug 8, 2022 at 7:06 AM Jiri Olsa <jolsa@kernel.org> wrote: > [...] > > Maybe better explained on following example: > > - you want to attach program P to functions A,B,C,D,E,F > via bpf_trampoline_multi_attach > > - D,E,F already have standard trampoline attached > > - the bpf_trampoline_multi_attach will create new 'multi' trampoline > which spans over A,B,C functions and attach program P to single > trampolines D,E,F IIUC, we have 4 trampolines (1 multi, 3 singles) at this moment? > > - another program can be attached to A,B,C,D,E,F multi trampoline > > - A,B,C functions are now 'not attachable' by any trampoline > until the above 'multi' trampoline is released I guess the limitation here is, multi trampolines cannot be splitted after attached. While multi trampoline is motivated by short term use cases like retsnoop, it is allowed to run them for extended periods of time. Then, this limitation might be a real issue in production. Thanks, Song > > - D,E,F functions are still attachable by any new trampoline >
On Mon, Aug 08, 2022 at 10:50:28AM -0700, Song Liu wrote: > On Mon, Aug 8, 2022 at 7:06 AM Jiri Olsa <jolsa@kernel.org> wrote: > > > [...] > > > > Maybe better explained on following example: > > > > - you want to attach program P to functions A,B,C,D,E,F > > via bpf_trampoline_multi_attach > > > > - D,E,F already have standard trampoline attached > > > > - the bpf_trampoline_multi_attach will create new 'multi' trampoline > > which spans over A,B,C functions and attach program P to single > > trampolines D,E,F > > IIUC, we have 4 trampolines (1 multi, 3 singles) at this moment? yes > > > > > - another program can be attached to A,B,C,D,E,F multi trampoline > > > > - A,B,C functions are now 'not attachable' by any trampoline > > until the above 'multi' trampoline is released > > I guess the limitation here is, multi trampolines cannot be splitted after > attached. While multi trampoline is motivated by short term use cases > like retsnoop, it is allowed to run them for extended periods of time. > Then, this limitation might be a real issue in production. I think it'd be possible to allow adding single trampoline on top of multi trampoline by removing that single id from it and creating single trampoline for that I also thought of possibility to convert intersection IDs of two multi trampolines into single trampolines.. but that might get slow if the common set is too big the difficulty for the common solution was that if you allow to split trampolines then bpf link can't carry pointers to trampolines because they can be split into multiple new trampolines, so link would need to store just array of IDs and use it to attach a program then un/linking program and doing intersections with stored trampolines and handling all the split cases turned out to be nightmare but perhaps there's another solution jirka
hi, this is another attempt to add batch attachment support for trampolines. The patchset adds support to create 'multi' trampoline that is attached to set of functions represented by BTF IDs. Previous post [0] tried to implement multi trampolines overlapping, but it turned out too complex, so I got back to simpler rules: (we can discuss possible overlapping changes on top this change) - multi trampoline can attach on top of existing single trampolines, which creates 2 types of function IDs: 1) single-IDs - functions that are attached within existing single trampolines 2) multi-IDs - functions that were 'not used' and are now taken by new 'multi' trampoline - we allow overlapping of 2 'multi' trampolines if they are attached to same IDs - we do now allow any other overlapping of 2 'multi' trampolines - any new 'single' trampoline cannot attach to existing multi-IDs IDs Maybe better explained on following example: - you want to attach program P to functions A,B,C,D,E,F via bpf_trampoline_multi_attach - D,E,F already have standard trampoline attached - the bpf_trampoline_multi_attach will create new 'multi' trampoline which spans over A,B,C functions and attach program P to single trampolines D,E,F - another program can be attached to A,B,C,D,E,F multi trampoline - A,B,C functions are now 'not attachable' by any trampoline until the above 'multi' trampoline is released - D,E,F functions are still attachable by any new trampoline Also now that we have trampoline helpers for function arguments, we can just simply use function declaration with maximum arguments for any multi trampoline or related single trampoline. There are couple of things missing in this post (that I know of), which I'll add when we agree that this is the way to go: - attaching by functions names - cookies support - find out better way of locking trampolines in bpf_trampoline_multi_attach and bpf_trampoline_multi_detach - bpf_tramp_update_set logic of calling multiple times register_ftrace_direct_multi function can be replaced by calling single update ftrace function that I have prototype for, but I will send it out separately to ftrace for review - arm trampoline code changes (won't compile now) - tests for error paths thanks, jirka [0] - https://lore.kernel.org/bpf/20211118112455.475349-1-jolsa@kernel.org/ --- Jiri Olsa (17): bpf: Link shimlink directly in trampoline bpf: Replace bpf_tramp_links with bpf_tramp_progs bpf: Store trampoline progs in arrays bpf: Add multi tracing attach types bpf: Add bpf_tramp_id object bpf: Pass image struct to reg/unreg/modify fentry functions bpf: Add support to postpone trampoline update bpf: Factor bpf_trampoline_lookup function bpf: Factor bpf_trampoline_put function bpf: Add support to attach program to multiple trampolines bpf: Add support to create tracing multi link libbpf: Add btf__find_by_glob_kind function libbpf: Add support to create tracing multi link selftests/bpf: Add fentry tracing multi func test selftests/bpf: Add fexit tracing multi func test selftests/bpf: Add fentry/fexit tracing multi func test selftests/bpf: Add mixed tracing multi func test arch/x86/net/bpf_jit_comp.c | 38 ++--- include/linux/bpf.h | 98 ++++++++---- include/linux/trace_events.h | 5 + include/uapi/linux/bpf.h | 7 + kernel/bpf/bpf_struct_ops.c | 30 ++-- kernel/bpf/syscall.c | 56 +++++-- kernel/bpf/trampoline.c | 723 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------- kernel/bpf/verifier.c | 8 +- kernel/trace/bpf_trace.c | 240 +++++++++++++++++++++++++++++ net/bpf/bpf_dummy_struct_ops.c | 16 +- net/bpf/test_run.c | 2 + tools/include/uapi/linux/bpf.h | 7 + tools/lib/bpf/bpf.c | 7 + tools/lib/bpf/bpf.h | 4 + tools/lib/bpf/btf.c | 41 +++++ tools/lib/bpf/btf.h | 3 + tools/lib/bpf/libbpf.c | 91 ++++++++++- tools/lib/bpf/libbpf.h | 14 ++ tools/lib/bpf/libbpf.map | 1 + tools/lib/bpf/libbpf_internal.h | 1 + tools/testing/selftests/bpf/Makefile | 9 +- tools/testing/selftests/bpf/prog_tests/tracing_multi.c | 158 ++++++++++++++++++++ tools/testing/selftests/bpf/progs/tracing_multi_check.c | 158 ++++++++++++++++++++ tools/testing/selftests/bpf/progs/tracing_multi_fentry.c | 17 +++ tools/testing/selftests/bpf/progs/tracing_multi_fentry_fexit.c | 28 ++++ tools/testing/selftests/bpf/progs/tracing_multi_fexit.c | 20 +++ tools/testing/selftests/bpf/progs/tracing_multi_mixed.c | 43 ++++++ 27 files changed, 1624 insertions(+), 201 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/tracing_multi.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_multi_check.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_multi_fentry.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_multi_fentry_fexit.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_multi_fexit.c create mode 100644 tools/testing/selftests/bpf/progs/tracing_multi_mixed.c