bpf: Introduce bpf_copy_branch_snapshot kfunc #9884
Closed
+184
−11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Asphaltt
force-pushed
the
bpf/tracing/lbr/rfc-v1
branch
4 times, most recently
from
7621cd8 to
a51aa19
Compare
Similar to bpf_get_func_ip helper, when introduce
bpf_copy_branch_snapshot kfunc, it has to store a pointer on the stack of
trampoline according to whether the kfunc is called.
However, if store the pointer beyond the IP address, the bpf_get_func_ip
helper will become unstable because it doesn't know whether there is
a pointer beyond the IP address. If store the pointer behind the IP
address, the kfunc is unable to access the pointer because it doesn't
know whether there is an IP address beyond the pointer.
To resolve it, store flags on the stack of trampoline. Then, the kfunc is
able to recognize whether there is an IP address beyond the pointer.
Instead of enlarging the stack size, store flags to the upper 4 bytes of
nregs, which is unused currently. And the bpf_get_func_{arg,arg_cnt,ret}
helpers are required to read nregs by reading 4 bytes.
In order to avoid corrupting non-x86_64 archs, add CONFIG_X86_64 check
to the bpf_get_func_{arg,arg_cnt,ret} helpers.
Signed-off-by: Leon Hwang <[email protected]>
Since PMU LBR is branch sensitive, the perf_snapshot_branch_stack function can capture the branch entries from trampoline entry to the call site in bpf program. However, these branch entries are meaningless to analyze the code logic of tracee. To elimiate such branch entries for tracing programs, it can read branch snapshot as soon as possible: 1. Call perf_snapshot_branch_stack at the very start of trampoline for fentry programs. 2. Call perf_snapshot_branch_stack after calling tracee immediately for fexit programs. As a result, the LBR will become useful even if there are many bpf programs before the one that requests LBR. Furthermore, more meaningful branch entries can be captured on AMD CPU, which has 16 LBR depth. Signed-off-by: Leon Hwang <[email protected]>
Introduce bpf_copy_branch_snapshot kfunc to copy the branch entries from 'im->br' to user provided buffer. Update 'dst_trampoline->flags' in verifier when bpf_copy_branch_snapshot kfunc is called. Therefore, branch entries will be captured when trampoline runs. Signed-off-by: Leon Hwang <[email protected]>
Add test case for bpf_copy_branch_snapshot kfunc by reusing the one of bpf_get_branch_snapshot helper. Signed-off-by: Leon Hwang <[email protected]>
Asphaltt
force-pushed
the
bpf/tracing/lbr/rfc-v1
branch
from
a51aa19 to
7e1c908
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.