a ksym BPF iterator would be useful as it would allow more flexible
interactions with kernel symbols than are currently supported; it could
for example create more efficient map representations for lookup,
speed up symbol resolution etc.
The idea was initially discussed here [1].
Changes since v3 [2]:
- use late_initcall() to register iter; means we are both consistent
with other iters and can encapsulate all iter-specific code in
kallsyms.c in CONFIG_BPF_SYSCALL (Alexei, Yonghong, patch 1).
Changes since v2 [3]:
- set iter->show_value on initialization based on current creds
and use it in selftest to determine if we show values
(Yonghong, patches 1/2)
- inline iter registration into kallsyms_init (Yonghong, patch 1)
Changes since RFC [4]:
- change name of iterator (and associated structures/fields) to "ksym"
(Andrii, patches 1, 2)
- remove dependency on CONFIG_PROC_FS; it was used for other BPF
iterators, and I assumed it was needed because of seq ops but I
don't think it is required on digging futher (Andrii, patch 1)
[1] https://lore.kernel.org/all/YjRPZj6Z8vuLeEZo@krava/
[2] https://lore.kernel.org/bpf/[email protected]
[3] https://lore.kernel.org/bpf/[email protected]/
[4] https://lore.kernel.org/all/[email protected]/
Alan Maguire (2):
bpf: add a ksym BPF iterator
selftests/bpf: add a ksym iter subtest
kernel/kallsyms.c | 95 +++++++++++++++++++++++
tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 16 ++++
tools/testing/selftests/bpf/progs/bpf_iter_ksym.c | 74 ++++++++++++++++++
3 files changed, 185 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_ksym.c
--
1.8.3.1
add subtest verifying BPF ksym iter behaviour. The BPF ksym
iter program shows an example of dumping a format different to
/proc/kallsyms. It adds KIND and MAX_SIZE fields which represent the
kind of symbol (core kernel, module, ftrace, bpf, or kprobe) and
the maximum size the symbol can be. The latter is calculated from
the difference between current symbol value and the next symbol
value.
The key benefit for this iterator will likely be supporting in-kernel
data-gathering rather than dumping symbol details to userspace and
parsing the results.
Signed-off-by: Alan Maguire <[email protected]>
Acked-by: Yonghong Song <[email protected]>
---
tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 16 +++++
tools/testing/selftests/bpf/progs/bpf_iter_ksym.c | 74 +++++++++++++++++++++++
2 files changed, 90 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_ksym.c
diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
index 7ff5fa9..a33874b 100644
--- a/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
+++ b/tools/testing/selftests/bpf/prog_tests/bpf_iter.c
@@ -27,6 +27,7 @@
#include "bpf_iter_test_kern5.skel.h"
#include "bpf_iter_test_kern6.skel.h"
#include "bpf_iter_bpf_link.skel.h"
+#include "bpf_iter_ksym.skel.h"
static int duration;
@@ -1120,6 +1121,19 @@ static void test_link_iter(void)
bpf_iter_bpf_link__destroy(skel);
}
+static void test_ksym_iter(void)
+{
+ struct bpf_iter_ksym *skel;
+
+ skel = bpf_iter_ksym__open_and_load();
+ if (!ASSERT_OK_PTR(skel, "bpf_iter_ksym__open_and_load"))
+ return;
+
+ do_dummy_read(skel->progs.dump_ksym);
+
+ bpf_iter_ksym__destroy(skel);
+}
+
#define CMP_BUFFER_SIZE 1024
static char task_vma_output[CMP_BUFFER_SIZE];
static char proc_maps_output[CMP_BUFFER_SIZE];
@@ -1267,4 +1281,6 @@ void test_bpf_iter(void)
test_buf_neg_offset();
if (test__start_subtest("link-iter"))
test_link_iter();
+ if (test__start_subtest("ksym"))
+ test_ksym_iter();
}
diff --git a/tools/testing/selftests/bpf/progs/bpf_iter_ksym.c b/tools/testing/selftests/bpf/progs/bpf_iter_ksym.c
new file mode 100644
index 0000000..285c008
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/bpf_iter_ksym.c
@@ -0,0 +1,74 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2022, Oracle and/or its affiliates. */
+#include "bpf_iter.h"
+#include <bpf/bpf_helpers.h>
+
+char _license[] SEC("license") = "GPL";
+
+unsigned long last_sym_value = 0;
+
+static inline char tolower(char c)
+{
+ if (c >= 'A' && c <= 'Z')
+ c += ('a' - 'A');
+ return c;
+}
+
+static inline char toupper(char c)
+{
+ if (c >= 'a' && c <= 'z')
+ c -= ('a' - 'A');
+ return c;
+}
+
+/* Dump symbols with max size; the latter is calculated by caching symbol N value
+ * and when iterating on symbol N+1, we can print max size of symbol N via
+ * address of N+1 - address of N.
+ */
+SEC("iter/ksym")
+int dump_ksym(struct bpf_iter__ksym *ctx)
+{
+ struct seq_file *seq = ctx->meta->seq;
+ struct kallsym_iter *iter = ctx->ksym;
+ __u32 seq_num = ctx->meta->seq_num;
+ unsigned long value;
+ char type;
+ int ret;
+
+ if (!iter)
+ return 0;
+
+ if (seq_num == 0) {
+ BPF_SEQ_PRINTF(seq, "ADDR TYPE NAME MODULE_NAME KIND MAX_SIZE\n");
+ return 0;
+ }
+ if (last_sym_value)
+ BPF_SEQ_PRINTF(seq, "0x%x\n", iter->value - last_sym_value);
+ else
+ BPF_SEQ_PRINTF(seq, "\n");
+
+ value = iter->show_value ? iter->value : 0;
+
+ last_sym_value = value;
+
+ type = iter->type;
+
+ if (iter->module_name[0]) {
+ type = iter->exported ? toupper(type) : tolower(type);
+ BPF_SEQ_PRINTF(seq, "0x%llx %c %s [ %s ] ",
+ value, type, iter->name, iter->module_name);
+ } else {
+ BPF_SEQ_PRINTF(seq, "0x%llx %c %s ", value, type, iter->name);
+ }
+ if (!iter->pos_arch_end || iter->pos_arch_end > iter->pos)
+ BPF_SEQ_PRINTF(seq, "CORE ");
+ else if (!iter->pos_mod_end || iter->pos_mod_end > iter->pos)
+ BPF_SEQ_PRINTF(seq, "MOD ");
+ else if (!iter->pos_ftrace_mod_end || iter->pos_ftrace_mod_end > iter->pos)
+ BPF_SEQ_PRINTF(seq, "FTRACE_MOD ");
+ else if (!iter->pos_bpf_end || iter->pos_bpf_end > iter->pos)
+ BPF_SEQ_PRINTF(seq, "BPF ");
+ else
+ BPF_SEQ_PRINTF(seq, "KPROBE ");
+ return 0;
+}
--
1.8.3.1
add a "ksym" iterator which provides access to a "struct kallsym_iter"
for each symbol. Intent is to support more flexible symbol parsing
as discussed in [1].
[1] https://lore.kernel.org/all/YjRPZj6Z8vuLeEZo@krava/
Suggested-by: Alexei Starovoitov <[email protected]>
Signed-off-by: Alan Maguire <[email protected]>
Acked-by: Yonghong Song <[email protected]>
---
kernel/kallsyms.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
index fbdf8d3..5748020 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -30,6 +30,7 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/bsearch.h>
+#include <linux/btf_ids.h>
/*
* These will be re-linked against their real values
@@ -799,6 +800,100 @@ static int s_show(struct seq_file *m, void *p)
.show = s_show
};
+#ifdef CONFIG_BPF_SYSCALL
+
+struct bpf_iter__ksym {
+ __bpf_md_ptr(struct bpf_iter_meta *, meta);
+ __bpf_md_ptr(struct kallsym_iter *, ksym);
+};
+
+static int ksym_prog_seq_show(struct seq_file *m, bool in_stop)
+{
+ struct bpf_iter__ksym ctx;
+ struct bpf_iter_meta meta;
+ struct bpf_prog *prog;
+
+ meta.seq = m;
+ prog = bpf_iter_get_info(&meta, in_stop);
+ if (!prog)
+ return 0;
+
+ ctx.meta = &meta;
+ ctx.ksym = m ? m->private : NULL;
+ return bpf_iter_run_prog(prog, &ctx);
+}
+
+static int bpf_iter_ksym_seq_show(struct seq_file *m, void *p)
+{
+ return ksym_prog_seq_show(m, false);
+}
+
+static void bpf_iter_ksym_seq_stop(struct seq_file *m, void *p)
+{
+ if (!p)
+ (void) ksym_prog_seq_show(m, true);
+ else
+ s_stop(m, p);
+}
+
+static const struct seq_operations bpf_iter_ksym_ops = {
+ .start = s_start,
+ .next = s_next,
+ .stop = bpf_iter_ksym_seq_stop,
+ .show = bpf_iter_ksym_seq_show,
+};
+
+static int bpf_iter_ksym_init(void *priv_data, struct bpf_iter_aux_info *aux)
+{
+ struct kallsym_iter *iter = priv_data;
+
+ reset_iter(iter, 0);
+
+ /* cache here as in kallsyms_open() case; use current process
+ * credentials to tell BPF iterators if values should be shown.
+ */
+ iter->show_value = kallsyms_show_value(current_cred());
+
+ return 0;
+}
+
+DEFINE_BPF_ITER_FUNC(ksym, struct bpf_iter_meta *meta, struct kallsym_iter *ksym)
+
+static const struct bpf_iter_seq_info ksym_iter_seq_info = {
+ .seq_ops = &bpf_iter_ksym_ops,
+ .init_seq_private = bpf_iter_ksym_init,
+ .fini_seq_private = NULL,
+ .seq_priv_size = sizeof(struct kallsym_iter),
+};
+
+static struct bpf_iter_reg ksym_iter_reg_info = {
+ .target = "ksym",
+ .ctx_arg_info_size = 1,
+ .ctx_arg_info = {
+ { offsetof(struct bpf_iter__ksym, ksym),
+ PTR_TO_BTF_ID_OR_NULL },
+ },
+ .seq_info = &ksym_iter_seq_info,
+};
+
+BTF_ID_LIST(btf_ksym_iter_id)
+BTF_ID(struct, kallsym_iter)
+
+static int __init bpf_ksym_iter_register(void)
+{
+ int ret;
+
+ ksym_iter_reg_info.ctx_arg_info[0].btf_id = *btf_ksym_iter_id;
+ ret = bpf_iter_reg_target(&ksym_iter_reg_info);
+ if (ret)
+ pr_warn("Warning: could not register bpf ksym iterator: %d\n", ret);
+ return ret;
+}
+
+late_initcall(bpf_ksym_iter_register);
+
+#endif /* CONFIG_BPF_SYSCALL */
+
static inline int kallsyms_for_perf(void)
{
#ifdef CONFIG_PERF_EVENTS
--
1.8.3.1
On Wed, Jul 6, 2022 at 6:17 AM Alan Maguire <[email protected]> wrote:
>
> add a "ksym" iterator which provides access to a "struct kallsym_iter"
> for each symbol. Intent is to support more flexible symbol parsing
> as discussed in [1].
>
> [1] https://lore.kernel.org/all/YjRPZj6Z8vuLeEZo@krava/
>
> Suggested-by: Alexei Starovoitov <[email protected]>
> Signed-off-by: Alan Maguire <[email protected]>
> Acked-by: Yonghong Song <[email protected]>
> ---
> kernel/kallsyms.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 95 insertions(+)
>
LGTM, except for unnecessary pr_warn(), see below
[...]
> +
> +BTF_ID_LIST(btf_ksym_iter_id)
> +BTF_ID(struct, kallsym_iter)
> +
> +static int __init bpf_ksym_iter_register(void)
> +{
> + int ret;
> +
> + ksym_iter_reg_info.ctx_arg_info[0].btf_id = *btf_ksym_iter_id;
> + ret = bpf_iter_reg_target(&ksym_iter_reg_info);
> + if (ret)
> + pr_warn("Warning: could not register bpf ksym iterator: %d\n", ret);
we don't emit such warnings for some other iterators I checked (map,
link, etc). Do we really need this? It's very unlikely to happen
anyways.
> + return ret;
> +}
> +
> +late_initcall(bpf_ksym_iter_register);
> +
> +#endif /* CONFIG_BPF_SYSCALL */
> +
> static inline int kallsyms_for_perf(void)
> {
> #ifdef CONFIG_PERF_EVENTS
> --
> 1.8.3.1
>
On Wed, Jul 6, 2022 at 6:17 AM Alan Maguire <[email protected]> wrote:
>
> add subtest verifying BPF ksym iter behaviour. The BPF ksym
> iter program shows an example of dumping a format different to
> /proc/kallsyms. It adds KIND and MAX_SIZE fields which represent the
> kind of symbol (core kernel, module, ftrace, bpf, or kprobe) and
> the maximum size the symbol can be. The latter is calculated from
> the difference between current symbol value and the next symbol
> value.
>
> The key benefit for this iterator will likely be supporting in-kernel
> data-gathering rather than dumping symbol details to userspace and
> parsing the results.
>
> Signed-off-by: Alan Maguire <[email protected]>
> Acked-by: Yonghong Song <[email protected]>
> ---
Please see progs/bpf_iter.h and add ksym iterator types there. Thanks!
> tools/testing/selftests/bpf/prog_tests/bpf_iter.c | 16 +++++
> tools/testing/selftests/bpf/progs/bpf_iter_ksym.c | 74 +++++++++++++++++++++++
> 2 files changed, 90 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/progs/bpf_iter_ksym.c
>
[...]
Hi Alan,
On Wed, Jul 6, 2022 at 6:17 AM Alan Maguire <[email protected]> wrote:
>
> add a "ksym" iterator which provides access to a "struct kallsym_iter"
> for each symbol. Intent is to support more flexible symbol parsing
> as discussed in [1].
>
> [1] https://lore.kernel.org/all/YjRPZj6Z8vuLeEZo@krava/
>
> Suggested-by: Alexei Starovoitov <[email protected]>
> Signed-off-by: Alan Maguire <[email protected]>
> Acked-by: Yonghong Song <[email protected]>
> ---
> kernel/kallsyms.c | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 95 insertions(+)
>
[...]
> +
> +static struct bpf_iter_reg ksym_iter_reg_info = {
> + .target = "ksym",
> + .ctx_arg_info_size = 1,
> + .ctx_arg_info = {
> + { offsetof(struct bpf_iter__ksym, ksym),
> + PTR_TO_BTF_ID_OR_NULL },
> + },
> + .seq_info = &ksym_iter_seq_info,
> +};
> +
Can we add allow resched here?
.feature = BPF_ITER_RESCHED,
I think this will improve the responsiveness of the kernel when iterating ksyms.
Thanks,
Hao
> +BTF_ID_LIST(btf_ksym_iter_id)
> +BTF_ID(struct, kallsym_iter)
> +
> +static int __init bpf_ksym_iter_register(void)
> +{
> + int ret;
> +
> + ksym_iter_reg_info.ctx_arg_info[0].btf_id = *btf_ksym_iter_id;
> + ret = bpf_iter_reg_target(&ksym_iter_reg_info);
> + if (ret)
> + pr_warn("Warning: could not register bpf ksym iterator: %d\n", ret);
> + return ret;
> +}
> +
> +late_initcall(bpf_ksym_iter_register);
> +
> +#endif /* CONFIG_BPF_SYSCALL */
> +
> static inline int kallsyms_for_perf(void)
> {
> #ifdef CONFIG_PERF_EVENTS
> --
> 1.8.3.1
>