linux/tools/lib
Andrii Nakryiko 6f5d467d55 libbpf: improve BPF_KPROBE_SYSCALL macro and rename it to BPF_KSYSCALL
Improve BPF_KPROBE_SYSCALL (and rename it to shorter BPF_KSYSCALL to
match libbpf's SEC("ksyscall") section name, added in next patch) to use
__kconfig variable to determine how to properly fetch syscall arguments.

Instead of relying on hard-coded knowledge of whether kernel's
architecture uses syscall wrapper or not (which only reflects the latest
kernel versions, but is not necessarily true for older kernels and won't
necessarily hold for later kernel versions on some particular host
architecture), determine this at runtime by attempting to create
perf_event (with fallback to kprobe event creation through tracefs on
legacy kernels, just like kprobe attachment code is doing) for kernel
function that would correspond to bpf() syscall on a system that has
CONFIG_ARCH_HAS_SYSCALL_WRAPPER set (e.g., for x86-64 it would try
'__x64_sys_bpf').

If host kernel uses syscall wrapper, syscall kernel function's first
argument is a pointer to struct pt_regs that then contains syscall
arguments. In such case we need to use bpf_probe_read_kernel() to fetch
actual arguments (which we do through BPF_CORE_READ() macro) from inner
pt_regs.

But if the kernel doesn't use syscall wrapper approach, input
arguments can be read from struct pt_regs directly with no probe reading.

All this feature detection is done without requiring /proc/config.gz
existence and parsing, and BPF-side helper code uses newly added
LINUX_HAS_SYSCALL_WRAPPER virtual __kconfig extern to keep in sync with
user-side feature detection of libbpf.

BPF_KSYSCALL() macro can be used both with SEC("kprobe") programs that
define syscall function explicitly (e.g., SEC("kprobe/__x64_sys_bpf"))
and SEC("ksyscall") program added in the next patch (which are the same
kprobe program with added benefit of libbpf determining correct kernel
function name automatically).

Kretprobe and kretsyscall (added in next patch) programs don't need
BPF_KSYSCALL as they don't provide access to input arguments. Normal
BPF_KRETPROBE is completely sufficient and is recommended.

Tested-by: Alan Maguire <alan.maguire@oracle.com>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/r/20220714070755.3235561-4-andrii@kernel.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-07-19 09:33:18 -07:00
..
api Kbuild updates for v5.18 2022-03-31 11:59:03 -07:00
bpf libbpf: improve BPF_KPROBE_SYSCALL macro and rename it to BPF_KSYSCALL 2022-07-19 09:33:18 -07:00
perf libperf evsel: Open shouldn't leak fd on failure 2022-06-19 10:41:43 -03:00
subcmd libsubcmd: Fix OPTION_GROUP sorting 2022-04-22 12:32:01 +02:00
symbol
thermal tools/lib/thermal: remove unneeded semicolon 2022-05-19 12:11:52 +02:00
traceevent libtraceevent: Add __rel_loc relative location attribute support 2021-12-06 15:37:22 -05:00
argv_split.c
bitmap.c bitmap: Fix return values to be unsigned 2022-06-03 06:52:58 -07:00
ctype.c
find_bit.c tools: sync tools/bitmap with mother linux 2022-01-15 08:47:31 -08:00
hweight.c
list_sort.c tools lib: Adopt list_sort() from the kernel sources 2021-10-20 10:30:59 -03:00
rbtree.c
slab.c tools: Move gfp.h and slab.h from radix-tree to lib 2022-02-20 08:44:37 +02:00
str_error_r.c
string.c
vsprintf.c
zalloc.c