linux/samples/bpf
Sargun Dhillon 96ae522795 bpf: Add bpf_probe_write_user BPF helper to be called in tracers
This allows user memory to be written to during the course of a kprobe.
It shouldn't be used to implement any kind of security mechanism
because of TOC-TOU attacks, but rather to debug, divert, and
manipulate execution of semi-cooperative processes.

Although it uses probe_kernel_write, we limit the address space
the probe can write into by checking the space with access_ok.
We do this as opposed to calling copy_to_user directly, in order
to avoid sleeping. In addition we ensure the threads's current fs
/ segment is USER_DS and the thread isn't exiting nor a kernel thread.

Given this feature is meant for experiments, and it has a risk of
crashing the system, and running programs, we print a warning on
when a proglet that attempts to use this helper is installed,
along with the pid and process name.

Signed-off-by: Sargun Dhillon <sargun@sargun.me>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-25 18:07:48 -07:00
..
bpf_helpers.h bpf: Add bpf_probe_write_user BPF helper to be called in tracers 2016-07-25 18:07:48 -07:00
bpf_load.c Add sample for adding simple drop program to link 2016-07-19 21:46:32 -07:00
bpf_load.h samples/bpf: move ksym_search() into library 2016-03-08 15:28:32 -05:00
fds_example.c samples/bpf: add map_flags to bpf loader 2016-03-08 15:28:32 -05:00
lathist_kern.c bpf: BPF based latency tracing 2015-06-23 06:09:58 -07:00
lathist_user.c bpf: BPF based latency tracing 2015-06-23 06:09:58 -07:00
libbpf.c samples/bpf: add map_flags to bpf loader 2016-03-08 15:28:32 -05:00
libbpf.h samples/bpf: add map_flags to bpf loader 2016-03-08 15:28:32 -05:00
Makefile bpf: add sample for xdp forwarding and rewrite 2016-07-19 21:46:33 -07:00
map_perf_test_kern.c samples/bpf: add map performance test 2016-03-08 23:22:03 -05:00
map_perf_test_user.c samples/bpf: Fix build breakage with map_perf_test_user.c 2016-04-06 16:01:28 -04:00
offwaketime_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
offwaketime_user.c samples/bpf: move ksym_search() into library 2016-03-08 15:28:32 -05:00
parse_ldabs.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
parse_simple.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
parse_varlen.c samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
README.rst samples/bpf: like LLC also verify and allow redefining CLANG command 2016-04-29 14:26:08 -04:00
sock_example.c samples/bpf: add map_flags to bpf loader 2016-03-08 15:28:32 -05:00
sockex1_kern.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex1_user.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex2_kern.c samples: bpf: add skb->field examples and tests 2015-03-15 22:02:28 -04:00
sockex2_user.c samples/bpf: set max locked memory to ulimited 2016-06-25 12:03:46 -04:00
sockex3_kern.c bpf: allow programs to write to certain skb fields 2015-06-07 02:01:33 -07:00
sockex3_user.c samples/bpf: set max locked memory to ulimited 2016-06-25 12:03:46 -04:00
spintest_kern.c samples/bpf: Enable powerpc support 2016-04-06 16:01:29 -04:00
spintest_user.c samples/bpf: add bpf map stress test 2016-03-08 23:22:02 -05:00
tcbpf1_kern.c bpf: add bpf_redirect() helper 2015-09-17 21:09:07 -07:00
test_cgrp2_array_pin.c cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cgrp2_tc_kern.c cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cgrp2_tc.sh cgroup: bpf: Add an example to do cgroup checking in BPF 2016-07-01 16:32:13 -04:00
test_cls_bpf.sh samples/bpf: add 'pointer to packet' tests 2016-05-06 16:01:54 -04:00
test_maps.c samples/bpf: test both pre-alloc and normal maps 2016-03-08 15:28:32 -05:00
test_overhead_kprobe_kern.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_overhead_tp_kern.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_overhead_user.c samples/bpf: add tracepoint vs kprobe performance tests 2016-04-07 21:04:27 -04:00
test_verifier.c samples/bpf: add verifier tests 2016-05-06 16:01:54 -04:00
trace_output_kern.c samples/bpf: fix trace_output example 2016-04-28 17:29:45 -04:00
trace_output_user.c samples: bpf: add bpf_perf_event_output example 2015-10-22 06:42:15 -07:00
tracex1_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex1_user.c samples/bpf: Add simple non-portable kprobe filter example 2015-04-02 13:25:50 +02:00
tracex2_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex2_user.c samples/bpf: update tracex[23] examples to use per-cpu maps 2016-02-06 03:34:36 -05:00
tracex3_kern.c samples/bpf: update tracex[23] examples to use per-cpu maps 2016-02-06 03:34:36 -05:00
tracex3_user.c samples/bpf: update tracex[23] examples to use per-cpu maps 2016-02-06 03:34:36 -05:00
tracex4_kern.c samples/bpf: Enable powerpc support 2016-04-06 16:01:29 -04:00
tracex4_user.c samples/bpf: Add kmem_alloc()/free() tracker tool 2015-04-02 13:25:51 +02:00
tracex5_kern.c bpf, samples: don't zero data when not needed 2016-04-14 21:40:42 -04:00
tracex5_user.c samples/bpf: bpf_tail_call example for tracing 2015-05-21 17:07:59 -04:00
tracex6_kern.c bpf: fix build warnings and add function read_trace_pipe() 2015-08-12 16:39:12 -07:00
tracex6_user.c bpf: fix build warnings and add function read_trace_pipe() 2015-08-12 16:39:12 -07:00
xdp1_kern.c bpf: make xdp sample variable names more meaningful 2016-07-20 22:07:24 -07:00
xdp1_user.c Add sample for adding simple drop program to link 2016-07-19 21:46:32 -07:00
xdp2_kern.c bpf: make xdp sample variable names more meaningful 2016-07-20 22:07:24 -07:00

eBPF sample programs
====================

This directory contains a mini eBPF library, test stubs, verifier
test-suite and examples for using eBPF.

Build dependencies
==================

Compiling requires having installed:
 * clang >= version 3.4.0
 * llvm >= version 3.7.1

Note that LLVM's tool 'llc' must support target 'bpf', list version
and supported targets with command: ``llc --version``

Kernel headers
--------------

There are usually dependencies to header files of the current kernel.
To avoid installing devel kernel headers system wide, as a normal
user, simply call::

 make headers_install

This will creates a local "usr/include" directory in the git/build top
level directory, that the make system automatically pickup first.

Compiling
=========

For building the BPF samples, issue the below command from the kernel
top level directory::

 make samples/bpf/

Do notice the "/" slash after the directory name.

It is also possible to call make from this directory.  This will just
hide the the invocation of make as above with the appended "/".

Manually compiling LLVM with 'bpf' support
------------------------------------------

Since version 3.7.0, LLVM adds a proper LLVM backend target for the
BPF bytecode architecture.

By default llvm will build all non-experimental backends including bpf.
To generate a smaller llc binary one can use::

 -DLLVM_TARGETS_TO_BUILD="BPF"

Quick sniplet for manually compiling LLVM and clang
(build dependencies are cmake and gcc-c++)::

 $ git clone http://llvm.org/git/llvm.git
 $ cd llvm/tools
 $ git clone --depth 1 http://llvm.org/git/clang.git
 $ cd ..; mkdir build; cd build
 $ cmake .. -DLLVM_TARGETS_TO_BUILD="BPF;X86"
 $ make -j $(getconf _NPROCESSORS_ONLN)

It is also possible to point make to the newly compiled 'llc' or
'clang' command via redefining LLC or CLANG on the make command line::

 make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang