• Andrii Nakryiko's avatar
    bpf: Allow to specify user-provided bpf_cookie for BPF perf links · 82e6b1ee
    Andrii Nakryiko authored
    Add ability for users to specify custom u64 value (bpf_cookie) when creating
    BPF link for perf_event-backed BPF programs (kprobe/uprobe, perf_event,
    tracepoints).
    
    This is useful for cases when the same BPF program is used for attaching and
    processing invocation of different tracepoints/kprobes/uprobes in a generic
    fashion, but such that each invocation is distinguished from each other (e.g.,
    BPF program can look up additional information associated with a specific
    kernel function without having to rely on function IP lookups). This enables
    new use cases to be implemented simply and efficiently that previously were
    possible only through code generation (and thus multiple instances of almost
    identical BPF program) or compilation at runtime (BCC-style) on target hosts
    (even more expensive resource-wise). For uprobes it is not even possible in
    some cases to know function IP before hand (e.g., when attaching to shared
    library without PID filtering, in which case base load address is not known
    for a library).
    
    This is done by storing u64 bpf_cookie in struct bpf_prog_array_item,
    corresponding to each attached and run BPF program. Given cgroup BPF programs
    already use two 8-byte pointers for their needs and cgroup BPF programs don't
    have (yet?) support for bpf_cookie, reuse that space through union of
    cgroup_storage and new bpf_cookie field.
    
    Make it available to kprobe/tracepoint BPF programs through bpf_trace_run_ctx.
    This is set by BPF_PROG_RUN_ARRAY, used by kprobe/uprobe/tracepoint BPF
    program execution code, which luckily is now also split from
    BPF_PROG_RUN_ARRAY_CG. This run context will be utilized by a new BPF helper
    giving access to this user-provided cookie value from inside a BPF program.
    Generic perf_event BPF programs will access this value from perf_event itself
    through passed in BPF program context.
    Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    Acked-by: default avatarYonghong Song <yhs@fb.com>
    Acked-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
    Link: https://lore.kernel.org/bpf/20210815070609.987780-6-andrii@kernel.org
    82e6b1ee
syscall.c 113 KB