perf bpf: Attach eBPF filter to perf event

This is the final patch which makes basic BPF filter work. After
applying this patch, users are allowed to use BPF filter like:

 # perf record --event ./hello_world.o ls

A bpf_fd field is appended to 'struct evsel', and setup during the
callback function add_bpf_event() for each 'probe_trace_event'.

PERF_EVENT_IOC_SET_BPF ioctl is used to attach eBPF program to a newly
created perf event. The file descriptor of the eBPF program is passed to
perf record using previous patches, and stored into evsel->bpf_fd.

It is possible that different perf event are created for one kprobe
events for different CPUs. In this case, when trying to call the ioctl,
EEXIST will be return. This patch doesn't treat it as an error.

Committer note:

The bpf proggie used so far:

  __attribute__((section("fork=_do_fork"), used))
  int fork(void *ctx)
  {
	  return 0;
  }

  char _license[] __attribute__((section("license"), used)) = "GPL";
  int _version __attribute__((section("version"), used)) = 0x40300;

failed to produce any samples, even with forks happening and it being
running in system wide mode.

That is because now the filter is being associated, and the code above
always returns zero, meaning that all forks will be probed but filtered
away ;-/

Change it to 'return 1;' instead and after that:

  # trace --no-syscalls --event /tmp/foo.o
     0.000 perf_bpf_probe:fork:(ffffffff8109be30))
     2.333 perf_bpf_probe:fork:(ffffffff8109be30))
     3.725 perf_bpf_probe:fork:(ffffffff8109be30))
     4.550 perf_bpf_probe:fork:(ffffffff8109be30))
  ^C#

And it works with all tools, including 'perf trace'.

Signed-off-by: Wang Nan <wangnan0@huawei.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: David Ahern <dsahern@gmail.com>
Cc: He Kuang <hekuang@huawei.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Kaixu Xia <xiakaixu@huawei.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Zefan Li <lizefan@huawei.com>
Cc: pi3orama@163.com
Link: http://lkml.kernel.org/r/1444826502-49291-8-git-send-email-wangnan0@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
This commit is contained in:
Wang Nan 2015-10-14 12:41:18 +00:00 committed by Arnaldo Carvalho de Melo
parent 50f1e6d043
commit 1f45b1d490
3 changed files with 24 additions and 0 deletions

View File

@ -208,6 +208,7 @@ void perf_evsel__init(struct perf_evsel *evsel,
evsel->unit = "";
evsel->scale = 1.0;
evsel->evlist = NULL;
evsel->bpf_fd = -1;
INIT_LIST_HEAD(&evsel->node);
INIT_LIST_HEAD(&evsel->config_terms);
perf_evsel__object.init(evsel);
@ -1356,6 +1357,22 @@ retry_open:
err);
goto try_fallback;
}
if (evsel->bpf_fd >= 0) {
int evt_fd = FD(evsel, cpu, thread);
int bpf_fd = evsel->bpf_fd;
err = ioctl(evt_fd,
PERF_EVENT_IOC_SET_BPF,
bpf_fd);
if (err && errno != EEXIST) {
pr_err("failed to attach bpf fd %d: %s\n",
bpf_fd, strerror(errno));
err = -EINVAL;
goto out_close;
}
}
set_rlimit = NO_CHANGE;
/*

View File

@ -123,6 +123,7 @@ struct perf_evsel {
char *group_name;
bool cmdline_group_boundary;
struct list_head config_terms;
int bpf_fd;
};
union u64_swap {

View File

@ -542,6 +542,7 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
struct __add_bpf_event_param *param = _param;
struct parse_events_evlist *evlist = param->data;
struct list_head *list = param->list;
struct perf_evsel *pos;
int err;
pr_debug("add bpf event %s:%s and attach bpf program %d\n",
@ -562,6 +563,11 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd,
}
pr_debug("adding %s:%s\n", tev->group, tev->event);
list_for_each_entry(pos, &new_evsels, node) {
pr_debug("adding %s:%s to %p\n",
tev->group, tev->event, pos);
pos->bpf_fd = fd;
}
list_splice(&new_evsels, list);
return 0;
}