linux/samples/bpf
Daniel T. Lee af9bd3e333 samples: bpf: Fix bpf programs with kprobe/sys_connect event
Currently, BPF programs with kprobe/sys_connect does not work properly.

Commit 34745aed51 ("samples/bpf: fix kprobe attachment issue on x64")
This commit modifies the bpf_load behavior of kprobe events in the x64
architecture. If the current kprobe event target starts with "sys_*",
add the prefix "__x64_" to the front of the event.

Appending "__x64_" prefix with kprobe/sys_* event was appropriate as a
solution to most of the problems caused by the commit below.

    commit d5a00528b5 ("syscalls/core, syscalls/x86: Rename struct
    pt_regs-based sys_*() to __x64_sys_*()")

However, there is a problem with the sys_connect kprobe event that does
not work properly. For __sys_connect event, parameters can be fetched
normally, but for __x64_sys_connect, parameters cannot be fetched.

    ffffffff818d3520 <__x64_sys_connect>:
    ffffffff818d3520: e8 fb df 32 00        callq   0xffffffff81c01520
    <__fentry__>
    ffffffff818d3525: 48 8b 57 60           movq    96(%rdi), %rdx
    ffffffff818d3529: 48 8b 77 68           movq    104(%rdi), %rsi
    ffffffff818d352d: 48 8b 7f 70           movq    112(%rdi), %rdi
    ffffffff818d3531: e8 1a ff ff ff        callq   0xffffffff818d3450
    <__sys_connect>
    ffffffff818d3536: 48 98                 cltq
    ffffffff818d3538: c3                    retq
    ffffffff818d3539: 0f 1f 80 00 00 00 00  nopl    (%rax)

As the assembly code for __x64_sys_connect shows, parameters should be
fetched and set into rdi, rsi, rdx registers prior to calling
__sys_connect.

Because of this problem, this commit fixes the sys_connect event by
first getting the value of the rdi register and then the value of the
rdi, rsi, and rdx register through an offset based on that value.

Fixes: 34745aed51 ("samples/bpf: fix kprobe attachment issue on x64")
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200707184855.30968-2-danieltimlee@gmail.com
2020-07-08 01:32:14 +02:00
..
.gitignore samples, bpf: Add tracex7 test file to .gitignore 2020-05-19 17:13:00 +02:00
asm_goto_workaround.h samples/bpf: Add a workaround for asm_inline 2019-10-03 17:37:11 +02:00
bpf_insn.h selftests: bpf: functional and min/max reasoning unit tests for JMP32 2019-01-26 13:33:02 -08:00
bpf_load.c samples, bpf: Move read_trace_pipe to trace_helpers 2020-03-23 22:27:51 +01:00
bpf_load.h samples, bpf: Move read_trace_pipe to trace_helpers 2020-03-23 22:27:51 +01:00
cookie_uid_helper_example.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
cpustat_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
cpustat_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
do_hbm_test.sh bpf: Add support for fq's EDT to HBM 2019-07-03 15:03:00 +02:00
fds_example.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
hash_func01.h samples/bpf: add Paul Hsieh's (LGPL 2.1) hash function SuperFastHash 2018-08-10 16:07:49 +02:00
hbm_edt_kern.c bpf: Add support for fq's EDT to HBM 2019-07-03 15:03:00 +02:00
hbm_kern.h samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
hbm_out_kern.c bpf: Add more stats to HBM 2019-05-31 16:41:29 -07:00
hbm.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
hbm.h bpf: Add more stats to HBM 2019-05-31 16:41:29 -07:00
ibumad_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
ibumad_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
lathist_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
lathist_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
lwt_len_hist_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
lwt_len_hist_user.c samples: bpf: Fix build error 2020-05-14 12:37:39 -07:00
lwt_len_hist.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Makefile samples, bpf: Refactor tail call user progs with libbpf 2020-05-19 17:12:56 +02:00
Makefile.target samples/bpf: Add makefile.target for separate CC target build 2019-10-12 16:08:59 -07:00
map_perf_test_kern.c samples: bpf: Fix bpf programs with kprobe/sys_connect event 2020-07-08 01:32:14 +02:00
map_perf_test_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
offwaketime_kern.c samples/bpf: Remove compiler warnings 2020-05-13 12:30:50 -07:00
offwaketime_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
parse_ldabs.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
parse_simple.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
parse_varlen.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
README.rst samples/bpf: adjust Makefile and README.rst 2019-11-11 21:42:09 -08:00
run_cookie_uid_helper_example.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sampleip_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
sampleip_user.c samples, bpf: Refactor pointer error check with libbpf 2020-05-19 17:12:49 +02:00
sock_example.c samples: bpf: force IPv4 in ping 2019-03-01 00:53:45 +01:00
sock_example.h samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
sock_flags_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
sockex1_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
sockex1_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
sockex2_kern.c samples/bpf: Remove compiler warnings 2020-05-13 12:30:50 -07:00
sockex2_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
sockex3_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
sockex3_user.c samples, bpf: Refactor tail call user progs with libbpf 2020-05-19 17:12:56 +02:00
spintest_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
spintest_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
syscall_nrs.c samples: bpf: syscall_nrs: use mmap2 if defined 2019-08-21 14:31:38 +02:00
syscall_tp_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
syscall_tp_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
task_fd_query_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
task_fd_query_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tc_l2_redirect_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tc_l2_redirect_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
tc_l2_redirect.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcbpf1_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_basertt_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_bpf.readme samples/bpf: fix tcp_bpf.readme detach command 2019-07-03 16:52:02 +02:00
tcp_bufs_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_clamp_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_cong_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_dumpstats_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_iw_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_rwnd_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_synrto_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tcp_tos_reflect_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_cgrp2_array_pin.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_cgrp2_attach.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
test_cgrp2_sock2.c samples/bpf: test_cgrp2_sock2: fix an off by one 2018-07-16 15:01:09 -07:00
test_cgrp2_sock2.sh samples/bpf: detach prog from cgroup 2018-03-02 00:16:36 +01:00
test_cgrp2_sock.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
test_cgrp2_sock.sh samples/bpf: detach prog from cgroup 2018-03-02 00:16:36 +01:00
test_cgrp2_tc_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_cgrp2_tc.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_cls_bpf.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_current_task_under_cgroup_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_current_task_under_cgroup_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_ipip.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_lru_dist.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_lwt_bpf.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_lwt_bpf.sh License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
test_map_in_map_kern.c samples: bpf: Fix bpf programs with kprobe/sys_connect event 2020-07-08 01:32:14 +02:00
test_map_in_map_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_overhead_kprobe_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_overhead_raw_tp_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_overhead_tp_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
test_overhead_user.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
test_override_return.sh samples/bpf: add a test for bpf_override_return 2017-12-12 09:02:40 -08:00
test_probe_write_user_kern.c samples: bpf: Fix bpf programs with kprobe/sys_connect event 2020-07-08 01:32:14 +02:00
test_probe_write_user_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
trace_common.h samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
trace_event_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
trace_event_user.c samples, bpf: Refactor pointer error check with libbpf 2020-05-19 17:12:49 +02:00
trace_output_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
trace_output_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tracex1_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tracex1_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
tracex2_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
tracex2_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
tracex3_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
tracex3_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
tracex4_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
tracex4_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
tracex5_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
tracex5_user.c samples, bpf: Refactor tail call user progs with libbpf 2020-05-19 17:12:56 +02:00
tracex6_kern.c samples, bpf: Refactor kprobe, tail call kern progs map definition 2020-05-19 17:13:03 +02:00
tracex6_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
tracex7_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
tracex7_user.c samples, bpf: Refactor kprobe tracing user progs with libbpf 2020-05-19 17:12:53 +02:00
xdp1_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp1_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp2_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp2skb_meta_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp2skb_meta.sh samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh 2018-07-10 09:19:01 +02:00
xdp_adjust_tail_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_adjust_tail_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_fwd_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_fwd_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_monitor_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_monitor_user.c bpf, xdp, samples: Fix null pointer dereference in *_user code 2020-06-16 14:55:35 +02:00
xdp_redirect_cpu_kern.c samples/bpf: xdp_redirect_cpu: Set MAX_CPUS according to NR_CPUS 2020-05-14 18:27:00 -07:00
xdp_redirect_cpu_user.c bpf, xdp, samples: Fix null pointer dereference in *_user code 2020-06-16 14:55:35 +02:00
xdp_redirect_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_redirect_map_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_redirect_map_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_redirect_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_router_ipv4_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_router_ipv4_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_rxq_info_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_rxq_info_user.c bpf, xdp, samples: Fix null pointer dereference in *_user code 2020-06-16 14:55:35 +02:00
xdp_sample_pkts_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_sample_pkts_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_tx_iptunnel_common.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 206 2019-05-30 11:29:53 -07:00
xdp_tx_iptunnel_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdp_tx_iptunnel_user.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdpsock_kern.c samples/bpf: Use consistent include paths for libbpf 2020-01-20 16:37:45 -08:00
xdpsock_user.c samples: bpf: Allow for -ENETDOWN in xdpsock 2020-02-05 22:06:09 +01:00
xdpsock.h samples/bpf: Add XDP_SHARED_UMEM support to xdpsock 2019-11-10 19:30:45 -08:00

eBPF sample programs
====================

This directory contains a test stubs, verifier test-suite and examples
for using eBPF. The examples use libbpf from tools/lib/bpf.

Build dependencies
==================

Compiling requires having installed:
 * clang >= version 3.4.0
 * llvm >= version 3.7.1

Note that LLVM's tool 'llc' must support target 'bpf', list version
and supported targets with command: ``llc --version``

Clean and configuration
-----------------------

It can be needed to clean tools, samples or kernel before trying new arch or
after some changes (on demand)::

 make -C tools clean
 make -C samples/bpf clean
 make clean

Configure kernel, defconfig for instance::

 make defconfig

Kernel headers
--------------

There are usually dependencies to header files of the current kernel.
To avoid installing devel kernel headers system wide, as a normal
user, simply call::

 make headers_install

This will creates a local "usr/include" directory in the git/build top
level directory, that the make system automatically pickup first.

Compiling
=========

For building the BPF samples, issue the below command from the kernel
top level directory::

 make M=samples/bpf

It is also possible to call make from this directory.  This will just
hide the invocation of make as above.

Manually compiling LLVM with 'bpf' support
------------------------------------------

Since version 3.7.0, LLVM adds a proper LLVM backend target for the
BPF bytecode architecture.

By default llvm will build all non-experimental backends including bpf.
To generate a smaller llc binary one can use::

 -DLLVM_TARGETS_TO_BUILD="BPF"

Quick sniplet for manually compiling LLVM and clang
(build dependencies are cmake and gcc-c++)::

 $ git clone http://llvm.org/git/llvm.git
 $ cd llvm/tools
 $ git clone --depth 1 http://llvm.org/git/clang.git
 $ cd ..; mkdir build; cd build
 $ cmake .. -DLLVM_TARGETS_TO_BUILD="BPF;X86"
 $ make -j $(getconf _NPROCESSORS_ONLN)

It is also possible to point make to the newly compiled 'llc' or
'clang' command via redefining LLC or CLANG on the make command line::

 make M=samples/bpf LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang

Cross compiling samples
-----------------------
In order to cross-compile, say for arm64 targets, export CROSS_COMPILE and ARCH
environment variables before calling make. But do this before clean,
cofiguration and header install steps described above. This will direct make to
build samples for the cross target::

 export ARCH=arm64
 export CROSS_COMPILE="aarch64-linux-gnu-"

Headers can be also installed on RFS of target board if need to keep them in
sync (not necessarily and it creates a local "usr/include" directory also)::

 make INSTALL_HDR_PATH=~/some_sysroot/usr headers_install

Pointing LLC and CLANG is not necessarily if it's installed on HOST and have
in its targets appropriate arm64 arch (usually it has several arches).
Build samples::

 make M=samples/bpf

Or build samples with SYSROOT if some header or library is absent in toolchain,
say libelf, providing address to file system containing headers and libs,
can be RFS of target board::

 make M=samples/bpf SYSROOT=~/some_sysroot