Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events

From: Alexei Starovoitov
Date: Fri Aug 15 2014 - 02:08:18 EST

Next message: Borislav Petkov: "Re: [PATCH v4] x86, hotplug: fix llc shared map unreleased during cpu hotplug"
Previous message: rogerable: "[PATCH 1/2] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response"
In reply to: Brendan Gregg: "Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events"
Next in thread: Andy Lutomirski: "Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Aug 14, 2014 at 2:20 PM, Brendan Gregg
<brendan.d.gregg@xxxxxxxxx> wrote:
> On Wed, Aug 13, 2014 at 12:57 AM, Alexei Starovoitov <ast@xxxxxxxxxxxx> wrote:
> [...]
>> +/* For tracing filters save first six arguments of tracepoint events.
>> + * On 64-bit architectures argN fields will match one to one to arguments passed
>> + * to tracepoint events.
>> + * On 32-bit architectures u64 arguments to events will be seen into two
>> + * consecutive argN, argN+1 fields. Pointers, u32, u16, u8, bool types will
>> + * match one to one
>> + */
>> +struct bpf_context {
>> + unsigned long arg1;
>> + unsigned long arg2;
>> + unsigned long arg3;
>> + unsigned long arg4;
>> + unsigned long arg5;
>> + unsigned long arg6;
>> + unsigned long ret;
>> +};
>
> While this works, the argN+1 shift for 32-bit is a gotcha to learn.
> Lets say arg1 was 64-bit, and my program only examined arg2. I'd need
> two programs, one for 64-bit (using arg2) and 32-bit (arg3). If there

correct.
I've picked 'long' type for these tracepoint 'arguments' to match
what is going on at assembler level.
32-bit archs are passing 64-bit values in two consecutive registers
or two stack slots. So it's partially exposing architectural details.
I've tried to use u64 here, but it complicated tracepoint+ebpf patch
a lot, since I need per-architecture support for moving C arguments
into u64 variables and hacking tracepoint event definitions in a nasty
ways. This 'long' type approach is the least intrusive I could find.
Also out of 1842 total tracepoint fields, only 144 fields are 64-bit,
so rarely one would need to deal with u64. Most of the tracepoint
arguments are either longs, ints or pointers, which fits this approach
the best.
In general the eBPF design approach is to keep kernel bits as simple
as possible and move complexity to user space.
In this case some higher language than C for writing scripts can
hide this oddity.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Borislav Petkov: "Re: [PATCH v4] x86, hotplug: fix llc shared map unreleased during cpu hotplug"
Previous message: rogerable: "[PATCH 1/2] mmc: rtsx_pci_sdmmc: fix incorrect last byte in R2 response"
In reply to: Brendan Gregg: "Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events"
Next in thread: Andy Lutomirski: "Re: [PATCH RFC v4 net-next 17/26] tracing: allow eBPF programs to be attached to events"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]