Add support for symbolizing BPF kernel program addresses #854
Commits on Oct 22, 2024
-
Add infrastructure for building BPF test programs
Add the infrastructure necessary for building BPF programs that we intend to use for testing purposes. Also, add a first test program that that will attach to the getpid system call and which provides the means for conveying the address of a function that is part of this program to user space, where it will eventually act as symbolization input. Signed-off-by: Daniel Müller <[email protected]>
-
Add test infrastructure for loading and triggering BPF program
Add infrastructure for loading and then triggering a BPF program from a test. This will form the basis for testing of BPF kernel program symbolization. Signed-off-by: Daniel Müller <[email protected]>
-
Rename the Ksym type to Kfunc. This will allow us to repurpose Ksym with upcoming changes. Signed-off-by: Daniel Müller <[email protected]>
-
Make Kfunc to ResolvedSym conversion fallible
Adjust the functionality for converting from Kfunc to ResolvedSym to be fallible and stop relying on the From trait for that purpose. We will eventually end up including a bit more information in the conversion and so let's instead roll with a dedicated conversion method on the Kfunc type itself. We need fallibility because this new method acts as an "abstract interface" for additional implementations coming in the future and which will be fallible. Signed-off-by: Daniel Müller <[email protected]>
-
Make Kfunc to SymInfo conversion fallible
Similar to what we did earlier for the conversion from Kfunc to ResolvedSym, make the conversion from Kfunc to SymInfo fallible. Signed-off-by: Daniel Müller <[email protected]>
-
Introduce the Ksym enumeration, which currently only has a single variant containing a Kfunc. With upcoming changes it will also provide support for BPF programs. Signed-off-by: Daniel Müller <[email protected]>
-
Recognize and parse BPF programs in kallsyms
Add support for parsing BPF programs listed in kallsyms. Currently, while parsed specially, they don't provide more symbol information than regular kernel functions, but the BPF sub-system provides the means for retrieving symbol and even source code information about each. This will be tapped into subsequently. As a first step towards exposing this functionality, make sure to parse them as first-class entities. Signed-off-by: Daniel Müller <[email protected]>
-
Add bindings for querying BPF program information
Add low-level system call bindings for querying BPF program information from the kernel. We need this logic to iterate over available programs and for retrieving meta-data such as the program's tag. The alternative of relying on libbpf-rs and higher level primitives was discarded given the minimal nature of support we require here. There is simply no justification for all the dependency bloat that libbpf-sys et al pull in. Signed-off-by: Daniel Müller <[email protected]>
-
This change adds basic BTF support, as later required. Specifically, we add the means for opening BTF information via a system call, as well as the means for parsing a BTF blob and extracting strings at given offsets. Signed-off-by: Daniel Müller <[email protected]>
-
Introduce BPF program info cache
The kernel does not seem to allow us to query BPF program information given a BPF program tag. Rather, the workflow is to iterate over all BPF programs and find the one with a given tag this way. Because there could potentially be many programs active, this can be a costly operation that we may not want to execute all the time. To make the result of BPF program iteration reusable, this change introduces an easy to use cache for this data. Signed-off-by: Daniel Müller <[email protected]>
-
Add support for symbolizing BPF program kernel addresses
This change adds the remaining plumbing for symbolizing BPF program kernel addresses. When a kernel address falls into a BPF program, we query all the necessary information to see if the kernel is able to provide us with source code information about said address and furnish up the corresponding CodeInfo object to include it in the symbolization result. Closes: libbpf#826 Signed-off-by: Daniel Müller <[email protected]>
-
Enable kernel options for necessary BPF support
Enable necessary kernel options for us to run our BPF based testing infrastructure. Signed-off-by: Daniel Müller <[email protected]>
-
Install necessary dependencies in CI
With the introduction of libbpf-rs as a dev-dependency we require additional system dependencies as part of various CI jobs. Install them. Signed-off-by: Daniel Müller <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.