From 1f45b1d49073541947193bd7dac9e904142576aa Mon Sep 17 00:00:00 2001 From: Wang Nan Date: Wed, 14 Oct 2015 12:41:18 +0000 Subject: perf bpf: Attach eBPF filter to perf event This is the final patch which makes basic BPF filter work. After applying this patch, users are allowed to use BPF filter like: # perf record --event ./hello_world.o ls A bpf_fd field is appended to 'struct evsel', and setup during the callback function add_bpf_event() for each 'probe_trace_event'. PERF_EVENT_IOC_SET_BPF ioctl is used to attach eBPF program to a newly created perf event. The file descriptor of the eBPF program is passed to perf record using previous patches, and stored into evsel->bpf_fd. It is possible that different perf event are created for one kprobe events for different CPUs. In this case, when trying to call the ioctl, EEXIST will be return. This patch doesn't treat it as an error. Committer note: The bpf proggie used so far: __attribute__((section("fork=_do_fork"), used)) int fork(void *ctx) { return 0; } char _license[] __attribute__((section("license"), used)) = "GPL"; int _version __attribute__((section("version"), used)) = 0x40300; failed to produce any samples, even with forks happening and it being running in system wide mode. That is because now the filter is being associated, and the code above always returns zero, meaning that all forks will be probed but filtered away ;-/ Change it to 'return 1;' instead and after that: # trace --no-syscalls --event /tmp/foo.o 0.000 perf_bpf_probe:fork:(ffffffff8109be30)) 2.333 perf_bpf_probe:fork:(ffffffff8109be30)) 3.725 perf_bpf_probe:fork:(ffffffff8109be30)) 4.550 perf_bpf_probe:fork:(ffffffff8109be30)) ^C# And it works with all tools, including 'perf trace'. Signed-off-by: Wang Nan Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: Brendan Gregg Cc: Daniel Borkmann Cc: David Ahern Cc: He Kuang Cc: Jiri Olsa Cc: Kaixu Xia Cc: Masami Hiramatsu Cc: Namhyung Kim Cc: Peter Zijlstra Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/1444826502-49291-8-git-send-email-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/util/evsel.c | 17 +++++++++++++++++ tools/perf/util/evsel.h | 1 + tools/perf/util/parse-events.c | 6 ++++++ 3 files changed, 24 insertions(+) (limited to 'tools/perf') diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c index 3ac4ee9c6a6e..397fb4ed3c97 100644 --- a/tools/perf/util/evsel.c +++ b/tools/perf/util/evsel.c @@ -208,6 +208,7 @@ void perf_evsel__init(struct perf_evsel *evsel, evsel->unit = ""; evsel->scale = 1.0; evsel->evlist = NULL; + evsel->bpf_fd = -1; INIT_LIST_HEAD(&evsel->node); INIT_LIST_HEAD(&evsel->config_terms); perf_evsel__object.init(evsel); @@ -1356,6 +1357,22 @@ retry_open: err); goto try_fallback; } + + if (evsel->bpf_fd >= 0) { + int evt_fd = FD(evsel, cpu, thread); + int bpf_fd = evsel->bpf_fd; + + err = ioctl(evt_fd, + PERF_EVENT_IOC_SET_BPF, + bpf_fd); + if (err && errno != EEXIST) { + pr_err("failed to attach bpf fd %d: %s\n", + bpf_fd, strerror(errno)); + err = -EINVAL; + goto out_close; + } + } + set_rlimit = NO_CHANGE; /* diff --git a/tools/perf/util/evsel.h b/tools/perf/util/evsel.h index 1e8ff1906f71..0e49bd742c63 100644 --- a/tools/perf/util/evsel.h +++ b/tools/perf/util/evsel.h @@ -123,6 +123,7 @@ struct perf_evsel { char *group_name; bool cmdline_group_boundary; struct list_head config_terms; + int bpf_fd; }; union u64_swap { diff --git a/tools/perf/util/parse-events.c b/tools/perf/util/parse-events.c index d97b03710331..cee8c619ec7e 100644 --- a/tools/perf/util/parse-events.c +++ b/tools/perf/util/parse-events.c @@ -542,6 +542,7 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd, struct __add_bpf_event_param *param = _param; struct parse_events_evlist *evlist = param->data; struct list_head *list = param->list; + struct perf_evsel *pos; int err; pr_debug("add bpf event %s:%s and attach bpf program %d\n", @@ -562,6 +563,11 @@ static int add_bpf_event(struct probe_trace_event *tev, int fd, } pr_debug("adding %s:%s\n", tev->group, tev->event); + list_for_each_entry(pos, &new_evsels, node) { + pr_debug("adding %s:%s to %p\n", + tev->group, tev->event, pos); + pos->bpf_fd = fd; + } list_splice(&new_evsels, list); return 0; } -- cgit v1.2.3