Re: [RFC] bpf: Suggestion on bpf syscall interface

From: He Kuang
Date: Sun Mar 29 2015 - 23:14:46 EST

Next message: AKASHI Takahiro: "Re: [PATCH 3/5] arm64: kdump: do not go into EL2 before starting a crash dump kernel"
Previous message: Mike Galbraith: "Re: [RFC PATCH] sched: Add cpu based entries to debugfs"
In reply to: Daniel Borkmann: "Re: [RFC] bpf: Suggestion on bpf syscall interface"
Next in thread: Alexei Starovoitov: "Re: [RFC] bpf: Suggestion on bpf syscall interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2015/3/29 1:21, Alexei Starovoitov wrote:

On 3/28/15 4:36 AM, He Kuang wrote:

Hi, Alexei

In our end-end IO module project, we use bpf maps to record
configurations. According to current bpf syscall interface, we
should specify map_fd to lookup/update bpf maps, so we are
restricted to do config in the same user program.

you can pass map_fd and prog_fd from one process to another via normal
scm_rights mechanism.

In our current use case, we add a bpf probe point in sys_write()
as the entry of IO procedure, this bpf point will return true on
some conditions, and then trigger bpf chain on IO path, for
example:

SEC("kprobe/sys_write")
int NODE_sys_write(struct pt_regs *ctx) {
...
struct parameters *param = bpf_map_lookup_elem(&parameters_map, &index);
if(param->num_samples % param->sample_rate !=0)
return 0;
...
/* extract characters from this sampled point, fill it to another map */
bpf_map_update_elem(&TRIGGER_mpage_submit_page_HASH, (void**)__b__buf, &value, BPF_ANY);
return 1;
...
SEC("kprobe/mpage_submit_page")
int NODE_mpage_submit_page(struct pt_regs *ctx) {
...
/* lookup filter table */
value = (struct table_value*)bpf_map_lookup_elem(&TRIGGER_mpage_submit_page_HASH, (void**)__b__buf);
if (!value) return 0;
...

By using current bpf syscalls, we should keep the program which
attaches bpf programs running background, use it or some other
processes communicate with it to adjust maps parameters, like
sample rate for sys_write.

What we hope is to use bpf maps/progs like kernel-modules or
kprobes, one process inserts them to kernel, then they detactch
from that process, and allow us to configure them with sysfs. For
example:

$ perf probe --add='sys_write'
$ perf record -e probe:sys_open -aR sleep 1

In current implementation, we have to use a large and relative
heavy daemon to deal with loading, configuration, adjusting and
unloading works together.

Thanks.

My suggestion is to export this kind of operations to sysfs, so
we can load&attach bpf progs and config it seperately. We
implement this feature in our demo project. What's your opinion
on this?

Eventually we may use single sysfs file for lsmod-like listings, but I
definitely don't want to create parallel interface to maps via sysfs.
It's way too expensive and not really suitable for binary key/values.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: AKASHI Takahiro: "Re: [PATCH 3/5] arm64: kdump: do not go into EL2 before starting a crash dump kernel"
Previous message: Mike Galbraith: "Re: [RFC PATCH] sched: Add cpu based entries to debugfs"
In reply to: Daniel Borkmann: "Re: [RFC] bpf: Suggestion on bpf syscall interface"
Next in thread: Alexei Starovoitov: "Re: [RFC] bpf: Suggestion on bpf syscall interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]