Re: [PATCH 02/10] perf bpf filter: Implement event sample filtering
From: Namhyung Kim
Date: Thu Mar 16 2023 - 01:18:34 EST
On Wed, Mar 15, 2023 at 05:12:44PM -0300, Arnaldo Carvalho de Melo wrote:
> Em Wed, Mar 15, 2023 at 09:51:03AM -0700, Namhyung Kim escreveu:
> > On Wed, Mar 15, 2023 at 9:39 AM Arnaldo Carvalho de Melo
> > <acme@xxxxxxxxxx> wrote:
> > >
> > > Em Wed, Mar 15, 2023 at 01:24:37PM -0300, Arnaldo Carvalho de Melo escreveu:
> > > > Em Tue, Mar 14, 2023 at 04:42:29PM -0700, Namhyung Kim escreveu:
> > > > > The BPF program will be attached to a perf_event and be triggered when
> > > > > it overflows. It'd iterate the filters map and compare the sample
> > > > > value according to the expression. If any of them fails, the sample
> > > > > would be dropped.
> > > > >
> > > > > Also it needs to have the corresponding sample data for the expression
> > > > > so it compares data->sample_flags with the given value. To access the
> > > > > sample data, it uses the bpf_cast_to_kern_ctx() kfunc which was added
> > > > > in v6.2 kernel.
> > > > >
> > > > > Acked-by: Jiri Olsa <jolsa@xxxxxxxxxx>
> > > > > Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxxx>
> > > >
> > > >
> > > > I'm noticing this while building on a debian:11 container:
> > > >
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/bperf_leader.skel.h
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/bperf_follower.skel.h
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/func_latency.skel.h
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/bpf_prog_profiler.skel.h
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/kwork_trace.skel.h
> > > > GENSKEL /tmp/build/perf/util/bpf_skel/sample_filter.skel.h
> > > > libbpf: failed to find BTF for extern 'bpf_cast_to_kern_ctx' [21] section: -2
> > > > Error: failed to open BPF object file: No such file or directory
> > > > make[2]: *** [Makefile.perf:1085: /tmp/build/perf/util/bpf_skel/sample_filter.skel.h] Error 254
> > > > make[2]: *** Deleting file '/tmp/build/perf/util/bpf_skel/sample_filter.skel.h'
> > > > make[2]: *** Waiting for unfinished jobs....
> > > > make[1]: *** [Makefile.perf:236: sub-make] Error 2
> > > > make: *** [Makefile:70: all] Error 2
> > > > make: Leaving directory '/git/perf-6.3.0-rc1/tools/perf'
> > > > + exit 1
> > > > [perfbuilder@five 11]$
> > >
> > > Same thing on debian:10
> >
> > Hmm.. I thought extern symbols with__ksym are runtime
> > dependencies and it should build on old kernels too.
> >
> > BPF folks, any suggestions?
>
> Fedora 33 also fails, see below, but these work:
Maybe I can declare it as a weak symbol. How about this?
Thanks,
Namhyung
---8<---
diff --git a/tools/perf/util/bpf_skel/sample_filter.bpf.c b/tools/perf/util/bpf_skel/sample_filter.bpf.c
index 57e3c67d6d37..52cbdd1765cd 100644
--- a/tools/perf/util/bpf_skel/sample_filter.bpf.c
+++ b/tools/perf/util/bpf_skel/sample_filter.bpf.c
@@ -17,7 +17,7 @@ struct filters {
int dropped;
-void *bpf_cast_to_kern_ctx(void *) __ksym;
+void *bpf_cast_to_kern_ctx(void *) __ksym __weak;
/* new kernel perf_sample_data definition */
struct perf_sample_data___new {
@@ -118,6 +118,10 @@ int perf_sample_filter(void *ctx)
int group_result = 0;
int i;
+ /* no kernel context support, no filtering */
+ if (!bpf_cast_to_kern_ctx)
+ return 1;
+
kctx = bpf_cast_to_kern_ctx(ctx);
for (i = 0; i < MAX_FILTERS; i++) {