On Fri, Sep 8, 2017 at 12:21 PM, carlos antonio neira bustos via iovisor-dev <iovisor-dev@lists.iovisor.org> wrote:
> Hi, > > I'm trying to add new helpers to obtain a pid namespace, I'm working on > kernel 4.13 > > --- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.000000000 > -0700 > +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c > 2017-09-07 > 18:52:40.839525862 -0700 > @@ -18,6 +18,7 @@ > #include <linux/sched.h> > #include <linux/uidgid.h> > #include <linux/filter.h> > +#include <linux/pid_namespace.h> > > /* If kernel subsystem is allowing eBPF programs to call this function, > * inside its own verifier_ops->get_func_proto() callback it should return > @@ -179,3 +180,64 @@ > .arg1_type = ARG_PTR_TO_UNINIT_MEM, > .arg2_type = ARG_CONST_SIZE, > }; > + > +BPF_CALL_0(bpf_get_current_pid_ns) > +{ > +#ifdef CONFIG_PID_NS > + struct pid_namespace *current_ns = > + task_active_pid_ns(current); > + > + if (unlikely(!current_ns)) > + return -EINVAL; > + > + return (long) current_ns; > +#else > + > + return 0; > +#endif > + > +} > + > +const struct bpf_func_proto bpf_get_current_pid_ns_proto = { > + .func = bpf_get_current_pid_ns, > + .gpl_only = false, > + .ret_type = RET_INTEGER, > +}; > + > +BPF_CALL_0(bpf_get_current_ns_id) > +{ > + struct task_struct *ts = current; > + > + if (unlikely(!ts)) > + return -EINVAL; > + > + return (unsigned int) > + ts->nsproxy->pid_ns_for_children->ns.inum; > + > +} > + > +const struct bpf_func_proto bpf_get_current_ns_id_proto = { > + .func = bpf_get_current_ns_id, > + .gpl_only = false, > + .ret_type = RET_INTEGER, > +}; > + > +BPF_CALL_0(bpf_get_current_pid) > +{ > + struct task_struct *ts = current; > + > + if (unlikely(!ts)) > + return -EINVAL; > + > + pid_t pid = task_pid_vnr(ts); > + > + return (u64) ts->tgid << 32 | pid; > +} > + > +const struct bpf_func_proto bpf_get_current_pid_proto = { > + .func = bpf_get_current_pid, > + .gpl_only = false, > + .ret_type = RET_INTEGER, > +}; > + > + > I wanted to integrate this on bcc tools, so I added these helpers on > bcc/src/cc/compat/linux/virtual_bpf.h > bcc/src/cc/compat/linux/bpf.h > bcc/src/cc/export/helpers.h > bcc/src/cc/export/helpers.h > > then just to test one of them I modified bcc/tools/funccount.py > > --- funccount.py 2017-09-08 12:14:57.601604654 -0700 > +++ /home/cnb/bcc-new-helpers/bcc/tools/funccount.py 2017-09-07 > 20:27:32.982815146 -0700 > @@ -185,7 +185,7 @@ > # the top 32 bits of bpf_get_current_pid_tgid(). > if self.pid: > trace_count_text = trace_count_text.replace('FILTER', > - """u32 pid = bpf_get_current_pid_tgid() >> 32; > + """u32 pid = bpf_get_current_pid() >> 32; > if (pid != %d) { return 0; }""" % self.pid) > else: > trace_count_text = trace_count_text.replace('FILTER', '') > > > but I'm getting this error > > cnb@Debian9:~/bcc/tools$ sudo /usr/share/bcc/tools/funccount -p 385 > c:malloc > bpf: Invalid argument > 0: (85) call unknown#51 > invalid func unknown#51 > Failed to load BPF program trace_count_0: Invalid argument > > > Is something that I'm missing on the bcc side or on bpf side ? > In kernel, you need to add your function proto to kprobe_prog_func_proto in kernel/trace/bpf_trace.c > > Bests > > > _______________________________________________ > iovisor-dev mailing list > iovisor-dev@lists.iovisor.org > https://lists.iovisor.org/mailman/listinfo/iovisor-dev > >
_______________________________________________ iovisor-dev mailing list iovisor-dev@lists.iovisor.org https://lists.iovisor.org/mailman/listinfo/iovisor-dev