linux/samples/bpf
Daniel T. Lee 5a86381321 samples: bpf: fix: error handling regarding kprobe_events
Currently, kprobe_events failure won't be handled properly.
Due to calling system() indirectly to write to kprobe_events,
it can't be identified whether an error is derived from kprobe or system.

    // buf = "echo '%c:%s %s' >> /s/k/d/t/kprobe_events"
    err = system(buf);
    if (err < 0) {
        printf("failed to create kprobe ..");
        return -1;
    }

For example, running ./tracex7 sample in ext4 partition,
"echo p:open_ctree open_ctree >> /s/k/d/t/kprobe_events"
gets 256 error code system() failure.
=> The error comes from kprobe, but it's not handled correctly.

According to man of system(3), it's return value
just passes the termination status of the child shell
rather than treating the error as -1. (don't care success)

Which means, currently it's not working as desired.
(According to the upper code snippet)

    ex) running ./tracex7 with ext4 env.
    # Current Output
    sh: echo: I/O error
    failed to open event open_ctree

    # Desired Output
    failed to create kprobe 'open_ctree' error 'No such file or directory'

The problem is, error can't be verified whether from child ps
or system. But using write() directly can verify the command
failure, and it will treat all error as -1. So I suggest using
write() directly to 'kprobe_events' rather than calling system().

Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-11-23 22:39:09 +01:00
..
.gitignore samples/bpf: add .gitignore file 2018-07-05 09:58:53 +02:00
bpf_insn.h samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
bpf_load.c samples: bpf: fix: error handling regarding kprobe_events 2018-11-23 22:39:09 +01:00
bpf_load.h samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
cookie_uid_helper_example.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
cpustat_kern.c samples/bpf: Add program for CPU state statistics 2018-02-26 10:54:02 +01:00
cpustat_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
fds_example.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
hash_func01.h samples/bpf: add Paul Hsieh's (LGPL 2.1) hash function SuperFastHash 2018-08-10 16:07:49 +02:00
lathist_kern.c
lathist_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
load_sock_ops.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
lwt_len_hist_kern.c
lwt_len_hist_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
lwt_len_hist.sh
Makefile tools/bpf: do not use pahole if clang/llvm can generate BTF sections 2018-11-20 10:54:39 -08:00
map_perf_test_kern.c
map_perf_test_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
offwaketime_kern.c
offwaketime_user.c samples/bpf: move common-purpose trace functions to selftests 2018-04-29 08:45:54 -07:00
parse_ldabs.c
parse_simple.c
parse_varlen.c samples/bpf: add missing <linux/if_vlan.h> 2018-07-05 09:58:52 +02:00
README.rst
run_cookie_uid_helper_example.sh
sampleip_kern.c
sampleip_user.c samples/bpf: remove duplicated includes 2018-09-18 17:49:33 +02:00
sock_example.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
sock_example.h samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
sock_flags_kern.c
sockex1_kern.c
sockex1_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
sockex2_kern.c samples/bpf: fix compilation failure 2018-09-21 22:51:16 +02:00
sockex2_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
sockex3_kern.c samples/bpf: fix compilation failure 2018-09-21 22:51:16 +02:00
sockex3_user.c samples/bpf: fix compilation failure 2018-09-21 22:51:16 +02:00
spintest_kern.c
spintest_user.c samples/bpf: move common-purpose trace functions to selftests 2018-04-29 08:45:54 -07:00
syscall_nrs.c
syscall_tp_kern.c
syscall_tp_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
task_fd_query_kern.c samples/bpf: add a samples/bpf test for BPF_TASK_FD_QUERY 2018-05-24 18:18:20 -07:00
task_fd_query_user.c samples/bpf: add a samples/bpf test for BPF_TASK_FD_QUERY 2018-05-24 18:18:20 -07:00
tc_l2_redirect_kern.c
tc_l2_redirect_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tc_l2_redirect.sh
tcbpf1_kern.c
tcp_basertt_kern.c
tcp_bpf.readme bpf: Rename tcp_bbf.readme to tcp_bpf.readme 2017-11-08 12:13:41 +09:00
tcp_bufs_kern.c bpf: Fix tcp_bufs_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_clamp_kern.c bpf: Fix tcp_clamp_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_cong_kern.c bpf: Fix tcp_cong_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_iw_kern.c bpf: Fix tcp_iw_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_rwnd_kern.c bpf: Fix tcp_rwnd_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_synrto_kern.c bpf: Fix tcp_synrto_kern.c sample program 2017-11-11 15:52:41 +09:00
tcp_tos_reflect_kern.c bpf: add TCP_SAVE_SYN/TCP_SAVED_SYN sample program 2018-09-01 01:36:04 +02:00
test_cgrp2_array_pin.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
test_cgrp2_attach2.c samples/bpf: extend test_cgrp2_attach2 test to use per-cpu cgroup storage 2018-10-01 16:18:33 +02:00
test_cgrp2_attach.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
test_cgrp2_sock2.c samples/bpf: test_cgrp2_sock2: fix an off by one 2018-07-16 15:01:09 -07:00
test_cgrp2_sock2.sh samples/bpf: detach prog from cgroup 2018-03-02 00:16:36 +01:00
test_cgrp2_sock.c samples: bpf: rename libbpf.h to bpf_insn.h 2018-05-14 22:52:10 -07:00
test_cgrp2_sock.sh samples/bpf: detach prog from cgroup 2018-03-02 00:16:36 +01:00
test_cgrp2_tc_kern.c
test_cgrp2_tc.sh
test_cls_bpf.sh
test_current_task_under_cgroup_kern.c
test_current_task_under_cgroup_user.c samples/bpf: remove duplicated includes 2018-09-18 17:49:33 +02:00
test_ipip.sh
test_lru_dist.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
test_lwt_bpf.c
test_lwt_bpf.sh
test_map_in_map_kern.c
test_map_in_map_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
test_overhead_kprobe_kern.c
test_overhead_raw_tp_kern.c samples/bpf: raw tracepoint test 2018-03-28 22:55:19 +02:00
test_overhead_tp_kern.c
test_overhead_user.c samples/bpf: Check the error of write() and read() 2018-07-05 09:58:52 +02:00
test_override_return.sh samples/bpf: add a test for bpf_override_return 2017-12-12 09:02:40 -08:00
test_probe_write_user_kern.c
test_probe_write_user_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
trace_event_kern.c samples/bpf: add example to test reading address 2018-03-08 02:22:34 +01:00
trace_event_user.c samples/bpf: Check the result of system() 2018-07-05 09:58:52 +02:00
trace_output_kern.c
trace_output_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex1_kern.c
tracex1_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex2_kern.c
tracex2_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex3_kern.c
tracex3_user.c bpf, tracex3_user: erase "ARRAY_SIZE" redefined 2018-10-04 16:31:57 +02:00
tracex4_kern.c
tracex4_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex5_kern.c
tracex5_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex6_kern.c
tracex6_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
tracex7_kern.c samples/bpf: add a test for bpf_override_return 2017-12-12 09:02:40 -08:00
tracex7_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
xdp1_kern.c
xdp1_user.c samples: bpf: convert some XDP samples from bpf_load to libbpf 2018-05-11 01:44:17 +02:00
xdp2_kern.c
xdp2skb_meta_kern.c samples/bpf: xdp2skb_meta comment explain why pkt-data pointers are invalidated 2018-01-18 01:49:09 +01:00
xdp2skb_meta.sh samples/bpf: Fix tc and ip paths in xdp2skb_meta.sh 2018-07-10 09:19:01 +02:00
xdp_adjust_tail_kern.c bpf: add bpf_xdp_adjust_tail sample prog 2018-04-18 23:34:17 +02:00
xdp_adjust_tail_user.c samples: bpf: convert some XDP samples from bpf_load to libbpf 2018-05-11 01:44:17 +02:00
xdp_fwd_kern.c bpf: Change bpf_fib_lookup to return lookup status 2018-06-29 00:02:02 +02:00
xdp_fwd_user.c samples: bpf: convert xdp_fwd_user.c to libbpf 2018-07-27 07:18:44 +02:00
xdp_monitor_kern.c samples/bpf: xdp_monitor use err code from tracepoint xdp:xdp_devmap_xmit 2018-05-24 18:36:15 -07:00
xdp_monitor_user.c samples/bpf: xdp_monitor use err code from tracepoint xdp:xdp_devmap_xmit 2018-05-24 18:36:15 -07:00
xdp_redirect_cpu_kern.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2018-08-13 10:07:23 -07:00
xdp_redirect_cpu_user.c samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM 2018-08-16 21:55:32 +02:00
xdp_redirect_kern.c
xdp_redirect_map_kern.c
xdp_redirect_map_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
xdp_redirect_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
xdp_router_ipv4_kern.c xdp: Sample xdp program implementing ip forward 2017-11-08 10:39:41 +09:00
xdp_router_ipv4_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
xdp_rxq_info_kern.c samples/bpf: xdp_rxq_info action XDP_TX must adjust MAC-addrs 2018-06-28 23:50:20 +02:00
xdp_rxq_info_user.c samples/bpf: all XDP samples should unload xdp/bpf prog on SIGTERM 2018-08-16 21:55:32 +02:00
xdp_sample_pkts_kern.c samples/bpf: Add xdp_sample_pkts example 2018-06-27 11:01:03 +02:00
xdp_sample_pkts_user.c samples/bpf: Add xdp_sample_pkts example 2018-06-27 11:01:03 +02:00
xdp_tx_iptunnel_common.h
xdp_tx_iptunnel_kern.c
xdp_tx_iptunnel_user.c samples: bpf: include bpf/bpf.h instead of local libbpf.h 2018-05-14 22:52:10 -07:00
xdpsock_kern.c samples/bpf: xdpsock, minor fixes 2018-09-01 01:36:08 +02:00
xdpsock_user.c samples/bpf: xdpsock, minor fixes 2018-09-01 01:36:08 +02:00
xdpsock.h samples/bpf: sample application and documentation for AF_XDP sockets 2018-05-03 15:55:25 -07:00

eBPF sample programs
====================

This directory contains a test stubs, verifier test-suite and examples
for using eBPF. The examples use libbpf from tools/lib/bpf.

Build dependencies
==================

Compiling requires having installed:
 * clang >= version 3.4.0
 * llvm >= version 3.7.1

Note that LLVM's tool 'llc' must support target 'bpf', list version
and supported targets with command: ``llc --version``

Kernel headers
--------------

There are usually dependencies to header files of the current kernel.
To avoid installing devel kernel headers system wide, as a normal
user, simply call::

 make headers_install

This will creates a local "usr/include" directory in the git/build top
level directory, that the make system automatically pickup first.

Compiling
=========

For building the BPF samples, issue the below command from the kernel
top level directory::

 make samples/bpf/

Do notice the "/" slash after the directory name.

It is also possible to call make from this directory.  This will just
hide the the invocation of make as above with the appended "/".

Manually compiling LLVM with 'bpf' support
------------------------------------------

Since version 3.7.0, LLVM adds a proper LLVM backend target for the
BPF bytecode architecture.

By default llvm will build all non-experimental backends including bpf.
To generate a smaller llc binary one can use::

 -DLLVM_TARGETS_TO_BUILD="BPF"

Quick sniplet for manually compiling LLVM and clang
(build dependencies are cmake and gcc-c++)::

 $ git clone http://llvm.org/git/llvm.git
 $ cd llvm/tools
 $ git clone --depth 1 http://llvm.org/git/clang.git
 $ cd ..; mkdir build; cd build
 $ cmake .. -DLLVM_TARGETS_TO_BUILD="BPF;X86"
 $ make -j $(getconf _NPROCESSORS_ONLN)

It is also possible to point make to the newly compiled 'llc' or
'clang' command via redefining LLC or CLANG on the make command line::

 make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang

Cross compiling samples
-----------------------
In order to cross-compile, say for arm64 targets, export CROSS_COMPILE and ARCH
environment variables before calling make. This will direct make to build
samples for the cross target.

export ARCH=arm64
export CROSS_COMPILE="aarch64-linux-gnu-"
make samples/bpf/ LLC=~/git/llvm/build/bin/llc CLANG=~/git/llvm/build/bin/clang