| From: |
| "Joel Fernandes (Google)" <joel-AT-joelfernandes.org> |
| To: |
| linux-kernel-AT-vger.kernel.org |
| Subject: |
| [PATCH RFC 0/4] Add support to directly attach BPF program to ftrace |
| Date: |
| Wed, 10 Jul 2019 10:15:44 -0400 |
| Message-ID: |
| <20190710141548.132193-1-joel@joelfernandes.org> |
| Cc: |
| "Joel Fernandes (Google)" <joel-AT-joelfernandes.org>, Adrian Ratiu <adrian.ratiu-AT-collabora.com>, Alexei Starovoitov <ast-AT-kernel.org>, bpf-AT-vger.kernel.org, Brendan Gregg <brendan.d.gregg-AT-gmail.com>, connoro-AT-google.com, Daniel Borkmann <daniel-AT-iogearbox.net>, duyuchao <yuchao.du-AT-unisoc.com>, Ingo Molnar <mingo-AT-redhat.com>, jeffv-AT-google.com, Karim Yaghmour <karim.yaghmour-AT-opersys.com>, kernel-team-AT-android.com, linux-kselftest-AT-vger.kernel.org, Manali Shukla <manalishukla14-AT-gmail.com>, Manjo Raja Rao <linux-AT-manojrajarao.com>, Martin KaFai Lau <kafai-AT-fb.com>, Masami Hiramatsu <mhiramat-AT-kernel.org>, Matt Mullins <mmullins-AT-fb.com>, Michal Gregorczyk <michalgr-AT-fb.com>, Michal Gregorczyk <michalgr-AT-live.com>, Mohammad Husain <russoue-AT-gmail.com>, namhyung-AT-google.com, namhyung-AT-kernel.org, netdev-AT-vger.kernel.org, paul.chaignon-AT-gmail.com, primiano-AT-google.com, Qais Yousef <qais.yousef-AT-arm.com>, Shuah Khan <shuah-AT-kernel.org>, Song Liu <songliubraving-AT-fb.com>, Srinivas Ramana <sramana-AT-codeaurora.org>, Steven Rostedt <rostedt-AT-goodmis.org>, Tamir Carmeli <carmeli.tamir-AT-gmail.com>, Yonghong Song <yhs-AT-fb.com> |
| Archive-link: |
| Article |
Hi,
These patches make it possible to attach BPF programs directly to tracepoints
using ftrace (/sys/kernel/debug/tracing) without needing the process doing the
attach to be alive. This has the following benefits:
1. Simplified Security: In Android, we have finer-grained security controls to
specific ftrace trace events using SELinux labels. We control precisely who is
allowed to enable an ftrace event already. By adding a node to ftrace for
attaching BPF programs, we can use the same mechanism to further control who is
allowed to attach to a trace event.
2. Process lifetime: In Android we are adding usecases where a tracing program
needs to be attached all the time to a tracepoint, for the full life time of
the system. Such as to gather statistics where there no need for a detach for
the full system lifetime. With perf or bpf(2)'s BPF_RAW_TRACEPOINT_OPEN, this
means keeping a process alive all the time. However, in Android our BPF loader
currently (for hardeneded security) involves just starting a process at boot
time, doing the BPF program loading, and then pinning them to /sys/fs/bpf. We
don't keep this process alive all the time. It is more suitable to do a
one-shot attach of the program using ftrace and not need to have a process
alive all the time anymore for this. Such process also needs elevated
privileges since tracepoint program loading currently requires CAP_SYS_ADMIN
anyway so by design Android's bpfloader runs once at init and exits.
This series add a new bpf file to /sys/kernel/debug/tracing/events/X/Y/bpf
The following commands can be written into it:
attach:<fd> Attaches BPF prog fd to tracepoint
detach:<fd> Detaches BPF prog fd to tracepoint
Reading the bpf file will show all the attached programs to the tracepoint.
Joel Fernandes (Google) (4):
Move bpf_raw_tracepoint functionality into bpf_trace.c
trace/bpf: Add support for attach/detach of ftrace events to BPF
lib/bpf: Add support for ftrace event attach and detach
selftests/bpf: Add test for ftrace-based BPF attach/detach
include/linux/bpf_trace.h | 16 ++
include/linux/trace_events.h | 1 +
kernel/bpf/syscall.c | 69 +-----
kernel/trace/bpf_trace.c | 225 ++++++++++++++++++
kernel/trace/trace.h | 1 +
kernel/trace/trace_events.c | 8 +
tools/lib/bpf/bpf.c | 53 +++++
tools/lib/bpf/bpf.h | 4 +
tools/lib/bpf/libbpf.map | 2 +
.../raw_tp_writable_test_ftrace_run.c | 89 +++++++
10 files changed, 410 insertions(+), 58 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/raw_tp_writable_test_ftrace_run.c
--
2.22.0.410.gd8fdbe21b5-goog
