Add BTF relocation support in eBPF programs #349
Comments
|
Just to clarify: aya supports BTF relocations, see: https://github.com/aya-rs/aya/blob/main/aya/src/obj/btf/relocation.rs. So if you load an ebpf object file with BTF relocations, aya will be able to resolve them. What doesn't support emitting BTF relocations yet is the rust compiler. So if you compile a rust program for the |
alessandrod
changed the title
|
What would be needed to get the |
Is it possible to experiment with the new intrinsics with the
Rust language feature requests should be discussed on the internals forum first, and then follow the RFC process if asked to. @GermanCoding If you are really interested in this feature, feel free to ask on the forum. |
|
@l2dy @GermanCoding I think @vadorovsky had some discussions regarding this with the Rust community and there has been some WIP regarding the same. Maybe he can shed more light onto it. |
vadorovsky
changed the title
|
I'm currently trying to achieve that without any changes in Rust compiler - I updated the issue title to generalize it. Instead, I'm trying to emit these intrinsic calls in https://github.com/aya-rs/bpf-linker, which as a bitcode linker, is alreaady capable of modifying LLVM IR before producing the actual BPF binary. Clang is producing the The idea is to do the same in bpf-linker whenever we find a Clang has two ways of enabling BTF relocations:
struct foo {
int a;
int b;
int c;
int d;
} __attribute__((preserve_access_index));
int get_a(struct foo *foo) {
return foo->a; // <-- this already does BTF relocations
}
struct foo {
int a;
int b;
int c;
int d;
}
int get_a(struct foo *foo) {
return __builtin_preserve_access_index(foo->a); // <- this does BTF relocation, but the
// intrinsics are emitted just for field `a`
}How we could achieve equivalent way of notifying bpf-linker about necessity of emitting the intrinsic for the given type or field? We can use a custom
#[repr(C)]
pub struct Foo {
a: i32,
b: i32,
c: i32,
d: i32,
_btf_marker: PhantomData<()>,
}
#[repr(C)]
pub struct Foo {
a: i32,
b: i32,
c: i32,
d: i32,
_btf_marker_a: PhantomData<()>,
}Of course the code examples above are ugly and we don't want users to write such code. We could hide them with macros and make the final code look like: // This would emit BTF relocs for the whole type
#[repr(C)]
#[derive(Btf)]
pub struct
a: i32,
b: i32,
c: i32,
d: i32,
}// This would emit BTF relocs only for annotated fields
#[repr(C)]
#[derive(Btf)]
pub struct
a: i32,
b: i32,
c: i32,
#[btf]
d: i32,
}To be more explicit, the plan going forward is:
|
|
I'm new to aya. Does this mean an eBPF ELF object compiled from rust may not be CO-RE (because lack of index in ELF), and we are working on it now? |
Sorry for late reply. Yes, that exactly the case. |
|
@vadorovsky Do you mind sharing what's the state on this one? Is there a POC for an implementation? I have seen your branch (https://github.com/vadorovsky/bpf-linker/tree/preserve-access-index-v2), however there has been no updates in a while. Did you hit some roadblock that makes this harder than previously thought. I'm currently writing all my Let me know if there are any updates and how/where one can help, thanks! |
@vadorovsky, any updates on this approach? I like the macro idea. What do you think about putting all logic in user code? No changes to linkers or LLVM hacking.
Which would declare a static variable: in their ebpf program. ebpf probe can then use this offset when accessing kernel code via
In the user program we parse the ebpf program ELF binary and find all globals that match our naming scheme. Then read the BTF from "/sys/kernel/btf/vmlinux", get struct offsets and other info and populate the memory pointed to by the globals before we even load the binary. Then load the modified ELF binary with aya::Ebpf::load. I know it sounds hacky, but it could generate CO-RE ebpf probe that is also free of any generated bindings. Is this worth trying? |
|
Sorry for slow progress here. I was mostly preoccupied with other things, including BTF maps support (#1117) and statically linking libLLVM to bpf-linker. I think the approach I described is still going to work and I didn't hit anything which would prove me otherwise, it's mostly time issue on my side. 😢 @hepek @fhilgers About the macro idea, I think it could work, although not exactly in the form you described.
However, I think that some kind of combination of:
would work. Regarding the first derive macro, let's call the macro #[derive(Btf)]
pub struct kuid_t {
val: u32,
}
#[derive(Btf)]
pub struct kgid_t {
val: gid_t,
}
#[derive(Btf)]
pub struct cred {
suid: kuid_t,
sgid: kgid_t,
}
#[derive(Btf)]
pub struct task_struct {
pid: i32,
tgid: u32,
cred: *const cred,
}The macro would iterate over the fields and define globals for each of them: pub const BTF_OFF__KUID_T__VAL: usize = 0;
pub const BTF_OFF__KGID_T__VAL: usize = 0;
pub const BTF_OFF__CRED__SUID: usize = 0;
pub const BTF_OFF__CRED__SGID: usize = 0;
pub const BTF_OFF__TASK_STRUCT__PID: usize = 0;
pub const BTF_OFF__TASK_STRUCT__TGID: usize = 0;Then I think that's worth trying, so if you were thinking to do that go ahead. Thanks for coming up with the idea! |
|
@vadorovsky, definitely. I already have some code that validates the basic idea, however none of the procedural macro niceties is there yet. Will let you know when I come up with something that's usable. |
To be able to support BPF CO-RE, rustc needs to be able to generate the relocations of BTF types across different kernel versions. First part of this work requires adding core::intrinsics::{preserve_access_index, preserve_field_info, preserve_type_info, preserve_enum_value} for the BPF target in rustc. And then making sure/testing that the relocations work well with the userspace part of Aya.
The text was updated successfully, but these errors were encountered: