Re: [iovisor-dev] New bcc helpers

[carlos antonio neira bustos via iovisor-dev]

Hi,

I have implemented helper bpf_get_current_ns_info(void* buf, int size) as
was proposed.
Let me know if something else is needed or if any other change in the code
is required, I'm currently testing this change on bcc tools.

Here are the diffs against Kernel 4.13

diff -uN linux/linux-4.13/kernel/bpf/core.c
ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/core.c
--- linux/linux-4.13/kernel/bpf/core.c 2017-09-03 13:56:17.0 -0700
+++ ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/core.c 2017-09-11
04:25:04.200417393 -0700
@@ -1379,6 +1379,9 @@
 const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
 const struct bpf_func_proto bpf_get_current_comm_proto __weak;

+const struct bpf_func_proto bpf_get_current_ns_info __weak;
+
+
 const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
 {
  return NULL;
diff -uN linux/linux-4.13/kernel/bpf/helpers.c
ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c
--- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.0
-0700
+++
ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c 2017-09-11
06:23:55.329880482 -0700
@@ -18,6 +18,7 @@
 #include 
 #include 
 #include 
+#include 

 /* If kernel subsystem is allowing eBPF programs to call this function,
  * inside its own verifier_ops->get_func_proto() callback it should return
@@ -177,5 +178,51 @@
  .gpl_only = false,
  .ret_type = RET_INTEGER,
  .arg1_type = ARG_PTR_TO_UNINIT_MEM,
+ .arg2_type = ARG_CONST_SIZE,
+};
+
+BPF_CALL_2(bpf_get_current_ns_info, void *, buf, u32, size)
+{
+ struct task_struct *ts = current;
+ struct task_struct *ns_task = NULL;
+ const struct cred  *cred = NULL;
+pid_t pid;
+
+ if (unlikely(!ts))
+  goto err_clear;
+
+ ((struct bpf_current_ns_info*)buf)->ns_id =
+  ts->nsproxy->pid_ns_for_children->ns.inum;
+
+ pid = task_pid_nr_ns(ts,
+  ts->nsproxy->pid_ns_for_children);
+
+ ns_task = find_task_by_pid_ns(pid,
+   ts->nsproxy->pid_ns_for_children);
+
+ if (unlikely(!ns_task))
+  goto err_clear;
+
+ ((struct bpf_current_ns_info*)buf)->tgid = ns_task->tgid;
+
+ cred = get_task_cred(ns_task);
+
+ if (unlikely(!cred))
+  goto err_clear;
+
+ ((struct bpf_current_ns_info*)buf)->gid =  cred->gid.val;
+
+ return 0;
+
+err_clear:
+ memset(buf, 0, size);
+ return -EINVAL;
+}
+
+const struct bpf_func_proto bpf_get_current_ns_info_proto = {
+ .func  = bpf_get_current_ns_info,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_PTR_TO_UNINIT_MEM,
  .arg2_type = ARG_CONST_SIZE,
 };
--- linux/linux-4.13/include/linux/bpf.h 2017-09-03 13:56:17.0 -0700
+++
ebpf-backports/new-bcc-helpers/linux-4.13/include/linux/bpf.h 2017-09-11
04:36:30.460969799 -0700
@@ -226,6 +226,12 @@
  struct file *map_file;
  struct rcu_head rcu;
 };
+/* struct used by helper bpf_get_current_ns_info */
+struct bpf_current_ns_info {
+ u64 ns_id;  /*namespace id*/
+ u32 tgid;   /*tgid inside namespace*/
+ u32 gid;   /*gid inside namespace*/
+};

 u64 bpf_tail_call(u64 ctx, u64 r2, u64 index, u64 r4, u64 r5);
 u64 bpf_get_stackid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
@@ -375,6 +381,9 @@
 extern const struct bpf_func_proto bpf_skb_vlan_pop_proto;
 extern const struct bpf_func_proto bpf_get_stackid_proto;

+
+extern const struct bpf_func_proto bpf_get_current_ns_info_proto;
+
 /* Shared helpers among cBPF and eBPF. */
 void bpf_user_rnd_init_once(void);
 u64 bpf_user_rnd_u32(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
--- linux/linux-4.13/include/uapi/linux/bpf.h 2017-09-03 13:56:17.0
-0700
+++
ebpf-backports/new-bcc-helpers/linux-4.13/include/uapi/linux/bpf.h 2017-09-11
04:32:08.127055536 -0700
@@ -539,6 +539,15 @@
  * @mode: operation mode (enum bpf_adj_room_mode)
  * @flags: reserved for future use
  * Return: 0 on success or negative error code
+ *
+ * int bpf_get_current_ns_info(void *buf, int size_of_buf)
+ * stores the following  namespace data into
+ * bpf_current_ns_info struct:
+ * namespace id
+ * tgid inside namespace
+ * gid  inside namespace
+ * Return: 0 on success or negative error
+ *
  */
 #define __BPF_FUNC_MAPPER(FN)  \
  FN(unspec),   \
@@ -591,7 +600,9 @@
  FN(get_socket_uid),  \
  FN(set_hash),   \
  FN(setsockopt),   \
- FN(skb_adjust_room),
+ FN(skb_adjust_room),\
+ FN(get_current_ns_info),
+

 /* integer value in 'imm' field of BPF_CALL instruction selects which
helper
  * function eBPF program intends to call

On Sat, Sep 9, 2017 at 2:55 PM, carlos antonio neira bustos <
cneirabus...@gmail.com> wrote:

> Thank you very much for your comments, after reading them, I realized that
> my change just added too much unneeded code, when we could just return the
> values of interest in one call. I'll delete the unneeded helpers and work
> on this proposed helper :
>
> struct bpf_current_ns_info {
>  u64 ns_id;  /* namespace id */
>  u32 tgid; /* tgid inside namespace */
>  u32 gid;  /* gid inside namespace */
> }
>
> int 

Re: [iovisor-dev] New bcc helpers

[carlos antonio neira bustos via iovisor-dev]

Thank you very much for your comments, after reading them, I realized that
my change just added too much unneeded code, when we could just return the
values of interest in one call. I'll delete the unneeded helpers and work
on this proposed helper :

struct bpf_current_ns_info {
 u64 ns_id;  /* namespace id */
 u32 tgid; /* tgid inside namespace */
 u32 gid;  /* gid inside namespace */
}

int bpf_get_current_ns_info(void *buf, int size)

Thanks again for your help. I'm just starting to dig in the ebpf and bcc
code and it's really awesome the tools you could build with it.

Bests

On Sat, Sep 9, 2017 at 10:12 AM, Y Song  wrote:

> Hi, Carlos,
>
> Thanks for the prototyping. See comments below.
>
> On Sat, Sep 9, 2017 at 6:47 AM, carlos antonio neira bustos via
> iovisor-dev  wrote:
> > Hi All,
> >
> > I was working on this bcc issue https://github.com/iovisor/
> bcc/issues/1329
> > (PID filtering issues when running bpf script inside container). The
> current
> > issue is that bpf_get_current_pid_tgid() gets the pid outside the
> container.
> > I have created a couple of helpers that could help on this issue, I have
> add
> > them to bcc  but currently I'm testing them.
> > I would like to know if my current approach is correct.
> >
> > These are the helpers implemented in this patch.
> >
> >  int bpf_get_current_ns_id(void)
> >  Return namespace id associated with current task
> >  Return: ts->nsproxy->pid_ns_for_children->ns.inum
>
> We already have helper to get current task structure. From there,
> bpf_probe_read
> should get you to read namespace ID.
>
> >
> >  u64 bpf_get_current_pid_ns(void)
> >  Return pid_namespace struct
> >  Return: struct pid_namespace
>
> Do you have a use case for this?
>
> >
> >  u64 bpf_get_current_pid(void)
> >   Returns pid of current task as seen from pid namespace
> >   Return: (u64) ts->tgid << 32 | task_pid_vnr(current);
>
> This is useful, but need extension. But in typical use case, a helper
> to get nsid, ns_tgid and ns_pid should be good
> enough. Maybe something like:
>
> struct bpf_current_ns_info {
>  u64 ns_id;  /* namespace id */
>  u32 tgid; /* tgid inside namespace */
>  u32 gid;  /* gid inside namespace */
> }
> int bpf_get_current_ns_info(void *buf, int size)
>
> (1). In filter case, user can call this helper to get ns_nsid and
> ns_tgid/ns_pid. user can already get its own
> from getpid() and /proc//ns/pid. They can compare the values
> returned from the helper to the value
> currently in the container (or even the host), for filtering purpose.
> (2). For map key purpose, the helper returned values can be a key in
> the map to differentiate between different
> process instances.
>
> >
> >
> > cnb@Debian9:~/ebpf-backports/new-bcc-helpers/linux-4.13$ cat
> > new-helpers.patch
> > diff -uN /home/cnb/linux/linux-4.13/kernel/bpf/core.c
> > /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/core.c
> > --- /home/cnb/linux/linux-4.13/kernel/bpf/core.c2017-09-03
> > 13:56:17.0 -0700
> > +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/
> bpf/core.c
> > 2017-09-07 18:50:13.956874952 -0700
> > @@ -1379,6 +1379,10 @@
> >  const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
> >  const struct bpf_func_proto bpf_get_current_comm_proto __weak;
> > +const struct bpf_func_proto bpf_get_current_pid_ns_proto __weak;
> > +const struct bpf_func_proto bpf_get_current_ns_id_proto __weak;
> > +const struct bpf_func_proto bpf_get_current_pid_proto __weak;
> > +
> >  const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
> >  {
> > return NULL;
> > diff -uN /home/cnb/linux/linux-4.13/kernel/bpf/helpers.c
> > /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c
> > --- /home/cnb/linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03
> > 13:56:17.0 -0700
> > +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/
> bpf/helpers.c
> > 2017-09-09 05:57:27.970448102 -0700
> > @@ -18,6 +18,7 @@
> >  #include 
> >  #include 
> >  #include 
> > +#include 
> >  /* If kernel subsystem is allowing eBPF programs to call this function,
> >   * inside its own verifier_ops->get_func_proto() callback it should
> return
> > @@ -179,3 +180,64 @@
> > .arg1_type  = ARG_PTR_TO_UNINIT_MEM,
> > .arg2_type  = ARG_CONST_SIZE,
> >  };
> > +
> > +BPF_CALL_0(bpf_get_current_pid_ns)
> > +{
> > +#ifdef CONFIG_PID_NS
> > +   struct pid_namespace *current_ns =
> > +   task_active_pid_ns(current);
> > +
> > +   if (unlikely(!current_ns))
> > +   return -EINVAL;
> > +
> > +   return (u64) current_ns;
> > +#else
> > +
> > +   return 0;
> > +#endif
> > +
> > +}
> > +
> > +const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
> > +   .func   = bpf_get_current_pid_ns,
> > +   .gpl_only   = false,
> > + 

Re: [iovisor-dev] New bcc helpers

[carlos antonio neira bustos via iovisor-dev]

Hi All,

I was working on this bcc issue https://github.com/iovisor/bcc/issues/1329
(PID filtering issues when running bpf script inside container). The
current issue is that bpf_get_current_pid_tgid() gets the pid outside the
container.
I have created a couple of helpers that could help on this issue, I have
add them to bcc  but currently I'm testing them.
I would like to know if my current approach is correct.

These are the helpers implemented in this patch.

 int bpf_get_current_ns_id(void)
 Return namespace id associated with current task
 Return: ts->nsproxy->pid_ns_for_children->ns.inum

 u64 bpf_get_current_pid_ns(void)
 Return pid_namespace struct
 Return: struct pid_namespace

 u64 bpf_get_current_pid(void)
  Returns pid of current task as seen from pid namespace
  Return: (u64) ts->tgid << 32 | task_pid_vnr(current);


cnb@Debian9:~/ebpf-backports/new-bcc-helpers/linux-4.13$ cat
new-helpers.patch
diff -uN /home/cnb/linux/linux-4.13/kernel/bpf/core.c
/home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/core.c
--- /home/cnb/linux/linux-4.13/kernel/bpf/core.c2017-09-03
13:56:17.0 -0700
+++
/home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/core.c
2017-09-07 18:50:13.956874952 -0700
@@ -1379,6 +1379,10 @@
 const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
 const struct bpf_func_proto bpf_get_current_comm_proto __weak;
+const struct bpf_func_proto bpf_get_current_pid_ns_proto __weak;
+const struct bpf_func_proto bpf_get_current_ns_id_proto __weak;
+const struct bpf_func_proto bpf_get_current_pid_proto __weak;
+
 const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
 {
return NULL;
diff -uN /home/cnb/linux/linux-4.13/kernel/bpf/helpers.c
/home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c
--- /home/cnb/linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03
13:56:17.0 -0700
+++
/home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c
2017-09-09 05:57:27.970448102 -0700
@@ -18,6 +18,7 @@
 #include 
 #include 
 #include 
+#include 
 /* If kernel subsystem is allowing eBPF programs to call this function,
  * inside its own verifier_ops->get_func_proto() callback it should return
@@ -179,3 +180,64 @@
.arg1_type  = ARG_PTR_TO_UNINIT_MEM,
.arg2_type  = ARG_CONST_SIZE,
 };
+
+BPF_CALL_0(bpf_get_current_pid_ns)
+{
+#ifdef CONFIG_PID_NS
+   struct pid_namespace *current_ns =
+   task_active_pid_ns(current);
+
+   if (unlikely(!current_ns))
+   return -EINVAL;
+
+   return (u64) current_ns;
+#else
+
+   return 0;
+#endif
+
+}
+
+const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
+   .func   = bpf_get_current_pid_ns,
+   .gpl_only   = false,
+   .ret_type   = RET_INTEGER,
+};
+
+BPF_CALL_0(bpf_get_current_ns_id)
+{
+   struct task_struct *ts = current;
+
+   if (unlikely(!ts))
+   return -EINVAL;
+
+   return (unsigned int)
+   ts->nsproxy->pid_ns_for_children->ns.inum;
+
+}
+
+const struct bpf_func_proto bpf_get_current_ns_id_proto = {
+   .func   = bpf_get_current_ns_id,
+   .gpl_only   = false,
+   .ret_type   = RET_INTEGER,
+};
+
+BPF_CALL_0(bpf_get_current_pid)
+{
+   struct task_struct *ts = current;
+   pid_t pid;
+   if (unlikely(!ts))
+   return -EINVAL;
+
+   pid = task_pid_vnr(ts);
+
+   return (u64) ts->tgid << 32 | pid;
+}
+
+const struct bpf_func_proto bpf_get_current_pid_proto = {
+   .func   = bpf_get_current_pid,
+   .gpl_only   = false,
+   .ret_type   = RET_INTEGER,
+};
+
+
--- /home/cnb/linux/linux-4.13/include/uapi/linux/bpf.h 2017-09-03
13:56:17.0 -0700
+++
/home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/include/uapi/linux/bpf.h
2017-09-09 06:22:46.763652066 -0700
@@ -539,6 +539,19 @@
  * @mode: operation mode (enum bpf_adj_room_mode)
  * @flags: reserved for future use
  * Return: 0 on success or negative error code
+ *
+ * int bpf_get_current_ns_id(void)
+ * Return namespace id associated with current task
+ * Return: ts->nsproxy->pid_ns_for_children->ns.inum
+ *
+ * u64 bpf_get_current_pid_ns(void)
+ * Return pid_namespace struct
+ * Return: struct pid_namespace
+ *
+ * u64 bpf_get_current_pid(void)
+ *  Returns pid of current task as seen from pid namespace
+ * return (u64) ts->tgid << 32 | task_pid_vnr(current);
+ *
  */
 #define __BPF_FUNC_MAPPER(FN)  \
FN(unspec), \
@@ -591,7 +604,11 @@
FN(get_socket_uid), \
FN(set_hash),   \
FN(setsockopt), \
-   FN(skb_adjust_room),
+   FN(skb_adjust_room),\
+   FN(get_current_pid_ns), \
+   FN(get_current_ns_id),  \
+   FN(get_current_pid),
+
 /* integer value in 'imm' field of BPF_CALL 

Re: [iovisor-dev] New bcc helpers

[carlos antonio neira bustos via iovisor-dev]

Thank you very much.

On Sep 8, 2017 6:35 PM, "Y Song"  wrote:

>
>
> On Fri, Sep 8, 2017 at 12:21 PM, carlos antonio neira bustos via
> iovisor-dev  wrote:
>
>> Hi,
>>
>> I'm trying to add new helpers to obtain a pid namespace, I'm working on
>> kernel 4.13
>>
>> --- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.0
>> -0700
>> +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c 
>> 2017-09-07
>> 18:52:40.839525862 -0700
>> @@ -18,6 +18,7 @@
>>  #include 
>>  #include 
>>  #include 
>> +#include 
>>
>>  /* If kernel subsystem is allowing eBPF programs to call this function,
>>   * inside its own verifier_ops->get_func_proto() callback it should
>> return
>> @@ -179,3 +180,64 @@
>>   .arg1_type = ARG_PTR_TO_UNINIT_MEM,
>>   .arg2_type = ARG_CONST_SIZE,
>>  };
>> +
>> +BPF_CALL_0(bpf_get_current_pid_ns)
>> +{
>> +#ifdef CONFIG_PID_NS
>> + struct pid_namespace *current_ns =
>> +  task_active_pid_ns(current);
>> +
>> + if (unlikely(!current_ns))
>> +  return -EINVAL;
>> +
>> + return (long) current_ns;
>> +#else
>> +
>> + return 0;
>> +#endif
>> +
>> +}
>> +
>> +const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
>> + .func  = bpf_get_current_pid_ns,
>> + .gpl_only = false,
>> + .ret_type = RET_INTEGER,
>> +};
>> +
>> +BPF_CALL_0(bpf_get_current_ns_id)
>> +{
>> + struct task_struct *ts = current;
>> +
>> + if (unlikely(!ts))
>> +  return -EINVAL;
>> +
>> + return (unsigned int)
>> +  ts->nsproxy->pid_ns_for_children->ns.inum;
>> +
>> +}
>> +
>> +const struct bpf_func_proto bpf_get_current_ns_id_proto = {
>> + .func  = bpf_get_current_ns_id,
>> + .gpl_only = false,
>> + .ret_type = RET_INTEGER,
>> +};
>> +
>> +BPF_CALL_0(bpf_get_current_pid)
>> +{
>> + struct task_struct *ts = current;
>> +
>> + if (unlikely(!ts))
>> +  return -EINVAL;
>> +
>> + pid_t pid = task_pid_vnr(ts);
>> +
>> + return (u64) ts->tgid << 32 | pid;
>> +}
>> +
>> +const struct bpf_func_proto bpf_get_current_pid_proto = {
>> + .func  = bpf_get_current_pid,
>> + .gpl_only = false,
>> + .ret_type = RET_INTEGER,
>> +};
>> +
>> +
>> I wanted to integrate this on bcc tools, so I added these helpers on
>> bcc/src/cc/compat/linux/virtual_bpf.h
>> bcc/src/cc/compat/linux/bpf.h
>> bcc/src/cc/export/helpers.h
>> bcc/src/cc/export/helpers.h
>>
>> then just  to test one of them I modified bcc/tools/funccount.py
>>
>> --- funccount.py 2017-09-08 12:14:57.601604654 -0700
>> +++ /home/cnb/bcc-new-helpers/bcc/tools/funccount.py 2017-09-07
>> 20:27:32.982815146 -0700
>> @@ -185,7 +185,7 @@
>>  # the top 32 bits of bpf_get_current_pid_tgid().
>>  if self.pid:
>>  trace_count_text = trace_count_text.replace('FILTER',
>> -"""u32 pid = bpf_get_current_pid_tgid() >> 32;
>> +"""u32 pid = bpf_get_current_pid() >> 32;
>> if (pid != %d) { return 0; }""" % self.pid)
>>  else:
>>  trace_count_text = trace_count_text.replace('FILTER', '')
>>
>>
>> but I'm getting this error
>>
>> cnb@Debian9:~/bcc/tools$ sudo /usr/share/bcc/tools/funccount -p 385
>> c:malloc
>> bpf: Invalid argument
>> 0: (85) call unknown#51
>> invalid func unknown#51
>> Failed to load BPF program trace_count_0: Invalid argument
>>
>>
>> Is something that I'm missing on the bcc side or on bpf side ?
>>
>
> In kernel, you need to add your function proto to kprobe_prog_func_proto
> in kernel/trace/bpf_trace.c
>
>
>>
>> Bests
>>
>>
>> ___
>> iovisor-dev mailing list
>> iovisor-dev@lists.iovisor.org
>> https://lists.iovisor.org/mailman/listinfo/iovisor-dev
>>
>>
>
___
iovisor-dev mailing list
iovisor-dev@lists.iovisor.org
https://lists.iovisor.org/mailman/listinfo/iovisor-dev

Re: [iovisor-dev] New bcc helpers

[Y Song via iovisor-dev]

On Fri, Sep 8, 2017 at 12:21 PM, carlos antonio neira bustos via
iovisor-dev  wrote:

> Hi,
>
> I'm trying to add new helpers to obtain a pid namespace, I'm working on
> kernel 4.13
>
> --- linux/linux-4.13/kernel/bpf/helpers.c 2017-09-03 13:56:17.0
> -0700
> +++ /home/cnb/ebpf-backports/new-bcc-helpers/linux-4.13/kernel/bpf/helpers.c 
> 2017-09-07
> 18:52:40.839525862 -0700
> @@ -18,6 +18,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>
>  /* If kernel subsystem is allowing eBPF programs to call this function,
>   * inside its own verifier_ops->get_func_proto() callback it should return
> @@ -179,3 +180,64 @@
>   .arg1_type = ARG_PTR_TO_UNINIT_MEM,
>   .arg2_type = ARG_CONST_SIZE,
>  };
> +
> +BPF_CALL_0(bpf_get_current_pid_ns)
> +{
> +#ifdef CONFIG_PID_NS
> + struct pid_namespace *current_ns =
> +  task_active_pid_ns(current);
> +
> + if (unlikely(!current_ns))
> +  return -EINVAL;
> +
> + return (long) current_ns;
> +#else
> +
> + return 0;
> +#endif
> +
> +}
> +
> +const struct bpf_func_proto bpf_get_current_pid_ns_proto = {
> + .func  = bpf_get_current_pid_ns,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +BPF_CALL_0(bpf_get_current_ns_id)
> +{
> + struct task_struct *ts = current;
> +
> + if (unlikely(!ts))
> +  return -EINVAL;
> +
> + return (unsigned int)
> +  ts->nsproxy->pid_ns_for_children->ns.inum;
> +
> +}
> +
> +const struct bpf_func_proto bpf_get_current_ns_id_proto = {
> + .func  = bpf_get_current_ns_id,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +BPF_CALL_0(bpf_get_current_pid)
> +{
> + struct task_struct *ts = current;
> +
> + if (unlikely(!ts))
> +  return -EINVAL;
> +
> + pid_t pid = task_pid_vnr(ts);
> +
> + return (u64) ts->tgid << 32 | pid;
> +}
> +
> +const struct bpf_func_proto bpf_get_current_pid_proto = {
> + .func  = bpf_get_current_pid,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> +};
> +
> +
> I wanted to integrate this on bcc tools, so I added these helpers on
> bcc/src/cc/compat/linux/virtual_bpf.h
> bcc/src/cc/compat/linux/bpf.h
> bcc/src/cc/export/helpers.h
> bcc/src/cc/export/helpers.h
>
> then just  to test one of them I modified bcc/tools/funccount.py
>
> --- funccount.py 2017-09-08 12:14:57.601604654 -0700
> +++ /home/cnb/bcc-new-helpers/bcc/tools/funccount.py 2017-09-07
> 20:27:32.982815146 -0700
> @@ -185,7 +185,7 @@
>  # the top 32 bits of bpf_get_current_pid_tgid().
>  if self.pid:
>  trace_count_text = trace_count_text.replace('FILTER',
> -"""u32 pid = bpf_get_current_pid_tgid() >> 32;
> +"""u32 pid = bpf_get_current_pid() >> 32;
> if (pid != %d) { return 0; }""" % self.pid)
>  else:
>  trace_count_text = trace_count_text.replace('FILTER', '')
>
>
> but I'm getting this error
>
> cnb@Debian9:~/bcc/tools$ sudo /usr/share/bcc/tools/funccount -p 385
> c:malloc
> bpf: Invalid argument
> 0: (85) call unknown#51
> invalid func unknown#51
> Failed to load BPF program trace_count_0: Invalid argument
>
>
> Is something that I'm missing on the bcc side or on bpf side ?
>

In kernel, you need to add your function proto to kprobe_prog_func_proto
in kernel/trace/bpf_trace.c


>
> Bests
>
>
> ___
> iovisor-dev mailing list
> iovisor-dev@lists.iovisor.org
> https://lists.iovisor.org/mailman/listinfo/iovisor-dev
>
>
___
iovisor-dev mailing list
iovisor-dev@lists.iovisor.org
https://lists.iovisor.org/mailman/listinfo/iovisor-dev