Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction_StructOps.pdf

Eishun Kondoh
October 30, 2024
0
16

 Introduction_StructOps.pdf

Eishun Kondoh

October 30, 2024
Tweet

More Decks by Eishun Kondoh

See All by Eishun Kondoh
Learning sched_ext: BPF extensible scheduler class
shun159
1
200

Featured

See All Featured
The World Runs on Bad Software
bkeepers
PRO
65
11k
Fireside Chat
paigeccino
34
3k
Git: the NoSQL Database
bkeepers
PRO
427
64k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Become a Pro
speakerdeck
PRO
25
5k
Rails Girls Zürich Keynote
gr2m
94
13k
Music & Morning Musume
bryan
46
6.2k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
6
410
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Teambox: Starting and Learning
jrom
133
8.8k

Transcript

  1. Introduction StructOps @shun159

  2. struct_ops - Is a functionality that allows eBPF users to

    extend and replace specific functions within the Linux Kernel - It enables flexible customization of structure operation in the kernel (e.g., sched_ext)

  3. How do we link struct_ops programs? (Read ELF) 1. Reading

    ELF file: a. Classify ‘.struct_ops‘ and ‘.struct_ops.link’ as structOpsSection b. Load BTF data from the ELF file to obtain type information (datasec name , map size, struct members…) 2. Processing the ‘struct_ops’ section a. The ‘struct_ops’ section is used to create Map instance b. A function that processes the section should be generate ‘sturct_ops_spec’ which contains ‘user-defined struct data’ and related program information. c. Collecting ‘relo’: each relo entry, it determines which StructOps program corresponds to which member of the StructOps Map. d. Associating Programs with Maps: based on the ‘relo’ information, programs should be associated with the appropriate the StructOps Map.

  4. How do we link struct_ops programs? (Load ‘collections’) 1. Initializing

    StructOps Maps. a. Matching and verification: each member of the user-defined struct should be checked to ensure it exists in the kernel struct b. Handling FuncPointer Members: For function pointer fields, attach_btf_id and expected_attach_type of corresponding programs are updated c. Copying data members: For data fields, user data is copied into kern_vdata 2. Loading programs and maps, and associating programs a. Load StructOps Programs with the BTF attachment informations b. Load StructOps Maps as usual c. The association between Map and Program can be done by specifying the Program's FD at the member offset of the Function Pointer in kern_vdata. 3. Linking can be done by RawLink

  5. Preparing and using ‘kern_vdata’ (as of 6.11) Kern_vdata: A data

    buffer used to pass the user-defined struct in kernel's expectation format(structure, user data and function pointers, data alignment…) to kernel, to link programs. https://lpc.events/event/17/contributions/1607/attachments/1164/2407/lpc-struct_ops.pdf

  6. Preparing and using ‘kern_vdata’ (as of 6.11) 1. The size

    of the buffer should be the size of “bpf_struct_ops_<struct_name>” 2. Copying data members: values from the user struct are copied into kern_vdata at the corresponding offsets and sizes based on the kernel struct layout. 3. Handling Function Pointers: the FDs of the corresponding programs are written to the offsets in kern_vdata. 4. Passing buffer to kernel: just insert the kern_vdata as a value of the map