]> git.ipfire.org Git - thirdparty/kernel/stable.git/blob - Documentation/bpf/btf.rst
projects / thirdparty / kernel / stable.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
clang-format: Update with the latest for_each macro list
[thirdparty/kernel/stable.git] / Documentation / bpf / btf.rst
1 =====================
2 BPF Type Format (BTF)
3 =====================
4
5 1. Introduction
6 ***************
7
8 BTF (BPF Type Format) is the metadata format which encodes the debug info
9 related to BPF program/map. The name BTF was used initially to describe data
10 types. The BTF was later extended to include function info for defined
11 subroutines, and line info for source/line information.
12
13 The debug info is used for map pretty print, function signature, etc. The
14 function signature enables better bpf program/function kernel symbol. The line
15 info helps generate source annotated translated byte code, jited code and
16 verifier log.
17
18 The BTF specification contains two parts,
19 * BTF kernel API
20 * BTF ELF file format
21
22 The kernel API is the contract between user space and kernel. The kernel
23 verifies the BTF info before using it. The ELF file format is a user space
24 contract between ELF file and libbpf loader.
25
26 The type and string sections are part of the BTF kernel API, describing the
27 debug info (mostly types related) referenced by the bpf program. These two
28 sections are discussed in details in :ref:`BTF_Type_String`.
29
30 .. _BTF_Type_String:
31
32 2. BTF Type and String Encoding
33 *******************************
34
35 The file ``include/uapi/linux/btf.h`` provides high-level definition of how
36 types/strings are encoded.
37
38 The beginning of data blob must be::
39
40 struct btf_header {
41 __u16 magic;
42 __u8 version;
43 __u8 flags;
44 __u32 hdr_len;
45
46 /* All offsets are in bytes relative to the end of this header */
47 __u32 type_off; /* offset of type section */
48 __u32 type_len; /* length of type section */
49 __u32 str_off; /* offset of string section */
50 __u32 str_len; /* length of string section */
51 };
52
53 The magic is ``0xeB9F``, which has different encoding for big and little
54 endian systems, and can be used to test whether BTF is generated for big- or
55 little-endian target. The ``btf_header`` is designed to be extensible with
56 ``hdr_len`` equal to ``sizeof(struct btf_header)`` when a data blob is
57 generated.
58
59 2.1 String Encoding
60 ===================
61
62 The first string in the string section must be a null string. The rest of
63 string table is a concatenation of other null-terminated strings.
64
65 2.2 Type Encoding
66 =================
67
68 The type id ``0`` is reserved for ``void`` type. The type section is parsed
69 sequentially and type id is assigned to each recognized type starting from id
70 ``1``. Currently, the following types are supported::
71
72 #define BTF_KIND_INT 1 /* Integer */
73 #define BTF_KIND_PTR 2 /* Pointer */
74 #define BTF_KIND_ARRAY 3 /* Array */
75 #define BTF_KIND_STRUCT 4 /* Struct */
76 #define BTF_KIND_UNION 5 /* Union */
77 #define BTF_KIND_ENUM 6 /* Enumeration */
78 #define BTF_KIND_FWD 7 /* Forward */
79 #define BTF_KIND_TYPEDEF 8 /* Typedef */
80 #define BTF_KIND_VOLATILE 9 /* Volatile */
81 #define BTF_KIND_CONST 10 /* Const */
82 #define BTF_KIND_RESTRICT 11 /* Restrict */
83 #define BTF_KIND_FUNC 12 /* Function */
84 #define BTF_KIND_FUNC_PROTO 13 /* Function Proto */
85
86 Note that the type section encodes debug info, not just pure types.
87 ``BTF_KIND_FUNC`` is not a type, and it represents a defined subprogram.
88
89 Each type contains the following common data::
90
91 struct btf_type {
92 __u32 name_off;
93 /* "info" bits arrangement
94 * bits 0-15: vlen (e.g. # of struct's members)
95 * bits 16-23: unused
96 * bits 24-27: kind (e.g. int, ptr, array...etc)
97 * bits 28-30: unused
98 * bit 31: kind_flag, currently used by
99 * struct, union and fwd
100 */
101 __u32 info;
102 /* "size" is used by INT, ENUM, STRUCT and UNION.
103 * "size" tells the size of the type it is describing.
104 *
105 * "type" is used by PTR, TYPEDEF, VOLATILE, CONST, RESTRICT,
106 * FUNC and FUNC_PROTO.
107 * "type" is a type_id referring to another type.
108 */
109 union {
110 __u32 size;
111 __u32 type;
112 };
113 };
114
115 For certain kinds, the common data are followed by kind-specific data. The
116 ``name_off`` in ``struct btf_type`` specifies the offset in the string table.
117 The following sections detail encoding of each kind.
118
119 2.2.1 BTF_KIND_INT
120 ~~~~~~~~~~~~~~~~~~
121
122 ``struct btf_type`` encoding requirement:
123 * ``name_off``: any valid offset
124 * ``info.kind_flag``: 0
125 * ``info.kind``: BTF_KIND_INT
126 * ``info.vlen``: 0
127 * ``size``: the size of the int type in bytes.
128
129 ``btf_type`` is followed by a ``u32`` with the following bits arrangement::
130
131 #define BTF_INT_ENCODING(VAL) (((VAL) & 0x0f000000) >> 24)
132 #define BTF_INT_OFFSET(VAL) (((VAL & 0x00ff0000)) >> 16)
133 #define BTF_INT_BITS(VAL) ((VAL) & 0x000000ff)
134
135 The ``BTF_INT_ENCODING`` has the following attributes::
136
137 #define BTF_INT_SIGNED (1 << 0)
138 #define BTF_INT_CHAR (1 << 1)
139 #define BTF_INT_BOOL (1 << 2)
140
141 The ``BTF_INT_ENCODING()`` provides extra information: signedness, char, or
142 bool, for the int type. The char and bool encoding are mostly useful for
143 pretty print. At most one encoding can be specified for the int type.
144
145 The ``BTF_INT_BITS()`` specifies the number of actual bits held by this int
146 type. For example, a 4-bit bitfield encodes ``BTF_INT_BITS()`` equals to 4.
147 The ``btf_type.size * 8`` must be equal to or greater than ``BTF_INT_BITS()``
148 for the type. The maximum value of ``BTF_INT_BITS()`` is 128.
149
150 The ``BTF_INT_OFFSET()`` specifies the starting bit offset to calculate values
151 for this int. For example, a bitfield struct member has: * btf member bit
152 offset 100 from the start of the structure, * btf member pointing to an int
153 type, * the int type has ``BTF_INT_OFFSET() = 2`` and ``BTF_INT_BITS() = 4``
154
155 Then in the struct memory layout, this member will occupy ``4`` bits starting
156 from bits ``100 + 2 = 102``.
157
158 Alternatively, the bitfield struct member can be the following to access the
159 same bits as the above:
160
161 * btf member bit offset 102,
162 * btf member pointing to an int type,
163 * the int type has ``BTF_INT_OFFSET() = 0`` and ``BTF_INT_BITS() = 4``
164
165 The original intention of ``BTF_INT_OFFSET()`` is to provide flexibility of
166 bitfield encoding. Currently, both llvm and pahole generate
167 ``BTF_INT_OFFSET() = 0`` for all int types.
168
169 2.2.2 BTF_KIND_PTR
170 ~~~~~~~~~~~~~~~~~~
171
172 ``struct btf_type`` encoding requirement:
173 * ``name_off``: 0
174 * ``info.kind_flag``: 0
175 * ``info.kind``: BTF_KIND_PTR
176 * ``info.vlen``: 0
177 * ``type``: the pointee type of the pointer
178
179 No additional type data follow ``btf_type``.
180
181 2.2.3 BTF_KIND_ARRAY
182 ~~~~~~~~~~~~~~~~~~~~
183
184 ``struct btf_type`` encoding requirement:
185 * ``name_off``: 0
186 * ``info.kind_flag``: 0
187 * ``info.kind``: BTF_KIND_ARRAY
188 * ``info.vlen``: 0
189 * ``size/type``: 0, not used
190
191 ``btf_type`` is followed by one ``struct btf_array``::
192
193 struct btf_array {
194 __u32 type;
195 __u32 index_type;
196 __u32 nelems;
197 };
198
199 The ``struct btf_array`` encoding:
200 * ``type``: the element type
201 * ``index_type``: the index type
202 * ``nelems``: the number of elements for this array (``0`` is also allowed).
203
204 The ``index_type`` can be any regular int type (``u8``, ``u16``, ``u32``,
205 ``u64``, ``unsigned __int128``). The original design of including
206 ``index_type`` follows DWARF, which has an ``index_type`` for its array type.
207 Currently in BTF, beyond type verification, the ``index_type`` is not used.
208
209 The ``struct btf_array`` allows chaining through element type to represent
210 multidimensional arrays. For example, for ``int a[5][6]``, the following type
211 information illustrates the chaining:
212
213 * [1]: int
214 * [2]: array, ``btf_array.type = [1]``, ``btf_array.nelems = 6``
215 * [3]: array, ``btf_array.type = [2]``, ``btf_array.nelems = 5``
216
217 Currently, both pahole and llvm collapse multidimensional array into
218 one-dimensional array, e.g., for ``a[5][6]``, the ``btf_array.nelems`` is
219 equal to ``30``. This is because the original use case is map pretty print
220 where the whole array is dumped out so one-dimensional array is enough. As
221 more BTF usage is explored, pahole and llvm can be changed to generate proper
222 chained representation for multidimensional arrays.
223
224 2.2.4 BTF_KIND_STRUCT
225 ~~~~~~~~~~~~~~~~~~~~~
226 2.2.5 BTF_KIND_UNION
227 ~~~~~~~~~~~~~~~~~~~~
228
229 ``struct btf_type`` encoding requirement:
230 * ``name_off``: 0 or offset to a valid C identifier
231 * ``info.kind_flag``: 0 or 1
232 * ``info.kind``: BTF_KIND_STRUCT or BTF_KIND_UNION
233 * ``info.vlen``: the number of struct/union members
234 * ``info.size``: the size of the struct/union in bytes
235
236 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_member``.::
237
238 struct btf_member {
239 __u32 name_off;
240 __u32 type;
241 __u32 offset;
242 };
243
244 ``struct btf_member`` encoding:
245 * ``name_off``: offset to a valid C identifier
246 * ``type``: the member type
247 * ``offset``: <see below>
248
249 If the type info ``kind_flag`` is not set, the offset contains only bit offset
250 of the member. Note that the base type of the bitfield can only be int or enum
251 type. If the bitfield size is 32, the base type can be either int or enum
252 type. If the bitfield size is not 32, the base type must be int, and int type
253 ``BTF_INT_BITS()`` encodes the bitfield size.
254
255 If the ``kind_flag`` is set, the ``btf_member.offset`` contains both member
256 bitfield size and bit offset. The bitfield size and bit offset are calculated
257 as below.::
258
259 #define BTF_MEMBER_BITFIELD_SIZE(val) ((val) >> 24)
260 #define BTF_MEMBER_BIT_OFFSET(val) ((val) & 0xffffff)
261
262 In this case, if the base type is an int type, it must be a regular int type:
263
264 * ``BTF_INT_OFFSET()`` must be 0.
265 * ``BTF_INT_BITS()`` must be equal to ``{1,2,4,8,16} * 8``.
266
267 The following kernel patch introduced ``kind_flag`` and explained why both
268 modes exist:
269
270 https://github.com/torvalds/linux/commit/9d5f9f701b1891466fb3dbb1806ad97716f95cc3#diff-fa650a64fdd3968396883d2fe8215ff3
271
272 2.2.6 BTF_KIND_ENUM
273 ~~~~~~~~~~~~~~~~~~~
274
275 ``struct btf_type`` encoding requirement:
276 * ``name_off``: 0 or offset to a valid C identifier
277 * ``info.kind_flag``: 0
278 * ``info.kind``: BTF_KIND_ENUM
279 * ``info.vlen``: number of enum values
280 * ``size``: 4
281
282 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_enum``.::
283
284 struct btf_enum {
285 __u32 name_off;
286 __s32 val;
287 };
288
289 The ``btf_enum`` encoding:
290 * ``name_off``: offset to a valid C identifier
291 * ``val``: any value
292
293 2.2.7 BTF_KIND_FWD
294 ~~~~~~~~~~~~~~~~~~
295
296 ``struct btf_type`` encoding requirement:
297 * ``name_off``: offset to a valid C identifier
298 * ``info.kind_flag``: 0 for struct, 1 for union
299 * ``info.kind``: BTF_KIND_FWD
300 * ``info.vlen``: 0
301 * ``type``: 0
302
303 No additional type data follow ``btf_type``.
304
305 2.2.8 BTF_KIND_TYPEDEF
306 ~~~~~~~~~~~~~~~~~~~~~~
307
308 ``struct btf_type`` encoding requirement:
309 * ``name_off``: offset to a valid C identifier
310 * ``info.kind_flag``: 0
311 * ``info.kind``: BTF_KIND_TYPEDEF
312 * ``info.vlen``: 0
313 * ``type``: the type which can be referred by name at ``name_off``
314
315 No additional type data follow ``btf_type``.
316
317 2.2.9 BTF_KIND_VOLATILE
318 ~~~~~~~~~~~~~~~~~~~~~~~
319
320 ``struct btf_type`` encoding requirement:
321 * ``name_off``: 0
322 * ``info.kind_flag``: 0
323 * ``info.kind``: BTF_KIND_VOLATILE
324 * ``info.vlen``: 0
325 * ``type``: the type with ``volatile`` qualifier
326
327 No additional type data follow ``btf_type``.
328
329 2.2.10 BTF_KIND_CONST
330 ~~~~~~~~~~~~~~~~~~~~~
331
332 ``struct btf_type`` encoding requirement:
333 * ``name_off``: 0
334 * ``info.kind_flag``: 0
335 * ``info.kind``: BTF_KIND_CONST
336 * ``info.vlen``: 0
337 * ``type``: the type with ``const`` qualifier
338
339 No additional type data follow ``btf_type``.
340
341 2.2.11 BTF_KIND_RESTRICT
342 ~~~~~~~~~~~~~~~~~~~~~~~~
343
344 ``struct btf_type`` encoding requirement:
345 * ``name_off``: 0
346 * ``info.kind_flag``: 0
347 * ``info.kind``: BTF_KIND_RESTRICT
348 * ``info.vlen``: 0
349 * ``type``: the type with ``restrict`` qualifier
350
351 No additional type data follow ``btf_type``.
352
353 2.2.12 BTF_KIND_FUNC
354 ~~~~~~~~~~~~~~~~~~~~
355
356 ``struct btf_type`` encoding requirement:
357 * ``name_off``: offset to a valid C identifier
358 * ``info.kind_flag``: 0
359 * ``info.kind``: BTF_KIND_FUNC
360 * ``info.vlen``: 0
361 * ``type``: a BTF_KIND_FUNC_PROTO type
362
363 No additional type data follow ``btf_type``.
364
365 A BTF_KIND_FUNC defines not a type, but a subprogram (function) whose
366 signature is defined by ``type``. The subprogram is thus an instance of that
367 type. The BTF_KIND_FUNC may in turn be referenced by a func_info in the
368 :ref:`BTF_Ext_Section` (ELF) or in the arguments to :ref:`BPF_Prog_Load`
369 (ABI).
370
371 2.2.13 BTF_KIND_FUNC_PROTO
372 ~~~~~~~~~~~~~~~~~~~~~~~~~~
373
374 ``struct btf_type`` encoding requirement:
375 * ``name_off``: 0
376 * ``info.kind_flag``: 0
377 * ``info.kind``: BTF_KIND_FUNC_PROTO
378 * ``info.vlen``: # of parameters
379 * ``type``: the return type
380
381 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_param``.::
382
383 struct btf_param {
384 __u32 name_off;
385 __u32 type;
386 };
387
388 If a BTF_KIND_FUNC_PROTO type is referred by a BTF_KIND_FUNC type, then
389 ``btf_param.name_off`` must point to a valid C identifier except for the
390 possible last argument representing the variable argument. The btf_param.type
391 refers to parameter type.
392
393 If the function has variable arguments, the last parameter is encoded with
394 ``name_off = 0`` and ``type = 0``.
395
396 3. BTF Kernel API
397 *****************
398
399 The following bpf syscall command involves BTF:
400 * BPF_BTF_LOAD: load a blob of BTF data into kernel
401 * BPF_MAP_CREATE: map creation with btf key and value type info.
402 * BPF_PROG_LOAD: prog load with btf function and line info.
403 * BPF_BTF_GET_FD_BY_ID: get a btf fd
404 * BPF_OBJ_GET_INFO_BY_FD: btf, func_info, line_info
405 and other btf related info are returned.
406
407 The workflow typically looks like:
408 ::
409
410 Application:
411 BPF_BTF_LOAD
412 |
413 v
414 BPF_MAP_CREATE and BPF_PROG_LOAD
415 |
416 V
417 ......
418
419 Introspection tool:
420 ......
421 BPF_{PROG,MAP}_GET_NEXT_ID (get prog/map id's)
422 |
423 V
424 BPF_{PROG,MAP}_GET_FD_BY_ID (get a prog/map fd)
425 |
426 V
427 BPF_OBJ_GET_INFO_BY_FD (get bpf_prog_info/bpf_map_info with btf_id)
428 | |
429 V |
430 BPF_BTF_GET_FD_BY_ID (get btf_fd) |
431 | |
432 V |
433 BPF_OBJ_GET_INFO_BY_FD (get btf) |
434 | |
435 V V
436 pretty print types, dump func signatures and line info, etc.
437
438
439 3.1 BPF_BTF_LOAD
440 ================
441
442 Load a blob of BTF data into kernel. A blob of data, described in
443 :ref:`BTF_Type_String`, can be directly loaded into the kernel. A ``btf_fd``
444 is returned to a userspace.
445
446 3.2 BPF_MAP_CREATE
447 ==================
448
449 A map can be created with ``btf_fd`` and specified key/value type id.::
450
451 __u32 btf_fd; /* fd pointing to a BTF type data */
452 __u32 btf_key_type_id; /* BTF type_id of the key */
453 __u32 btf_value_type_id; /* BTF type_id of the value */
454
455 In libbpf, the map can be defined with extra annotation like below:
456 ::
457
458 struct bpf_map_def SEC("maps") btf_map = {
459 .type = BPF_MAP_TYPE_ARRAY,
460 .key_size = sizeof(int),
461 .value_size = sizeof(struct ipv_counts),
462 .max_entries = 4,
463 };
464 BPF_ANNOTATE_KV_PAIR(btf_map, int, struct ipv_counts);
465
466 Here, the parameters for macro BPF_ANNOTATE_KV_PAIR are map name, key and
467 value types for the map. During ELF parsing, libbpf is able to extract
468 key/value type_id's and assign them to BPF_MAP_CREATE attributes
469 automatically.
470
471 .. _BPF_Prog_Load:
472
473 3.3 BPF_PROG_LOAD
474 =================
475
476 During prog_load, func_info and line_info can be passed to kernel with proper
477 values for the following attributes:
478 ::
479
480 __u32 insn_cnt;
481 __aligned_u64 insns;
482 ......
483 __u32 prog_btf_fd; /* fd pointing to BTF type data */
484 __u32 func_info_rec_size; /* userspace bpf_func_info size */
485 __aligned_u64 func_info; /* func info */
486 __u32 func_info_cnt; /* number of bpf_func_info records */
487 __u32 line_info_rec_size; /* userspace bpf_line_info size */
488 __aligned_u64 line_info; /* line info */
489 __u32 line_info_cnt; /* number of bpf_line_info records */
490
491 The func_info and line_info are an array of below, respectively.::
492
493 struct bpf_func_info {
494 __u32 insn_off; /* [0, insn_cnt - 1] */
495 __u32 type_id; /* pointing to a BTF_KIND_FUNC type */
496 };
497 struct bpf_line_info {
498 __u32 insn_off; /* [0, insn_cnt - 1] */
499 __u32 file_name_off; /* offset to string table for the filename */
500 __u32 line_off; /* offset to string table for the source line */
501 __u32 line_col; /* line number and column number */
502 };
503
504 func_info_rec_size is the size of each func_info record, and
505 line_info_rec_size is the size of each line_info record. Passing the record
506 size to kernel make it possible to extend the record itself in the future.
507
508 Below are requirements for func_info:
509 * func_info[0].insn_off must be 0.
510 * the func_info insn_off is in strictly increasing order and matches
511 bpf func boundaries.
512
513 Below are requirements for line_info:
514 * the first insn in each func must have a line_info record pointing to it.
515 * the line_info insn_off is in strictly increasing order.
516
517 For line_info, the line number and column number are defined as below:
518 ::
519
520 #define BPF_LINE_INFO_LINE_NUM(line_col) ((line_col) >> 10)
521 #define BPF_LINE_INFO_LINE_COL(line_col) ((line_col) & 0x3ff)
522
523 3.4 BPF_{PROG,MAP}_GET_NEXT_ID
524
525 In kernel, every loaded program, map or btf has a unique id. The id won't
526 change during the lifetime of a program, map, or btf.
527
528 The bpf syscall command BPF_{PROG,MAP}_GET_NEXT_ID returns all id's, one for
529 each command, to user space, for bpf program or maps, respectively, so an
530 inspection tool can inspect all programs and maps.
531
532 3.5 BPF_{PROG,MAP}_GET_FD_BY_ID
533
534 An introspection tool cannot use id to get details about program or maps.
535 A file descriptor needs to be obtained first for reference-counting purpose.
536
537 3.6 BPF_OBJ_GET_INFO_BY_FD
538 ==========================
539
540 Once a program/map fd is acquired, an introspection tool can get the detailed
541 information from kernel about this fd, some of which are BTF-related. For
542 example, ``bpf_map_info`` returns ``btf_id`` and key/value type ids.
543 ``bpf_prog_info`` returns ``btf_id``, func_info, and line info for translated
544 bpf byte codes, and jited_line_info.
545
546 3.7 BPF_BTF_GET_FD_BY_ID
547 ========================
548
549 With ``btf_id`` obtained in ``bpf_map_info`` and ``bpf_prog_info``, bpf
550 syscall command BPF_BTF_GET_FD_BY_ID can retrieve a btf fd. Then, with
551 command BPF_OBJ_GET_INFO_BY_FD, the btf blob, originally loaded into the
552 kernel with BPF_BTF_LOAD, can be retrieved.
553
554 With the btf blob, ``bpf_map_info``, and ``bpf_prog_info``, an introspection
555 tool has full btf knowledge and is able to pretty print map key/values, dump
556 func signatures and line info, along with byte/jit codes.
557
558 4. ELF File Format Interface
559 ****************************
560
561 4.1 .BTF section
562 ================
563
564 The .BTF section contains type and string data. The format of this section is
565 same as the one describe in :ref:`BTF_Type_String`.
566
567 .. _BTF_Ext_Section:
568
569 4.2 .BTF.ext section
570 ====================
571
572 The .BTF.ext section encodes func_info and line_info which needs loader
573 manipulation before loading into the kernel.
574
575 The specification for .BTF.ext section is defined at ``tools/lib/bpf/btf.h``
576 and ``tools/lib/bpf/btf.c``.
577
578 The current header of .BTF.ext section::
579
580 struct btf_ext_header {
581 __u16 magic;
582 __u8 version;
583 __u8 flags;
584 __u32 hdr_len;
585
586 /* All offsets are in bytes relative to the end of this header */
587 __u32 func_info_off;
588 __u32 func_info_len;
589 __u32 line_info_off;
590 __u32 line_info_len;
591 };
592
593 It is very similar to .BTF section. Instead of type/string section, it
594 contains func_info and line_info section. See :ref:`BPF_Prog_Load` for details
595 about func_info and line_info record format.
596
597 The func_info is organized as below.::
598
599 func_info_rec_size
600 btf_ext_info_sec for section #1 /* func_info for section #1 */
601 btf_ext_info_sec for section #2 /* func_info for section #2 */
602 ...
603
604 ``func_info_rec_size`` specifies the size of ``bpf_func_info`` structure when
605 .BTF.ext is generated. ``btf_ext_info_sec``, defined below, is a collection of
606 func_info for each specific ELF section.::
607
608 struct btf_ext_info_sec {
609 __u32 sec_name_off; /* offset to section name */
610 __u32 num_info;
611 /* Followed by num_info * record_size number of bytes */
612 __u8 data[0];
613 };
614
615 Here, num_info must be greater than 0.
616
617 The line_info is organized as below.::
618
619 line_info_rec_size
620 btf_ext_info_sec for section #1 /* line_info for section #1 */
621 btf_ext_info_sec for section #2 /* line_info for section #2 */
622 ...
623
624 ``line_info_rec_size`` specifies the size of ``bpf_line_info`` structure when
625 .BTF.ext is generated.
626
627 The interpretation of ``bpf_func_info->insn_off`` and
628 ``bpf_line_info->insn_off`` is different between kernel API and ELF API. For
629 kernel API, the ``insn_off`` is the instruction offset in the unit of ``struct
630 bpf_insn``. For ELF API, the ``insn_off`` is the byte offset from the
631 beginning of section (``btf_ext_info_sec->sec_name_off``).
632
633 5. Using BTF
634 ************
635
636 5.1 bpftool map pretty print
637 ============================
638
639 With BTF, the map key/value can be printed based on fields rather than simply
640 raw bytes. This is especially valuable for large structure or if your data
641 structure has bitfields. For example, for the following map,::
642
643 enum A { A1, A2, A3, A4, A5 };
644 typedef enum A ___A;
645 struct tmp_t {
646 char a1:4;
647 int a2:4;
648 int :4;
649 __u32 a3:4;
650 int b;
651 ___A b1:4;
652 enum A b2:4;
653 };
654 struct bpf_map_def SEC("maps") tmpmap = {
655 .type = BPF_MAP_TYPE_ARRAY,
656 .key_size = sizeof(__u32),
657 .value_size = sizeof(struct tmp_t),
658 .max_entries = 1,
659 };
660 BPF_ANNOTATE_KV_PAIR(tmpmap, int, struct tmp_t);
661
662 bpftool is able to pretty print like below:
663 ::
664
665 [{
666 "key": 0,
667 "value": {
668 "a1": 0x2,
669 "a2": 0x4,
670 "a3": 0x6,
671 "b": 7,
672 "b1": 0x8,
673 "b2": 0xa
674 }
675 }
676 ]
677
678 5.2 bpftool prog dump
679 =====================
680
681 The following is an example showing how func_info and line_info can help prog
682 dump with better kernel symbol names, function prototypes and line
683 information.::
684
685 $ bpftool prog dump jited pinned /sys/fs/bpf/test_btf_haskv
686 [...]
687 int test_long_fname_2(struct dummy_tracepoint_args * arg):
688 bpf_prog_44a040bf25481309_test_long_fname_2:
689 ; static int test_long_fname_2(struct dummy_tracepoint_args *arg)
690 0: push %rbp
691 1: mov %rsp,%rbp
692 4: sub $0x30,%rsp
693 b: sub $0x28,%rbp
694 f: mov %rbx,0x0(%rbp)
695 13: mov %r13,0x8(%rbp)
696 17: mov %r14,0x10(%rbp)
697 1b: mov %r15,0x18(%rbp)
698 1f: xor %eax,%eax
699 21: mov %rax,0x20(%rbp)
700 25: xor %esi,%esi
701 ; int key = 0;
702 27: mov %esi,-0x4(%rbp)
703 ; if (!arg->sock)
704 2a: mov 0x8(%rdi),%rdi
705 ; if (!arg->sock)
706 2e: cmp $0x0,%rdi
707 32: je 0x0000000000000070
708 34: mov %rbp,%rsi
709 ; counts = bpf_map_lookup_elem(&btf_map, &key);
710 [...]
711
712 5.3 Verifier Log
713 ================
714
715 The following is an example of how line_info can help debugging verification
716 failure.::
717
718 /* The code at tools/testing/selftests/bpf/test_xdp_noinline.c
719 * is modified as below.
720 */
721 data = (void *)(long)xdp->data;
722 data_end = (void *)(long)xdp->data_end;
723 /*
724 if (data + 4 > data_end)
725 return XDP_DROP;
726 */
727 *(u32 *)data = dst->dst;
728
729 $ bpftool prog load ./test_xdp_noinline.o /sys/fs/bpf/test_xdp_noinline type xdp
730 ; data = (void *)(long)xdp->data;
731 224: (79) r2 = *(u64 *)(r10 -112)
732 225: (61) r2 = *(u32 *)(r2 +0)
733 ; *(u32 *)data = dst->dst;
734 226: (63) *(u32 *)(r2 +0) = r1
735 invalid access to packet, off=0 size=4, R2(id=0,off=0,r=0)
736 R2 offset is outside of the packet
737
738 6. BTF Generation
739 *****************
740
741 You need latest pahole
742
743 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/
744
745 or llvm (8.0 or later). The pahole acts as a dwarf2btf converter. It doesn't
746 support .BTF.ext and btf BTF_KIND_FUNC type yet. For example,::
747
748 -bash-4.4$ cat t.c
749 struct t {
750 int a:2;
751 int b:3;
752 int c:2;
753 } g;
754 -bash-4.4$ gcc -c -O2 -g t.c
755 -bash-4.4$ pahole -JV t.o
756 File t.o:
757 [1] STRUCT t kind_flag=1 size=4 vlen=3
758 a type_id=2 bitfield_size=2 bits_offset=0
759 b type_id=2 bitfield_size=3 bits_offset=2
760 c type_id=2 bitfield_size=2 bits_offset=5
761 [2] INT int size=4 bit_offset=0 nr_bits=32 encoding=SIGNED
762
763 The llvm is able to generate .BTF and .BTF.ext directly with -g for bpf target
764 only. The assembly code (-S) is able to show the BTF encoding in assembly
765 format.::
766
767 -bash-4.4$ cat t2.c
768 typedef int __int32;
769 struct t2 {
770 int a2;
771 int (*f2)(char q1, __int32 q2, ...);
772 int (*f3)();
773 } g2;
774 int main() { return 0; }
775 int test() { return 0; }
776 -bash-4.4$ clang -c -g -O2 -target bpf t2.c
777 -bash-4.4$ readelf -S t2.o
778 ......
779 [ 8] .BTF PROGBITS 0000000000000000 00000247
780 000000000000016e 0000000000000000 0 0 1
781 [ 9] .BTF.ext PROGBITS 0000000000000000 000003b5
782 0000000000000060 0000000000000000 0 0 1
783 [10] .rel.BTF.ext REL 0000000000000000 000007e0
784 0000000000000040 0000000000000010 16 9 8
785 ......
786 -bash-4.4$ clang -S -g -O2 -target bpf t2.c
787 -bash-4.4$ cat t2.s
788 ......
789 .section .BTF,"",@progbits
790 .short 60319 # 0xeb9f
791 .byte 1
792 .byte 0
793 .long 24
794 .long 0
795 .long 220
796 .long 220
797 .long 122
798 .long 0 # BTF_KIND_FUNC_PROTO(id = 1)
799 .long 218103808 # 0xd000000
800 .long 2
801 .long 83 # BTF_KIND_INT(id = 2)
802 .long 16777216 # 0x1000000
803 .long 4
804 .long 16777248 # 0x1000020
805 ......
806 .byte 0 # string offset=0
807 .ascii ".text" # string offset=1
808 .byte 0
809 .ascii "/home/yhs/tmp-pahole/t2.c" # string offset=7
810 .byte 0
811 .ascii "int main() { return 0; }" # string offset=33
812 .byte 0
813 .ascii "int test() { return 0; }" # string offset=58
814 .byte 0
815 .ascii "int" # string offset=83
816 ......
817 .section .BTF.ext,"",@progbits
818 .short 60319 # 0xeb9f
819 .byte 1
820 .byte 0
821 .long 24
822 .long 0
823 .long 28
824 .long 28
825 .long 44
826 .long 8 # FuncInfo
827 .long 1 # FuncInfo section string offset=1
828 .long 2
829 .long .Lfunc_begin0
830 .long 3
831 .long .Lfunc_begin1
832 .long 5
833 .long 16 # LineInfo
834 .long 1 # LineInfo section string offset=1
835 .long 2
836 .long .Ltmp0
837 .long 7
838 .long 33
839 .long 7182 # Line 7 Col 14
840 .long .Ltmp3
841 .long 7
842 .long 58
843 .long 8206 # Line 8 Col 14
844
845 7. Testing
846 **********
847
848 Kernel bpf selftest `test_btf.c` provides extensive set of BTF-related tests.
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git