1 ===================== 1 =====================
2 BPF Type Format (BTF) 2 BPF Type Format (BTF)
3 ===================== 3 =====================
4 4
5 1. Introduction 5 1. Introduction
6 =============== !! 6 ***************
7 7
8 BTF (BPF Type Format) is the metadata format w 8 BTF (BPF Type Format) is the metadata format which encodes the debug info
9 related to BPF program/map. The name BTF was u 9 related to BPF program/map. The name BTF was used initially to describe data
10 types. The BTF was later extended to include f 10 types. The BTF was later extended to include function info for defined
11 subroutines, and line info for source/line inf 11 subroutines, and line info for source/line information.
12 12
13 The debug info is used for map pretty print, f 13 The debug info is used for map pretty print, function signature, etc. The
14 function signature enables better bpf program/ 14 function signature enables better bpf program/function kernel symbol. The line
15 info helps generate source annotated translate 15 info helps generate source annotated translated byte code, jited code and
16 verifier log. 16 verifier log.
17 17
18 The BTF specification contains two parts, 18 The BTF specification contains two parts,
19 * BTF kernel API 19 * BTF kernel API
20 * BTF ELF file format 20 * BTF ELF file format
21 21
22 The kernel API is the contract between user sp 22 The kernel API is the contract between user space and kernel. The kernel
23 verifies the BTF info before using it. The ELF 23 verifies the BTF info before using it. The ELF file format is a user space
24 contract between ELF file and libbpf loader. 24 contract between ELF file and libbpf loader.
25 25
26 The type and string sections are part of the B 26 The type and string sections are part of the BTF kernel API, describing the
27 debug info (mostly types related) referenced b 27 debug info (mostly types related) referenced by the bpf program. These two
28 sections are discussed in details in :ref:`BTF 28 sections are discussed in details in :ref:`BTF_Type_String`.
29 29
30 .. _BTF_Type_String: 30 .. _BTF_Type_String:
31 31
32 2. BTF Type and String Encoding 32 2. BTF Type and String Encoding
33 =============================== !! 33 *******************************
34 34
35 The file ``include/uapi/linux/btf.h`` provides 35 The file ``include/uapi/linux/btf.h`` provides high-level definition of how
36 types/strings are encoded. 36 types/strings are encoded.
37 37
38 The beginning of data blob must be:: 38 The beginning of data blob must be::
39 39
40 struct btf_header { 40 struct btf_header {
41 __u16 magic; 41 __u16 magic;
42 __u8 version; 42 __u8 version;
43 __u8 flags; 43 __u8 flags;
44 __u32 hdr_len; 44 __u32 hdr_len;
45 45
46 /* All offsets are in bytes relative t 46 /* All offsets are in bytes relative to the end of this header */
47 __u32 type_off; /* offset of t 47 __u32 type_off; /* offset of type section */
48 __u32 type_len; /* length of t 48 __u32 type_len; /* length of type section */
49 __u32 str_off; /* offset of s 49 __u32 str_off; /* offset of string section */
50 __u32 str_len; /* length of s 50 __u32 str_len; /* length of string section */
51 }; 51 };
52 52
53 The magic is ``0xeB9F``, which has different e 53 The magic is ``0xeB9F``, which has different encoding for big and little
54 endian systems, and can be used to test whethe 54 endian systems, and can be used to test whether BTF is generated for big- or
55 little-endian target. The ``btf_header`` is de 55 little-endian target. The ``btf_header`` is designed to be extensible with
56 ``hdr_len`` equal to ``sizeof(struct btf_heade 56 ``hdr_len`` equal to ``sizeof(struct btf_header)`` when a data blob is
57 generated. 57 generated.
58 58
59 2.1 String Encoding 59 2.1 String Encoding
60 ------------------- !! 60 ===================
61 61
62 The first string in the string section must be 62 The first string in the string section must be a null string. The rest of
63 string table is a concatenation of other null- 63 string table is a concatenation of other null-terminated strings.
64 64
65 2.2 Type Encoding 65 2.2 Type Encoding
66 ----------------- !! 66 =================
67 67
68 The type id ``0`` is reserved for ``void`` typ 68 The type id ``0`` is reserved for ``void`` type. The type section is parsed
69 sequentially and type id is assigned to each r 69 sequentially and type id is assigned to each recognized type starting from id
70 ``1``. Currently, the following types are supp 70 ``1``. Currently, the following types are supported::
71 71
72 #define BTF_KIND_INT 1 /* 72 #define BTF_KIND_INT 1 /* Integer */
73 #define BTF_KIND_PTR 2 /* 73 #define BTF_KIND_PTR 2 /* Pointer */
74 #define BTF_KIND_ARRAY 3 /* 74 #define BTF_KIND_ARRAY 3 /* Array */
75 #define BTF_KIND_STRUCT 4 /* 75 #define BTF_KIND_STRUCT 4 /* Struct */
76 #define BTF_KIND_UNION 5 /* 76 #define BTF_KIND_UNION 5 /* Union */
77 #define BTF_KIND_ENUM 6 /* !! 77 #define BTF_KIND_ENUM 6 /* Enumeration */
78 #define BTF_KIND_FWD 7 /* 78 #define BTF_KIND_FWD 7 /* Forward */
79 #define BTF_KIND_TYPEDEF 8 /* 79 #define BTF_KIND_TYPEDEF 8 /* Typedef */
80 #define BTF_KIND_VOLATILE 9 /* 80 #define BTF_KIND_VOLATILE 9 /* Volatile */
81 #define BTF_KIND_CONST 10 /* 81 #define BTF_KIND_CONST 10 /* Const */
82 #define BTF_KIND_RESTRICT 11 /* 82 #define BTF_KIND_RESTRICT 11 /* Restrict */
83 #define BTF_KIND_FUNC 12 /* 83 #define BTF_KIND_FUNC 12 /* Function */
84 #define BTF_KIND_FUNC_PROTO 13 /* 84 #define BTF_KIND_FUNC_PROTO 13 /* Function Proto */
85 #define BTF_KIND_VAR 14 /* <<
86 #define BTF_KIND_DATASEC 15 /* <<
87 #define BTF_KIND_FLOAT 16 /* <<
88 #define BTF_KIND_DECL_TAG 17 /* <<
89 #define BTF_KIND_TYPE_TAG 18 /* <<
90 #define BTF_KIND_ENUM64 19 /* <<
91 85
92 Note that the type section encodes debug info, 86 Note that the type section encodes debug info, not just pure types.
93 ``BTF_KIND_FUNC`` is not a type, and it repres 87 ``BTF_KIND_FUNC`` is not a type, and it represents a defined subprogram.
94 88
95 Each type contains the following common data:: 89 Each type contains the following common data::
96 90
97 struct btf_type { 91 struct btf_type {
98 __u32 name_off; 92 __u32 name_off;
99 /* "info" bits arrangement 93 /* "info" bits arrangement
100 * bits 0-15: vlen (e.g. # of struct' 94 * bits 0-15: vlen (e.g. # of struct's members)
101 * bits 16-23: unused 95 * bits 16-23: unused
102 * bits 24-28: kind (e.g. int, ptr, ar !! 96 * bits 24-27: kind (e.g. int, ptr, array...etc)
103 * bits 29-30: unused !! 97 * bits 28-30: unused
104 * bit 31: kind_flag, currently us 98 * bit 31: kind_flag, currently used by
105 * struct, union, fwd, enu !! 99 * struct, union and fwd
106 */ 100 */
107 __u32 info; 101 __u32 info;
108 /* "size" is used by INT, ENUM, STRUCT !! 102 /* "size" is used by INT, ENUM, STRUCT and UNION.
109 * "size" tells the size of the type i 103 * "size" tells the size of the type it is describing.
110 * 104 *
111 * "type" is used by PTR, TYPEDEF, VOL 105 * "type" is used by PTR, TYPEDEF, VOLATILE, CONST, RESTRICT,
112 * FUNC, FUNC_PROTO, DECL_TAG and TYPE !! 106 * FUNC and FUNC_PROTO.
113 * "type" is a type_id referring to an 107 * "type" is a type_id referring to another type.
114 */ 108 */
115 union { 109 union {
116 __u32 size; 110 __u32 size;
117 __u32 type; 111 __u32 type;
118 }; 112 };
119 }; 113 };
120 114
121 For certain kinds, the common data are followe 115 For certain kinds, the common data are followed by kind-specific data. The
122 ``name_off`` in ``struct btf_type`` specifies 116 ``name_off`` in ``struct btf_type`` specifies the offset in the string table.
123 The following sections detail encoding of each 117 The following sections detail encoding of each kind.
124 118
125 2.2.1 BTF_KIND_INT 119 2.2.1 BTF_KIND_INT
126 ~~~~~~~~~~~~~~~~~~ 120 ~~~~~~~~~~~~~~~~~~
127 121
128 ``struct btf_type`` encoding requirement: 122 ``struct btf_type`` encoding requirement:
129 * ``name_off``: any valid offset 123 * ``name_off``: any valid offset
130 * ``info.kind_flag``: 0 124 * ``info.kind_flag``: 0
131 * ``info.kind``: BTF_KIND_INT 125 * ``info.kind``: BTF_KIND_INT
132 * ``info.vlen``: 0 126 * ``info.vlen``: 0
133 * ``size``: the size of the int type in bytes 127 * ``size``: the size of the int type in bytes.
134 128
135 ``btf_type`` is followed by a ``u32`` with the 129 ``btf_type`` is followed by a ``u32`` with the following bits arrangement::
136 130
137 #define BTF_INT_ENCODING(VAL) (((VAL) & 0x 131 #define BTF_INT_ENCODING(VAL) (((VAL) & 0x0f000000) >> 24)
138 #define BTF_INT_OFFSET(VAL) (((VAL) & 0x !! 132 #define BTF_INT_OFFSET(VAL) (((VAL & 0x00ff0000)) >> 16)
139 #define BTF_INT_BITS(VAL) ((VAL) & 0x 133 #define BTF_INT_BITS(VAL) ((VAL) & 0x000000ff)
140 134
141 The ``BTF_INT_ENCODING`` has the following att 135 The ``BTF_INT_ENCODING`` has the following attributes::
142 136
143 #define BTF_INT_SIGNED (1 << 0) 137 #define BTF_INT_SIGNED (1 << 0)
144 #define BTF_INT_CHAR (1 << 1) 138 #define BTF_INT_CHAR (1 << 1)
145 #define BTF_INT_BOOL (1 << 2) 139 #define BTF_INT_BOOL (1 << 2)
146 140
147 The ``BTF_INT_ENCODING()`` provides extra info 141 The ``BTF_INT_ENCODING()`` provides extra information: signedness, char, or
148 bool, for the int type. The char and bool enco 142 bool, for the int type. The char and bool encoding are mostly useful for
149 pretty print. At most one encoding can be spec 143 pretty print. At most one encoding can be specified for the int type.
150 144
151 The ``BTF_INT_BITS()`` specifies the number of 145 The ``BTF_INT_BITS()`` specifies the number of actual bits held by this int
152 type. For example, a 4-bit bitfield encodes `` 146 type. For example, a 4-bit bitfield encodes ``BTF_INT_BITS()`` equals to 4.
153 The ``btf_type.size * 8`` must be equal to or 147 The ``btf_type.size * 8`` must be equal to or greater than ``BTF_INT_BITS()``
154 for the type. The maximum value of ``BTF_INT_B 148 for the type. The maximum value of ``BTF_INT_BITS()`` is 128.
155 149
156 The ``BTF_INT_OFFSET()`` specifies the startin 150 The ``BTF_INT_OFFSET()`` specifies the starting bit offset to calculate values
157 for this int. For example, a bitfield struct m 151 for this int. For example, a bitfield struct member has:
158 <<
159 * btf member bit offset 100 from the start of 152 * btf member bit offset 100 from the start of the structure,
160 * btf member pointing to an int type, 153 * btf member pointing to an int type,
161 * the int type has ``BTF_INT_OFFSET() = 2`` a 154 * the int type has ``BTF_INT_OFFSET() = 2`` and ``BTF_INT_BITS() = 4``
162 155
163 Then in the struct memory layout, this member 156 Then in the struct memory layout, this member will occupy ``4`` bits starting
164 from bits ``100 + 2 = 102``. 157 from bits ``100 + 2 = 102``.
165 158
166 Alternatively, the bitfield struct member can 159 Alternatively, the bitfield struct member can be the following to access the
167 same bits as the above: 160 same bits as the above:
168 <<
169 * btf member bit offset 102, 161 * btf member bit offset 102,
170 * btf member pointing to an int type, 162 * btf member pointing to an int type,
171 * the int type has ``BTF_INT_OFFSET() = 0`` a 163 * the int type has ``BTF_INT_OFFSET() = 0`` and ``BTF_INT_BITS() = 4``
172 164
173 The original intention of ``BTF_INT_OFFSET()`` 165 The original intention of ``BTF_INT_OFFSET()`` is to provide flexibility of
174 bitfield encoding. Currently, both llvm and pa 166 bitfield encoding. Currently, both llvm and pahole generate
175 ``BTF_INT_OFFSET() = 0`` for all int types. 167 ``BTF_INT_OFFSET() = 0`` for all int types.
176 168
177 2.2.2 BTF_KIND_PTR 169 2.2.2 BTF_KIND_PTR
178 ~~~~~~~~~~~~~~~~~~ 170 ~~~~~~~~~~~~~~~~~~
179 171
180 ``struct btf_type`` encoding requirement: 172 ``struct btf_type`` encoding requirement:
181 * ``name_off``: 0 173 * ``name_off``: 0
182 * ``info.kind_flag``: 0 174 * ``info.kind_flag``: 0
183 * ``info.kind``: BTF_KIND_PTR 175 * ``info.kind``: BTF_KIND_PTR
184 * ``info.vlen``: 0 176 * ``info.vlen``: 0
185 * ``type``: the pointee type of the pointer 177 * ``type``: the pointee type of the pointer
186 178
187 No additional type data follow ``btf_type``. 179 No additional type data follow ``btf_type``.
188 180
189 2.2.3 BTF_KIND_ARRAY 181 2.2.3 BTF_KIND_ARRAY
190 ~~~~~~~~~~~~~~~~~~~~ 182 ~~~~~~~~~~~~~~~~~~~~
191 183
192 ``struct btf_type`` encoding requirement: 184 ``struct btf_type`` encoding requirement:
193 * ``name_off``: 0 185 * ``name_off``: 0
194 * ``info.kind_flag``: 0 186 * ``info.kind_flag``: 0
195 * ``info.kind``: BTF_KIND_ARRAY 187 * ``info.kind``: BTF_KIND_ARRAY
196 * ``info.vlen``: 0 188 * ``info.vlen``: 0
197 * ``size/type``: 0, not used 189 * ``size/type``: 0, not used
198 190
199 ``btf_type`` is followed by one ``struct btf_a 191 ``btf_type`` is followed by one ``struct btf_array``::
200 192
201 struct btf_array { 193 struct btf_array {
202 __u32 type; 194 __u32 type;
203 __u32 index_type; 195 __u32 index_type;
204 __u32 nelems; 196 __u32 nelems;
205 }; 197 };
206 198
207 The ``struct btf_array`` encoding: 199 The ``struct btf_array`` encoding:
208 * ``type``: the element type 200 * ``type``: the element type
209 * ``index_type``: the index type 201 * ``index_type``: the index type
210 * ``nelems``: the number of elements for thi 202 * ``nelems``: the number of elements for this array (``0`` is also allowed).
211 203
212 The ``index_type`` can be any regular int type 204 The ``index_type`` can be any regular int type (``u8``, ``u16``, ``u32``,
213 ``u64``, ``unsigned __int128``). The original 205 ``u64``, ``unsigned __int128``). The original design of including
214 ``index_type`` follows DWARF, which has an ``i 206 ``index_type`` follows DWARF, which has an ``index_type`` for its array type.
215 Currently in BTF, beyond type verification, th 207 Currently in BTF, beyond type verification, the ``index_type`` is not used.
216 208
217 The ``struct btf_array`` allows chaining throu 209 The ``struct btf_array`` allows chaining through element type to represent
218 multidimensional arrays. For example, for ``in 210 multidimensional arrays. For example, for ``int a[5][6]``, the following type
219 information illustrates the chaining: 211 information illustrates the chaining:
220 212
221 * [1]: int 213 * [1]: int
222 * [2]: array, ``btf_array.type = [1]``, ``bt 214 * [2]: array, ``btf_array.type = [1]``, ``btf_array.nelems = 6``
223 * [3]: array, ``btf_array.type = [2]``, ``bt 215 * [3]: array, ``btf_array.type = [2]``, ``btf_array.nelems = 5``
224 216
225 Currently, both pahole and llvm collapse multi 217 Currently, both pahole and llvm collapse multidimensional array into
226 one-dimensional array, e.g., for ``a[5][6]``, 218 one-dimensional array, e.g., for ``a[5][6]``, the ``btf_array.nelems`` is
227 equal to ``30``. This is because the original 219 equal to ``30``. This is because the original use case is map pretty print
228 where the whole array is dumped out so one-dim 220 where the whole array is dumped out so one-dimensional array is enough. As
229 more BTF usage is explored, pahole and llvm ca 221 more BTF usage is explored, pahole and llvm can be changed to generate proper
230 chained representation for multidimensional ar 222 chained representation for multidimensional arrays.
231 223
232 2.2.4 BTF_KIND_STRUCT 224 2.2.4 BTF_KIND_STRUCT
233 ~~~~~~~~~~~~~~~~~~~~~ 225 ~~~~~~~~~~~~~~~~~~~~~
234 2.2.5 BTF_KIND_UNION 226 2.2.5 BTF_KIND_UNION
235 ~~~~~~~~~~~~~~~~~~~~ 227 ~~~~~~~~~~~~~~~~~~~~
236 228
237 ``struct btf_type`` encoding requirement: 229 ``struct btf_type`` encoding requirement:
238 * ``name_off``: 0 or offset to a valid C ide 230 * ``name_off``: 0 or offset to a valid C identifier
239 * ``info.kind_flag``: 0 or 1 231 * ``info.kind_flag``: 0 or 1
240 * ``info.kind``: BTF_KIND_STRUCT or BTF_KIND 232 * ``info.kind``: BTF_KIND_STRUCT or BTF_KIND_UNION
241 * ``info.vlen``: the number of struct/union 233 * ``info.vlen``: the number of struct/union members
242 * ``info.size``: the size of the struct/unio 234 * ``info.size``: the size of the struct/union in bytes
243 235
244 ``btf_type`` is followed by ``info.vlen`` numb 236 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_member``.::
245 237
246 struct btf_member { 238 struct btf_member {
247 __u32 name_off; 239 __u32 name_off;
248 __u32 type; 240 __u32 type;
249 __u32 offset; 241 __u32 offset;
250 }; 242 };
251 243
252 ``struct btf_member`` encoding: 244 ``struct btf_member`` encoding:
253 * ``name_off``: offset to a valid C identifi 245 * ``name_off``: offset to a valid C identifier
254 * ``type``: the member type 246 * ``type``: the member type
255 * ``offset``: <see below> 247 * ``offset``: <see below>
256 248
257 If the type info ``kind_flag`` is not set, the 249 If the type info ``kind_flag`` is not set, the offset contains only bit offset
258 of the member. Note that the base type of the 250 of the member. Note that the base type of the bitfield can only be int or enum
259 type. If the bitfield size is 32, the base typ 251 type. If the bitfield size is 32, the base type can be either int or enum
260 type. If the bitfield size is not 32, the base 252 type. If the bitfield size is not 32, the base type must be int, and int type
261 ``BTF_INT_BITS()`` encodes the bitfield size. 253 ``BTF_INT_BITS()`` encodes the bitfield size.
262 254
263 If the ``kind_flag`` is set, the ``btf_member. 255 If the ``kind_flag`` is set, the ``btf_member.offset`` contains both member
264 bitfield size and bit offset. The bitfield siz 256 bitfield size and bit offset. The bitfield size and bit offset are calculated
265 as below.:: 257 as below.::
266 258
267 #define BTF_MEMBER_BITFIELD_SIZE(val) ((va 259 #define BTF_MEMBER_BITFIELD_SIZE(val) ((val) >> 24)
268 #define BTF_MEMBER_BIT_OFFSET(val) ((va 260 #define BTF_MEMBER_BIT_OFFSET(val) ((val) & 0xffffff)
269 261
270 In this case, if the base type is an int type, 262 In this case, if the base type is an int type, it must be a regular int type:
271 263
272 * ``BTF_INT_OFFSET()`` must be 0. 264 * ``BTF_INT_OFFSET()`` must be 0.
273 * ``BTF_INT_BITS()`` must be equal to ``{1,2 265 * ``BTF_INT_BITS()`` must be equal to ``{1,2,4,8,16} * 8``.
274 266
275 Commit 9d5f9f701b18 introduced ``kind_flag`` a !! 267 The following kernel patch introduced ``kind_flag`` and explained why both
276 exist. !! 268 modes exist:
>> 269
>> 270 https://github.com/torvalds/linux/commit/9d5f9f701b1891466fb3dbb1806ad97716f95cc3#diff-fa650a64fdd3968396883d2fe8215ff3
277 271
278 2.2.6 BTF_KIND_ENUM 272 2.2.6 BTF_KIND_ENUM
279 ~~~~~~~~~~~~~~~~~~~ 273 ~~~~~~~~~~~~~~~~~~~
280 274
281 ``struct btf_type`` encoding requirement: 275 ``struct btf_type`` encoding requirement:
282 * ``name_off``: 0 or offset to a valid C ide 276 * ``name_off``: 0 or offset to a valid C identifier
283 * ``info.kind_flag``: 0 for unsigned, 1 for !! 277 * ``info.kind_flag``: 0
284 * ``info.kind``: BTF_KIND_ENUM 278 * ``info.kind``: BTF_KIND_ENUM
285 * ``info.vlen``: number of enum values 279 * ``info.vlen``: number of enum values
286 * ``size``: 1/2/4/8 !! 280 * ``size``: 4
287 281
288 ``btf_type`` is followed by ``info.vlen`` numb 282 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_enum``.::
289 283
290 struct btf_enum { 284 struct btf_enum {
291 __u32 name_off; 285 __u32 name_off;
292 __s32 val; 286 __s32 val;
293 }; 287 };
294 288
295 The ``btf_enum`` encoding: 289 The ``btf_enum`` encoding:
296 * ``name_off``: offset to a valid C identifi 290 * ``name_off``: offset to a valid C identifier
297 * ``val``: any value 291 * ``val``: any value
298 292
299 If the original enum value is signed and the s <<
300 that value will be sign extended into 4 bytes. <<
301 the value will be truncated into 4 bytes. <<
302 <<
303 2.2.7 BTF_KIND_FWD 293 2.2.7 BTF_KIND_FWD
304 ~~~~~~~~~~~~~~~~~~ 294 ~~~~~~~~~~~~~~~~~~
305 295
306 ``struct btf_type`` encoding requirement: 296 ``struct btf_type`` encoding requirement:
307 * ``name_off``: offset to a valid C identifi 297 * ``name_off``: offset to a valid C identifier
308 * ``info.kind_flag``: 0 for struct, 1 for un 298 * ``info.kind_flag``: 0 for struct, 1 for union
309 * ``info.kind``: BTF_KIND_FWD 299 * ``info.kind``: BTF_KIND_FWD
310 * ``info.vlen``: 0 300 * ``info.vlen``: 0
311 * ``type``: 0 301 * ``type``: 0
312 302
313 No additional type data follow ``btf_type``. 303 No additional type data follow ``btf_type``.
314 304
315 2.2.8 BTF_KIND_TYPEDEF 305 2.2.8 BTF_KIND_TYPEDEF
316 ~~~~~~~~~~~~~~~~~~~~~~ 306 ~~~~~~~~~~~~~~~~~~~~~~
317 307
318 ``struct btf_type`` encoding requirement: 308 ``struct btf_type`` encoding requirement:
319 * ``name_off``: offset to a valid C identifi 309 * ``name_off``: offset to a valid C identifier
320 * ``info.kind_flag``: 0 310 * ``info.kind_flag``: 0
321 * ``info.kind``: BTF_KIND_TYPEDEF 311 * ``info.kind``: BTF_KIND_TYPEDEF
322 * ``info.vlen``: 0 312 * ``info.vlen``: 0
323 * ``type``: the type which can be referred b 313 * ``type``: the type which can be referred by name at ``name_off``
324 314
325 No additional type data follow ``btf_type``. 315 No additional type data follow ``btf_type``.
326 316
327 2.2.9 BTF_KIND_VOLATILE 317 2.2.9 BTF_KIND_VOLATILE
328 ~~~~~~~~~~~~~~~~~~~~~~~ 318 ~~~~~~~~~~~~~~~~~~~~~~~
329 319
330 ``struct btf_type`` encoding requirement: 320 ``struct btf_type`` encoding requirement:
331 * ``name_off``: 0 321 * ``name_off``: 0
332 * ``info.kind_flag``: 0 322 * ``info.kind_flag``: 0
333 * ``info.kind``: BTF_KIND_VOLATILE 323 * ``info.kind``: BTF_KIND_VOLATILE
334 * ``info.vlen``: 0 324 * ``info.vlen``: 0
335 * ``type``: the type with ``volatile`` quali 325 * ``type``: the type with ``volatile`` qualifier
336 326
337 No additional type data follow ``btf_type``. 327 No additional type data follow ``btf_type``.
338 328
339 2.2.10 BTF_KIND_CONST 329 2.2.10 BTF_KIND_CONST
340 ~~~~~~~~~~~~~~~~~~~~~ 330 ~~~~~~~~~~~~~~~~~~~~~
341 331
342 ``struct btf_type`` encoding requirement: 332 ``struct btf_type`` encoding requirement:
343 * ``name_off``: 0 333 * ``name_off``: 0
344 * ``info.kind_flag``: 0 334 * ``info.kind_flag``: 0
345 * ``info.kind``: BTF_KIND_CONST 335 * ``info.kind``: BTF_KIND_CONST
346 * ``info.vlen``: 0 336 * ``info.vlen``: 0
347 * ``type``: the type with ``const`` qualifie 337 * ``type``: the type with ``const`` qualifier
348 338
349 No additional type data follow ``btf_type``. 339 No additional type data follow ``btf_type``.
350 340
351 2.2.11 BTF_KIND_RESTRICT 341 2.2.11 BTF_KIND_RESTRICT
352 ~~~~~~~~~~~~~~~~~~~~~~~~ 342 ~~~~~~~~~~~~~~~~~~~~~~~~
353 343
354 ``struct btf_type`` encoding requirement: 344 ``struct btf_type`` encoding requirement:
355 * ``name_off``: 0 345 * ``name_off``: 0
356 * ``info.kind_flag``: 0 346 * ``info.kind_flag``: 0
357 * ``info.kind``: BTF_KIND_RESTRICT 347 * ``info.kind``: BTF_KIND_RESTRICT
358 * ``info.vlen``: 0 348 * ``info.vlen``: 0
359 * ``type``: the type with ``restrict`` quali 349 * ``type``: the type with ``restrict`` qualifier
360 350
361 No additional type data follow ``btf_type``. 351 No additional type data follow ``btf_type``.
362 352
363 2.2.12 BTF_KIND_FUNC 353 2.2.12 BTF_KIND_FUNC
364 ~~~~~~~~~~~~~~~~~~~~ 354 ~~~~~~~~~~~~~~~~~~~~
365 355
366 ``struct btf_type`` encoding requirement: 356 ``struct btf_type`` encoding requirement:
367 * ``name_off``: offset to a valid C identifi 357 * ``name_off``: offset to a valid C identifier
368 * ``info.kind_flag``: 0 358 * ``info.kind_flag``: 0
369 * ``info.kind``: BTF_KIND_FUNC 359 * ``info.kind``: BTF_KIND_FUNC
370 * ``info.vlen``: linkage information (BTF_FU !! 360 * ``info.vlen``: 0
371 or BTF_FUNC_EXTERN - see :r <<
372 * ``type``: a BTF_KIND_FUNC_PROTO type 361 * ``type``: a BTF_KIND_FUNC_PROTO type
373 362
374 No additional type data follow ``btf_type``. 363 No additional type data follow ``btf_type``.
375 364
376 A BTF_KIND_FUNC defines not a type, but a subp 365 A BTF_KIND_FUNC defines not a type, but a subprogram (function) whose
377 signature is defined by ``type``. The subprogr 366 signature is defined by ``type``. The subprogram is thus an instance of that
378 type. The BTF_KIND_FUNC may in turn be referen 367 type. The BTF_KIND_FUNC may in turn be referenced by a func_info in the
379 :ref:`BTF_Ext_Section` (ELF) or in the argumen 368 :ref:`BTF_Ext_Section` (ELF) or in the arguments to :ref:`BPF_Prog_Load`
380 (ABI). 369 (ABI).
381 370
382 Currently, only linkage values of BTF_FUNC_STA <<
383 supported in the kernel. <<
384 <<
385 2.2.13 BTF_KIND_FUNC_PROTO 371 2.2.13 BTF_KIND_FUNC_PROTO
386 ~~~~~~~~~~~~~~~~~~~~~~~~~~ 372 ~~~~~~~~~~~~~~~~~~~~~~~~~~
387 373
388 ``struct btf_type`` encoding requirement: 374 ``struct btf_type`` encoding requirement:
389 * ``name_off``: 0 375 * ``name_off``: 0
390 * ``info.kind_flag``: 0 376 * ``info.kind_flag``: 0
391 * ``info.kind``: BTF_KIND_FUNC_PROTO 377 * ``info.kind``: BTF_KIND_FUNC_PROTO
392 * ``info.vlen``: # of parameters 378 * ``info.vlen``: # of parameters
393 * ``type``: the return type 379 * ``type``: the return type
394 380
395 ``btf_type`` is followed by ``info.vlen`` numb 381 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_param``.::
396 382
397 struct btf_param { 383 struct btf_param {
398 __u32 name_off; 384 __u32 name_off;
399 __u32 type; 385 __u32 type;
400 }; 386 };
401 387
402 If a BTF_KIND_FUNC_PROTO type is referred by a 388 If a BTF_KIND_FUNC_PROTO type is referred by a BTF_KIND_FUNC type, then
403 ``btf_param.name_off`` must point to a valid C 389 ``btf_param.name_off`` must point to a valid C identifier except for the
404 possible last argument representing the variab 390 possible last argument representing the variable argument. The btf_param.type
405 refers to parameter type. 391 refers to parameter type.
406 392
407 If the function has variable arguments, the la 393 If the function has variable arguments, the last parameter is encoded with
408 ``name_off = 0`` and ``type = 0``. 394 ``name_off = 0`` and ``type = 0``.
409 395
410 2.2.14 BTF_KIND_VAR <<
411 ~~~~~~~~~~~~~~~~~~~ <<
412 <<
413 ``struct btf_type`` encoding requirement: <<
414 * ``name_off``: offset to a valid C identifi <<
415 * ``info.kind_flag``: 0 <<
416 * ``info.kind``: BTF_KIND_VAR <<
417 * ``info.vlen``: 0 <<
418 * ``type``: the type of the variable <<
419 <<
420 ``btf_type`` is followed by a single ``struct <<
421 following data:: <<
422 <<
423 struct btf_var { <<
424 __u32 linkage; <<
425 }; <<
426 <<
427 ``btf_var.linkage`` may take the values: BTF_V <<
428 see :ref:`BTF_Var_Linkage_Constants`. <<
429 <<
430 Not all type of global variables are supported <<
431 The following is currently available: <<
432 <<
433 * static variables with or without section a <<
434 * global variables with section attributes <<
435 <<
436 The latter is for future extraction of map key <<
437 map definition. <<
438 <<
439 2.2.15 BTF_KIND_DATASEC <<
440 ~~~~~~~~~~~~~~~~~~~~~~~ <<
441 <<
442 ``struct btf_type`` encoding requirement: <<
443 * ``name_off``: offset to a valid name assoc <<
444 one of .data/.bss/.rodata <<
445 * ``info.kind_flag``: 0 <<
446 * ``info.kind``: BTF_KIND_DATASEC <<
447 * ``info.vlen``: # of variables <<
448 * ``size``: total section size in bytes (0 a <<
449 to actual size by BPF loaders su <<
450 <<
451 ``btf_type`` is followed by ``info.vlen`` numb <<
452 <<
453 struct btf_var_secinfo { <<
454 __u32 type; <<
455 __u32 offset; <<
456 __u32 size; <<
457 }; <<
458 <<
459 ``struct btf_var_secinfo`` encoding: <<
460 * ``type``: the type of the BTF_KIND_VAR var <<
461 * ``offset``: the in-section offset of the v <<
462 * ``size``: the size of the variable in byte <<
463 <<
464 2.2.16 BTF_KIND_FLOAT <<
465 ~~~~~~~~~~~~~~~~~~~~~ <<
466 <<
467 ``struct btf_type`` encoding requirement: <<
468 * ``name_off``: any valid offset <<
469 * ``info.kind_flag``: 0 <<
470 * ``info.kind``: BTF_KIND_FLOAT <<
471 * ``info.vlen``: 0 <<
472 * ``size``: the size of the float type in byt <<
473 <<
474 No additional type data follow ``btf_type``. <<
475 <<
476 2.2.17 BTF_KIND_DECL_TAG <<
477 ~~~~~~~~~~~~~~~~~~~~~~~~ <<
478 <<
479 ``struct btf_type`` encoding requirement: <<
480 * ``name_off``: offset to a non-empty string <<
481 * ``info.kind_flag``: 0 <<
482 * ``info.kind``: BTF_KIND_DECL_TAG <<
483 * ``info.vlen``: 0 <<
484 * ``type``: ``struct``, ``union``, ``func``, <<
485 <<
486 ``btf_type`` is followed by ``struct btf_decl_ <<
487 <<
488 struct btf_decl_tag { <<
489 __u32 component_idx; <<
490 }; <<
491 <<
492 The ``name_off`` encodes btf_decl_tag attribut <<
493 The ``type`` should be ``struct``, ``union``, <<
494 For ``var`` or ``typedef`` type, ``btf_decl_ta <<
495 For the other three types, if the btf_decl_tag <<
496 applied to the ``struct``, ``union`` or ``func <<
497 ``btf_decl_tag.component_idx`` must be ``-1``. <<
498 the attribute is applied to a ``struct``/``uni <<
499 a ``func`` argument, and ``btf_decl_tag.compon <<
500 valid index (starting from 0) pointing to a me <<
501 <<
502 2.2.18 BTF_KIND_TYPE_TAG <<
503 ~~~~~~~~~~~~~~~~~~~~~~~~ <<
504 <<
505 ``struct btf_type`` encoding requirement: <<
506 * ``name_off``: offset to a non-empty string <<
507 * ``info.kind_flag``: 0 <<
508 * ``info.kind``: BTF_KIND_TYPE_TAG <<
509 * ``info.vlen``: 0 <<
510 * ``type``: the type with ``btf_type_tag`` at <<
511 <<
512 Currently, ``BTF_KIND_TYPE_TAG`` is only emitt <<
513 It has the following btf type chain: <<
514 :: <<
515 <<
516 ptr -> [type_tag]* <<
517 -> [const | volatile | restrict | typede <<
518 -> base_type <<
519 <<
520 Basically, a pointer type points to zero or mo <<
521 type_tag, then zero or more const/volatile/res <<
522 and finally the base type. The base type is on <<
523 int, ptr, array, struct, union, enum, func_pro <<
524 <<
525 2.2.19 BTF_KIND_ENUM64 <<
526 ~~~~~~~~~~~~~~~~~~~~~~ <<
527 <<
528 ``struct btf_type`` encoding requirement: <<
529 * ``name_off``: 0 or offset to a valid C ide <<
530 * ``info.kind_flag``: 0 for unsigned, 1 for <<
531 * ``info.kind``: BTF_KIND_ENUM64 <<
532 * ``info.vlen``: number of enum values <<
533 * ``size``: 1/2/4/8 <<
534 <<
535 ``btf_type`` is followed by ``info.vlen`` numb <<
536 <<
537 struct btf_enum64 { <<
538 __u32 name_off; <<
539 __u32 val_lo32; <<
540 __u32 val_hi32; <<
541 }; <<
542 <<
543 The ``btf_enum64`` encoding: <<
544 * ``name_off``: offset to a valid C identifi <<
545 * ``val_lo32``: lower 32-bit value for a 64- <<
546 * ``val_hi32``: high 32-bit value for a 64-b <<
547 <<
548 If the original enum value is signed and the s <<
549 that value will be sign extended into 8 bytes. <<
550 <<
551 2.3 Constant Values <<
552 ------------------- <<
553 <<
554 .. _BTF_Function_Linkage_Constants: <<
555 <<
556 2.3.1 Function Linkage Constant Values <<
557 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <<
558 .. table:: Function Linkage Values and Meaning <<
559 <<
560 =================== ===== =========== <<
561 kind value description <<
562 =================== ===== =========== <<
563 ``BTF_FUNC_STATIC`` 0x0 definition of su <<
564 ``BTF_FUNC_GLOBAL`` 0x1 definition of su <<
565 ``BTF_FUNC_EXTERN`` 0x2 declaration of a <<
566 =================== ===== =========== <<
567 <<
568 <<
569 .. _BTF_Var_Linkage_Constants: <<
570 <<
571 2.3.2 Variable Linkage Constant Values <<
572 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <<
573 .. table:: Variable Linkage Values and Meaning <<
574 <<
575 ============================ ===== ======= <<
576 kind value descrip <<
577 ============================ ===== ======= <<
578 ``BTF_VAR_STATIC`` 0x0 definit <<
579 ``BTF_VAR_GLOBAL_ALLOCATED`` 0x1 definit <<
580 ``BTF_VAR_GLOBAL_EXTERN`` 0x2 declara <<
581 ============================ ===== ======= <<
582 <<
583 3. BTF Kernel API 396 3. BTF Kernel API
584 ================= !! 397 *****************
585 398
586 The following bpf syscall command involves BTF 399 The following bpf syscall command involves BTF:
587 * BPF_BTF_LOAD: load a blob of BTF data int 400 * BPF_BTF_LOAD: load a blob of BTF data into kernel
588 * BPF_MAP_CREATE: map creation with btf key 401 * BPF_MAP_CREATE: map creation with btf key and value type info.
589 * BPF_PROG_LOAD: prog load with btf functio 402 * BPF_PROG_LOAD: prog load with btf function and line info.
590 * BPF_BTF_GET_FD_BY_ID: get a btf fd 403 * BPF_BTF_GET_FD_BY_ID: get a btf fd
591 * BPF_OBJ_GET_INFO_BY_FD: btf, func_info, l 404 * BPF_OBJ_GET_INFO_BY_FD: btf, func_info, line_info
592 and other btf related info are returned. 405 and other btf related info are returned.
593 406
594 The workflow typically looks like: 407 The workflow typically looks like:
595 :: 408 ::
596 409
597 Application: 410 Application:
598 BPF_BTF_LOAD 411 BPF_BTF_LOAD
599 | 412 |
600 v 413 v
601 BPF_MAP_CREATE and BPF_PROG_LOAD 414 BPF_MAP_CREATE and BPF_PROG_LOAD
602 | 415 |
603 V 416 V
604 ...... 417 ......
605 418
606 Introspection tool: 419 Introspection tool:
607 ...... 420 ......
608 BPF_{PROG,MAP}_GET_NEXT_ID (get prog/map 421 BPF_{PROG,MAP}_GET_NEXT_ID (get prog/map id's)
609 | 422 |
610 V 423 V
611 BPF_{PROG,MAP}_GET_FD_BY_ID (get a prog/ 424 BPF_{PROG,MAP}_GET_FD_BY_ID (get a prog/map fd)
612 | 425 |
613 V 426 V
614 BPF_OBJ_GET_INFO_BY_FD (get bpf_prog_inf 427 BPF_OBJ_GET_INFO_BY_FD (get bpf_prog_info/bpf_map_info with btf_id)
615 | 428 | |
616 V 429 V |
617 BPF_BTF_GET_FD_BY_ID (get btf_fd) 430 BPF_BTF_GET_FD_BY_ID (get btf_fd) |
618 | 431 | |
619 V 432 V |
620 BPF_OBJ_GET_INFO_BY_FD (get btf) 433 BPF_OBJ_GET_INFO_BY_FD (get btf) |
621 | 434 | |
622 V 435 V V
623 pretty print types, dump func signatures 436 pretty print types, dump func signatures and line info, etc.
624 437
625 438
626 3.1 BPF_BTF_LOAD 439 3.1 BPF_BTF_LOAD
627 ---------------- !! 440 ================
628 441
629 Load a blob of BTF data into kernel. A blob of 442 Load a blob of BTF data into kernel. A blob of data, described in
630 :ref:`BTF_Type_String`, can be directly loaded 443 :ref:`BTF_Type_String`, can be directly loaded into the kernel. A ``btf_fd``
631 is returned to a userspace. 444 is returned to a userspace.
632 445
633 3.2 BPF_MAP_CREATE 446 3.2 BPF_MAP_CREATE
634 ------------------ !! 447 ==================
635 448
636 A map can be created with ``btf_fd`` and speci 449 A map can be created with ``btf_fd`` and specified key/value type id.::
637 450
638 __u32 btf_fd; /* fd pointing to 451 __u32 btf_fd; /* fd pointing to a BTF type data */
639 __u32 btf_key_type_id; /* BTF typ 452 __u32 btf_key_type_id; /* BTF type_id of the key */
640 __u32 btf_value_type_id; /* BTF typ 453 __u32 btf_value_type_id; /* BTF type_id of the value */
641 454
642 In libbpf, the map can be defined with extra a 455 In libbpf, the map can be defined with extra annotation like below:
643 :: 456 ::
644 457
645 struct { !! 458 struct bpf_map_def SEC("maps") btf_map = {
646 __uint(type, BPF_MAP_TYPE_ARRAY); !! 459 .type = BPF_MAP_TYPE_ARRAY,
647 __type(key, int); !! 460 .key_size = sizeof(int),
648 __type(value, struct ipv_counts); !! 461 .value_size = sizeof(struct ipv_counts),
649 __uint(max_entries, 4); !! 462 .max_entries = 4,
650 } btf_map SEC(".maps"); !! 463 };
651 !! 464 BPF_ANNOTATE_KV_PAIR(btf_map, int, struct ipv_counts);
652 During ELF parsing, libbpf is able to extract !! 465
653 them to BPF_MAP_CREATE attributes automaticall !! 466 Here, the parameters for macro BPF_ANNOTATE_KV_PAIR are map name, key and
>> 467 value types for the map. During ELF parsing, libbpf is able to extract
>> 468 key/value type_id's and assign them to BPF_MAP_CREATE attributes
>> 469 automatically.
654 470
655 .. _BPF_Prog_Load: 471 .. _BPF_Prog_Load:
656 472
657 3.3 BPF_PROG_LOAD 473 3.3 BPF_PROG_LOAD
658 ----------------- !! 474 =================
659 475
660 During prog_load, func_info and line_info can 476 During prog_load, func_info and line_info can be passed to kernel with proper
661 values for the following attributes: 477 values for the following attributes:
662 :: 478 ::
663 479
664 __u32 insn_cnt; 480 __u32 insn_cnt;
665 __aligned_u64 insns; 481 __aligned_u64 insns;
666 ...... 482 ......
667 __u32 prog_btf_fd; /* fd poin 483 __u32 prog_btf_fd; /* fd pointing to BTF type data */
668 __u32 func_info_rec_size; /* 484 __u32 func_info_rec_size; /* userspace bpf_func_info size */
669 __aligned_u64 func_info; /* func in 485 __aligned_u64 func_info; /* func info */
670 __u32 func_info_cnt; /* number 486 __u32 func_info_cnt; /* number of bpf_func_info records */
671 __u32 line_info_rec_size; /* 487 __u32 line_info_rec_size; /* userspace bpf_line_info size */
672 __aligned_u64 line_info; /* line in 488 __aligned_u64 line_info; /* line info */
673 __u32 line_info_cnt; /* number 489 __u32 line_info_cnt; /* number of bpf_line_info records */
674 490
675 The func_info and line_info are an array of be 491 The func_info and line_info are an array of below, respectively.::
676 492
677 struct bpf_func_info { 493 struct bpf_func_info {
678 __u32 insn_off; /* [0, insn_cnt - 1] 494 __u32 insn_off; /* [0, insn_cnt - 1] */
679 __u32 type_id; /* pointing to a BTF 495 __u32 type_id; /* pointing to a BTF_KIND_FUNC type */
680 }; 496 };
681 struct bpf_line_info { 497 struct bpf_line_info {
682 __u32 insn_off; /* [0, insn_cnt - 1] 498 __u32 insn_off; /* [0, insn_cnt - 1] */
683 __u32 file_name_off; /* offset to st 499 __u32 file_name_off; /* offset to string table for the filename */
684 __u32 line_off; /* offset to string 500 __u32 line_off; /* offset to string table for the source line */
685 __u32 line_col; /* line number and c 501 __u32 line_col; /* line number and column number */
686 }; 502 };
687 503
688 func_info_rec_size is the size of each func_in 504 func_info_rec_size is the size of each func_info record, and
689 line_info_rec_size is the size of each line_in 505 line_info_rec_size is the size of each line_info record. Passing the record
690 size to kernel make it possible to extend the 506 size to kernel make it possible to extend the record itself in the future.
691 507
692 Below are requirements for func_info: 508 Below are requirements for func_info:
693 * func_info[0].insn_off must be 0. 509 * func_info[0].insn_off must be 0.
694 * the func_info insn_off is in strictly incr 510 * the func_info insn_off is in strictly increasing order and matches
695 bpf func boundaries. 511 bpf func boundaries.
696 512
697 Below are requirements for line_info: 513 Below are requirements for line_info:
698 * the first insn in each func must have a li 514 * the first insn in each func must have a line_info record pointing to it.
699 * the line_info insn_off is in strictly incr 515 * the line_info insn_off is in strictly increasing order.
700 516
701 For line_info, the line number and column numb 517 For line_info, the line number and column number are defined as below:
702 :: 518 ::
703 519
704 #define BPF_LINE_INFO_LINE_NUM(line_col) 520 #define BPF_LINE_INFO_LINE_NUM(line_col) ((line_col) >> 10)
705 #define BPF_LINE_INFO_LINE_COL(line_col) 521 #define BPF_LINE_INFO_LINE_COL(line_col) ((line_col) & 0x3ff)
706 522
707 3.4 BPF_{PROG,MAP}_GET_NEXT_ID 523 3.4 BPF_{PROG,MAP}_GET_NEXT_ID
708 ------------------------------ <<
709 524
710 In kernel, every loaded program, map or btf ha 525 In kernel, every loaded program, map or btf has a unique id. The id won't
711 change during the lifetime of a program, map, 526 change during the lifetime of a program, map, or btf.
712 527
713 The bpf syscall command BPF_{PROG,MAP}_GET_NEX 528 The bpf syscall command BPF_{PROG,MAP}_GET_NEXT_ID returns all id's, one for
714 each command, to user space, for bpf program o 529 each command, to user space, for bpf program or maps, respectively, so an
715 inspection tool can inspect all programs and m 530 inspection tool can inspect all programs and maps.
716 531
717 3.5 BPF_{PROG,MAP}_GET_FD_BY_ID 532 3.5 BPF_{PROG,MAP}_GET_FD_BY_ID
718 ------------------------------- <<
719 533
720 An introspection tool cannot use id to get det 534 An introspection tool cannot use id to get details about program or maps.
721 A file descriptor needs to be obtained first f 535 A file descriptor needs to be obtained first for reference-counting purpose.
722 536
723 3.6 BPF_OBJ_GET_INFO_BY_FD 537 3.6 BPF_OBJ_GET_INFO_BY_FD
724 -------------------------- !! 538 ==========================
725 539
726 Once a program/map fd is acquired, an introspe 540 Once a program/map fd is acquired, an introspection tool can get the detailed
727 information from kernel about this fd, some of 541 information from kernel about this fd, some of which are BTF-related. For
728 example, ``bpf_map_info`` returns ``btf_id`` a 542 example, ``bpf_map_info`` returns ``btf_id`` and key/value type ids.
729 ``bpf_prog_info`` returns ``btf_id``, func_inf 543 ``bpf_prog_info`` returns ``btf_id``, func_info, and line info for translated
730 bpf byte codes, and jited_line_info. 544 bpf byte codes, and jited_line_info.
731 545
732 3.7 BPF_BTF_GET_FD_BY_ID 546 3.7 BPF_BTF_GET_FD_BY_ID
733 ------------------------ !! 547 ========================
734 548
735 With ``btf_id`` obtained in ``bpf_map_info`` a 549 With ``btf_id`` obtained in ``bpf_map_info`` and ``bpf_prog_info``, bpf
736 syscall command BPF_BTF_GET_FD_BY_ID can retri 550 syscall command BPF_BTF_GET_FD_BY_ID can retrieve a btf fd. Then, with
737 command BPF_OBJ_GET_INFO_BY_FD, the btf blob, 551 command BPF_OBJ_GET_INFO_BY_FD, the btf blob, originally loaded into the
738 kernel with BPF_BTF_LOAD, can be retrieved. 552 kernel with BPF_BTF_LOAD, can be retrieved.
739 553
740 With the btf blob, ``bpf_map_info``, and ``bpf 554 With the btf blob, ``bpf_map_info``, and ``bpf_prog_info``, an introspection
741 tool has full btf knowledge and is able to pre 555 tool has full btf knowledge and is able to pretty print map key/values, dump
742 func signatures and line info, along with byte 556 func signatures and line info, along with byte/jit codes.
743 557
744 4. ELF File Format Interface 558 4. ELF File Format Interface
745 ============================ !! 559 ****************************
746 560
747 4.1 .BTF section 561 4.1 .BTF section
748 ---------------- !! 562 ================
749 563
750 The .BTF section contains type and string data 564 The .BTF section contains type and string data. The format of this section is
751 same as the one describe in :ref:`BTF_Type_Str 565 same as the one describe in :ref:`BTF_Type_String`.
752 566
753 .. _BTF_Ext_Section: 567 .. _BTF_Ext_Section:
754 568
755 4.2 .BTF.ext section 569 4.2 .BTF.ext section
756 -------------------- !! 570 ====================
757 571
758 The .BTF.ext section encodes func_info, line_i !! 572 The .BTF.ext section encodes func_info and line_info which needs loader
759 which needs loader manipulation before loading !! 573 manipulation before loading into the kernel.
760 574
761 The specification for .BTF.ext section is defi 575 The specification for .BTF.ext section is defined at ``tools/lib/bpf/btf.h``
762 and ``tools/lib/bpf/btf.c``. 576 and ``tools/lib/bpf/btf.c``.
763 577
764 The current header of .BTF.ext section:: 578 The current header of .BTF.ext section::
765 579
766 struct btf_ext_header { 580 struct btf_ext_header {
767 __u16 magic; 581 __u16 magic;
768 __u8 version; 582 __u8 version;
769 __u8 flags; 583 __u8 flags;
770 __u32 hdr_len; 584 __u32 hdr_len;
771 585
772 /* All offsets are in bytes relative t 586 /* All offsets are in bytes relative to the end of this header */
773 __u32 func_info_off; 587 __u32 func_info_off;
774 __u32 func_info_len; 588 __u32 func_info_len;
775 __u32 line_info_off; 589 __u32 line_info_off;
776 __u32 line_info_len; 590 __u32 line_info_len;
777 <<
778 /* optional part of .BTF.ext header */ <<
779 __u32 core_relo_off; <<
780 __u32 core_relo_len; <<
781 }; 591 };
782 592
783 It is very similar to .BTF section. Instead of 593 It is very similar to .BTF section. Instead of type/string section, it
784 contains func_info, line_info and core_relo su !! 594 contains func_info and line_info section. See :ref:`BPF_Prog_Load` for details
785 See :ref:`BPF_Prog_Load` for details about fun !! 595 about func_info and line_info record format.
786 record format. <<
787 596
788 The func_info is organized as below.:: 597 The func_info is organized as below.::
789 598
790 func_info_rec_size /* __u32 !! 599 func_info_rec_size
791 btf_ext_info_sec for section #1 /* func_i 600 btf_ext_info_sec for section #1 /* func_info for section #1 */
792 btf_ext_info_sec for section #2 /* func_i 601 btf_ext_info_sec for section #2 /* func_info for section #2 */
793 ... 602 ...
794 603
795 ``func_info_rec_size`` specifies the size of ` 604 ``func_info_rec_size`` specifies the size of ``bpf_func_info`` structure when
796 .BTF.ext is generated. ``btf_ext_info_sec``, d 605 .BTF.ext is generated. ``btf_ext_info_sec``, defined below, is a collection of
797 func_info for each specific ELF section.:: 606 func_info for each specific ELF section.::
798 607
799 struct btf_ext_info_sec { 608 struct btf_ext_info_sec {
800 __u32 sec_name_off; /* offset to sec 609 __u32 sec_name_off; /* offset to section name */
801 __u32 num_info; 610 __u32 num_info;
802 /* Followed by num_info * record_size 611 /* Followed by num_info * record_size number of bytes */
803 __u8 data[0]; 612 __u8 data[0];
804 }; 613 };
805 614
806 Here, num_info must be greater than 0. 615 Here, num_info must be greater than 0.
807 616
808 The line_info is organized as below.:: 617 The line_info is organized as below.::
809 618
810 line_info_rec_size /* __u32 !! 619 line_info_rec_size
811 btf_ext_info_sec for section #1 /* line_i 620 btf_ext_info_sec for section #1 /* line_info for section #1 */
812 btf_ext_info_sec for section #2 /* line_i 621 btf_ext_info_sec for section #2 /* line_info for section #2 */
813 ... 622 ...
814 623
815 ``line_info_rec_size`` specifies the size of ` 624 ``line_info_rec_size`` specifies the size of ``bpf_line_info`` structure when
816 .BTF.ext is generated. 625 .BTF.ext is generated.
817 626
818 The interpretation of ``bpf_func_info->insn_of 627 The interpretation of ``bpf_func_info->insn_off`` and
819 ``bpf_line_info->insn_off`` is different betwe 628 ``bpf_line_info->insn_off`` is different between kernel API and ELF API. For
820 kernel API, the ``insn_off`` is the instructio 629 kernel API, the ``insn_off`` is the instruction offset in the unit of ``struct
821 bpf_insn``. For ELF API, the ``insn_off`` is t 630 bpf_insn``. For ELF API, the ``insn_off`` is the byte offset from the
822 beginning of section (``btf_ext_info_sec->sec_ 631 beginning of section (``btf_ext_info_sec->sec_name_off``).
823 632
824 The core_relo is organized as below.:: <<
825 <<
826 core_relo_rec_size /* __u32 <<
827 btf_ext_info_sec for section #1 /* core_r <<
828 btf_ext_info_sec for section #2 /* core_r <<
829 <<
830 ``core_relo_rec_size`` specifies the size of ` <<
831 structure when .BTF.ext is generated. All ``bp <<
832 within a single ``btf_ext_info_sec`` describe <<
833 section named by ``btf_ext_info_sec->sec_name_ <<
834 <<
835 See :ref:`Documentation/bpf/llvm_reloc.rst <bt <<
836 for more information on CO-RE relocations. <<
837 <<
838 4.2 .BTF_ids section <<
839 -------------------- <<
840 <<
841 The .BTF_ids section encodes BTF ID values tha <<
842 <<
843 This section is created during the kernel comp <<
844 macros defined in ``include/linux/btf_ids.h`` <<
845 use them to create lists and sets (sorted list <<
846 <<
847 The ``BTF_ID_LIST`` and ``BTF_ID`` macros defi <<
848 with following syntax:: <<
849 <<
850 BTF_ID_LIST(list) <<
851 BTF_ID(type1, name1) <<
852 BTF_ID(type2, name2) <<
853 <<
854 resulting in following layout in .BTF_ids sect <<
855 <<
856 __BTF_ID__type1__name1__1: <<
857 .zero 4 <<
858 __BTF_ID__type2__name2__2: <<
859 .zero 4 <<
860 <<
861 The ``u32 list[];`` variable is defined to acc <<
862 <<
863 The ``BTF_ID_UNUSED`` macro defines 4 zero byt <<
864 want to define unused entry in BTF_ID_LIST, li <<
865 <<
866 BTF_ID_LIST(bpf_skb_output_btf_ids) <<
867 BTF_ID(struct, sk_buff) <<
868 BTF_ID_UNUSED <<
869 BTF_ID(struct, task_struct) <<
870 <<
871 The ``BTF_SET_START/END`` macros pair defines <<
872 and their count, with following syntax:: <<
873 <<
874 BTF_SET_START(set) <<
875 BTF_ID(type1, name1) <<
876 BTF_ID(type2, name2) <<
877 BTF_SET_END(set) <<
878 <<
879 resulting in following layout in .BTF_ids sect <<
880 <<
881 __BTF_ID__set__set: <<
882 .zero 4 <<
883 __BTF_ID__type1__name1__3: <<
884 .zero 4 <<
885 __BTF_ID__type2__name2__4: <<
886 .zero 4 <<
887 <<
888 The ``struct btf_id_set set;`` variable is def <<
889 <<
890 The ``typeX`` name can be one of following:: <<
891 <<
892 struct, union, typedef, func <<
893 <<
894 and is used as a filter when resolving the BTF <<
895 <<
896 All the BTF ID lists and sets are compiled in <<
897 resolved during the linking phase of kernel bu <<
898 <<
899 5. Using BTF 633 5. Using BTF
900 ============ !! 634 ************
901 635
902 5.1 bpftool map pretty print 636 5.1 bpftool map pretty print
903 ---------------------------- !! 637 ============================
904 638
905 With BTF, the map key/value can be printed bas 639 With BTF, the map key/value can be printed based on fields rather than simply
906 raw bytes. This is especially valuable for lar 640 raw bytes. This is especially valuable for large structure or if your data
907 structure has bitfields. For example, for the 641 structure has bitfields. For example, for the following map,::
908 642
909 enum A { A1, A2, A3, A4, A5 }; 643 enum A { A1, A2, A3, A4, A5 };
910 typedef enum A ___A; 644 typedef enum A ___A;
911 struct tmp_t { 645 struct tmp_t {
912 char a1:4; 646 char a1:4;
913 int a2:4; 647 int a2:4;
914 int :4; 648 int :4;
915 __u32 a3:4; 649 __u32 a3:4;
916 int b; 650 int b;
917 ___A b1:4; 651 ___A b1:4;
918 enum A b2:4; 652 enum A b2:4;
919 }; 653 };
920 struct { !! 654 struct bpf_map_def SEC("maps") tmpmap = {
921 __uint(type, BPF_MAP_TYPE_ARRAY); !! 655 .type = BPF_MAP_TYPE_ARRAY,
922 __type(key, int); !! 656 .key_size = sizeof(__u32),
923 __type(value, struct tmp_t); !! 657 .value_size = sizeof(struct tmp_t),
924 __uint(max_entries, 1); !! 658 .max_entries = 1,
925 } tmpmap SEC(".maps"); !! 659 };
>> 660 BPF_ANNOTATE_KV_PAIR(tmpmap, int, struct tmp_t);
926 661
927 bpftool is able to pretty print like below: 662 bpftool is able to pretty print like below:
928 :: 663 ::
929 664
930 [{ 665 [{
931 "key": 0, 666 "key": 0,
932 "value": { 667 "value": {
933 "a1": 0x2, 668 "a1": 0x2,
934 "a2": 0x4, 669 "a2": 0x4,
935 "a3": 0x6, 670 "a3": 0x6,
936 "b": 7, 671 "b": 7,
937 "b1": 0x8, 672 "b1": 0x8,
938 "b2": 0xa 673 "b2": 0xa
939 } 674 }
940 } 675 }
941 ] 676 ]
942 677
943 5.2 bpftool prog dump 678 5.2 bpftool prog dump
944 --------------------- !! 679 =====================
945 680
946 The following is an example showing how func_i 681 The following is an example showing how func_info and line_info can help prog
947 dump with better kernel symbol names, function 682 dump with better kernel symbol names, function prototypes and line
948 information.:: 683 information.::
949 684
950 $ bpftool prog dump jited pinned /sys/fs/b 685 $ bpftool prog dump jited pinned /sys/fs/bpf/test_btf_haskv
951 [...] 686 [...]
952 int test_long_fname_2(struct dummy_tracepo 687 int test_long_fname_2(struct dummy_tracepoint_args * arg):
953 bpf_prog_44a040bf25481309_test_long_fname_ 688 bpf_prog_44a040bf25481309_test_long_fname_2:
954 ; static int test_long_fname_2(struct dumm 689 ; static int test_long_fname_2(struct dummy_tracepoint_args *arg)
955 0: push %rbp 690 0: push %rbp
956 1: mov %rsp,%rbp 691 1: mov %rsp,%rbp
957 4: sub $0x30,%rsp 692 4: sub $0x30,%rsp
958 b: sub $0x28,%rbp 693 b: sub $0x28,%rbp
959 f: mov %rbx,0x0(%rbp) 694 f: mov %rbx,0x0(%rbp)
960 13: mov %r13,0x8(%rbp) 695 13: mov %r13,0x8(%rbp)
961 17: mov %r14,0x10(%rbp) 696 17: mov %r14,0x10(%rbp)
962 1b: mov %r15,0x18(%rbp) 697 1b: mov %r15,0x18(%rbp)
963 1f: xor %eax,%eax 698 1f: xor %eax,%eax
964 21: mov %rax,0x20(%rbp) 699 21: mov %rax,0x20(%rbp)
965 25: xor %esi,%esi 700 25: xor %esi,%esi
966 ; int key = 0; 701 ; int key = 0;
967 27: mov %esi,-0x4(%rbp) 702 27: mov %esi,-0x4(%rbp)
968 ; if (!arg->sock) 703 ; if (!arg->sock)
969 2a: mov 0x8(%rdi),%rdi 704 2a: mov 0x8(%rdi),%rdi
970 ; if (!arg->sock) 705 ; if (!arg->sock)
971 2e: cmp $0x0,%rdi 706 2e: cmp $0x0,%rdi
972 32: je 0x0000000000000070 707 32: je 0x0000000000000070
973 34: mov %rbp,%rsi 708 34: mov %rbp,%rsi
974 ; counts = bpf_map_lookup_elem(&btf_map, & 709 ; counts = bpf_map_lookup_elem(&btf_map, &key);
975 [...] 710 [...]
976 711
977 5.3 Verifier Log 712 5.3 Verifier Log
978 ---------------- !! 713 ================
979 714
980 The following is an example of how line_info c 715 The following is an example of how line_info can help debugging verification
981 failure.:: 716 failure.::
982 717
983 /* The code at tools/testing/selftests/ 718 /* The code at tools/testing/selftests/bpf/test_xdp_noinline.c
984 * is modified as below. 719 * is modified as below.
985 */ 720 */
986 data = (void *)(long)xdp->data; 721 data = (void *)(long)xdp->data;
987 data_end = (void *)(long)xdp->data_end; 722 data_end = (void *)(long)xdp->data_end;
988 /* 723 /*
989 if (data + 4 > data_end) 724 if (data + 4 > data_end)
990 return XDP_DROP; 725 return XDP_DROP;
991 */ 726 */
992 *(u32 *)data = dst->dst; 727 *(u32 *)data = dst->dst;
993 728
994 $ bpftool prog load ./test_xdp_noinline.o 729 $ bpftool prog load ./test_xdp_noinline.o /sys/fs/bpf/test_xdp_noinline type xdp
995 ; data = (void *)(long)xdp->data; 730 ; data = (void *)(long)xdp->data;
996 224: (79) r2 = *(u64 *)(r10 -112) 731 224: (79) r2 = *(u64 *)(r10 -112)
997 225: (61) r2 = *(u32 *)(r2 +0) 732 225: (61) r2 = *(u32 *)(r2 +0)
998 ; *(u32 *)data = dst->dst; 733 ; *(u32 *)data = dst->dst;
999 226: (63) *(u32 *)(r2 +0) = r1 734 226: (63) *(u32 *)(r2 +0) = r1
1000 invalid access to packet, off=0 size= 735 invalid access to packet, off=0 size=4, R2(id=0,off=0,r=0)
1001 R2 offset is outside of the packet 736 R2 offset is outside of the packet
1002 737
1003 6. BTF Generation 738 6. BTF Generation
1004 ================= !! 739 *****************
1005 740
1006 You need latest pahole 741 You need latest pahole
1007 742
1008 https://git.kernel.org/pub/scm/devel/pahole 743 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/
1009 744
1010 or llvm (8.0 or later). The pahole acts as a 745 or llvm (8.0 or later). The pahole acts as a dwarf2btf converter. It doesn't
1011 support .BTF.ext and btf BTF_KIND_FUNC type y 746 support .BTF.ext and btf BTF_KIND_FUNC type yet. For example,::
1012 747
1013 -bash-4.4$ cat t.c 748 -bash-4.4$ cat t.c
1014 struct t { 749 struct t {
1015 int a:2; 750 int a:2;
1016 int b:3; 751 int b:3;
1017 int c:2; 752 int c:2;
1018 } g; 753 } g;
1019 -bash-4.4$ gcc -c -O2 -g t.c 754 -bash-4.4$ gcc -c -O2 -g t.c
1020 -bash-4.4$ pahole -JV t.o 755 -bash-4.4$ pahole -JV t.o
1021 File t.o: 756 File t.o:
1022 [1] STRUCT t kind_flag=1 size=4 vlen=3 757 [1] STRUCT t kind_flag=1 size=4 vlen=3
1023 a type_id=2 bitfield_size=2 bit 758 a type_id=2 bitfield_size=2 bits_offset=0
1024 b type_id=2 bitfield_size=3 bit 759 b type_id=2 bitfield_size=3 bits_offset=2
1025 c type_id=2 bitfield_size=2 bit 760 c type_id=2 bitfield_size=2 bits_offset=5
1026 [2] INT int size=4 bit_offset=0 nr_bits 761 [2] INT int size=4 bit_offset=0 nr_bits=32 encoding=SIGNED
1027 762
1028 The llvm is able to generate .BTF and .BTF.ex 763 The llvm is able to generate .BTF and .BTF.ext directly with -g for bpf target
1029 only. The assembly code (-S) is able to show 764 only. The assembly code (-S) is able to show the BTF encoding in assembly
1030 format.:: 765 format.::
1031 766
1032 -bash-4.4$ cat t2.c 767 -bash-4.4$ cat t2.c
1033 typedef int __int32; 768 typedef int __int32;
1034 struct t2 { 769 struct t2 {
1035 int a2; 770 int a2;
1036 int (*f2)(char q1, __int32 q2, ...); 771 int (*f2)(char q1, __int32 q2, ...);
1037 int (*f3)(); 772 int (*f3)();
1038 } g2; 773 } g2;
1039 int main() { return 0; } 774 int main() { return 0; }
1040 int test() { return 0; } 775 int test() { return 0; }
1041 -bash-4.4$ clang -c -g -O2 --target=bpf t !! 776 -bash-4.4$ clang -c -g -O2 -target bpf t2.c
1042 -bash-4.4$ readelf -S t2.o 777 -bash-4.4$ readelf -S t2.o
1043 ...... 778 ......
1044 [ 8] .BTF PROGBITS 779 [ 8] .BTF PROGBITS 0000000000000000 00000247
1045 000000000000016e 0000000000000000 780 000000000000016e 0000000000000000 0 0 1
1046 [ 9] .BTF.ext PROGBITS 781 [ 9] .BTF.ext PROGBITS 0000000000000000 000003b5
1047 0000000000000060 0000000000000000 782 0000000000000060 0000000000000000 0 0 1
1048 [10] .rel.BTF.ext REL 783 [10] .rel.BTF.ext REL 0000000000000000 000007e0
1049 0000000000000040 0000000000000010 784 0000000000000040 0000000000000010 16 9 8
1050 ...... 785 ......
1051 -bash-4.4$ clang -S -g -O2 --target=bpf t !! 786 -bash-4.4$ clang -S -g -O2 -target bpf t2.c
1052 -bash-4.4$ cat t2.s 787 -bash-4.4$ cat t2.s
1053 ...... 788 ......
1054 .section .BTF,"",@progbits 789 .section .BTF,"",@progbits
1055 .short 60319 # 790 .short 60319 # 0xeb9f
1056 .byte 1 791 .byte 1
1057 .byte 0 792 .byte 0
1058 .long 24 793 .long 24
1059 .long 0 794 .long 0
1060 .long 220 795 .long 220
1061 .long 220 796 .long 220
1062 .long 122 797 .long 122
1063 .long 0 # 798 .long 0 # BTF_KIND_FUNC_PROTO(id = 1)
1064 .long 218103808 # 799 .long 218103808 # 0xd000000
1065 .long 2 800 .long 2
1066 .long 83 # 801 .long 83 # BTF_KIND_INT(id = 2)
1067 .long 16777216 # 802 .long 16777216 # 0x1000000
1068 .long 4 803 .long 4
1069 .long 16777248 # 804 .long 16777248 # 0x1000020
1070 ...... 805 ......
1071 .byte 0 # 806 .byte 0 # string offset=0
1072 .ascii ".text" # 807 .ascii ".text" # string offset=1
1073 .byte 0 808 .byte 0
1074 .ascii "/home/yhs/tmp-pahole/t2. 809 .ascii "/home/yhs/tmp-pahole/t2.c" # string offset=7
1075 .byte 0 810 .byte 0
1076 .ascii "int main() { return 0; } 811 .ascii "int main() { return 0; }" # string offset=33
1077 .byte 0 812 .byte 0
1078 .ascii "int test() { return 0; } 813 .ascii "int test() { return 0; }" # string offset=58
1079 .byte 0 814 .byte 0
1080 .ascii "int" # 815 .ascii "int" # string offset=83
1081 ...... 816 ......
1082 .section .BTF.ext,"",@prog 817 .section .BTF.ext,"",@progbits
1083 .short 60319 # 818 .short 60319 # 0xeb9f
1084 .byte 1 819 .byte 1
1085 .byte 0 820 .byte 0
1086 .long 24 821 .long 24
1087 .long 0 822 .long 0
1088 .long 28 823 .long 28
1089 .long 28 824 .long 28
1090 .long 44 825 .long 44
1091 .long 8 # 826 .long 8 # FuncInfo
1092 .long 1 # 827 .long 1 # FuncInfo section string offset=1
1093 .long 2 828 .long 2
1094 .long .Lfunc_begin0 829 .long .Lfunc_begin0
1095 .long 3 830 .long 3
1096 .long .Lfunc_begin1 831 .long .Lfunc_begin1
1097 .long 5 832 .long 5
1098 .long 16 # 833 .long 16 # LineInfo
1099 .long 1 # 834 .long 1 # LineInfo section string offset=1
1100 .long 2 835 .long 2
1101 .long .Ltmp0 836 .long .Ltmp0
1102 .long 7 837 .long 7
1103 .long 33 838 .long 33
1104 .long 7182 # 839 .long 7182 # Line 7 Col 14
1105 .long .Ltmp3 840 .long .Ltmp3
1106 .long 7 841 .long 7
1107 .long 58 842 .long 58
1108 .long 8206 # 843 .long 8206 # Line 8 Col 14
1109 844
1110 7. Testing 845 7. Testing
1111 ========== !! 846 **********
1112 <<
1113 The kernel BPF selftest `tools/testing/selfte <<
1114 provides an extensive set of BTF-related test <<
1115 847
1116 .. Links !! 848 Kernel bpf selftest `test_btf.c` provides extensive set of BTF-related tests.
1117 .. _tools/testing/selftests/bpf/prog_tests/bt <<
1118 https://git.kernel.org/pub/scm/linux/kerne <<
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.