8 BTF (BPF Type Format) is the metadata format which encodes the debug info
9 related to BPF program/map. The name BTF was used initially to describe data
10 types. The BTF was later extended to include function info for defined
11 subroutines, and line info for source/line information.
13 The debug info is used for map pretty print, function signature, etc. The
14 function signature enables better bpf program/function kernel symbol. The line
15 info helps generate source annotated translated byte code, jited code and
18 The BTF specification contains two parts,
22 The kernel API is the contract between user space and kernel. The kernel
23 verifies the BTF info before using it. The ELF file format is a user space
24 contract between ELF file and libbpf loader.
26 The type and string sections are part of the BTF kernel API, describing the
27 debug info (mostly types related) referenced by the bpf program. These two
28 sections are discussed in details in :ref:`BTF_Type_String`.
32 2. BTF Type and String Encoding
33 *******************************
35 The file ``include/uapi/linux/btf.h`` provides high-level definition of how
36 types/strings are encoded.
38 The beginning of data blob must be::
46 /* All offsets are in bytes relative to the end of this header */
47 __u32 type_off; /* offset of type section */
48 __u32 type_len; /* length of type section */
49 __u32 str_off; /* offset of string section */
50 __u32 str_len; /* length of string section */
53 The magic is ``0xeB9F``, which has different encoding for big and little
54 endian systems, and can be used to test whether BTF is generated for big- or
55 little-endian target. The ``btf_header`` is designed to be extensible with
56 ``hdr_len`` equal to ``sizeof(struct btf_header)`` when a data blob is
62 The first string in the string section must be a null string. The rest of
63 string table is a concatenation of other null-terminated strings.
68 The type id ``0`` is reserved for ``void`` type. The type section is parsed
69 sequentially and type id is assigned to each recognized type starting from id
70 ``1``. Currently, the following types are supported::
72 #define BTF_KIND_INT 1 /* Integer */
73 #define BTF_KIND_PTR 2 /* Pointer */
74 #define BTF_KIND_ARRAY 3 /* Array */
75 #define BTF_KIND_STRUCT 4 /* Struct */
76 #define BTF_KIND_UNION 5 /* Union */
77 #define BTF_KIND_ENUM 6 /* Enumeration */
78 #define BTF_KIND_FWD 7 /* Forward */
79 #define BTF_KIND_TYPEDEF 8 /* Typedef */
80 #define BTF_KIND_VOLATILE 9 /* Volatile */
81 #define BTF_KIND_CONST 10 /* Const */
82 #define BTF_KIND_RESTRICT 11 /* Restrict */
83 #define BTF_KIND_FUNC 12 /* Function */
84 #define BTF_KIND_FUNC_PROTO 13 /* Function Proto */
85 #define BTF_KIND_VAR 14 /* Variable */
86 #define BTF_KIND_DATASEC 15 /* Section */
88 Note that the type section encodes debug info, not just pure types.
89 ``BTF_KIND_FUNC`` is not a type, and it represents a defined subprogram.
91 Each type contains the following common data::
95 /* "info" bits arrangement
96 * bits 0-15: vlen (e.g. # of struct's members)
98 * bits 24-27: kind (e.g. int, ptr, array...etc)
100 * bit 31: kind_flag, currently used by
101 * struct, union and fwd
104 /* "size" is used by INT, ENUM, STRUCT and UNION.
105 * "size" tells the size of the type it is describing.
107 * "type" is used by PTR, TYPEDEF, VOLATILE, CONST, RESTRICT,
108 * FUNC and FUNC_PROTO.
109 * "type" is a type_id referring to another type.
117 For certain kinds, the common data are followed by kind-specific data. The
118 ``name_off`` in ``struct btf_type`` specifies the offset in the string table.
119 The following sections detail encoding of each kind.
124 ``struct btf_type`` encoding requirement:
125 * ``name_off``: any valid offset
126 * ``info.kind_flag``: 0
127 * ``info.kind``: BTF_KIND_INT
129 * ``size``: the size of the int type in bytes.
131 ``btf_type`` is followed by a ``u32`` with the following bits arrangement::
133 #define BTF_INT_ENCODING(VAL) (((VAL) & 0x0f000000) >> 24)
134 #define BTF_INT_OFFSET(VAL) (((VAL) & 0x00ff0000) >> 16)
135 #define BTF_INT_BITS(VAL) ((VAL) & 0x000000ff)
137 The ``BTF_INT_ENCODING`` has the following attributes::
139 #define BTF_INT_SIGNED (1 << 0)
140 #define BTF_INT_CHAR (1 << 1)
141 #define BTF_INT_BOOL (1 << 2)
143 The ``BTF_INT_ENCODING()`` provides extra information: signedness, char, or
144 bool, for the int type. The char and bool encoding are mostly useful for
145 pretty print. At most one encoding can be specified for the int type.
147 The ``BTF_INT_BITS()`` specifies the number of actual bits held by this int
148 type. For example, a 4-bit bitfield encodes ``BTF_INT_BITS()`` equals to 4.
149 The ``btf_type.size * 8`` must be equal to or greater than ``BTF_INT_BITS()``
150 for the type. The maximum value of ``BTF_INT_BITS()`` is 128.
152 The ``BTF_INT_OFFSET()`` specifies the starting bit offset to calculate values
153 for this int. For example, a bitfield struct member has:
155 * btf member bit offset 100 from the start of the structure,
156 * btf member pointing to an int type,
157 * the int type has ``BTF_INT_OFFSET() = 2`` and ``BTF_INT_BITS() = 4``
159 Then in the struct memory layout, this member will occupy ``4`` bits starting
160 from bits ``100 + 2 = 102``.
162 Alternatively, the bitfield struct member can be the following to access the
163 same bits as the above:
165 * btf member bit offset 102,
166 * btf member pointing to an int type,
167 * the int type has ``BTF_INT_OFFSET() = 0`` and ``BTF_INT_BITS() = 4``
169 The original intention of ``BTF_INT_OFFSET()`` is to provide flexibility of
170 bitfield encoding. Currently, both llvm and pahole generate
171 ``BTF_INT_OFFSET() = 0`` for all int types.
176 ``struct btf_type`` encoding requirement:
178 * ``info.kind_flag``: 0
179 * ``info.kind``: BTF_KIND_PTR
181 * ``type``: the pointee type of the pointer
183 No additional type data follow ``btf_type``.
188 ``struct btf_type`` encoding requirement:
190 * ``info.kind_flag``: 0
191 * ``info.kind``: BTF_KIND_ARRAY
193 * ``size/type``: 0, not used
195 ``btf_type`` is followed by one ``struct btf_array``::
203 The ``struct btf_array`` encoding:
204 * ``type``: the element type
205 * ``index_type``: the index type
206 * ``nelems``: the number of elements for this array (``0`` is also allowed).
208 The ``index_type`` can be any regular int type (``u8``, ``u16``, ``u32``,
209 ``u64``, ``unsigned __int128``). The original design of including
210 ``index_type`` follows DWARF, which has an ``index_type`` for its array type.
211 Currently in BTF, beyond type verification, the ``index_type`` is not used.
213 The ``struct btf_array`` allows chaining through element type to represent
214 multidimensional arrays. For example, for ``int a[5][6]``, the following type
215 information illustrates the chaining:
218 * [2]: array, ``btf_array.type = [1]``, ``btf_array.nelems = 6``
219 * [3]: array, ``btf_array.type = [2]``, ``btf_array.nelems = 5``
221 Currently, both pahole and llvm collapse multidimensional array into
222 one-dimensional array, e.g., for ``a[5][6]``, the ``btf_array.nelems`` is
223 equal to ``30``. This is because the original use case is map pretty print
224 where the whole array is dumped out so one-dimensional array is enough. As
225 more BTF usage is explored, pahole and llvm can be changed to generate proper
226 chained representation for multidimensional arrays.
228 2.2.4 BTF_KIND_STRUCT
229 ~~~~~~~~~~~~~~~~~~~~~
233 ``struct btf_type`` encoding requirement:
234 * ``name_off``: 0 or offset to a valid C identifier
235 * ``info.kind_flag``: 0 or 1
236 * ``info.kind``: BTF_KIND_STRUCT or BTF_KIND_UNION
237 * ``info.vlen``: the number of struct/union members
238 * ``info.size``: the size of the struct/union in bytes
240 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_member``.::
248 ``struct btf_member`` encoding:
249 * ``name_off``: offset to a valid C identifier
250 * ``type``: the member type
251 * ``offset``: <see below>
253 If the type info ``kind_flag`` is not set, the offset contains only bit offset
254 of the member. Note that the base type of the bitfield can only be int or enum
255 type. If the bitfield size is 32, the base type can be either int or enum
256 type. If the bitfield size is not 32, the base type must be int, and int type
257 ``BTF_INT_BITS()`` encodes the bitfield size.
259 If the ``kind_flag`` is set, the ``btf_member.offset`` contains both member
260 bitfield size and bit offset. The bitfield size and bit offset are calculated
263 #define BTF_MEMBER_BITFIELD_SIZE(val) ((val) >> 24)
264 #define BTF_MEMBER_BIT_OFFSET(val) ((val) & 0xffffff)
266 In this case, if the base type is an int type, it must be a regular int type:
268 * ``BTF_INT_OFFSET()`` must be 0.
269 * ``BTF_INT_BITS()`` must be equal to ``{1,2,4,8,16} * 8``.
271 The following kernel patch introduced ``kind_flag`` and explained why both
274 https://github.com/torvalds/linux/commit/9d5f9f701b1891466fb3dbb1806ad97716f95cc3#diff-fa650a64fdd3968396883d2fe8215ff3
279 ``struct btf_type`` encoding requirement:
280 * ``name_off``: 0 or offset to a valid C identifier
281 * ``info.kind_flag``: 0
282 * ``info.kind``: BTF_KIND_ENUM
283 * ``info.vlen``: number of enum values
286 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_enum``.::
293 The ``btf_enum`` encoding:
294 * ``name_off``: offset to a valid C identifier
300 ``struct btf_type`` encoding requirement:
301 * ``name_off``: offset to a valid C identifier
302 * ``info.kind_flag``: 0 for struct, 1 for union
303 * ``info.kind``: BTF_KIND_FWD
307 No additional type data follow ``btf_type``.
309 2.2.8 BTF_KIND_TYPEDEF
310 ~~~~~~~~~~~~~~~~~~~~~~
312 ``struct btf_type`` encoding requirement:
313 * ``name_off``: offset to a valid C identifier
314 * ``info.kind_flag``: 0
315 * ``info.kind``: BTF_KIND_TYPEDEF
317 * ``type``: the type which can be referred by name at ``name_off``
319 No additional type data follow ``btf_type``.
321 2.2.9 BTF_KIND_VOLATILE
322 ~~~~~~~~~~~~~~~~~~~~~~~
324 ``struct btf_type`` encoding requirement:
326 * ``info.kind_flag``: 0
327 * ``info.kind``: BTF_KIND_VOLATILE
329 * ``type``: the type with ``volatile`` qualifier
331 No additional type data follow ``btf_type``.
333 2.2.10 BTF_KIND_CONST
334 ~~~~~~~~~~~~~~~~~~~~~
336 ``struct btf_type`` encoding requirement:
338 * ``info.kind_flag``: 0
339 * ``info.kind``: BTF_KIND_CONST
341 * ``type``: the type with ``const`` qualifier
343 No additional type data follow ``btf_type``.
345 2.2.11 BTF_KIND_RESTRICT
346 ~~~~~~~~~~~~~~~~~~~~~~~~
348 ``struct btf_type`` encoding requirement:
350 * ``info.kind_flag``: 0
351 * ``info.kind``: BTF_KIND_RESTRICT
353 * ``type``: the type with ``restrict`` qualifier
355 No additional type data follow ``btf_type``.
360 ``struct btf_type`` encoding requirement:
361 * ``name_off``: offset to a valid C identifier
362 * ``info.kind_flag``: 0
363 * ``info.kind``: BTF_KIND_FUNC
365 * ``type``: a BTF_KIND_FUNC_PROTO type
367 No additional type data follow ``btf_type``.
369 A BTF_KIND_FUNC defines not a type, but a subprogram (function) whose
370 signature is defined by ``type``. The subprogram is thus an instance of that
371 type. The BTF_KIND_FUNC may in turn be referenced by a func_info in the
372 :ref:`BTF_Ext_Section` (ELF) or in the arguments to :ref:`BPF_Prog_Load`
375 2.2.13 BTF_KIND_FUNC_PROTO
376 ~~~~~~~~~~~~~~~~~~~~~~~~~~
378 ``struct btf_type`` encoding requirement:
380 * ``info.kind_flag``: 0
381 * ``info.kind``: BTF_KIND_FUNC_PROTO
382 * ``info.vlen``: # of parameters
383 * ``type``: the return type
385 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_param``.::
392 If a BTF_KIND_FUNC_PROTO type is referred by a BTF_KIND_FUNC type, then
393 ``btf_param.name_off`` must point to a valid C identifier except for the
394 possible last argument representing the variable argument. The btf_param.type
395 refers to parameter type.
397 If the function has variable arguments, the last parameter is encoded with
398 ``name_off = 0`` and ``type = 0``.
403 ``struct btf_type`` encoding requirement:
404 * ``name_off``: offset to a valid C identifier
405 * ``info.kind_flag``: 0
406 * ``info.kind``: BTF_KIND_VAR
408 * ``type``: the type of the variable
410 ``btf_type`` is followed by a single ``struct btf_variable`` with the
417 ``struct btf_var`` encoding:
418 * ``linkage``: currently only static variable 0, or globally allocated
419 variable in ELF sections 1
421 Not all type of global variables are supported by LLVM at this point.
422 The following is currently available:
424 * static variables with or without section attributes
425 * global variables with section attributes
427 The latter is for future extraction of map key/value type id's from a
430 2.2.15 BTF_KIND_DATASEC
431 ~~~~~~~~~~~~~~~~~~~~~~~
433 ``struct btf_type`` encoding requirement:
434 * ``name_off``: offset to a valid name associated with a variable or
435 one of .data/.bss/.rodata
436 * ``info.kind_flag``: 0
437 * ``info.kind``: BTF_KIND_DATASEC
438 * ``info.vlen``: # of variables
439 * ``size``: total section size in bytes (0 at compilation time, patched
440 to actual size by BPF loaders such as libbpf)
442 ``btf_type`` is followed by ``info.vlen`` number of ``struct btf_var_secinfo``.::
444 struct btf_var_secinfo {
450 ``struct btf_var_secinfo`` encoding:
451 * ``type``: the type of the BTF_KIND_VAR variable
452 * ``offset``: the in-section offset of the variable
453 * ``size``: the size of the variable in bytes
458 The following bpf syscall command involves BTF:
459 * BPF_BTF_LOAD: load a blob of BTF data into kernel
460 * BPF_MAP_CREATE: map creation with btf key and value type info.
461 * BPF_PROG_LOAD: prog load with btf function and line info.
462 * BPF_BTF_GET_FD_BY_ID: get a btf fd
463 * BPF_OBJ_GET_INFO_BY_FD: btf, func_info, line_info
464 and other btf related info are returned.
466 The workflow typically looks like:
473 BPF_MAP_CREATE and BPF_PROG_LOAD
480 BPF_{PROG,MAP}_GET_NEXT_ID (get prog/map id's)
483 BPF_{PROG,MAP}_GET_FD_BY_ID (get a prog/map fd)
486 BPF_OBJ_GET_INFO_BY_FD (get bpf_prog_info/bpf_map_info with btf_id)
489 BPF_BTF_GET_FD_BY_ID (get btf_fd) |
492 BPF_OBJ_GET_INFO_BY_FD (get btf) |
495 pretty print types, dump func signatures and line info, etc.
501 Load a blob of BTF data into kernel. A blob of data, described in
502 :ref:`BTF_Type_String`, can be directly loaded into the kernel. A ``btf_fd``
503 is returned to a userspace.
508 A map can be created with ``btf_fd`` and specified key/value type id.::
510 __u32 btf_fd; /* fd pointing to a BTF type data */
511 __u32 btf_key_type_id; /* BTF type_id of the key */
512 __u32 btf_value_type_id; /* BTF type_id of the value */
514 In libbpf, the map can be defined with extra annotation like below:
517 struct bpf_map_def SEC("maps") btf_map = {
518 .type = BPF_MAP_TYPE_ARRAY,
519 .key_size = sizeof(int),
520 .value_size = sizeof(struct ipv_counts),
523 BPF_ANNOTATE_KV_PAIR(btf_map, int, struct ipv_counts);
525 Here, the parameters for macro BPF_ANNOTATE_KV_PAIR are map name, key and
526 value types for the map. During ELF parsing, libbpf is able to extract
527 key/value type_id's and assign them to BPF_MAP_CREATE attributes
535 During prog_load, func_info and line_info can be passed to kernel with proper
536 values for the following attributes:
542 __u32 prog_btf_fd; /* fd pointing to BTF type data */
543 __u32 func_info_rec_size; /* userspace bpf_func_info size */
544 __aligned_u64 func_info; /* func info */
545 __u32 func_info_cnt; /* number of bpf_func_info records */
546 __u32 line_info_rec_size; /* userspace bpf_line_info size */
547 __aligned_u64 line_info; /* line info */
548 __u32 line_info_cnt; /* number of bpf_line_info records */
550 The func_info and line_info are an array of below, respectively.::
552 struct bpf_func_info {
553 __u32 insn_off; /* [0, insn_cnt - 1] */
554 __u32 type_id; /* pointing to a BTF_KIND_FUNC type */
556 struct bpf_line_info {
557 __u32 insn_off; /* [0, insn_cnt - 1] */
558 __u32 file_name_off; /* offset to string table for the filename */
559 __u32 line_off; /* offset to string table for the source line */
560 __u32 line_col; /* line number and column number */
563 func_info_rec_size is the size of each func_info record, and
564 line_info_rec_size is the size of each line_info record. Passing the record
565 size to kernel make it possible to extend the record itself in the future.
567 Below are requirements for func_info:
568 * func_info[0].insn_off must be 0.
569 * the func_info insn_off is in strictly increasing order and matches
572 Below are requirements for line_info:
573 * the first insn in each func must have a line_info record pointing to it.
574 * the line_info insn_off is in strictly increasing order.
576 For line_info, the line number and column number are defined as below:
579 #define BPF_LINE_INFO_LINE_NUM(line_col) ((line_col) >> 10)
580 #define BPF_LINE_INFO_LINE_COL(line_col) ((line_col) & 0x3ff)
582 3.4 BPF_{PROG,MAP}_GET_NEXT_ID
583 ==============================
585 In kernel, every loaded program, map or btf has a unique id. The id won't
586 change during the lifetime of a program, map, or btf.
588 The bpf syscall command BPF_{PROG,MAP}_GET_NEXT_ID returns all id's, one for
589 each command, to user space, for bpf program or maps, respectively, so an
590 inspection tool can inspect all programs and maps.
592 3.5 BPF_{PROG,MAP}_GET_FD_BY_ID
593 ===============================
595 An introspection tool cannot use id to get details about program or maps.
596 A file descriptor needs to be obtained first for reference-counting purpose.
598 3.6 BPF_OBJ_GET_INFO_BY_FD
599 ==========================
601 Once a program/map fd is acquired, an introspection tool can get the detailed
602 information from kernel about this fd, some of which are BTF-related. For
603 example, ``bpf_map_info`` returns ``btf_id`` and key/value type ids.
604 ``bpf_prog_info`` returns ``btf_id``, func_info, and line info for translated
605 bpf byte codes, and jited_line_info.
607 3.7 BPF_BTF_GET_FD_BY_ID
608 ========================
610 With ``btf_id`` obtained in ``bpf_map_info`` and ``bpf_prog_info``, bpf
611 syscall command BPF_BTF_GET_FD_BY_ID can retrieve a btf fd. Then, with
612 command BPF_OBJ_GET_INFO_BY_FD, the btf blob, originally loaded into the
613 kernel with BPF_BTF_LOAD, can be retrieved.
615 With the btf blob, ``bpf_map_info``, and ``bpf_prog_info``, an introspection
616 tool has full btf knowledge and is able to pretty print map key/values, dump
617 func signatures and line info, along with byte/jit codes.
619 4. ELF File Format Interface
620 ****************************
625 The .BTF section contains type and string data. The format of this section is
626 same as the one describe in :ref:`BTF_Type_String`.
633 The .BTF.ext section encodes func_info and line_info which needs loader
634 manipulation before loading into the kernel.
636 The specification for .BTF.ext section is defined at ``tools/lib/bpf/btf.h``
637 and ``tools/lib/bpf/btf.c``.
639 The current header of .BTF.ext section::
641 struct btf_ext_header {
647 /* All offsets are in bytes relative to the end of this header */
654 It is very similar to .BTF section. Instead of type/string section, it
655 contains func_info and line_info section. See :ref:`BPF_Prog_Load` for details
656 about func_info and line_info record format.
658 The func_info is organized as below.::
661 btf_ext_info_sec for section #1 /* func_info for section #1 */
662 btf_ext_info_sec for section #2 /* func_info for section #2 */
665 ``func_info_rec_size`` specifies the size of ``bpf_func_info`` structure when
666 .BTF.ext is generated. ``btf_ext_info_sec``, defined below, is a collection of
667 func_info for each specific ELF section.::
669 struct btf_ext_info_sec {
670 __u32 sec_name_off; /* offset to section name */
672 /* Followed by num_info * record_size number of bytes */
676 Here, num_info must be greater than 0.
678 The line_info is organized as below.::
681 btf_ext_info_sec for section #1 /* line_info for section #1 */
682 btf_ext_info_sec for section #2 /* line_info for section #2 */
685 ``line_info_rec_size`` specifies the size of ``bpf_line_info`` structure when
686 .BTF.ext is generated.
688 The interpretation of ``bpf_func_info->insn_off`` and
689 ``bpf_line_info->insn_off`` is different between kernel API and ELF API. For
690 kernel API, the ``insn_off`` is the instruction offset in the unit of ``struct
691 bpf_insn``. For ELF API, the ``insn_off`` is the byte offset from the
692 beginning of section (``btf_ext_info_sec->sec_name_off``).
697 The .BTF_ids section encodes BTF ID values that are used within the kernel.
699 This section is created during the kernel compilation with the help of
700 macros defined in ``include/linux/btf_ids.h`` header file. Kernel code can
701 use them to create lists and sets (sorted lists) of BTF ID values.
703 The ``BTF_ID_LIST`` and ``BTF_ID`` macros define unsorted list of BTF ID values,
704 with following syntax::
710 resulting in following layout in .BTF_ids section::
712 __BTF_ID__type1__name1__1:
714 __BTF_ID__type2__name2__2:
717 The ``u32 list[];`` variable is defined to access the list.
719 The ``BTF_ID_UNUSED`` macro defines 4 zero bytes. It's used when we
720 want to define unused entry in BTF_ID_LIST, like::
722 BTF_ID_LIST(bpf_skb_output_btf_ids)
723 BTF_ID(struct, sk_buff)
725 BTF_ID(struct, task_struct)
727 The ``BTF_SET_START/END`` macros pair defines sorted list of BTF ID values
728 and their count, with following syntax::
735 resulting in following layout in .BTF_ids section::
739 __BTF_ID__type1__name1__3:
741 __BTF_ID__type2__name2__4:
744 The ``struct btf_id_set set;`` variable is defined to access the list.
746 The ``typeX`` name can be one of following::
748 struct, union, typedef, func
750 and is used as a filter when resolving the BTF ID value.
752 All the BTF ID lists and sets are compiled in the .BTF_ids section and
753 resolved during the linking phase of kernel build by ``resolve_btfids`` tool.
758 5.1 bpftool map pretty print
759 ============================
761 With BTF, the map key/value can be printed based on fields rather than simply
762 raw bytes. This is especially valuable for large structure or if your data
763 structure has bitfields. For example, for the following map,::
765 enum A { A1, A2, A3, A4, A5 };
776 struct bpf_map_def SEC("maps") tmpmap = {
777 .type = BPF_MAP_TYPE_ARRAY,
778 .key_size = sizeof(__u32),
779 .value_size = sizeof(struct tmp_t),
782 BPF_ANNOTATE_KV_PAIR(tmpmap, int, struct tmp_t);
784 bpftool is able to pretty print like below:
800 5.2 bpftool prog dump
801 =====================
803 The following is an example showing how func_info and line_info can help prog
804 dump with better kernel symbol names, function prototypes and line
807 $ bpftool prog dump jited pinned /sys/fs/bpf/test_btf_haskv
809 int test_long_fname_2(struct dummy_tracepoint_args * arg):
810 bpf_prog_44a040bf25481309_test_long_fname_2:
811 ; static int test_long_fname_2(struct dummy_tracepoint_args *arg)
816 f: mov %rbx,0x0(%rbp)
817 13: mov %r13,0x8(%rbp)
818 17: mov %r14,0x10(%rbp)
819 1b: mov %r15,0x18(%rbp)
821 21: mov %rax,0x20(%rbp)
824 27: mov %esi,-0x4(%rbp)
826 2a: mov 0x8(%rdi),%rdi
829 32: je 0x0000000000000070
831 ; counts = bpf_map_lookup_elem(&btf_map, &key);
837 The following is an example of how line_info can help debugging verification
840 /* The code at tools/testing/selftests/bpf/test_xdp_noinline.c
841 * is modified as below.
843 data = (void *)(long)xdp->data;
844 data_end = (void *)(long)xdp->data_end;
846 if (data + 4 > data_end)
849 *(u32 *)data = dst->dst;
851 $ bpftool prog load ./test_xdp_noinline.o /sys/fs/bpf/test_xdp_noinline type xdp
852 ; data = (void *)(long)xdp->data;
853 224: (79) r2 = *(u64 *)(r10 -112)
854 225: (61) r2 = *(u32 *)(r2 +0)
855 ; *(u32 *)data = dst->dst;
856 226: (63) *(u32 *)(r2 +0) = r1
857 invalid access to packet, off=0 size=4, R2(id=0,off=0,r=0)
858 R2 offset is outside of the packet
863 You need latest pahole
865 https://git.kernel.org/pub/scm/devel/pahole/pahole.git/
867 or llvm (8.0 or later). The pahole acts as a dwarf2btf converter. It doesn't
868 support .BTF.ext and btf BTF_KIND_FUNC type yet. For example,::
876 -bash-4.4$ gcc -c -O2 -g t.c
877 -bash-4.4$ pahole -JV t.o
879 [1] STRUCT t kind_flag=1 size=4 vlen=3
880 a type_id=2 bitfield_size=2 bits_offset=0
881 b type_id=2 bitfield_size=3 bits_offset=2
882 c type_id=2 bitfield_size=2 bits_offset=5
883 [2] INT int size=4 bit_offset=0 nr_bits=32 encoding=SIGNED
885 The llvm is able to generate .BTF and .BTF.ext directly with -g for bpf target
886 only. The assembly code (-S) is able to show the BTF encoding in assembly
893 int (*f2)(char q1, __int32 q2, ...);
896 int main() { return 0; }
897 int test() { return 0; }
898 -bash-4.4$ clang -c -g -O2 -target bpf t2.c
899 -bash-4.4$ readelf -S t2.o
901 [ 8] .BTF PROGBITS 0000000000000000 00000247
902 000000000000016e 0000000000000000 0 0 1
903 [ 9] .BTF.ext PROGBITS 0000000000000000 000003b5
904 0000000000000060 0000000000000000 0 0 1
905 [10] .rel.BTF.ext REL 0000000000000000 000007e0
906 0000000000000040 0000000000000010 16 9 8
908 -bash-4.4$ clang -S -g -O2 -target bpf t2.c
911 .section .BTF,"",@progbits
912 .short 60319 # 0xeb9f
920 .long 0 # BTF_KIND_FUNC_PROTO(id = 1)
921 .long 218103808 # 0xd000000
923 .long 83 # BTF_KIND_INT(id = 2)
924 .long 16777216 # 0x1000000
926 .long 16777248 # 0x1000020
928 .byte 0 # string offset=0
929 .ascii ".text" # string offset=1
931 .ascii "/home/yhs/tmp-pahole/t2.c" # string offset=7
933 .ascii "int main() { return 0; }" # string offset=33
935 .ascii "int test() { return 0; }" # string offset=58
937 .ascii "int" # string offset=83
939 .section .BTF.ext,"",@progbits
940 .short 60319 # 0xeb9f
949 .long 1 # FuncInfo section string offset=1
956 .long 1 # LineInfo section string offset=1
961 .long 7182 # Line 7 Col 14
965 .long 8206 # Line 8 Col 14
970 Kernel bpf selftest `test_btf.c` provides extensive set of BTF-related tests.
projects / mirror_ubuntu-jammy-kernel.git / blob