bpf passthrough gen in codegen

Signed-off-by: varun-r-mallya <varunrmallya@gmail.com>

pythonbpf/codegen.py

@@ -36,6 +36,23 @@ def finalize_module(original_str):
     replacement = r'\1 "btf_ama"'
     return re.sub(pattern, replacement, original_str)
 
+def bpf_passthrough_gen(module):
+    i32_ty = ir.IntType(32)
+    ptr_ty = ir.PointerType(ir.IntType(8))
+    fnty = ir.FunctionType(ptr_ty, [i32_ty, ptr_ty])
+
+    # Declare the intrinsic
+    passthrough = ir.Function(module, fnty, "llvm.bpf.passthrough.p0.p0")
+
+    # Set function attributes
+    # TODO: the ones commented are supposed to be there but cannot be added due to llvmlite limitations at the moment
+    # passthrough.attributes.add("nofree")
+    # passthrough.attributes.add("nosync")
+    passthrough.attributes.add("nounwind")
+    # passthrough.attributes.add("memory(none)")
+
+    return passthrough
+
 
 def find_bpf_chunks(tree):
     """Find all functions decorated with @bpf in the AST."""
@@ -57,6 +74,8 @@ def processor(source_code, filename, module):
     for func_node in bpf_chunks:
         logger.info(f"Found BPF function/struct: {func_node.name}")
 
+    bpf_passthrough_gen(module)
+
     vmlinux_symtab = vmlinux_proc(tree, module)
     if vmlinux_symtab:
         handler = VmlinuxHandler.initialize(vmlinux_symtab)

pythonbpf/vmlinux_parser/import_detector.py

@@ -2,6 +2,7 @@ import ast
 import logging
 import importlib
 import inspect
+import llvmlite.ir as ir
 
 from .assignment_info import AssignmentInfo, AssignmentType
 from .dependency_handler import DependencyHandler
@@ -86,19 +87,19 @@ def vmlinux_proc(tree: ast.AST, module):
 
     if not import_statements:
         logger.info("No vmlinux imports found")
-        return
+        return None
 
     # Import vmlinux module directly
     try:
         vmlinux_mod = importlib.import_module("vmlinux")
     except ImportError:
         logger.warning("Could not import vmlinux module")
-        return
+        return None
 
     source_file = inspect.getsourcefile(vmlinux_mod)
     if source_file is None:
         logger.warning("Cannot find source for vmlinux module")
-        return
+        return None
 
     with open(source_file, "r") as f:
         mod_ast = ast.parse(f.read(), filename=source_file)

tests/c-form/ex5.bpf.c

@@ -1,25 +0,0 @@
-#define __TARGET_ARCH_arm64
-
-#include "vmlinux.h"
-#include <bpf/bpf_helpers.h>
-#include <bpf/bpf_tracing.h>
-#include <bpf/bpf_core_read.h>
-
-// Map: key = struct request*, value = u64 timestamp
-struct {
-    __uint(type, BPF_MAP_TYPE_HASH);
-    __type(key, struct request *);
-    __type(value, u64);
-    __uint(max_entries, 1024);
-} start SEC(".maps");
-
-// Attach to kprobe for blk_start_request
-SEC("kprobe/blk_start_request")
-int BPF_KPROBE(trace_start, struct request *req)
-{
-    u64 ts = bpf_ktime_get_ns();
-    bpf_map_update_elem(&start, &req, &ts, BPF_ANY);
-    return 0;
-}
-
-char LICENSE[] SEC("license") = "GPL";

tests/c-form/struct_field_tests.bpf.c

@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include "vmlinux.h"
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+
+/*
+Information gained from reversing this (multiple kernel versions):
+There is no point of
+```llvm
+ tail call void @llvm.dbg.value(metadata ptr %0, metadata !60, metadata !DIExpression()), !dbg !70
+ ```
+ and the first argument of passthrough is fucking useless. It just needs to be a distinct integer:
+ ```llvm
+   %9 = tail call ptr @llvm.bpf.passthrough.p0.p0(i32 3, ptr %8)
+ ```
+*/
+
+SEC("tp/syscalls/sys_enter_execve")
+int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
+  // Access each argument separately with clear variable assignments
+  unsigned long arg0 = ctx->args[0];
+  bpf_printk("args[0]: %u", arg0);
+
+  unsigned long arg1 = ctx->args[1];
+  bpf_printk("args[1]: %u", arg1);
+
+  // Remove the duplicate access to args[1]
+
+  unsigned long arg2 = ctx->args[2];
+  bpf_printk("args[3]: %u", arg2);
+  bpf_printk("args[4]: %u", ctx->args[2]);
+
+  return 0;
+}
+
+char LICENSE[] SEC("license") = "GPL";

tests/c-form/xdp_modify.bpf.c

@@ -0,0 +1,21 @@
+// xdp_rewrite.c
+#include <linux/bpf.h>
+#include <bpf/bpf_helpers.h>
+#include <linux/if_ether.h>
+
+SEC("xdp")
+int xdp_rewrite_mac(struct xdp_md *ctx)
+{
+    void *data_end = (void *)(long)ctx->data_end;
+    void *data     = (void *)(long)ctx->data;
+
+    struct ethhdr *eth = data;
+    if ((void*)(eth + 1) > data_end)
+        return XDP_PASS;
+    __u8 new_src[ETH_ALEN] = {0x02,0x00,0x00,0x00,0x00,0x02};
+    for (int i = 0; i < ETH_ALEN; i++) eth->h_source[i] = new_src[i];
+
+    return XDP_PASS;
+}
+
+char _license[] SEC("license") = "GPL";

tests/failing_tests/vmlinux/struct_field_access.py

@@ -0,0 +1,28 @@
+import logging
+
+from pythonbpf import bpf, section, bpfglobal, compile_to_ir
+from pythonbpf import compile  # noqa: F401
+from vmlinux import TASK_COMM_LEN  # noqa: F401
+from vmlinux import struct_trace_event_raw_sys_enter  # noqa: F401
+from ctypes import c_int64
+
+# from vmlinux import struct_uinput_device
+# from vmlinux import struct_blk_integrity_iter
+
+
+@bpf
+@section("tracepoint/syscalls/sys_enter_execve")
+def hello_world(ctx: struct_trace_event_raw_sys_enter) -> c_int64:
+    a = 2 + TASK_COMM_LEN + TASK_COMM_LEN
+    print(f"Hello, World{TASK_COMM_LEN} and {a}")
+    return c_int64(TASK_COMM_LEN + 2)
+
+
+@bpf
+@bpfglobal
+def LICENSE() -> str:
+    return "GPL"
+
+
+compile_to_ir("struct_field_access.py", "struct_field_access.ll", loglevel=logging.INFO)
+# compile()