Re: [RFC PATCH bpf-next] bpf: change syscall_nr type to int in struct syscall_tp_t
From: Artem Savkov
Date: Fri Oct 13 2023 - 02:02:34 EST
On Thu, Oct 12, 2023 at 04:32:51PM -0700, Andrii Nakryiko wrote:
> On Thu, Oct 12, 2023 at 6:43 AM Steven Rostedt <rostedt@xxxxxxxxxxx> wrote:
> >
> > On Thu, 12 Oct 2023 13:45:50 +0200
> > Artem Savkov <asavkov@xxxxxxxxxx> wrote:
> >
> > > linux-rt-devel tree contains a patch (b1773eac3f29c ("sched: Add support
> > > for lazy preemption")) that adds an extra member to struct trace_entry.
> > > This causes the offset of args field in struct trace_event_raw_sys_enter
> > > be different from the one in struct syscall_trace_enter:
> > >
> > > struct trace_event_raw_sys_enter {
> > > struct trace_entry ent; /* 0 12 */
> > >
> > > /* XXX last struct has 3 bytes of padding */
> > > /* XXX 4 bytes hole, try to pack */
> > >
> > > long int id; /* 16 8 */
> > > long unsigned int args[6]; /* 24 48 */
> > > /* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
> > > char __data[]; /* 72 0 */
> > >
> > > /* size: 72, cachelines: 2, members: 4 */
> > > /* sum members: 68, holes: 1, sum holes: 4 */
> > > /* paddings: 1, sum paddings: 3 */
> > > /* last cacheline: 8 bytes */
> > > };
> > >
> > > struct syscall_trace_enter {
> > > struct trace_entry ent; /* 0 12 */
> > >
> > > /* XXX last struct has 3 bytes of padding */
> > >
> > > int nr; /* 12 4 */
> > > long unsigned int args[]; /* 16 0 */
> > >
> > > /* size: 16, cachelines: 1, members: 3 */
> > > /* paddings: 1, sum paddings: 3 */
> > > /* last cacheline: 16 bytes */
> > > };
> > >
> > > This, in turn, causes perf_event_set_bpf_prog() fail while running bpf
> > > test_profiler testcase because max_ctx_offset is calculated based on the
> > > former struct, while off on the latter:
> > >
> > > 10488 if (is_tracepoint || is_syscall_tp) {
> > > 10489 int off = trace_event_get_offsets(event->tp_event);
> > > 10490
> > > 10491 if (prog->aux->max_ctx_offset > off)
> > > 10492 return -EACCES;
> > > 10493 }
> > >
> > > What bpf program is actually getting is a pointer to struct
> > > syscall_tp_t, defined in kernel/trace/trace_syscalls.c. This patch fixes
> > > the problem by aligning struct syscall_tp_t with with struct
> > > syscall_trace_(enter|exit) and changing the tests to use these structs
> > > to dereference context.
> > >
> > > Signed-off-by: Artem Savkov <asavkov@xxxxxxxxxx>
> >
>
> I think these changes make sense regardless, can you please resend the
> patch without RFC tag so that our CI can run tests for it?
Ok, didn't know it was set up like that.
> > Thanks for doing a proper fix.
> >
> > Acked-by: Steven Rostedt (Google) <rostedt@xxxxxxxxxxx>
>
> But looking at [0] and briefly reading some of the discussions you,
> Steven, had. I'm just wondering if it would be best to avoid
> increasing struct trace_entry altogether? It seems like preempt_count
> is actually a 4-bit field in trace context, so it doesn't seem like we
> really need to allocate an entire byte for both preempt_count and
> preempt_lazy_count. Why can't we just combine them and not waste 8
> extra bytes for each trace event in a ring buffer?
>
> [0] https://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git/commit/?id=b1773eac3f29cbdcdfd16e0339f1a164066e9f71
I agree that avoiding increase in struct trace_entry size would be very
desirable, but I have no knowledge whether rt developers had reasons to
do it like this.
Nevertheless I think the issue with verifier running against a wrong
struct still needs to be addressed.
--
Regards,
Artem