Commit 832165d2 authored by Daniel Borkmann's avatar Daniel Borkmann
Browse files

Merge branch 'bpf-core-fixes' 



Andrii Nakryiko says:

====================
This patch set fixes bug in CO-RE relocation candidate finding logic, which
currently allows matching against forward declarations, functions, and other
named types, even though it makes no sense to even attempt. As part of
verifying the fix, add test using vmlinux.h with preserve_access_index
attribute and utilizing struct pt_regs heavily to trace nanosleep syscall
using 5 different types of tracing BPF programs.

This test also demonstrated problems using struct pt_regs in syscall
tracepoints and required a new set of macro, which were added in patch #3
into bpf_tracing.h.

Patch #1 fixes annoying issue with selftest failure messages being out of
sync.

v1->v2:
  - drop unused handle__probed() function (Martin).
====================

Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parents 30b4cb36 acbd0620

tools/lib/bpf/bpf_tracing.h

+103 −0
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ 
#if defined(bpf_target_x86)



#if defined(__KERNEL__) || defined(__VMLINUX_H__)



#define PT_REGS_PARM1(x) ((x)->di)

#define PT_REGS_PARM2(x) ((x)->si)

#define PT_REGS_PARM3(x) ((x)->dx)
@@ -60,7 +61,20 @@ 
#define PT_REGS_RC(x) ((x)->ax)

#define PT_REGS_SP(x) ((x)->sp)

#define PT_REGS_IP(x) ((x)->ip)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), di)

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), si)

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), dx)

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), cx)

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), r8)

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), sp)

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((x), bp)

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), ax)

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), sp)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), ip)



#else



#ifdef __i386__

/* i386 kernel is built with -mregparm=3 */

#define PT_REGS_PARM1(x) ((x)->eax)
@@ -73,7 +87,20 @@ 
#define PT_REGS_RC(x) ((x)->eax)

#define PT_REGS_SP(x) ((x)->esp)

#define PT_REGS_IP(x) ((x)->eip)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), eax)

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), edx)

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), ecx)

#define PT_REGS_PARM4_CORE(x) 0

#define PT_REGS_PARM5_CORE(x) 0

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), esp)

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((x), ebp)

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), eax)

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), esp)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), eip)



#else



#define PT_REGS_PARM1(x) ((x)->rdi)

#define PT_REGS_PARM2(x) ((x)->rsi)

#define PT_REGS_PARM3(x) ((x)->rdx)
@@ -84,6 +111,18 @@ 
#define PT_REGS_RC(x) ((x)->rax)

#define PT_REGS_SP(x) ((x)->rsp)

#define PT_REGS_IP(x) ((x)->rip)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), rdi)

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), rsi)

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), rdx)

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), rcx)

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), r8)

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), rsp)

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((x), rbp)

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), rax)

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), rsp)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), rip)



#endif

#endif
@@ -104,6 +143,17 @@ struct pt_regs; 
#define PT_REGS_SP(x) (((PT_REGS_S390 *)(x))->gprs[15])

#define PT_REGS_IP(x) (((PT_REGS_S390 *)(x))->psw.addr)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[2])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[3])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[4])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[5])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[6])

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), grps[14])

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[11])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[2])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), gprs[15])

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((PT_REGS_S390 *)(x), pdw.addr)



#elif defined(bpf_target_arm)



#define PT_REGS_PARM1(x) ((x)->uregs[0])
@@ -117,6 +167,17 @@ struct pt_regs; 
#define PT_REGS_SP(x) ((x)->uregs[13])

#define PT_REGS_IP(x) ((x)->uregs[12])



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), uregs[0])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), uregs[1])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), uregs[2])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), uregs[3])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), uregs[4])

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), uregs[14])

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((x), uregs[11])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), uregs[0])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), uregs[13])

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), uregs[12])



#elif defined(bpf_target_arm64)



/* arm64 provides struct user_pt_regs instead of struct pt_regs to userspace */
@@ -134,6 +195,17 @@ struct pt_regs; 
#define PT_REGS_SP(x) (((PT_REGS_ARM64 *)(x))->sp)

#define PT_REGS_IP(x) (((PT_REGS_ARM64 *)(x))->pc)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[0])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[1])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[2])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[3])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[4])

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[30])

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[29])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), regs[0])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), sp)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((PT_REGS_ARM64 *)(x), pc)



#elif defined(bpf_target_mips)



#define PT_REGS_PARM1(x) ((x)->regs[4])
@@ -147,6 +219,17 @@ struct pt_regs; 
#define PT_REGS_SP(x) ((x)->regs[29])

#define PT_REGS_IP(x) ((x)->cp0_epc)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), regs[4])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), regs[5])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), regs[6])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), regs[7])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), regs[8])

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), regs[31])

#define PT_REGS_FP_CORE(x) BPF_CORE_READ((x), regs[30])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), regs[1])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), regs[29])

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), cp0_epc)



#elif defined(bpf_target_powerpc)



#define PT_REGS_PARM1(x) ((x)->gpr[3])
@@ -158,6 +241,15 @@ struct pt_regs; 
#define PT_REGS_SP(x) ((x)->sp)

#define PT_REGS_IP(x) ((x)->nip)



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), gpr[3])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), gpr[4])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), gpr[5])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), gpr[6])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), gpr[7])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), gpr[3])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), sp)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), nip)



#elif defined(bpf_target_sparc)



#define PT_REGS_PARM1(x) ((x)->u_regs[UREG_I0])
@@ -169,11 +261,22 @@ struct pt_regs; 
#define PT_REGS_RC(x) ((x)->u_regs[UREG_I0])

#define PT_REGS_SP(x) ((x)->u_regs[UREG_FP])



#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I0])

#define PT_REGS_PARM2_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I1])

#define PT_REGS_PARM3_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I2])

#define PT_REGS_PARM4_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I3])

#define PT_REGS_PARM5_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I4])

#define PT_REGS_RET_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I7])

#define PT_REGS_RC_CORE(x) BPF_CORE_READ((x), u_regs[UREG_I0])

#define PT_REGS_SP_CORE(x) BPF_CORE_READ((x), u_regs[UREG_FP])



/* Should this also be a bpf_target check for the sparc case? */

#if defined(__arch64__)

#define PT_REGS_IP(x) ((x)->tpc)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), tpc)

#else

#define PT_REGS_IP(x) ((x)->pc)

#define PT_REGS_IP_CORE(x) BPF_CORE_READ((x), pc)

#endif



#endif

tools/lib/bpf/libbpf.c

+4 −0
Original line number Diff line number Diff line
@@ -3873,6 +3873,10 @@ static struct ids_vec *bpf_core_find_cands(const struct btf *local_btf, 
		if (str_is_empty(targ_name))

			continue;



		t = skip_mods_and_typedefs(targ_btf, i, NULL);

		if (!btf_is_composite(t) && !btf_is_array(t))

			continue;



		targ_essent_len = bpf_core_essential_name_len(targ_name);

		if (targ_essent_len != local_essent_len)

			continue;

tools/testing/selftests/bpf/Makefile

+6 −1
Original line number Diff line number Diff line
@@ -177,6 +177,10 @@ $(BUILD_DIR)/libbpf $(BUILD_DIR)/bpftool $(INCLUDE_DIR): 
	$(call msg,MKDIR,,$@)

	mkdir -p $@



$(INCLUDE_DIR)/vmlinux.h: $(VMLINUX_BTF) | $(BPFTOOL) $(INCLUDE_DIR)

	$(call msg,GEN,,$@)

	$(BPFTOOL) btf dump file $(VMLINUX_BTF) format c > $@



# Get Clang's default includes on this system, as opposed to those seen by

# '-target bpf'. This fixes "missing" files on some architectures/distros,

# such as asm/byteorder.h, asm/socket.h, asm/sockios.h, sys/cdefs.h etc.
@@ -285,6 +289,7 @@ $(TRUNNER_BPF_PROGS_DIR)$(if $2,-)$2-bpfobjs := y 
$(TRUNNER_BPF_OBJS): $(TRUNNER_OUTPUT)/%.o:				\

		     $(TRUNNER_BPF_PROGS_DIR)/%.c			\

		     $(TRUNNER_BPF_PROGS_DIR)/*.h			\

		     $$(INCLUDE_DIR)/vmlinux.h				\

		     $$(BPFOBJ) | $(TRUNNER_OUTPUT)

	$$(call $(TRUNNER_BPF_BUILD_RULE),$$<,$$@,			\

					  $(TRUNNER_BPF_CFLAGS),	\

tools/testing/selftests/bpf/prog_tests/vmlinux.c

0 → 100644
+43 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/* Copyright (c) 2020 Facebook */



#include <test_progs.h>

#include <time.h>

#include "test_vmlinux.skel.h"



#define MY_TV_NSEC 1337



static void nsleep()

{

	struct timespec ts = { .tv_nsec = MY_TV_NSEC };



	(void)nanosleep(&ts, NULL);

}



void test_vmlinux(void)

{

	int duration = 0, err;

	struct test_vmlinux* skel;

	struct test_vmlinux__bss *bss;



	skel = test_vmlinux__open_and_load();

	if (CHECK(!skel, "skel_open", "failed to open skeleton\n"))

		return;

	bss = skel->bss;



	err = test_vmlinux__attach(skel);

	if (CHECK(err, "skel_attach", "skeleton attach failed: %d\n", err))

		goto cleanup;



	/* trigger everything */

	nsleep();



	CHECK(!bss->tp_called, "tp", "not called\n");

	CHECK(!bss->raw_tp_called, "raw_tp", "not called\n");

	CHECK(!bss->tp_btf_called, "tp_btf", "not called\n");

	CHECK(!bss->kprobe_called, "kprobe", "not called\n");

	CHECK(!bss->fentry_called, "fentry", "not called\n");



cleanup:

	test_vmlinux__destroy(skel);

}

tools/testing/selftests/bpf/progs/test_vmlinux.c

0 → 100644
+84 −0
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/* Copyright (c) 2020 Facebook */



#include "vmlinux.h"

#include <asm/unistd.h>

#include <bpf/bpf_helpers.h>

#include <bpf/bpf_tracing.h>

#include <bpf/bpf_core_read.h>



#define MY_TV_NSEC 1337



bool tp_called = false;

bool raw_tp_called = false;

bool tp_btf_called = false;

bool kprobe_called = false;

bool fentry_called = false;



SEC("tp/syscalls/sys_enter_nanosleep")

int handle__tp(struct trace_event_raw_sys_enter *args)

{

	struct __kernel_timespec *ts;



	if (args->id != __NR_nanosleep)

		return 0;



	ts = (void *)args->args[0];

	if (BPF_CORE_READ(ts, tv_nsec) != MY_TV_NSEC)

		return 0;



	tp_called = true;

	return 0;

}



SEC("raw_tp/sys_enter")

int BPF_PROG(handle__raw_tp, struct pt_regs *regs, long id)

{

	struct __kernel_timespec *ts;



	if (id != __NR_nanosleep)

		return 0;



	ts = (void *)PT_REGS_PARM1_CORE(regs);

	if (BPF_CORE_READ(ts, tv_nsec) != MY_TV_NSEC)

		return 0;



	raw_tp_called = true;

	return 0;

}



SEC("tp_btf/sys_enter")

int BPF_PROG(handle__tp_btf, struct pt_regs *regs, long id)

{

	struct __kernel_timespec *ts;



	if (id != __NR_nanosleep)

		return 0;



	ts = (void *)PT_REGS_PARM1_CORE(regs);

	if (BPF_CORE_READ(ts, tv_nsec) != MY_TV_NSEC)

		return 0;



	tp_btf_called = true;

	return 0;

}



SEC("kprobe/hrtimer_nanosleep")

int BPF_KPROBE(handle__kprobe,

	       ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid)

{

	if (rqtp == MY_TV_NSEC)

		kprobe_called = true;

	return 0;

}



SEC("fentry/hrtimer_nanosleep")

int BPF_PROG(handle__fentry,

	     ktime_t rqtp, enum hrtimer_mode mode, clockid_t clockid)

{

	if (rqtp == MY_TV_NSEC)

		fentry_called = true;

	return 0;

}



char _license[] SEC("license") = "GPL";

CRA Git | Maintained and supported by SUSTech CRA and CCSE