Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp5063444rwd; Sun, 4 Jun 2023 19:56:15 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7pm8Hux68dN0dzUXsTd08Jo+DlRd/7XY/krpXaXJDHvFqhR3VwUeScTOQDG3KBZ7CxrluG X-Received: by 2002:ac8:4e8b:0:b0:3ef:366b:5afa with SMTP id 11-20020ac84e8b000000b003ef366b5afamr7867740qtp.54.1685933775506; Sun, 04 Jun 2023 19:56:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685933775; cv=none; d=google.com; s=arc-20160816; b=NJJOa2RTYyGIeOwgseS2JQ/MkJFHEeXH1noddP+HaT3P7AUW+J8cDFtCmx8biGrlLg NrGfA314XE4+ogWBwn+zJYbskpvKY7Z0Vk+fGhTJ+XKXyPMMpePUIX3zu4F2q9iHB0Xd El/YY2AVyBwPv2DbfCdklI36LHVWW6SKtkhHRIvZ+3m+FtonswJpoqIxMAMskiIly7Z/ +r1KQMgXgz5q/8AeLi986vBMD8C/ku8uWk5kwny6OHopHOxosrYZglVTSjG0ktPd/Gi4 4qXwmkpMHxOFAvS422C85XJxFVVC91h+l6qUW1iHi3EoiDj33rNStNLCkyWkndfdLu9d hTEQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=p5YXR/7kN4XSeeGZUdcHPRRNBlEU9Aj6mrRygyuZlqA=; b=kA8vBWhl7FLNZyV3I4GLQOnDsrnIvGsuLb1SID3JcC9SiDnTja7c4nmXyVguxqQAOo zudAVGQbdQfBMhqlghbszmu/SIzKsEs23/uOzseui+T5inSVhTTCZ+y98wVFK3Z+OcAz k3C+BnYdWrHHCgHFftGmGr4Yx18u94N6E2VWsz6iOvJWR9lcUGlz7oSXtVrqBneeen24 soMU5qgxAvUpC68hEUYiSbgN9UFwmX/U1b2c5p5hCUGZin+jNT8q31DrCYzJ/oj6pdqd EUQLGcGTDH3LQOsWjIgJ3EYPQBkWpZcWVl7v9/yD9OUphmJgJc5VGsMnjTQwh37uBopI Tn4w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=s4BZ04CQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q32-20020a635c20000000b0053f53139199si4634066pgb.856.2023.06.04.19.56.03; Sun, 04 Jun 2023 19:56:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=s4BZ04CQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232604AbjFECk4 (ORCPT + 99 others); Sun, 4 Jun 2023 22:40:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53352 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229449AbjFECkz (ORCPT ); Sun, 4 Jun 2023 22:40:55 -0400 Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1ADFBC; Sun, 4 Jun 2023 19:40:50 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id ca18e2360f4ac-76c64da0e46so138859939f.0; Sun, 04 Jun 2023 19:40:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685932850; x=1688524850; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=p5YXR/7kN4XSeeGZUdcHPRRNBlEU9Aj6mrRygyuZlqA=; b=s4BZ04CQdSU599WEekNZ98RFN6inJIRExhh0YuH34COKYHVjviQwanbwbC7CM28c66 TSfSJLCjXf7OjsAPdQEct5jfAQfjV6Z7lMXdZ4xH9tlkDrzElHYcPG0vReeEWm6WmaUb kCDwwxO64t3Y2H0pzYv3UXBRjeiX3WVVsb5++FMn4kPGKMHu2diH/Bh3CqqIeI1b5w2G LzAf6kAaFZCRFBciLJ8Ob9kyQGC4gZxobm3/UWy19xgTJBQs2TffIfaG8mmMmVcxgJdJ g8SSxpB76ziia14VCNU4bWhLqmlLDOKPQ28UPLcevf4pSMEuXaWj7Zt2wEXjhQLbff6w U53A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685932850; x=1688524850; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p5YXR/7kN4XSeeGZUdcHPRRNBlEU9Aj6mrRygyuZlqA=; b=MmN0SWDSqQbicZ3EH2UF3KFRGG7OREyTh5VNXyqPftnpmi7neE8YtWha8ZKxxh5zQJ ypmPif6EFjyPIwxq1vviaBn9wn8PpCG25Jm1q9ivGXeChBPf/VGGZkcWO3GddZ+FqDU6 stBIBGt3mQ/gnOS/o4b9llyz8XKj/RzoNvIgSddw8bZpIpQyZQNGtsqb/LI+PZU/FaN0 sYNIDbtbIOPaN7JgicJhqMD62/YbONWWWW+U2GOEGtOvA8LmMX+52a3E6B3nTLvx8uu5 6ixDIWR7RdgBmFIUHiI6rHXTiDK2CVB14K7MZgJc/xB0QYvCbQR+gbgnMAaLGQl6SL/W v/cw== X-Gm-Message-State: AC+VfDxu5oVwoG/Cbd0xl6w6muppg7dd7L94bQUuOiRNYinpBvWjFVdW d2hTcFUv8PF8DbuOAr1mXkdG9hyQfgrb6puZQPMwFM368j0/Bi0a X-Received: by 2002:a0d:eb97:0:b0:561:3fb7:1333 with SMTP id u145-20020a0deb97000000b005613fb71333mr10563666ywe.43.1685932829170; Sun, 04 Jun 2023 19:40:29 -0700 (PDT) MIME-Version: 1.0 References: <20230602065958.2869555-1-imagedong@tencent.com> <20230602065958.2869555-3-imagedong@tencent.com> In-Reply-To: From: Menglong Dong Date: Mon, 5 Jun 2023 10:40:17 +0800 Message-ID: Subject: Re: [PATCH bpf-next v2 2/5] bpf, x86: allow function arguments up to 14 for TRACING To: Alexei Starovoitov Cc: Jiri Olsa , "David S. Miller" , David Ahern , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Jiri Olsa , X86 ML , benbjiang@tencent.com, Network Development , bpf , LKML , "open list:KERNEL SELFTEST FRAMEWORK" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 3, 2023 at 2:31=E2=80=AFAM Alexei Starovoitov wrote: > > On Fri, Jun 2, 2023 at 12:01=E2=80=AFAM wrote: > > > > From: Menglong Dong > > Please trim your cc when you respin. It's unnecessary huge. Sorry for bothering the unrelated people. The cc is generated from ./scripts/get_maintainer.pl, and I'll keep it less than 15. > [...] > > diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c > > index 1056bbf55b17..0e247bb7d6f6 100644 > > --- a/arch/x86/net/bpf_jit_comp.c > > +++ b/arch/x86/net/bpf_jit_comp.c > > @@ -1868,7 +1868,7 @@ static void save_regs(const struct btf_func_model= *m, u8 **prog, int nr_regs, > > * mov QWORD PTR [rbp-0x10],rdi > > * mov QWORD PTR [rbp-0x8],rsi > > */ > > - for (i =3D 0, j =3D 0; i < min(nr_regs, 6); i++) { > > + for (i =3D 0, j =3D 0; i < min(nr_regs, MAX_BPF_FUNC_ARGS); i++= ) { > > /* The arg_size is at most 16 bytes, enforced by the ve= rifier. */ > > arg_size =3D m->arg_size[j]; > > if (arg_size > 8) { > > @@ -1876,10 +1876,22 @@ static void save_regs(const struct btf_func_mod= el *m, u8 **prog, int nr_regs, > > next_same_struct =3D !next_same_struct; > > } > > > > - emit_stx(prog, bytes_to_bpf_size(arg_size), > > - BPF_REG_FP, > > - i =3D=3D 5 ? X86_REG_R9 : BPF_REG_1 + i, > > - -(stack_size - i * 8)); > > + if (i <=3D 5) { > > + /* store function arguments in regs */ > > The comment is confusing. > It's not storing arguments in regs. > It copies them from regs into stack. Right, I'll use "copy arguments from regs into stack" instead. > > > + emit_stx(prog, bytes_to_bpf_size(arg_size), > > + BPF_REG_FP, > > + i =3D=3D 5 ? X86_REG_R9 : BPF_REG_1 + = i, > > + -(stack_size - i * 8)); > > + } else { > > + /* store function arguments in stack */ > > + emit_ldx(prog, bytes_to_bpf_size(arg_size), > > + BPF_REG_0, BPF_REG_FP, > > + (i - 6) * 8 + 0x18); > > + emit_stx(prog, bytes_to_bpf_size(arg_size), > > and we will have garbage values in upper bytes. > Probably should fix both here and in regular copy from reg. > I noticed it too......I'll dig it deeper to find a solution. > > + BPF_REG_FP, > > + BPF_REG_0, > > + -(stack_size - i * 8)); > > + } > > [......] > > /* Generated trampoline stack layout: > > @@ -2170,7 +2219,14 @@ int arch_prepare_bpf_trampoline(struct bpf_tramp= _image *im, void *image, void *i > > * > > * RBP - ip_off [ traced function ] BPF_TRAMP_F_IP_ARG flag > > * > > + * RBP - rbx_off [ rbx value ] always > > + * > > That is the case already and we just didn't document it, right? > I'm afraid not anymore. In the origin logic, we use "push rbx" after "sub rsp, stack_size". This will store "rbx" into the top of the stack. However, now we need to make sure the arguments, which we copy from the stack frame of the caller into current stack frame in prepare_origin_stack(), stay in the top of the stack, to pass these arguments to the orig_call through stack. > > * RBP - run_ctx_off [ bpf_tramp_run_ctx ] > > + * > > + * [ stack_argN ] BPF_TRAMP_F_CALL_ORIG > > + * [ ... ] > > + * [ stack_arg2 ] > > + * RBP - arg_stack_off [ stack_arg1 ] > > */ > > > > /* room for return value of orig_call or fentry prog */ > > @@ -2190,9 +2246,17 @@ int arch_prepare_bpf_trampoline(struct bpf_tramp= _image *im, void *image, void *i > > > > ip_off =3D stack_size; > > > > + stack_size +=3D 8; > > + rbx_off =3D stack_size; > > + > > stack_size +=3D (sizeof(struct bpf_tramp_run_ctx) + 7) & ~0x7; > > run_ctx_off =3D stack_size; > > > > + if (nr_regs > 6 && (flags & BPF_TRAMP_F_CALL_ORIG)) > > + stack_size +=3D (nr_regs - 6) * 8; > > + > > + arg_stack_off =3D stack_size; > > + > > if (flags & BPF_TRAMP_F_SKIP_FRAME) { > > /* skip patched call instruction and point orig_call to= actual > > * body of the kernel function. > > @@ -2212,8 +2276,9 @@ int arch_prepare_bpf_trampoline(struct bpf_tramp_= image *im, void *image, void *i > > x86_call_depth_emit_accounting(&prog, NULL); > > EMIT1(0x55); /* push rbp */ > > EMIT3(0x48, 0x89, 0xE5); /* mov rbp, rsp */ > > - EMIT4(0x48, 0x83, 0xEC, stack_size); /* sub rsp, stack_size */ > > - EMIT1(0x53); /* push rbx */ > > + EMIT3_off32(0x48, 0x81, 0xEC, stack_size); /* sub rsp, stack_si= ze */ > > + /* mov QWORD PTR [rbp - rbx_off], rbx */ > > + emit_stx(&prog, BPF_DW, BPF_REG_FP, BPF_REG_6, -rbx_off); > > > > /* Store number of argument registers of the traced function: > > * mov rax, nr_regs > > @@ -2262,6 +2327,7 @@ int arch_prepare_bpf_trampoline(struct bpf_tramp_= image *im, void *image, void *i > > > > if (flags & BPF_TRAMP_F_CALL_ORIG) { > > restore_regs(m, &prog, nr_regs, regs_off); > > + prepare_origin_stack(m, &prog, nr_regs, arg_stack_off); > > > > if (flags & BPF_TRAMP_F_ORIG_STACK) { > > emit_ldx(&prog, BPF_DW, BPF_REG_0, BPF_REG_FP, = 8); > > @@ -2321,14 +2387,14 @@ int arch_prepare_bpf_trampoline(struct bpf_tram= p_image *im, void *image, void *i > > if (save_ret) > > emit_ldx(&prog, BPF_DW, BPF_REG_0, BPF_REG_FP, -8); > > > > - EMIT1(0x5B); /* pop rbx */ > > + emit_ldx(&prog, BPF_DW, BPF_REG_6, BPF_REG_FP, -rbx_off); > > It can stay as 'pop', no? > As now we don't use "push rbx" anymore, we can't use "pop" here either, as we store rbx in the stack of a specific location. Thanks! Menglong Dong > > EMIT1(0xC9); /* leave */ > > if (flags & BPF_TRAMP_F_SKIP_FRAME) > > /* skip our return address and return to parent */ > > EMIT4(0x48, 0x83, 0xC4, 8); /* add rsp, 8 */ > > emit_return(&prog, prog); > > /* Make sure the trampoline generation logic doesn't overflow *= / > > - if (WARN_ON_ONCE(prog > (u8 *)image_end - BPF_INSN_SAFETY)) { > > + if (prog > (u8 *)image_end - BPF_INSN_SAFETY) { > > ret =3D -EFAULT; > > goto cleanup; > > } > > -- > > 2.40.1 > >