[bpf-next,v3,05/11] libbpf: Add PT_REGS_SYSCALL_REGS macro

Message ID	20220204145018.1983773-6-iii@linux.ibm.com (mailing list archive)
State	Accepted
Commit	b62a862d42f52d1bebc6f137cdfe9e9d83236d01
Delegated to:	BPF
Headers	show Return-Path: <bpf-owner@kernel.org> From: Ilya Leoshkevich <iii@linux.ibm.com> To: Alexei Starovoitov <ast@kernel.org>, Daniel Borkmann <daniel@iogearbox.net>, Andrii Nakryiko <andrii.nakryiko@gmail.com>, Heiko Carstens <hca@linux.ibm.com>, Vasily Gorbik <gor@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Alexander Gordeev <agordeev@linux.ibm.com>, Catalin Marinas <catalin.marinas@arm.com>, Michael Ellerman <mpe@ellerman.id.au>, Paul Walmsley <paul.walmsley@sifive.com>, "Naveen N . Rao" <naveen.n.rao@linux.vnet.ibm.com> Cc: bpf@vger.kernel.org, Ilya Leoshkevich <iii@linux.ibm.com> Subject: [PATCH bpf-next v3 05/11] libbpf: Add PT_REGS_SYSCALL_REGS macro Date: Fri, 4 Feb 2022 15:50:12 +0100 Message-Id: <20220204145018.1983773-6-iii@linux.ibm.com> In-Reply-To: <20220204145018.1983773-1-iii@linux.ibm.com> References: <20220204145018.1983773-1-iii@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	libbpf: Fix accessing syscall arguments \| expand [bpf-next,v3,00/11] libbpf: Fix accessing syscall arguments [bpf-next,v3,01/11] arm64/bpf: Add orig_x0 to user_pt_regs [bpf-next,v3,02/11] s390/bpf: Add orig_gpr2 to user_pt_regs [bpf-next,v3,03/11] selftests/bpf: Fix an endianness issue in bpf_syscall_macro test [bpf-next,v3,04/11] libbpf: Add __PT_PARM1_REG_SYSCALL macro [bpf-next,v3,05/11] libbpf: Add PT_REGS_SYSCALL_REGS macro [bpf-next,v3,06/11] selftests/bpf: Use PT_REGS_SYSCALL_REGS in bpf_syscall_macro [bpf-next,v3,07/11] libbpf: Fix accessing the first syscall argument on arm64 [bpf-next,v3,08/11] libbpf: Fix accessing syscall arguments on powerpc [bpf-next,v3,09/11] libbpf: Fix accessing program counter on riscv [bpf-next,v3,10/11] libbpf: Fix accessing syscall arguments on riscv [bpf-next,v3,11/11] libbpf: Fix accessing the first syscall argument on s390

Message ID

20220204145018.1983773-6-iii@linux.ibm.com (mailing list archive)

State

Accepted

Commit

b62a862d42f52d1bebc6f137cdfe9e9d83236d01

Delegated to:

BPF

Headers

show

Return-Path: <bpf-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 94BC7C433EF
	for <bpf@archiver.kernel.org>; Fri,  4 Feb 2022 14:50:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232383AbiBDOux (ORCPT <rfc822;bpf@archiver.kernel.org>);
        Fri, 4 Feb 2022 09:50:53 -0500
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:48858 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S229837AbiBDOuw (ORCPT
        <rfc822;bpf@vger.kernel.org>); Fri, 4 Feb 2022 09:50:52 -0500
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 214EJ2Rj010510;
        Fri, 4 Feb 2022 14:50:35 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com;
 h=from : to : cc : subject
 : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding; s=pp1;
 bh=uIh2G1x4JyR73nMGQdKkH45MWB4kdfqJMXs2TAuzun0=;
 b=dVRyqjUFRBF4wnbaLaFr9Zb4lMKtMUjeby7fJQ7VuqFPHrFWZVwvM68ccpWiDJnbngH+
 Ku3m24it1a5hUD2yj+6zF2QGhw6biHHw1dDt1KQPuLikCVZRirwsGmiytO3kLZt1owbX
 CEzgkkwDjygcmUsaLKux3AcOhLOUom3UJ9Xxf/f7/gbOb8dm9czzx0AJvsCV29OGTN51
 qwoMKkh03+zxlbEagnrvm2EEx++gGlFAfrLNMw/2CS5cgEgMst1htkQW0xK9yuNpypMm
 lEFbHtwSk+mP/9pknhNiziy9K0hPmnHjvSUr56AUuq3eXKJDh0PrHfMPW5kQLKZWkeUh 6g==
Received: from pps.reinject (localhost [127.0.0.1])
        by mx0a-001b2d01.pphosted.com with ESMTP id 3e0qx3yfgc-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=NOT);
        Fri, 04 Feb 2022 14:50:35 +0000
Received: from m0098394.ppops.net (m0098394.ppops.net [127.0.0.1])
        by pps.reinject (8.16.0.43/8.16.0.43) with SMTP id 214EcE8l001862;
        Fri, 4 Feb 2022 14:50:34 GMT
Received: from ppma03fra.de.ibm.com (6b.4a.5195.ip4.static.sl-reverse.com
 [149.81.74.107])
        by mx0a-001b2d01.pphosted.com with ESMTP id 3e0qx3yffq-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=NOT);
        Fri, 04 Feb 2022 14:50:34 +0000
Received: from pps.filterd (ppma03fra.de.ibm.com [127.0.0.1])
        by ppma03fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id
 214Ekmmw018429;
        Fri, 4 Feb 2022 14:50:32 GMT
Received: from b06cxnps4075.portsmouth.uk.ibm.com
 (d06relay12.portsmouth.uk.ibm.com [9.149.109.197])
        by ppma03fra.de.ibm.com with ESMTP id 3e0r0n5jcm-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
 verify=NOT);
        Fri, 04 Feb 2022 14:50:31 +0000
Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com
 [9.149.105.232])
        by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with
 ESMTP id 214EoQRr46072252
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
 verify=OK);
        Fri, 4 Feb 2022 14:50:26 GMT
Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 0D38252050;
        Fri,  4 Feb 2022 14:50:26 +0000 (GMT)
Received: from heavy.lan (unknown [9.171.78.41])
        by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 6905C52057;
        Fri,  4 Feb 2022 14:50:25 +0000 (GMT)
From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii.nakryiko@gmail.com>,
        Heiko Carstens <hca@linux.ibm.com>,
        Vasily Gorbik <gor@linux.ibm.com>,
        Christian Borntraeger <borntraeger@linux.ibm.com>,
        Alexander Gordeev <agordeev@linux.ibm.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Paul Walmsley <paul.walmsley@sifive.com>,
        "Naveen N . Rao" <naveen.n.rao@linux.vnet.ibm.com>
Cc: bpf@vger.kernel.org, Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH bpf-next v3 05/11] libbpf: Add PT_REGS_SYSCALL_REGS macro
Date: Fri,  4 Feb 2022 15:50:12 +0100
Message-Id: <20220204145018.1983773-6-iii@linux.ibm.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220204145018.1983773-1-iii@linux.ibm.com>
References: <20220204145018.1983773-1-iii@linux.ibm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: 5JvOflJ95fDtw92M5vQYDON--6nZyeXk
X-Proofpoint-GUID: z_LYIL4S1Sur5_dim_Zr3N0JPQ5wc1AN
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513
 definitions=2022-02-04_05,2022-02-03_01,2021-12-02_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=935
 lowpriorityscore=0 phishscore=0 clxscore=1015 impostorscore=0 adultscore=0
 mlxscore=0 spamscore=0 suspectscore=0 malwarescore=0 priorityscore=1501
 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2201110000 definitions=main-2202040082
Precedence: bulk
List-ID: <bpf.vger.kernel.org>
X-Mailing-List: bpf@vger.kernel.org
X-Patchwork-Delegate: bpf@iogearbox.net

Series

libbpf: Fix accessing syscall arguments | expand

Context	Check	Description
bpf/vmtest-bpf-next-PR	success	PR summary
netdev/tree_selection	success	Clearly marked for bpf-next
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Series has a cover letter
netdev/patch_count	success	Link
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers	warning	7 maintainers not CCed: andrii@kernel.org kpsingh@kernel.org john.fastabend@gmail.com kafai@fb.com songliubraving@fb.com yhs@fb.com netdev@vger.kernel.org
netdev/build_clang	success	Errors and warnings before: 0 this patch: 0
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 0 this patch: 0
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 15 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0
bpf/vmtest-bpf-next	success	VM_Test

Context

Check

Description

bpf/vmtest-bpf-next-PR

success

PR summary

netdev/tree_selection

success

Clearly marked for bpf-next

netdev/fixes_present

success

Fixes tag not required for -next series

netdev/subject_prefix

success

Link

netdev/cover_letter

success

Series has a cover letter

netdev/patch_count

success

Link

netdev/header_inline

success

No static functions without inline keyword in header files

netdev/build_32bit

success

Errors and warnings before: 0 this patch: 0

netdev/cc_maintainers

warning

7 maintainers not CCed: andrii@kernel.org kpsingh@kernel.org john.fastabend@gmail.com kafai@fb.com songliubraving@fb.com yhs@fb.com netdev@vger.kernel.org

netdev/build_clang

success

Errors and warnings before: 0 this patch: 0

netdev/module_param

success

Was 0 now: 0

netdev/verify_signedoff

success

Signed-off-by tag matches author and committer

netdev/verify_fixes

success

No Fixes tag

netdev/build_allmodconfig_warn

success

Errors and warnings before: 0 this patch: 0

netdev/checkpatch

success

total: 0 errors, 0 warnings, 0 checks, 15 lines checked

netdev/kdoc

success

Errors and warnings before: 0 this patch: 0

netdev/source_inline

success

Was 0 now: 0

bpf/vmtest-bpf-next

success

VM_Test

Commit Message

Ilya Leoshkevich Feb. 4, 2022, 2:50 p.m. UTC

Some architectures pass a pointer to struct pt_regs to syscall
handlers, others unpack it into individual function parameters.
Introduce a macro to describe what a particular arch does, using
`passing pt_regs *` as a default.

Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
 tools/lib/bpf/bpf_tracing.h | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Naveen N. Rao Feb. 4, 2022, 4:46 p.m. UTC | #1

Ilya Leoshkevich wrote:
> Some architectures pass a pointer to struct pt_regs to syscall
> handlers, others unpack it into individual function parameters.

I think that is just dependent on ARCH_HAS_SYSCALL_WRAPPER, so only x86, 
arm64 and s390 pass pointers to pt_regs to syscall entry points.

> Introduce a macro to describe what a particular arch does, using
> `passing pt_regs *` as a default.
> 
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
>  tools/lib/bpf/bpf_tracing.h | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
> index 30f0964f8c9e..08d2990c006f 100644
> --- a/tools/lib/bpf/bpf_tracing.h
> +++ b/tools/lib/bpf/bpf_tracing.h
> @@ -334,6 +334,15 @@ struct pt_regs;
> 
>  #endif /* defined(bpf_target_defined) */
> 
> +/*
> + * When invoked from a syscall handler kprobe, returns a pointer to a
> + * struct pt_regs containing syscall arguments and suitable for passing to
> + * PT_REGS_PARMn_SYSCALL() and PT_REGS_PARMn_CORE_SYSCALL().
> + */
> +#ifndef PT_REGS_SYSCALL_REGS
> +#define PT_REGS_SYSCALL_REGS(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
> +#endif
> +

I think that name is misleading if an architecture doesn't implement syscall 
wrappers, since you are simply getting access to the kprobe pt_regs, rather 
than the syscall pt_regs. This can perhaps be named PT_REGS_SYSCALL_UNWRAP() or 
such to make that clear.

Also, should this just be keyed off a simpler HAS_SYSCALL_WRAPPER or such, 
rather than the other way around?

diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
index 032ba809f3e57a..c72f285578d3fc 100644
--- a/tools/lib/bpf/bpf_tracing.h
+++ b/tools/lib/bpf/bpf_tracing.h
@@ -110,6 +110,8 @@
 
 #endif /* __i386__ */
 
+#define HAS_SYSCALL_WRAPPER
+
 #endif /* __KERNEL__ || __VMLINUX_H__ */
 
 #elif defined(bpf_target_s390)
@@ -126,6 +128,7 @@
 #define __PT_RC_REG gprs[2]
 #define __PT_SP_REG gprs[15]
 #define __PT_IP_REG psw.addr
+#define HAS_SYSCALL_WRAPPER
 
 #elif defined(bpf_target_arm)
 
@@ -154,6 +157,7 @@
 #define __PT_RC_REG regs[0]
 #define __PT_SP_REG sp
 #define __PT_IP_REG pc
+#define HAS_SYSCALL_WRAPPER
 
 #elif defined(bpf_target_mips)
 

We can then simply do:

#ifdef HAS_SYSCALL_WRAPPER
#define PT_REGS_SYSCALL_UNWRAP(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
#else
#define PT_REGS_SYSCALL_unwRAP(ctx) ((struct pt_regs *)(ctx))
#endif


Taking this a bit further, it would be nice if we can fold in progs/bpf_misc.h 
into bpf_traching.h by also including SYS_PREFIX.


- Naveen

Andrii Nakryiko Feb. 4, 2022, 6:15 p.m. UTC | #2

On Fri, Feb 4, 2022 at 8:46 AM Naveen N. Rao
<naveen.n.rao@linux.vnet.ibm.com> wrote:
>
> Ilya Leoshkevich wrote:
> > Some architectures pass a pointer to struct pt_regs to syscall
> > handlers, others unpack it into individual function parameters.
>
> I think that is just dependent on ARCH_HAS_SYSCALL_WRAPPER, so only x86,
> arm64 and s390 pass pointers to pt_regs to syscall entry points.
>
> > Introduce a macro to describe what a particular arch does, using
> > `passing pt_regs *` as a default.
> >
> > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> > ---
> >  tools/lib/bpf/bpf_tracing.h | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
> > index 30f0964f8c9e..08d2990c006f 100644
> > --- a/tools/lib/bpf/bpf_tracing.h
> > +++ b/tools/lib/bpf/bpf_tracing.h
> > @@ -334,6 +334,15 @@ struct pt_regs;
> >
> >  #endif /* defined(bpf_target_defined) */
> >
> > +/*
> > + * When invoked from a syscall handler kprobe, returns a pointer to a
> > + * struct pt_regs containing syscall arguments and suitable for passing to
> > + * PT_REGS_PARMn_SYSCALL() and PT_REGS_PARMn_CORE_SYSCALL().
> > + */
> > +#ifndef PT_REGS_SYSCALL_REGS
> > +#define PT_REGS_SYSCALL_REGS(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
> > +#endif
> > +
>
> I think that name is misleading if an architecture doesn't implement syscall
> wrappers, since you are simply getting access to the kprobe pt_regs, rather
> than the syscall pt_regs. This can perhaps be named PT_REGS_SYSCALL_UNWRAP() or
> such to make that clear.

UNWRAP implies that there is something to unwrap, always. In case of
s390x, for example, there is nothing to unwrap. So I think
PT_REGS_SYSCALL_REGS() makes more sense, it just fetches correct
pt_regs to work with to get syscall input arguments (and it might be
exactly the same pt_regs that are passed in).

I think in practice most users won't ever have to use this, as we'll
add BPF_KPROBE_SYSCALL() macro, similar to BPF_KPROBE that we have
now, but specific to syscall kprobe.

>
> Also, should this just be keyed off a simpler HAS_SYSCALL_WRAPPER or such,
> rather than the other way around?

I think the way Ilya did it is totally fine.

>
> diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
> index 032ba809f3e57a..c72f285578d3fc 100644
> --- a/tools/lib/bpf/bpf_tracing.h
> +++ b/tools/lib/bpf/bpf_tracing.h
> @@ -110,6 +110,8 @@
>
>  #endif /* __i386__ */
>
> +#define HAS_SYSCALL_WRAPPER
> +
>  #endif /* __KERNEL__ || __VMLINUX_H__ */
>
>  #elif defined(bpf_target_s390)
> @@ -126,6 +128,7 @@
>  #define __PT_RC_REG gprs[2]
>  #define __PT_SP_REG gprs[15]
>  #define __PT_IP_REG psw.addr
> +#define HAS_SYSCALL_WRAPPER
>
>  #elif defined(bpf_target_arm)
>
> @@ -154,6 +157,7 @@
>  #define __PT_RC_REG regs[0]
>  #define __PT_SP_REG sp
>  #define __PT_IP_REG pc
> +#define HAS_SYSCALL_WRAPPER
>
>  #elif defined(bpf_target_mips)
>
>
> We can then simply do:
>
> #ifdef HAS_SYSCALL_WRAPPER
> #define PT_REGS_SYSCALL_UNWRAP(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
> #else
> #define PT_REGS_SYSCALL_unwRAP(ctx) ((struct pt_regs *)(ctx))
> #endif
>
>
> Taking this a bit further, it would be nice if we can fold in progs/bpf_misc.h
> into bpf_traching.h by also including SYS_PREFIX.

As far as I know, SYS_PREFIX depends not just on architecture but also
on kernel version (older versions of x86-64 kernels didn't need that
prefix). For selftests, given they follow the latest version of kernel
it's ok to always append SYS_PREFIX, but generally speaking for user
BPF apps, they would need to be more careful and check whether they
need SYS_PREFIX or not. So I don't want to add SYS_PREFIX to
bpf_tracing.h because it's misleading.

>
>
> - Naveen
>

Naveen N. Rao Feb. 5, 2022, 7:04 a.m. UTC | #3

Andrii Nakryiko wrote:
> On Fri, Feb 4, 2022 at 8:46 AM Naveen N. Rao
> <naveen.n.rao@linux.vnet.ibm.com> wrote:
>>
>> Ilya Leoshkevich wrote:
>> > Some architectures pass a pointer to struct pt_regs to syscall
>> > handlers, others unpack it into individual function parameters.
>>
>> I think that is just dependent on ARCH_HAS_SYSCALL_WRAPPER, so only x86,
>> arm64 and s390 pass pointers to pt_regs to syscall entry points.
>>
>> > Introduce a macro to describe what a particular arch does, using
>> > `passing pt_regs *` as a default.
>> >
>> > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
>> > ---
>> >  tools/lib/bpf/bpf_tracing.h | 9 +++++++++
>> >  1 file changed, 9 insertions(+)
>> >
>> > diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
>> > index 30f0964f8c9e..08d2990c006f 100644
>> > --- a/tools/lib/bpf/bpf_tracing.h
>> > +++ b/tools/lib/bpf/bpf_tracing.h
>> > @@ -334,6 +334,15 @@ struct pt_regs;
>> >
>> >  #endif /* defined(bpf_target_defined) */
>> >
>> > +/*
>> > + * When invoked from a syscall handler kprobe, returns a pointer to a
>> > + * struct pt_regs containing syscall arguments and suitable for passing to
>> > + * PT_REGS_PARMn_SYSCALL() and PT_REGS_PARMn_CORE_SYSCALL().
>> > + */
>> > +#ifndef PT_REGS_SYSCALL_REGS
>> > +#define PT_REGS_SYSCALL_REGS(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
>> > +#endif
>> > +
>>
>> I think that name is misleading if an architecture doesn't implement syscall
>> wrappers, since you are simply getting access to the kprobe pt_regs, rather
>> than the syscall pt_regs. This can perhaps be named PT_REGS_SYSCALL_UNWRAP() or
>> such to make that clear.
> 
> UNWRAP implies that there is something to unwrap, always. In case of
> s390x, for example, there is nothing to unwrap. So I think
> PT_REGS_SYSCALL_REGS() makes more sense, it just fetches correct
> pt_regs to work with to get syscall input arguments (and it might be
> exactly the same pt_regs that are passed in).
> 
> I think in practice most users won't ever have to use this, as we'll
> add BPF_KPROBE_SYSCALL() macro, similar to BPF_KPROBE that we have
> now, but specific to syscall kprobe.

That will be very nice.

> 
>>
>> Also, should this just be keyed off a simpler HAS_SYSCALL_WRAPPER or such,
>> rather than the other way around?
> 
> I think the way Ilya did it is totally fine.
> 
>>
>> diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
>> index 032ba809f3e57a..c72f285578d3fc 100644
>> --- a/tools/lib/bpf/bpf_tracing.h
>> +++ b/tools/lib/bpf/bpf_tracing.h
>> @@ -110,6 +110,8 @@
>>
>>  #endif /* __i386__ */
>>
>> +#define HAS_SYSCALL_WRAPPER
>> +
>>  #endif /* __KERNEL__ || __VMLINUX_H__ */
>>
>>  #elif defined(bpf_target_s390)
>> @@ -126,6 +128,7 @@
>>  #define __PT_RC_REG gprs[2]
>>  #define __PT_SP_REG gprs[15]
>>  #define __PT_IP_REG psw.addr
>> +#define HAS_SYSCALL_WRAPPER
>>
>>  #elif defined(bpf_target_arm)
>>
>> @@ -154,6 +157,7 @@
>>  #define __PT_RC_REG regs[0]
>>  #define __PT_SP_REG sp
>>  #define __PT_IP_REG pc
>> +#define HAS_SYSCALL_WRAPPER
>>
>>  #elif defined(bpf_target_mips)
>>
>>
>> We can then simply do:
>>
>> #ifdef HAS_SYSCALL_WRAPPER
>> #define PT_REGS_SYSCALL_UNWRAP(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
>> #else
>> #define PT_REGS_SYSCALL_unwRAP(ctx) ((struct pt_regs *)(ctx))
>> #endif
>>
>>
>> Taking this a bit further, it would be nice if we can fold in progs/bpf_misc.h
>> into bpf_traching.h by also including SYS_PREFIX.
> 
> As far as I know, SYS_PREFIX depends not just on architecture but also
> on kernel version (older versions of x86-64 kernels didn't need that
> prefix). For selftests, given they follow the latest version of kernel
> it's ok to always append SYS_PREFIX, but generally speaking for user
> BPF apps, they would need to be more careful and check whether they
> need SYS_PREFIX or not. So I don't want to add SYS_PREFIX to
> bpf_tracing.h because it's misleading.

That makes sense, thanks.


- Naveen

diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
index 30f0964f8c9e..08d2990c006f 100644
--- a/tools/lib/bpf/bpf_tracing.h
+++ b/tools/lib/bpf/bpf_tracing.h
@@ -334,6 +334,15 @@  struct pt_regs;
 
 #endif /* defined(bpf_target_defined) */
 
+/*
+ * When invoked from a syscall handler kprobe, returns a pointer to a
+ * struct pt_regs containing syscall arguments and suitable for passing to
+ * PT_REGS_PARMn_SYSCALL() and PT_REGS_PARMn_CORE_SYSCALL().
+ */
+#ifndef PT_REGS_SYSCALL_REGS
+#define PT_REGS_SYSCALL_REGS(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx))
+#endif
+
 #ifndef ___bpf_concat
 #define ___bpf_concat(a, b) a ## b
 #endif

[bpf-next,v3,05/11] libbpf: Add PT_REGS_SYSCALL_REGS macro

Checks

Commit Message

Comments

Patch