Hi all, I want to report a very strange issues I found. Specifically,
on latest master, I found that setting CONFIG_X86_X32_ABI=y causes some
fentry BPF hooks to be silently ignored. Most hooks still work fine,
but some do not, and the same function works fine as a kprobe. The
issue appears to be 100% reproducible for a given function hook.
I checked and verified that the hook is not hit according to the BPF
stats (kernel.bpf_stats_enabled=1), and I also didn't see the program
getting run when it should in gdb. As far as I can tell from gdb, the
trampoline code is still getting patched in, but the BPF program is not
later getting invoked.
The steps I used to reproduce are as follows:
- Checkout latest master. I tested with 75b607fab38d ("Merge tag
'sched_ext-for-6.12-rc2-fixes'").
- make localmodconfig or similar, enabling relevant BPF options for
trampolines and BTF. I can send the full config I used if that's
helpful, but I think most config options don't affect this.
- Set CONFIG_X86_X32_ABI=y
- Compile and boot the kernel and run the following bpftrace command:
bpftrace -e 'kfunc:acct_process { printf("acct_process called\n"); }'
- In another terminal, run some processes, which should normally cause
some output from this command. You should get no output.
Note that a similar command (bpftrace -e 'kfunc:acct_collect {
printf("acct_collect called\n"); }'), hooking a similar function called
in the same code path, still produces output, as does a kprobe of
acct_process (sudo bpftrace -e 'kprobe:acct_process {
printf("acct_process called\n"); }'). Also, with CONFIG_X86_X32_ABI=n,
the acct_process hook works correctly.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
