Re: [BUG] perf trace: failed to load -E2BIG

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Cc-ing bpf list.

On Fri, Dec 06, 2024 at 11:03:19AM -0800, Howard Chu wrote:
> Forgot to mention clang-13 gave unbounded memory access too:
> 
> ffffffff,var_off=(0x0; 0xffffffff))
> R9=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> 0xffffffff))
> 90: (85) call bpf_probe_read_user#112
> R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
> processed 490 insns (limit 1000000) max_states_per_insn 2 total_states
> 23 peak_states 23 mark_read 15
> -- END PROG LOAD LOG --
> libbpf: prog 'sys_enter': failed to load: -13
> libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -13
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> Not enough memory to run!
> 
> Kernel:
> 
> perf $ uname -r
> 6.11.0-061100-generic
> 
> Thanks,
> Howard
> 
> On Fri, Dec 6, 2024 at 10:36 AM Howard Chu <howardchu95@xxxxxxxxx> wrote:
> >
> > Hi Qiao, Namhyung, and Arnaldo,
> >
> > Apologies. I observed the same issue and tested perf with trace BPF
> > skel generated by clang-13 to clang-18, turns out BPF skelw generated
> > by clang version <= clang-16 are not loadable, with clang-15 and -16
> > showing the same error as yours. Additionally, the BPF verifier is
> > running longer than usual to process the instructions.
> >
> > perf $ ./perf trace -e write --max-events=1
> > libbpf: prog 'sys_enter': BPF program load failed: Argument list too long
> > libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG --
> > 0: R1=ctx() R10=fp0
> > ; int sys_enter(struct syscall_enter_args *args) @
> > augmented_raw_syscalls.bpf.c:527
> > 0: (bf) r7 = r1                       ; R1=ctx() R7_w=ctx()
> > ; return bpf_get_current_pid_tgid(); @ augmented_raw_syscalls.bpf.c:423
> > ...
> > 140: (79) r7 = *(u64 *)(r10 -48)      ; R7_w=ctx() R10=fp0 fp-48=ctx()
> > 141: (79) r0 = *(u64 *)(r10 -56)
> > BPF program is too large. Processed 1000001 insn
> > processed 1000001 insns (limit 1000000) max_states_per_insn 28
> > total_states 37670 peak_states 330 mark_read 16
> > -- END PROG LOAD LOG --
> > libbpf: prog 'sys_enter': failed to load: -7
> > libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> > libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -7
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > Not enough memory to run!
> >
> > For clang-14 however, I encountered an unbounded memory access:
> >
> > perf $ ./perf trace -e write --max-events=1
> > libbpf: prog 'sys_enter': BPF program load failed: Permission denied
> > libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG --
> > 0: R1=ctx() R10=fp0
> > ; int sys_enter(struct syscall_enter_args *args) @
> > augmented_raw_syscalls.bpf.c:527
> > 0: (bf) r7 = r1                       ; R1=ctx() R7_w=ctx()
> > ; return bpf_get_current_pid_tgid(); @ augmented_raw_syscalls.bpf.c:423
> > 1: (85) call bpf_get_current_pid_tgid#14      ; R0_w=scalar()
> > 2: (63) *(u32 *)(r10 -4) = r0         ; R0_w=scalar() R10=fp0 fp-8=mmmm????
> > 88: (79) r1 = *(u64 *)(r10 -16)       ;
> > R1_w=map_value(map=beauty_payload_,ks=4,vs=24688,off=112) R10=fp0
> > fp-16=map_value(map=beauty_payload_,ks=4,vs=24688,off=112)
> > 89: (bf) r2 = r9                      ;
> > R2_w=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> > 0xffffffff)) R9=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> > 0xffffffff))
> > 90: (85) call bpf_probe_read_user#112
> > R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
> > processed 490 insns (limit 1000000) max_states_per_insn 2 total_states
> > 23 peak_states 23 mark_read 15
> > -- END PROG LOAD LOG --
> > libbpf: prog 'sys_enter': failed to load: -13
> > libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> > libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -13
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > Not enough memory to run!
> >
> > I thought I had tested them, but apparently I didn’t. My apologies
> > again, and fixes are on the way.
> >
> > Thanks,
> > Howard




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux