On 2025-01-28 07:09, Andrii Nakryiko wrote:
On Mon, Jan 27, 2025 at 2:54 PM Andrei Matei <andreimatei1@xxxxxxxxx> wrote:
On Mon, Jan 27, 2025 at 5:04 PM Alexei Starovoitov
<alexei.starovoitov@xxxxxxxxx> wrote:
On Sat, Jan 25, 2025 at 5:05 PM Levi Zim <rsworktech@xxxxxxxxxxx> wrote:
On 2025/1/26 00:58, Alexei Starovoitov wrote:
> On Sat, Jan 25, 2025 at 12:30 AM Levi Zim via B4 Relay
> <devnull+rsworktech.outlook.com@xxxxxxxxxx> wrote:
>> From: Levi Zim <rsworktech@xxxxxxxxxxx>
>>
>> This patch add a helper function bpf_probe_read_kernel_dynptr:
>>
>> long bpf_probe_read_kernel_dynptr(const struct bpf_dynptr *dst,
>> u32 offset, u32 size, const void *unsafe_ptr, u64 flags);
> We stopped adding helpers years ago.
> Only new kfuncs are allowed.
Sorry, I didn't know that. Just asking, is there any
documentation/discussion
about stopping adding helpers?
I will switch the implementation to kfuncs in v3.
> This particular one doesn't look useful as-is.
> The same logic can be expressed with
> - create dynptr
> - dynptr_slice
> - copy_from_kernel
By copy_from_kernel I assume you mean bpf_probe_read_kernel. The problem
with dynptr_slice_rdwr and probe_read_kernel is that they only support a
compile-time constant size [1].
But in order to best utilize the space on a BPF ringbuf, it is possible
to reserve a
variable length of space as dynptr on a ringbuf with
bpf_ringbuf_reserve_dynptr.
For our uprobes, we've run into similar issues around doing variable-sized
bpf_probe_read_user() into ring buffers for our debugger [1]. Our use case
is that we generate uprobes that recursively read data structures until we
fill up a buffer. The verifier's insistence on knowing statically that a read
fits into the buffer makes for awkward code, and makes it hard to pack the
buffer fully; we have to split our reads into a couple of static size classes.
Any chance there'd be interest in taking the opportunity to support
dynamically-sized reads from userspace too? :)
That's bpf_probe_read_user_dynptr() from patch #2, no?
But generally speaking, here's a list of new APIs that we'd need to
cover all existing fixed buffer versions:
- non-sleepable probe reads:
bpf_probe_read_kernel_dynptr()
bpf_probe_read_user_dynptr()
bpf_probe_read_kernel_str_dynptr()
I think the _str_dynptr versions are probably not worth adding.
For example, when we use probe_read_kernel_str, the length of the str is
usually
not known and we usually allocate a fixed size buffer for it. If we do
know the
length of the str beforehand, we can just use probe_read_kernel_dynptr.
bpf_probe_read_user_str_dynptr()
- sleepable probe reads (copy_from_user):
bpf_copy_from_user_dynptr()
bpf_copy_from_user_str_dynptr()
- and then we have complementary task-based APIs for non-current process:
bpf_probe_read_user_task_dynptr()
bpf_probe_read_user_str_task_dynptr()
bpf_copy_from_user_task_dynptr()
bpf_copy_from_user_str_task_dynptr()
Jordan is working on non-dynptr version of
bpf_copy_from_user_str_task(), once he's done with that, we'll add
dynptr version, probably.
[1] https://side-eye.io
That makes sense. The commit log didn't call it out.
Please spell out the motivation clearly.
Also why bpf_probe_read_kernel_common ?
Do we need to memset() it on failure?
