Re: [PATCH v5 3/3] libbpf: Add a test to confirm PT_REGS_PARM4_SYSCALL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+cc Ilya


On Mon, Jan 24, 2022 at 9:05 PM Andrii Nakryiko
<andrii.nakryiko@xxxxxxxxx> wrote:
>
> +cc Hengqi
>
> On Mon, Jan 24, 2022 at 6:20 AM Kenta Tada <Kenta.Tada@xxxxxxxx> wrote:
> >
> > Add a selftest to verify the behavior of PT_REGS_xxx
> > and the CORE variant.
> >
> > Signed-off-by: Kenta Tada <Kenta.Tada@xxxxxxxx>
> > ---
> >  .../bpf/prog_tests/test_bpf_syscall_macro.c   | 63 ++++++++++++++++++
> >  .../selftests/bpf/progs/bpf_syscall_macro.c   | 64 +++++++++++++++++++
> >  2 files changed, 127 insertions(+)
> >  create mode 100644 tools/testing/selftests/bpf/prog_tests/test_bpf_syscall_macro.c
> >  create mode 100644 tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> >
>
> [...]
>
> > diff --git a/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c b/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > new file mode 100644
> > index 000000000000..cfeccd85f40e
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > @@ -0,0 +1,64 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright 2022 Sony Group Corporation */
> > +#include <vmlinux.h>
> > +
> > +#include <bpf/bpf_core_read.h>
> > +#include <bpf/bpf_helpers.h>
> > +#include <bpf/bpf_tracing.h>
> > +#include "bpf_misc.h"
> > +
> > +int arg1 = 0;
> > +unsigned long arg2 = 0;
> > +unsigned long arg3 = 0;
> > +unsigned long arg4_cx = 0;
> > +unsigned long arg4 = 0;
> > +unsigned long arg5 = 0;
> > +
> > +int arg1_core = 0;
> > +unsigned long arg2_core = 0;
> > +unsigned long arg3_core = 0;
> > +unsigned long arg4_core_cx = 0;
> > +unsigned long arg4_core = 0;
> > +unsigned long arg5_core = 0;
> > +
> > +const volatile pid_t filter_pid = 0;
> > +
> > +SEC("kprobe/" SYS_PREFIX "sys_prctl")
> > +int BPF_KPROBE(handle_sys_prctl)
> > +{
> > +       struct pt_regs *real_regs;
> > +       int orig_arg1;
> > +       unsigned long orig_arg2, orig_arg3, orig_arg4_cx, orig_arg4, orig_arg5;
> > +       pid_t pid = bpf_get_current_pid_tgid() >> 32;
> > +
> > +       if (pid != filter_pid)
> > +               return 0;
> > +
> > +       /* test for PT_REGS_PARM */
> > +       real_regs = (struct pt_regs *)PT_REGS_PARM1(ctx);
> > +       bpf_probe_read_kernel(&orig_arg1, sizeof(orig_arg1), &PT_REGS_PARM1_SYSCALL(real_regs));
> > +       bpf_probe_read_kernel(&orig_arg2, sizeof(orig_arg2), &PT_REGS_PARM2_SYSCALL(real_regs));
> > +       bpf_probe_read_kernel(&orig_arg3, sizeof(orig_arg3), &PT_REGS_PARM3_SYSCALL(real_regs));
> > +       bpf_probe_read_kernel(&orig_arg4_cx, sizeof(orig_arg4_cx), &PT_REGS_PARM4(real_regs));
> > +       bpf_probe_read_kernel(&orig_arg4, sizeof(orig_arg4), &PT_REGS_PARM4_SYSCALL(real_regs));
> > +       bpf_probe_read_kernel(&orig_arg5, sizeof(orig_arg5), &PT_REGS_PARM5_SYSCALL(real_regs));
> > +       /* copy all actual args and the wrong arg4 on x86_64 */
> > +       arg1 = orig_arg1;
> > +       arg2 = orig_arg2;
> > +       arg3 = orig_arg3;
> > +       arg4_cx = orig_arg4_cx;
> > +       arg4 = orig_arg4;
> > +       arg5 = orig_arg5;
>
> I don't get why you needed orig_argX variables and then copying them
> into argX variables. I changed this to read directly into argX. I
> suspect arg1 handling might break on big-endian arches due to int vs
> long differences, please check that and send a follow up fix.
>
> Also keep in mind that selftest changes should come with
> "selftests/bpf:" subject prefix, not "libbpf:". Fixed that up as well.
>
> Applied to bpf-next, thanks.

This selftest is failing on s390x (see [0]). Ilya, do you know if
something special needs to be done for s390x for this case?

Here are the two failures:

test_bpf_syscall_macro:FAIL:syscall_arg1 unexpected syscall_arg1:
actual -1 != expected 1001
test_bpf_syscall_macro:FAIL:syscall_arg1_core_variant unexpected
syscall_arg1_core_variant: actual -38 != expected 1001

  [0] https://github.com/libbpf/libbpf/runs/5025905587?check_suite_focus=true

>
> Hopefully Hengqi will build his SYSCALL prog wrapper macros on top of
> this as a follow up as well.
>
> > +
> > +       /* test for the CORE variant of PT_REGS_PARM */
> > +       arg1_core = PT_REGS_PARM1_CORE_SYSCALL(real_regs);
> > +       arg2_core = PT_REGS_PARM2_CORE_SYSCALL(real_regs);
> > +       arg3_core = PT_REGS_PARM3_CORE_SYSCALL(real_regs);
> > +       arg4_core_cx = PT_REGS_PARM4_CORE(real_regs);
> > +       arg4_core = PT_REGS_PARM4_CORE_SYSCALL(real_regs);
> > +       arg5_core = PT_REGS_PARM5_CORE_SYSCALL(real_regs);
> > +
> > +       return 0;
> > +}
> > +
> > +char _license[] SEC("license") = "GPL";
> > --
> > 2.32.0
> >
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux