On Tue, 2022-02-01 at 11:36 -0800, Andrii Nakryiko wrote:
> +cc Ilya
>
>
> On Mon, Jan 24, 2022 at 9:05 PM Andrii Nakryiko
> <andrii.nakryiko@xxxxxxxxx> wrote:
> >
> > +cc Hengqi
> >
> > On Mon, Jan 24, 2022 at 6:20 AM Kenta Tada <Kenta.Tada@xxxxxxxx>
> > wrote:
> > >
> > > Add a selftest to verify the behavior of PT_REGS_xxx
> > > and the CORE variant.
> > >
> > > Signed-off-by: Kenta Tada <Kenta.Tada@xxxxxxxx>
> > > ---
> > > .../bpf/prog_tests/test_bpf_syscall_macro.c | 63
> > > ++++++++++++++++++
> > > .../selftests/bpf/progs/bpf_syscall_macro.c | 64
> > > +++++++++++++++++++
> > > 2 files changed, 127 insertions(+)
> > > create mode 100644
> > > tools/testing/selftests/bpf/prog_tests/test_bpf_syscall_macro.c
> > > create mode 100644
> > > tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > >
> >
> > [...]
> >
> > > diff --git
> > > a/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > > b/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > > new file mode 100644
> > > index 000000000000..cfeccd85f40e
> > > --- /dev/null
> > > +++ b/tools/testing/selftests/bpf/progs/bpf_syscall_macro.c
> > > @@ -0,0 +1,64 @@
> > > +// SPDX-License-Identifier: GPL-2.0
> > > +/* Copyright 2022 Sony Group Corporation */
> > > +#include <vmlinux.h>
> > > +
> > > +#include <bpf/bpf_core_read.h>
> > > +#include <bpf/bpf_helpers.h>
> > > +#include <bpf/bpf_tracing.h>
> > > +#include "bpf_misc.h"
> > > +
> > > +int arg1 = 0;
> > > +unsigned long arg2 = 0;
> > > +unsigned long arg3 = 0;
> > > +unsigned long arg4_cx = 0;
> > > +unsigned long arg4 = 0;
> > > +unsigned long arg5 = 0;
> > > +
> > > +int arg1_core = 0;
> > > +unsigned long arg2_core = 0;
> > > +unsigned long arg3_core = 0;
> > > +unsigned long arg4_core_cx = 0;
> > > +unsigned long arg4_core = 0;
> > > +unsigned long arg5_core = 0;
> > > +
> > > +const volatile pid_t filter_pid = 0;
> > > +
> > > +SEC("kprobe/" SYS_PREFIX "sys_prctl")
> > > +int BPF_KPROBE(handle_sys_prctl)
> > > +{
> > > + struct pt_regs *real_regs;
> > > + int orig_arg1;
> > > + unsigned long orig_arg2, orig_arg3, orig_arg4_cx,
> > > orig_arg4, orig_arg5;
> > > + pid_t pid = bpf_get_current_pid_tgid() >> 32;
> > > +
> > > + if (pid != filter_pid)
> > > + return 0;
> > > +
> > > + /* test for PT_REGS_PARM */
> > > + real_regs = (struct pt_regs *)PT_REGS_PARM1(ctx);
> > > + bpf_probe_read_kernel(&orig_arg1, sizeof(orig_arg1),
> > > &PT_REGS_PARM1_SYSCALL(real_regs));
> > > + bpf_probe_read_kernel(&orig_arg2, sizeof(orig_arg2),
> > > &PT_REGS_PARM2_SYSCALL(real_regs));
> > > + bpf_probe_read_kernel(&orig_arg3, sizeof(orig_arg3),
> > > &PT_REGS_PARM3_SYSCALL(real_regs));
> > > + bpf_probe_read_kernel(&orig_arg4_cx,
> > > sizeof(orig_arg4_cx), &PT_REGS_PARM4(real_regs));
> > > + bpf_probe_read_kernel(&orig_arg4, sizeof(orig_arg4),
> > > &PT_REGS_PARM4_SYSCALL(real_regs));
> > > + bpf_probe_read_kernel(&orig_arg5, sizeof(orig_arg5),
> > > &PT_REGS_PARM5_SYSCALL(real_regs));
> > > + /* copy all actual args and the wrong arg4 on x86_64 */
> > > + arg1 = orig_arg1;
> > > + arg2 = orig_arg2;
> > > + arg3 = orig_arg3;
> > > + arg4_cx = orig_arg4_cx;
> > > + arg4 = orig_arg4;
> > > + arg5 = orig_arg5;
> >
> > I don't get why you needed orig_argX variables and then copying
> > them
> > into argX variables. I changed this to read directly into argX. I
> > suspect arg1 handling might break on big-endian arches due to int
> > vs
> > long differences, please check that and send a follow up fix.
> >
> > Also keep in mind that selftest changes should come with
> > "selftests/bpf:" subject prefix, not "libbpf:". Fixed that up as
> > well.
> >
> > Applied to bpf-next, thanks.
>
> This selftest is failing on s390x (see [0]). Ilya, do you know if
> something special needs to be done for s390x for this case?
>
> Here are the two failures:
>
> test_bpf_syscall_macro:FAIL:syscall_arg1 unexpected syscall_arg1:
> actual -1 != expected 1001
> test_bpf_syscall_macro:FAIL:syscall_arg1_core_variant unexpected
> syscall_arg1_core_variant: actual -38 != expected 1001
>
> [0]
> https://github.com/libbpf/libbpf/runs/5025905587?check_suite_focus=true
>
I think we need to use orig_gpr2 for the first syscall argument
(see arch/s390/include/asm/syscall.h). I'll test it and send a patch.
>
