Re: [PATCH bpf-next v5 09/10] libbpf: Fix accessing the first syscall argument on arm64

Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> · Tue, 8 Feb 2022 21:39:35 -0800

On Tue, Feb 8, 2022 at 6:18 PM Ilya Leoshkevich <iii@xxxxxxxxxxxxx> wrote:
>
> On arm64, the first syscall argument should be accessed via orig_x0
> (see arch/arm64/include/asm/syscall.h). Currently regs[0] is used
> instead, leading to bpf_syscall_macro test failure.
>
> orig_x0 cannot be added to struct user_pt_regs, since its layout is a
> part of the ABI. Therefore provide access to it only through
> PT_REGS_PARM1_CORE_SYSCALL() by using a struct pt_regs flavor.
>
> Reported-by: Heiko Carstens <hca@xxxxxxxxxxxxx>
> Signed-off-by: Ilya Leoshkevich <iii@xxxxxxxxxxxxx>
> ---
>  tools/lib/bpf/bpf_tracing.h | 10 ++++++++++
>  1 file changed, 10 insertions(+)
>
> diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h
> index f364f1f4710e..928f85f7961c 100644
> --- a/tools/lib/bpf/bpf_tracing.h
> +++ b/tools/lib/bpf/bpf_tracing.h
> @@ -142,8 +142,18 @@
>
>  #elif defined(bpf_target_arm64)
>
> +struct pt_regs___arm64 {
> +       unsigned long orig_x0;
> +} __attribute__((preserve_access_index));
> +

I just realized that this will probably break anyone who's using old
Clang to compile a non-CORE BPF program because preserve_access_index
attribute will be unknown.

But we don't have to use __attribute__((preserve_access_index)) here,
because we use BPF_CORE_READ() in those macro, which will make
accesses CO-RE-relocatable anyways. So I dropped
__attribute__((preserve_access_index)) for better backwards
compatibility.

>  /* arm64 provides struct user_pt_regs instead of struct pt_regs to userspace */
>  #define __PT_REGS_CAST(x) ((const struct user_pt_regs *)(x))
> +#define PT_REGS_PARM1_SYSCALL(x) ({ \
> +       _Pragma("GCC error \"PT_REGS_PARM1_SYSCALL() is not supported on arm64, use PT_REGS_PARM1_CORE_SYSCALL() instead\""); \
> +       0l; \
> +})

I shortened message to just "use PT_REGS_PARM1_CORE_SYSCALL() instead"
and made it into a single-liner

> +#define PT_REGS_PARM1_CORE_SYSCALL(x) \
> +       BPF_CORE_READ((const struct pt_regs___arm64 *)(x), orig_x0)

also made this into a single-liner

>  #define __PT_PARM1_REG regs[0]
>  #define __PT_PARM2_REG regs[1]
>  #define __PT_PARM3_REG regs[2]
> --
> 2.34.1
>