On Mon, May 30, 2022 at 10:03:10AM +0900, Masami Hiramatsu wrote: > (Cc: BPF ML) > > On Wed, 25 May 2022 13:17:30 +0100 > Mark Rutland <mark.rutland@xxxxxxx> wrote: > > > On Thu, May 12, 2022 at 09:02:31PM +0900, Masami Hiramatsu wrote: > > > On Wed, 11 May 2022 11:12:07 -0400 > > > Steven Rostedt <rostedt@xxxxxxxxxxx> wrote: > > > > > > > On Wed, 11 May 2022 23:34:50 +0900 > > > > Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote: > > > > > > > > > OK, so fregs::regs will have a subset of pt_regs, and accessibility of > > > > > the registers depends on the architecture. If we can have a checker like > > > > > > > > > > ftrace_regs_exist(fregs, reg_offset) > > > > > > > > Or something. I'd have to see the use case. > > > > > > > > > > > > > > kprobe on ftrace or fprobe user (BPF) can filter user's requests. > > > > > I think I can introduce a flag for kprobes so that user can make a > > > > > kprobe handler only using a subset of registers. > > > > > Maybe similar filter code is also needed for BPF 'user space' library > > > > > because this check must be done when compiling BPF. > > > > > > > > Is there any other case without full regs that the user would want anything > > > > other than the args, stack pointer and instruction pointer? > > > > > > For the kprobes APIs/events, yes, it needs to access to the registers > > > which is used for local variables when probing inside the function body. > > > However at the function entry, I think almost no use case. (BTW, pstate > > > is a bit special, that may show the actual processor-level status > > > (context), so for the debugging, user might want to read it.) > > > > As before, if we really need PSTATE we *must* take an exception to get a > > reliable snapshot (or to alter the value). So I'd really like to split this > > into two cases: > > > > * Where users *really* need PSTATE (or arbitrary GPRs), they use kprobes. That > > always takes an exception and they can have a complete, real struct pt_regs. > > > > * Where users just need to capture a function call boundary, they use ftrace. > > That uses a trampoline without taking an exception, and they get the minimal > > set of registers relevant to the function call boundary (which does not > > include PSTATE or most GPRs). > > I totally agree with this idea. The x86 is a special case, since the > -fentry option puts a call on the first instruction of the function entry, > I had to reuse the ftrace instead of swbp for kprobes. > But on arm64 (and other RISCs), we can use them properly. > > My concern is that the eBPF depends on kprobe (pt_regs) interface, thus > I need to ask them that it is OK to not accessable to some part of > pt_regs (especially, PSTATE) if they puts probes on function entry > with ftrace (fprobe in this case.) > > (Jiri and BPF developers) > Currently fprobe is only enabled on x86 for "multiple kprobes" BPF > interface, but in the future, it will be enabled on arm64. And at > that point, it will be only accessible to the regs for function > arguments. Is that OK for your use case? And will the BPF compiler I guess from practical POV registers for arguments and ip should be enough, but whole pt_regs was already exposed to programs, so people can already use any of them.. not sure it's good idea to restrict it > be able to restrict the user program to access only those registers > when using the "multiple kprobes"? pt-regs pointer is provided to kprobe programs, I guess we could provide copy of that with just available values jirka
