Hello, On Thu, Dec 22, 2022 at 5:17 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote: > > On 12/22/22 1:55 PM, Peter Zijlstra wrote: > > On Tue, Dec 20, 2022 at 02:01:43PM -0800, Namhyung Kim wrote: > >> When the BPF program calls bpf_cast_to_kern_ctx(), it assumes the program will > >> access perf sample data directly and call perf_prepare_sample() to make sure > >> the sample data is populated. > > > > I don't understand a word of this :/ What are you doing and why? > > Yeah, above commit message is too terse and unclear. Also, not following where > this assumption comes from; bpf_cast_to_kern_ctx() can be used elsewhere, too, > not just tracing. Recent example from CI side can be found [0]. Sorry about that. Let me rephrase it like below: With bpf_cast_to_kern_ctx(), BPF programs attached to a perf event can access perf sample data directly from the ctx. But the perf sample data is not fully prepared at this point, and some fields can have invalid uninitialized values. So it needs to call perf_prepare_sample() before calling the BPF overflow handler. But just calling perf_prepare_sample() can be costly when the BPF doesn't access the sample data. It's needed only if the BPF program uses the sample data. But it seems hard for the BPF verifier to detect if it'd access perf sample data. So I just checked if it calls the bpf_cast_to_kern_ctx() and assumed it does. Thanks, Namhyung
