Hello all,
I was recently able to clear up some issues related to the interaction
between kallsyms generation and BTF generation, which was interfering with
using BTF with global variables in the kernel. I sent some patches[1] to
the kernel to enable global_var. After further testing, I see that enabling
global_var results in the following validation errors:
BPF: #011 type_id=23691 offset=435904 size=96
fbcon: Taking over console
BPF:
BPF: Invalid offset
BPF:
Thanks to Alan Maguire's quick debugging, we were able to find the root
cause. It turned out that several btf_var_secinfo entries had the exact
same offset (and name) as their predecessors. The reason was that these
entries corresponded to some variables are declared as "__weak" and then
overridden. For example:
// kernel/bpf/helpers.c
const struct bpf_func_proto bpf_get_current_task_proto __weak;
// kernel/trace/bpf_trace.c
const struct bpf_func_proto bpf_get_current_task_proto = {...
Both declarations appear in the DWARF as variable declarations, but it
seems that there is no way to find out which one of the declarations is
"__weak". (I checked this via llvm-dwarfdump). Overall, in a simple kernel
configuration, I found 47 btf_var_secinfo which had duplicated offsets. In
each case, both secinfos referred to distinct VARs, which had identical
names and types. All were due to the "__weak" symbol. We need to eliminate
these duplicates in order for the BTF to be validated by the kernel.
This patch series does the deduplication of the VAR and SECINFO in pahole,
by collecting the lists of variables for each ELF section, and then
outputting them all once the list is sorted by offset and duplicates are
identified. The libbpf btf__dedup() function does not deduplicate DATASEC
or VAR. It would probably be possible to implement this there, and I'm open
to feedback or suggestions regarding this. I implemented it in pahole
because I'm most familiar with that code, and because it seems to me like
it's reasonable for libbpf to expect that the input variable information is
already deduplicated.
I've gone ahead and tested this by building & booting a kernel with these
changes, and the kernel patch series at [1]. The result exhibited no BPF
varidation errors, and the drgn BTF branch[2] is working perfectly with it!
Thanks,
Stephen
[1]: https://lore.kernel.org/bpf/20250207012045.2129841-1-stephen.s.brennan@xxxxxxxxxx/
[2]: https://github.com/brenns10/drgn/commits/btf_2024
Stephen Brennan (3):
btf_encoder: move btf_encoder__add_decl_tag()
btf_encoder: postpone VARs until encoding DATASEC
btf_encoder: don't encode duplicate variables
btf_encoder.c | 234 ++++++++++++++++++++++++++++++++++++--------------
1 file changed, 168 insertions(+), 66 deletions(-)
--
2.43.5
