On Wed, Sep 23, 2020 at 06:46:28PM +0100, Alan Maguire wrote:
> Add a test verifying iterating over tasks and displaying BTF
> representation of data succeeds. Note here that we do not display
> the task_struct itself, as it will overflow the PAGE_SIZE limit on seq
> data; instead we write task->fs (a struct fs_struct).
Yeah. I've tried to print task_struct before reading above comment and
it took me long time to figure out what 'read failed: Argument list too long' means.
How can we improve usability of this helper?
We can bump:
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -88,8 +88,8 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
mutex_lock(&seq->lock);
if (!seq->buf) {
- seq->size = PAGE_SIZE;
+ seq->size = PAGE_SIZE * 32;
to whatever number, but printing single task_struct needs ~800 lines and
~18kbytes. Humans can scroll through that much spam, but can we make it less
verbose by default somehow?
May be not in this patch set, but in the follow up?
> +SEC("iter/task")
> +int dump_task_fs_struct(struct bpf_iter__task *ctx)
> +{
> + static const char fs_type[] = "struct fs_struct";
> + struct seq_file *seq = ctx->meta->seq;
> + struct task_struct *task = ctx->task;
> + struct fs_struct *fs = (void *)0;
> + static struct btf_ptr ptr = { };
> + long ret;
> +
> + if (task)
> + fs = task->fs;
> +
> + ptr.type = fs_type;
> + ptr.ptr = fs;
imo the following is better:
ptr.type_id = __builtin_btf_type_id(*fs, 1);
ptr.ptr = fs;
> +
> + if (ctx->meta->seq_num == 0)
> + BPF_SEQ_PRINTF(seq, "Raw BTF fs_struct per task\n");
> +
> + ret = bpf_seq_printf_btf(seq, &ptr, sizeof(ptr), 0);
> + switch (ret) {
> + case 0:
> + tasks++;
> + break;
> + case -ERANGE:
> + /* NULL task or task->fs, don't count it as an error. */
> + break;
> + default:
> + seq_err = ret;
> + break;
> + }
Please add handling of E2BIG to this switch. Otherwise
printing large amount of tiny structs will overflow PAGE_SIZE and E2BIG
will be send to user space.
Like this:
@@ -40,6 +40,8 @@ int dump_task_fs_struct(struct bpf_iter__task *ctx)
case -ERANGE:
/* NULL task or task->fs, don't count it as an error. */
break;
+ case -E2BIG:
+ return 1;
Also please change bpf_seq_read() like this:
diff --git a/kernel/bpf/bpf_iter.c b/kernel/bpf/bpf_iter.c
index 30833bbf3019..8f10e30ea0b0 100644
--- a/kernel/bpf/bpf_iter.c
+++ b/kernel/bpf/bpf_iter.c
@@ -88,8 +88,8 @@ static ssize_t bpf_seq_read(struct file *file, char __user *buf, size_t size,
mutex_lock(&seq->lock);
if (!seq->buf) {
- seq->size = PAGE_SIZE;
- seq->buf = kmalloc(seq->size, GFP_KERNEL);
+ seq->size = PAGE_SIZE << 3;
+ seq->buf = kvmalloc(seq->size, GFP_KERNEL);
So users can print task_struct by default.
Hopefully we will figure out how to deal with spam later.
