On Wed, Jan 15, 2025 at 6:16 AM Saket Kumar Bhaskar <skb99@xxxxxxxxxxxxx> wrote: > > On Tue, Jan 14, 2025 at 02:40:20PM -0800, Andrii Nakryiko wrote: > > On Sat, Jan 11, 2025 at 11:53 AM Saket Kumar Bhaskar > > <skb99@xxxxxxxxxxxxx> wrote: > > > > > > CCing Maddy and MPE > > > On Fri, Jan 10, 2025 at 02:29:42PM -0800, Andrii Nakryiko wrote: > > > > On Fri, Jan 10, 2025 at 2:49 AM Saket Kumar Bhaskar <skb99@xxxxxxxxxxxxx> wrote: > > > > > > > > > > On Thu, Nov 21, 2024 at 04:00:13PM -0800, Andrii Nakryiko wrote: > > > > > > On Wed, Nov 20, 2024 at 6:52 AM Saket Kumar Bhaskar <skb99@xxxxxxxxxxxxx> wrote: > > > > > > > > > > > > > > On Fri, Nov 08, 2024 at 10:43:54AM -0800, Andrii Nakryiko wrote: > > > > > > > > On Sun, Nov 3, 2024 at 9:00 PM Saket Kumar Bhaskar <skb99@xxxxxxxxxxxxx> wrote: > > > > > > > > > > > > > > > > > > Since commit 94746890202cf ("powerpc: Don't add __powerpc_ prefix to > > > > > > > > > syscall entry points") drops _powerpc prefix to syscall entry points, > > > > > > > > > even though powerpc now supports syscall wrapper, so /proc/kallsyms > > > > > > > > > have symbols for syscall entry without powerpc prefix(sys_*). > > > > > > > > > > > > > > > > > > For this reason, arch specific prefix for syscall functions in powerpc > > > > > > > > > is dropped. > > > > > > > > > > > > > > > > > > Signed-off-by: Saket Kumar Bhaskar <skb99@xxxxxxxxxxxxx> > > > > > > > > > --- > > > > > > > > > tools/lib/bpf/libbpf.c | 12 +++++++++--- > > > > > > > > > 1 file changed, 9 insertions(+), 3 deletions(-) > > > > > > > > > > > > > > > > > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > > > > > > > > > index 219facd0e66e..3a370fa37d8a 100644 > > > > > > > > > --- a/tools/lib/bpf/libbpf.c > > > > > > > > > +++ b/tools/lib/bpf/libbpf.c > > > > > > > > > @@ -11110,9 +11110,7 @@ static const char *arch_specific_syscall_pfx(void) > > > > > > > > > #elif defined(__riscv) > > > > > > > > > return "riscv"; > > > > > > > > > #elif defined(__powerpc__) > > > > > > > > > - return "powerpc"; > > > > > > > > > -#elif defined(__powerpc64__) > > > > > > > > > - return "powerpc64"; > > > > > > > > > + return ""; > > > > > > > > > #else > > > > > > > > > return NULL; > > > > > > > > > #endif > > > > > > > > > @@ -11127,7 +11125,11 @@ int probe_kern_syscall_wrapper(int token_fd) > > > > > > > > > if (!ksys_pfx) > > > > > > > > > return 0; > > > > > > > > > > > > > > > > > > +#if defined(__powerpc__) > > > > > > > > > + snprintf(syscall_name, sizeof(syscall_name), "sys_bpf"); > > > > > > > > > +#else > > > > > > > > > snprintf(syscall_name, sizeof(syscall_name), "__%s_sys_bpf", ksys_pfx); > > > > > > > > > +#endif > > > > > > > > > > > > > > > > The problem is that on older versions of kernel it will have this > > > > > > > > prefix, while on newer ones it won't. So to not break anything on old > > > > > > > > kernels, we'd need to do feature detection and pick whether to use > > > > > > > > prefix or not, right? > > > > > > > > > > > > > > > > So it seems like this change needs a bit more work. > > > > > > > > > > > > > > > > pw-bot: cr > > > > > > > > > > > > > > > Hi Andrii, > > > > > > > > > > > > > > IMO since both the patches 7e92e01b7245(powerpc: Provide syscall wrapper) > > > > > > > and 94746890202cf(powerpc: Don't add __powerpc_ prefix to syscall entry points) > > > > > > > went into the same kernel version v6.1-rc1, there won't me much kernel > > > > > > > versions that has only one of these patches. > > > > > > > > > > > > > > Also, to test more I tried this patch with ARCH_HAS_SYSCALL_WRAPPER disabled, > > > > > > > and it the test passed in this case too. > > > > > > > > > > > > > > > > > > > Keep in mind that libbpf is supposed to work across many kernel > > > > > > versions. So as long as there are powerpc (old) kernels that do use > > > > > > arch-specific prefix, we need to detect them and supply prefix when > > > > > > attaching ksyscall programs. > > > > > > > > > > > Hi Andrii, > > > > > > > > > > Sorry about the delayed response, I have started looking at this after > > > > > a vacation. > > > > > > > > > > There are unlikely to be any old kernels that use arch-specific prefix > > > > > as syscall wrapper support was added to powerpc in v6.1 and > > > > > commit 94746890202cf that dropped the prefix also went into the same > > > > > kernel release (v6.1-rc1). So, is it worth it support both sys_bpf and > > > > > __powerpc_sys_bpf cases? > > > > > > > > > > But yes, there can be a kernel without syscall wrapper but having the > > > > > sys_bpf symbol. So, how about identifying syscall wrapper enablement > > > > > with __se_sys_bpf instead: > > > > > > > > > > > > > > > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c > > > > > index 66173ddb5a2d..ff69a30cfe9b 100644 > > > > > --- a/tools/lib/bpf/libbpf.c > > > > > +++ b/tools/lib/bpf/libbpf.c > > > > > @@ -11163,11 +11163,15 @@ int probe_kern_syscall_wrapper(int token_fd) > > > > > char syscall_name[64]; > > > > > const char *ksys_pfx; > > > > > > > > > > +#if defined(__powerpc__) > > > > > + snprintf(syscall_name, sizeof(syscall_name), "__se_sys_bpf", ksys_pfx); > > > > > +#else > > > > > ksys_pfx = arch_specific_syscall_pfx(); > > > > > if (!ksys_pfx) > > > > > return 0; > > > > > > > > > > snprintf(syscall_name, sizeof(syscall_name), "__%s_sys_bpf", ksys_pfx); > > > > > +#endif > > > > > > > > > > if (determine_kprobe_perf_type() >= 0) { > > > > > int pfd; > > > > > @@ -11176,16 +11180,28 @@ int probe_kern_syscall_wrapper(int token_fd) > > > > > if (pfd >= 0) > > > > > close(pfd); > > > > > > > > > > +#if defined(__powerpc__) > > > > > return pfd >= 0 ? 1 : 0; > > > > > +#else > > > > > + return pfd >= 0 ? 1 : 0; > > > > > +#endif > > > > > } else { /* legacy mode */ > > > > > char probe_name[128]; > > > > > > > > > > gen_kprobe_legacy_event_name(probe_name, sizeof(probe_name), syscall_name, 0); > > > > > if (add_kprobe_event_legacy(probe_name, false, syscall_name, 0) < 0) > > > > > +#if defined(__powerpc__) > > > > > + return 1; > > > > > +#else > > > > > return 0; > > > > > +#endif > > > > > > > > > > (void)remove_kprobe_event_legacy(probe_name, false); > > > > > +#if defined(__powerpc__) > > > > > + return 0; > > > > > +#else > > > > > return 1; > > > > > +#endif > > > > > } > > > > > } > > > > > > > > > > Actually, all architectures could use this '__se_' prefix instead of > > > > > arch specific prefix to identify if syscall wrapper is enabled. > > > > > Separate way to handle powerpc case may not be needed. Will > > > > > wait for your inputs to send v2. > > > > > > > > the problem is that __se_sys_bpf is not traceable (it's a static > > > > function), so it seems like this won't work > > > > > > > > > > > > it's been a while, let me try to clarify my understanding of the > > > > issue. The problem is that powerpc is special in that when syscall > > > > wrapper is used, then, unlike all other architectures, they opted to > > > > not have arch-specific prefix for syscall wrappers, is that right? and > > > > that's why all the dancing you are trying to add. Am I right? > > > > > > > Yes, you got it right. For more details, you can refer to the > > > reasoning behind the change here: > > > https://github.com/torvalds/linux/commit/94746890202cf > > > > That was an unfortunate decision to deviate :( > > > > Alright, so where are we? We can't do __se_<syscall> approach, but we > > need to have some reliable way to determine whether powerpc uses > > syscall wrapper. Can you please summarize available options for > > powerpc? Sorry, it's been a while, so we need to re-page in all the > > context. > > > Hi Andrii, > > 1. On powerpc we are able to set kprobe on __se_sys_bpf, we are thinking to > use this to check if syscall wrapper is enabled. I'm not trying to be difficult, but what does guarantee that this is always the case. I'm looking at this: static long __se_sys##name(__MAP(x,__SC_LONG,__VA_ARGS__)) in arch/powerpc/include/asm/syscall_wrapper.h It's static, so it's up to the compiler to decide whether to inline this function or not. Once inlined, it's effectively not there. > > Snippet from kernel where syscall wrapper wasn't there for powerpc: > > # uname -r > 6.0.0 > > # cat kprobe_events > p:kprobes/p_kprobe2_user_events_osquery netlink_ack > r64:kprobes/r_kprobe_user_events_osquery audit_receive > p:kprobes/p_kprobe_user_events_osquery audit_receive > p:kprobes/my_probe __se_sys_bpf > > # cat trace > # tracer: nop > # > # entries-in-buffer/entries-written: 20/20 #P:64 > # > # _-----=> irqs-off/BH-disabled > # / _----=> need-resched > # | / _---=> hardirq/softirq > # || / _--=> preempt-depth > # ||| / _-=> migrate-disable > # |||| / delay > # TASK-PID CPU# ||||| TIMESTAMP FUNCTION > # | | | ||||| | | > test_progs-1971 [034] ..... 532.732614: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.732843: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733120: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733485: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733499: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733507: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733512: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733552: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733577: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733581: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733586: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733592: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733596: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733601: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733606: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733612: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733622: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733658: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.733740: my_probe: (sys_bpf+0xc/0x40) > test_progs-1971 [034] ..... 532.736043: my_probe: (sys_bpf+0xc/0x40) > > 2. The other is sys_bpf, but this symbol exists in both cases(kernel where syscall > wrapper is enabled and where it is disabled). > > Kernel with syscall wrapper not introduced in powerpc: > > # uname -r > 6.0.0 > > # cat /proc/kallsyms | grep sys_bpf > c000000000383630 t __sys_bpf > c0000000003844a0 T bpf_sys_bpf > c000000000384510 T kern_sys_bpf > c000000000384840 T sys_bpf > c000000000384840 T __se_sys_bpf > c000000001030c80 d bpf_sys_bpf_proto > c0000000014a8bf8 d __ksymtab_kern_sys_bpf > c0000000014eac1f r __kstrtab_kern_sys_bpf > c0000000014fa53b r __kstrtabns_kern_sys_bpf > c000000002151e90 d _eil_addr_sys_bpf > > Kernel with syscall wrapper introduced in powerpc: > > # uname -r > 6.13.0-rc6+ > > # cat /proc/kallsyms | grep sys_bpf > c0000000003d7750 t __sys_bpf > c0000000003d83ac T bpf_sys_bpf > c0000000003d8418 T kern_sys_bpf > c0000000003d8734 T sys_bpf > c000000001243328 d bpf_sys_bpf_proto > c0000000017776b0 r __ksymtab_kern_sys_bpf > c0000000021b7520 d _eil_addr_sys_bpf > > Thanks, > Saket > > > > > > Thanks, > > > Saket > > > > > > > > > > Thanks, > > > > > Saket > > > > > > > Thanks, > > > > > > > Saket > > > > > > > > > > > > > > > > > > if (determine_kprobe_perf_type() >= 0) { > > > > > > > > > int pfd; > > > > > > > > > @@ -11272,8 +11274,12 @@ struct bpf_link *bpf_program__attach_ksyscall(const struct bpf_program *prog, > > > > > > > > > * compiler does not know that we have an explicit conditional > > > > > > > > > * as well. > > > > > > > > > */ > > > > > > > > > +#if defined(__powerpc__) > > > > > > > > > + snprintf(func_name, sizeof(func_name), "sys_%s", syscall_name); > > > > > > > > > +#else > > > > > > > > > snprintf(func_name, sizeof(func_name), "__%s_sys_%s", > > > > > > > > > arch_specific_syscall_pfx() ? : "", syscall_name); > > > > > > > > > +#endif > > > > > > > > > } else { > > > > > > > > > snprintf(func_name, sizeof(func_name), "__se_sys_%s", syscall_name); > > > > > > > > > } > > > > > > > > > -- > > > > > > > > > 2.43.5 > > > > > > > > >