On Sun, Jan 05, 2025 at 03:29:08PM +0800, Levi Zim wrote:
[...]
> > > I think there's some problem with this backport.
> > >
> > > My eBPF program fails to load due to this backport with a "BPF program is
> > > too large." error. But it could successfully load on 6.13-rc5 and a kernel
> > > built directly from 41f6f64e6999 ("bpf: support non-r10 register spill/fill
> > > to/from stack in precision tracking").
> > Can confirm. I think it's probably because missed opportunity of state
> > pruning without patches from the same series[1].
>
> Hi Shung-Hsi,
>
> Given that 41f6f64e6999 is the first commit from that series and my program
> can successfully load
> on a kernel directly built from upstream commit 41f6f64e6999.
>
> I think it is unlikely that it is caused by missing patches from the same
> series.
Ah, I missed that you tested at 41f6f64e6999 as well. However I think
there's still a decent chance that the missing dependency is from the
same series.
The reason is that I tried cherry-picking 41f6f64e6999 it directly on
top of v6.6 (ffc253263a13), and there the eBPF program in your
reproducer loads fine. It was since ff4d6006870f (~v6.6.22), backport of
commit e9a8e5a587ca ("bpf: check bpf_func_state->callback_depth when
pruning states"), does cherry-picking 41f6f64e6999 cause the eBPF
program to fail to load. Which kind of make sense, with state pruning
restricted, the verifier would have to traverse more states and likely
to hit the 1 million instruction limit.
So my guess is we need some patch(es) between 41f6f64e6999 and
e9a8e5a587ca that helps with state pruning:
ab125ed3ec1c bpf: fix check for attempt to corrupt spilled pointer
eaf18febd6eb bpf: preserve STACK_ZERO slots on partial reg spills
e322f0bcb8d3 bpf: preserve constant zero when doing partial register restore
18a433b62061 bpf: track aligned STACK_ZERO cases as imprecise spilled registers
8062fb12de99 bpf: consistently use BPF token throughout BPF verifier logic
a833a17aeac7 bpf: Fix verification of indirect var-off stack access
1d38a9ee8157 bpf: Guard stack limits against 32bit overflow
6b4a64bafd10 bpf: Fix accesses to uninit stack slots
2929bfac006d bpf: Minor cleanup around stack bounds
482d548d40b0 bpf: handle fake register spill to stack with BPF_ST_MEM instruction
1a1ad782dcbb bpf: tidy up exception callback management a bit
56c26d5ad86d bpf: Remove unused backtrack_state helper functions
745e03113065 bpf: Comment on check_mem_size_reg
8e432e6197ce bpf: Ensure precise is reset to false in __mark_reg_const_zero()
d17aff807f84 Revert BPF token-related functionality
d028f87517d6 bpf: make the verifier tracks the "not equal" for regs
4ba1d0f23414 bpf: abstract away global subprog arg preparation logic from reg state setup
5eccd2db42d7 bpf: reuse btf_prepare_func_args() check for main program BTF validation
e26080d0da87 bpf: prepare btf_prepare_func_args() for handling static subprogs
c5a7244759b1 bpf: move subprog call logic back to verifier.c
f18c3d88deed bpf: reuse subprog argument parsing logic for subprog call checks
94e1c70a3452 bpf: support 'arg:xxx' btf_decl_tag-based hints for global subprog args
a64bfe618665 bpf: add support for passing dynptr pointer to global subprog
5abde6246522 bpf: Avoid unnecessary use of comma operator in verifier
8a021e7fa105 bpf: Simplify checking size of helper accesses
c39aa3b289e9 bpf: Allow per unit prefill for non-fix-size percpu memory allocator
5c1a37653260 bpf: Limit up to 512 bytes for bpf_global_percpu_ma allocation
19bfcdf9498a bpf: Relax tracing prog recursive attach rules
22c7fa171a02 bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS
11f522256e90 bpf: Fix warning for bpf_cpumask in verifier
I'll further test them out.
> Probably there are some dependent patches for 41f6f64e6999 not present in
> LTS 6.6 but present in v6.8.x
> where 41f6f64e6999 comes from.
>
> > Given it's a regression, I'll sent a revert patch and try to figure out
> > the rest later.
> Thanks!
>
> Levi
[...]
> > > To reproduce, run ./tracexec ebpf log -- /bin/ls
> > >
> > > Prebuilt binary: https://github.com/kxxt/tracexec/releases/download/v0.8.0/tracexec-x86_64-unknown-linux-gnu-static.tar.gz
> > > Source code: https://github.com/kxxt/tracexec/
> > >
> > > Best regards,
> > > Levi
> > [...]
