Re: [PATCH bpf-next v7 02/11] bpf: use last 8-bits for the nr_args in trampoline

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Menglong Dong <menglong.dong@linux.dev>
To: menglong8.dong@gmail.com, ast@kernel.org, andrii@kernel.org,
	bot+bpf-ci@kernel.org
Cc: daniel@iogearbox.net, martin.lau@linux.dev, eddyz87@gmail.com,
	song@kernel.org, yonghong.song@linux.dev,
	john.fastabend@gmail.com, kpsingh@kernel.org, sdf@fomichev.me,
	haoluo@google.com, jolsa@kernel.org, davem@davemloft.net,
	dsahern@kernel.org, tglx@linutronix.de, mingo@redhat.com,
	jiang.biao@linux.dev, bp@alien8.de, dave.hansen@linux.intel.com,
	x86@kernel.org, hpa@zytor.com, bpf@vger.kernel.org,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	ast@kernel.org, andrii@kernel.org, daniel@iogearbox.net,
	martin.lau@kernel.org, eddyz87@gmail.com,
	yonghong.song@linux.dev, clm@meta.com, ihor.solodrai@linux.dev
Subject: Re: [PATCH bpf-next v7 02/11] bpf: use last 8-bits for the nr_args in trampoline
Date: Wed, 07 Jan 2026 15:50:16 +0800	[thread overview]
Message-ID: <1945050.tdWV9SEqCh@7940hx> (raw)
In-Reply-To: <ff2e76afdc594cd27a0a08606ffdb0e36ef427dbd5ff0e64d2437a1ad36b96a2@mail.kernel.org>

On 2026/1/7 15:11 bot+bpf-ci@kernel.org write:
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index 6e076485bf70..6b58f9a4dc92 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
> 
> [ ... ]
> 
> > @@ -1194,7 +1194,7 @@ const struct bpf_func_proto bpf_get_branch_snapshot_proto = {
> >  BPF_CALL_3(get_func_arg, void *, ctx, u32, n, u64 *, value)
> >  {
> >  	/* This helper call is inlined by verifier. */
> > -	u64 nr_args = ((u64 *)ctx)[-1];
> > +	u64 nr_args = ((u64 *)ctx)[-1] & 0xFF;
> 
> [ ... ]
> 
> > @@ -1214,7 +1214,7 @@ static const struct bpf_func_proto bpf_get_func_arg_proto = {
> >  BPF_CALL_2(get_func_ret, void *, ctx, u64 *, value)
> >  {
> >  	/* This helper call is inlined by verifier. */
> > -	u64 nr_args = ((u64 *)ctx)[-1];
> > +	u64 nr_args = ((u64 *)ctx)[-1] & 0xFF;
> >
> >  	*value = ((u64 *)ctx)[nr_args];
> >  	return 0;
> 
> Both get_func_arg() and get_func_ret() are updated with the 0xFF mask, but
> should get_func_arg_cnt() also receive the same treatment?
> 
> Current code in get_func_arg_cnt():
> 
>     BPF_CALL_1(get_func_arg_cnt, void *, ctx)
>     {
>         /* This helper call is inlined by verifier. */
>         return ((u64 *)ctx)[-1];
>     }
> 
> The comment says "inlined by verifier", but the verifier only inlines this
> helper for BPF_PROG_TYPE_TRACING programs. For BPF_PROG_TYPE_LSM programs
> with BPF_LSM_MAC attachment type, bpf_prog_has_trampoline() returns true,
> allowing access to this helper via tracing_prog_func_proto(). However,
> do_misc_fixups() only inlines for BPF_PROG_TYPE_TRACING, so LSM programs
> would call this non-inlined fallback function.
> 
> If subsequent patches store metadata in the upper bits of ctx[-1], could
> LSM programs calling bpf_get_func_arg_cnt() receive incorrect values?
> 
> Later commits in this series (93d4641b9513 "bpf,x86: add fsession support
> for x86_64") do use the upper bits for BPF_TRAMP_M_IS_RETURN and
> BPF_TRAMP_M_COOKIE flags. This regression is not fixed in the series.

Ah, good point. I missed the modification of get_func_arg_cnt(). It should
be:

     BPF_CALL_1(get_func_arg_cnt, void *, ctx)
     {
         /* This helper call is inlined by verifier. */
         return ((u64 *)ctx)[-1] & 0XFF;
     }

I'll fix it in the next version.

Thanks!
Menglong Dong

> 
> 
> ---
> AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
> See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md
> 
> CI run summary: https://github.com/kernel-patches/bpf/actions/runs/20773233136
>

next prev parent reply	other threads:[~2026-01-07  7:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-07  6:43 [PATCH bpf-next v7 00/11] bpf: fsession support Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 01/11] bpf: add " Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 02/11] bpf: use last 8-bits for the nr_args in trampoline Menglong Dong
2026-01-07  7:11   ` bot+bpf-ci
2026-01-07  7:50     ` Menglong Dong [this message]
2026-01-07  6:43 ` [PATCH bpf-next v7 03/11] bpf: change prototype of bpf_session_{cookie,is_return} Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 04/11] bpf: support fsession for bpf_session_is_return Menglong Dong
2026-01-07  7:11   ` bot+bpf-ci
2026-01-07  7:45     ` Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 05/11] bpf: support fsession for bpf_session_cookie Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 06/11] bpf,x86: introduce emit_st_r0_imm64() for trampoline Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 07/11] bpf,x86: add fsession support for x86_64 Menglong Dong
2026-01-07  7:11   ` bot+bpf-ci
2026-01-07  7:55     ` Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 08/11] libbpf: add fsession support Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 09/11] selftests/bpf: add testcases for fsession Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 10/11] selftests/bpf: add testcases for fsession cookie Menglong Dong
2026-01-07  6:43 ` [PATCH bpf-next v7 11/11] selftests/bpf: test fsession mixed with fentry and fexit Menglong Dong
2026-01-07  6:59 ` [PATCH bpf-next v7 00/11] bpf: fsession support Menglong Dong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1945050.tdWV9SEqCh@7940hx \
    --to=menglong.dong@linux.dev \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bot+bpf-ci@kernel.org \
    --cc=bp@alien8.de \
    --cc=bpf@vger.kernel.org \
    --cc=clm@meta.com \
    --cc=daniel@iogearbox.net \
    --cc=dave.hansen@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=dsahern@kernel.org \
    --cc=eddyz87@gmail.com \
    --cc=haoluo@google.com \
    --cc=hpa@zytor.com \
    --cc=ihor.solodrai@linux.dev \
    --cc=jiang.biao@linux.dev \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=martin.lau@kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=menglong8.dong@gmail.com \
    --cc=mingo@redhat.com \
    --cc=netdev@vger.kernel.org \
    --cc=sdf@fomichev.me \
    --cc=song@kernel.org \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=yonghong.song@linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.