Re: [PATCH bpf-next v9 04/11] bpf: support fsession for bpf_session_is_return

[Menglong Dong <menglong.dong@linux.dev>]

On 2026/1/14 09:22 Andrii Nakryiko <andrii.nakryiko@gmail.com> write:
> On Sat, Jan 10, 2026 at 6:12 AM Menglong Dong <menglong8.dong@gmail.com> wrote:
> >
> > If fsession exists, we will use the bit (1 << BPF_TRAMP_M_IS_RETURN) in
> > ctx[-1] to store the "is_return" flag.
> >
> > The logic of bpf_session_is_return() for fsession is implemented in the
> > verifier by inline following code:
> >
> >   bool bpf_session_is_return(void *ctx)
> >   {
> >       return !!(((u64 *)ctx)[-1] & (1 << BPF_TRAMP_M_IS_RETURN));
> 
> this look unnecessarily scary :) !! part is unnecessary because
> non-zero integer will be converted to proper true(1)/false(0) by
> compiler. But I'd just rewrite it in arguably slightly simpler form
> that lays itself to assembly more directly:
> 
> return ((u64 *)ctx[-1] >> BPF_TRAMP_M_IS_RETURN) & 1;

Yeah, the C code in the comment is wrong and not corresponding
to the inline code. I'll update it in the next version.

> 
> >   }
> >
[......]
> >  };
> >
> > +#define BPF_TRAMP_M_NR_ARGS    0
> > +#define BPF_TRAMP_M_IS_RETURN  8
> 
> nit: What does "M" stand for? Macro? Mask? Menglong? ;) Some new
> convention, why?

Ah, I think it stand for Mask. I'm not good at naming, and
this word come to my mind when I want a prefix for the
case ;)

> 
> > +
> >  struct bpf_tramp_links {
> >         struct bpf_tramp_link *links[BPF_MAX_TRAMP_LINKS];
> >         int nr_links;
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index bfff3f84fd91..1b0292a03186 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -12374,6 +12374,7 @@ enum special_kfunc_type {
> >         KF_bpf_arena_alloc_pages,
> >         KF_bpf_arena_free_pages,
> >         KF_bpf_arena_reserve_pages,
> > +       KF_bpf_session_is_return,
> >  };
> >
> >  BTF_ID_LIST(special_kfunc_list)
> > @@ -12451,6 +12452,7 @@ BTF_ID(func, bpf_task_work_schedule_resume_impl)
> >  BTF_ID(func, bpf_arena_alloc_pages)
> >  BTF_ID(func, bpf_arena_free_pages)
> >  BTF_ID(func, bpf_arena_reserve_pages)
> > +BTF_ID(func, bpf_session_is_return)
> >
> >  static bool is_task_work_add_kfunc(u32 func_id)
> >  {
> > @@ -12505,7 +12507,8 @@ get_kfunc_ptr_arg_type(struct bpf_verifier_env *env,
> >         struct bpf_reg_state *reg = &regs[regno];
> >         bool arg_mem_size = false;
> >
> > -       if (meta->func_id == special_kfunc_list[KF_bpf_cast_to_kern_ctx])
> > +       if (meta->func_id == special_kfunc_list[KF_bpf_cast_to_kern_ctx] ||
> > +           meta->func_id == special_kfunc_list[KF_bpf_session_is_return])
> >                 return KF_ARG_PTR_TO_CTX;
> >
> >         if (argno + 1 < nargs &&
> > @@ -22558,6 +22561,16 @@ static int fixup_kfunc_call(struct bpf_verifier_env *env, struct bpf_insn *insn,
> >                    desc->func_id == special_kfunc_list[KF_bpf_rdonly_cast]) {
> >                 insn_buf[0] = BPF_MOV64_REG(BPF_REG_0, BPF_REG_1);
> >                 *cnt = 1;
> > +       } else if (desc->func_id == special_kfunc_list[KF_bpf_session_is_return] &&
> > +                  env->prog->expected_attach_type == BPF_TRACE_FSESSION) {
> > +               /* implement and inline the bpf_session_is_return() for
> 
> nit: comment style

ACK

> 
> > +                * fsession, and the logic is:
> > +                *   return !!(((u64 *)ctx)[-1] & (1 << BPF_TRAMP_M_IS_RETURN))
> > +                */
> > +               insn_buf[0] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, -8);
> > +               insn_buf[1] = BPF_ALU64_IMM(BPF_RSH, BPF_REG_0, BPF_TRAMP_M_IS_RETURN);
> > +               insn_buf[2] = BPF_ALU64_IMM(BPF_AND, BPF_REG_0, 1);
> 
> lol, your assembly is simpler than that C expression above, let's keep
> C close to what you actually are doing in assembler

ACK

> 
> > +               *cnt = 3;
> >         }
> >
> >         if (env->insn_aux_data[insn_idx].arg_prog) {
> > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> > index 297dcafb2c55..1fe508d451b7 100644
> > --- a/kernel/trace/bpf_trace.c
> > +++ b/kernel/trace/bpf_trace.c
> > @@ -3334,34 +3334,40 @@ __bpf_kfunc __u64 *bpf_session_cookie(void *ctx)
> >
> >  __bpf_kfunc_end_defs();
> >
> > -BTF_KFUNCS_START(kprobe_multi_kfunc_set_ids)
> > +BTF_KFUNCS_START(session_kfunc_set_ids)
> >  BTF_ID_FLAGS(func, bpf_session_is_return)
> >  BTF_ID_FLAGS(func, bpf_session_cookie)
> > -BTF_KFUNCS_END(kprobe_multi_kfunc_set_ids)
> > +BTF_KFUNCS_END(session_kfunc_set_ids)
> >
> > -static int bpf_kprobe_multi_filter(const struct bpf_prog *prog, u32 kfunc_id)
> > +static int bpf_session_filter(const struct bpf_prog *prog, u32 kfunc_id)
> >  {
> > -       if (!btf_id_set8_contains(&kprobe_multi_kfunc_set_ids, kfunc_id))
> > +       if (!btf_id_set8_contains(&session_kfunc_set_ids, kfunc_id))
> >                 return 0;
> >
> > -       if (!is_kprobe_session(prog) && !is_uprobe_session(prog))
> > +       if (!is_kprobe_session(prog) && !is_uprobe_session(prog) &&
> > +           prog->expected_attach_type != BPF_TRACE_FSESSION)
> 
> check both expected_attach_type *and* prog_type, please (and I think
> it would be good to check prog type for kprobe_session and
> uprobe_session as well, because now it's not guaranteed that program
> will be of BPF_PROG_TYPE_KPROBE

OK, it make sense. I'll check the prog_type for all of them.

Thanks!
Menglong Dong

> 
> 
> >                 return -EACCES;
> >
> >         return 0;
> >  }
> >
> > -static const struct btf_kfunc_id_set bpf_kprobe_multi_kfunc_set = {
> > +static const struct btf_kfunc_id_set bpf_session_kfunc_set = {
> >         .owner = THIS_MODULE,
> > -       .set = &kprobe_multi_kfunc_set_ids,
> > -       .filter = bpf_kprobe_multi_filter,
> > +       .set = &session_kfunc_set_ids,
> > +       .filter = bpf_session_filter,
> >  };
> >
> > -static int __init bpf_kprobe_multi_kfuncs_init(void)
> > +static int __init bpf_trace_kfuncs_init(void)
> >  {
> > -       return register_btf_kfunc_id_set(BPF_PROG_TYPE_KPROBE, &bpf_kprobe_multi_kfunc_set);
> > +       int err = 0;
> > +
> > +       err = err ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_KPROBE, &bpf_session_kfunc_set);
> > +       err = err ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_TRACING, &bpf_session_kfunc_set);
> > +
> > +       return err;
> >  }
> >
> > -late_initcall(bpf_kprobe_multi_kfuncs_init);
> > +late_initcall(bpf_trace_kfuncs_init);
> >
> >  typedef int (*copy_fn_t)(void *dst, const void *src, u32 size, struct task_struct *tsk);
> >
> > --
> > 2.52.0
> >
>