From: Kris Van Hees <kris.van.hees@oracle.com>
To: eugene.loh@oracle.com
Cc: dtrace@lists.linux.dev, dtrace-devel@oss.oracle.com
Subject: Re: [PATCH v2] Fix trampoline use of BPF stack for scratch
Date: Wed, 26 Feb 2025 11:57:36 -0500 [thread overview]
Message-ID: <Z79IAPl+30g4d3Nc@oracle.com> (raw)
In-Reply-To: <20250116231414.32553-1-eugene.loh@oracle.com>
On Thu, Jan 16, 2025 at 06:14:14PM -0500, eugene.loh@oracle.com wrote:
> From: Eugene Loh <eugene.loh@oracle.com>
>
> The trampoline starts by setting %r9 = %fp + -DCTX_SIZE -- that is,
> %r9 = %fp - 88. Then, it fills the BPF stack from %fp-88 to %fp with
> the various dctx-> pointers. Calls to clauses will reset %fp.
>
> The proc provider's trampoline was using the BPF stack for scratch
> space for the exit and signal-handle probes. Specifically, it used
> %fp + DT_STK_SPILL(0), which overwrites a dctx-> pointer.
>
> Switch to DT_TRAMP_SP_SLOT(0), which is intended for this purpose.
>
> Signed-off-by: Eugene Loh <eugene.loh@oracle.com>
Reviewed-by: Kris Van Hees <kris.van.hees@oracle.com>
> ---
> libdtrace/dt_prov_proc.c | 14 +++++++-------
> test/unittest/lquantize/tst.32bit-bug26268136.sh | 1 -
> 2 files changed, 7 insertions(+), 8 deletions(-)
>
> diff --git a/libdtrace/dt_prov_proc.c b/libdtrace/dt_prov_proc.c
> index 0223c5d18..9fc499aeb 100644
> --- a/libdtrace/dt_prov_proc.c
> +++ b/libdtrace/dt_prov_proc.c
> @@ -62,7 +62,7 @@ static const char modname[] = "vmlinux";
> * The dependent probe support should include a priority specification to drive
> * the order in which dependent probes are added to the underlying probe. This
> * is needed to enforce specific probe firing semantics (e.g. proc:::start must
> - * always precede [roc:::lwp-start).
> + * always precede proc:::lwp-start).
> */
>
> typedef struct probe_arg {
> @@ -350,12 +350,12 @@ static int trampoline(dt_pcb_t *pcb, uint_t exitlbl)
> * else args[0] = 2; // CLD_KILLED
> */
> emit(dlp, BPF_MOV_REG(BPF_REG_1, BPF_REG_FP));
> - emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_STK_SPILL(0)));
> + emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_TRAMP_SP_SLOT(0)));
> emit(dlp, BPF_MOV_IMM(BPF_REG_2, sizeof(int)));
> emit(dlp, BPF_LOAD(BPF_DW, BPF_REG_3, BPF_REG_7, DMST_ARG(0)));
> emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, ctm.ctm_offset / NBBY));
> emit(dlp, BPF_CALL_HELPER(BPF_FUNC_probe_read));
> - emit(dlp, BPF_LOAD(BPF_W, BPF_REG_1, BPF_REG_FP, DT_STK_SPILL(0)));
> + emit(dlp, BPF_LOAD(BPF_W, BPF_REG_1, BPF_REG_FP, DT_TRAMP_SP_SLOT(0)));
> emit(dlp, BPF_MOV_IMM(BPF_REG_0, 1));
> emit(dlp, BPF_MOV_REG(BPF_REG_2, BPF_REG_1));
> emit(dlp, BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 0x7f));
> @@ -406,17 +406,17 @@ static int trampoline(dt_pcb_t *pcb, uint_t exitlbl)
> emit(dlp, BPF_MOV_REG(BPF_REG_3, BPF_REG_0));
> emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, off));
> emit(dlp, BPF_MOV_REG(BPF_REG_1, BPF_REG_FP));
> - emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_STK_SPILL(0)));
> + emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_TRAMP_SP_SLOT(0)));
> emit(dlp, BPF_MOV_IMM(BPF_REG_2, sz));
> emit(dlp, BPF_CALL_HELPER(BPF_FUNC_probe_read));
> - emit(dlp, BPF_LOAD(BPF_DW, BPF_REG_3, BPF_REG_FP, DT_STK_SPILL(0)));
> + emit(dlp, BPF_LOAD(BPF_DW, BPF_REG_3, BPF_REG_FP, DT_TRAMP_SP_SLOT(0)));
> off = dt_cg_ctf_offsetof("struct signal_struct", "group_exit_code", &sz, 0);
> emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, off));
> emit(dlp, BPF_MOV_REG(BPF_REG_1, BPF_REG_FP));
> - emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_STK_SPILL(0)));
> + emit(dlp, BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, DT_TRAMP_SP_SLOT(0)));
> emit(dlp, BPF_MOV_IMM(BPF_REG_2, sz));
> emit(dlp, BPF_CALL_HELPER(BPF_FUNC_probe_read));
> - emit(dlp, BPF_LOAD(BPF_W, BPF_REG_0, BPF_REG_FP, DT_STK_SPILL(0)));
> + emit(dlp, BPF_LOAD(BPF_W, BPF_REG_0, BPF_REG_FP, DT_TRAMP_SP_SLOT(0)));
> emit(dlp, BPF_BRANCH_IMM(BPF_JEQ, BPF_REG_0, 0, lbl_keep));
> emit(dlp, BPF_STORE(BPF_DW, BPF_REG_7, DMST_ARG(0), BPF_REG_0));
>
> diff --git a/test/unittest/lquantize/tst.32bit-bug26268136.sh b/test/unittest/lquantize/tst.32bit-bug26268136.sh
> index d5f143f58..a360fd17e 100755
> --- a/test/unittest/lquantize/tst.32bit-bug26268136.sh
> +++ b/test/unittest/lquantize/tst.32bit-bug26268136.sh
> @@ -5,7 +5,6 @@
> # Licensed under the Universal Permissive License v 1.0 as shown at
> # http://oss.oracle.com/licenses/upl.
> #
> -# @@xfail: dtv2
>
> if [ $# != 1 ]; then
> echo expected one argument: '<'dtrace-path'>'
> --
> 2.43.5
>
prev parent reply other threads:[~2025-02-26 16:57 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-16 23:14 [PATCH v2] Fix trampoline use of BPF stack for scratch eugene.loh
2025-02-26 16:57 ` Kris Van Hees [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z79IAPl+30g4d3Nc@oracle.com \
--to=kris.van.hees@oracle.com \
--cc=dtrace-devel@oss.oracle.com \
--cc=dtrace@lists.linux.dev \
--cc=eugene.loh@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.