From: Jiri Olsa <olsajiri@gmail.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
Jiri Olsa <olsajiri@gmail.com>,
Juri Lelli <juri.lelli@redhat.com>, bpf <bpf@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Artem Savkov <asavkov@redhat.com>,
"Jose E. Marchesi" <jose.marchesi@oracle.com>
Subject: Re: NULL pointer deref when running BPF monitor program (6.11.0-rc1)
Date: Fri, 16 Aug 2024 20:59:47 +0200 [thread overview]
Message-ID: <Zr-ho0ncAk__sZiX@krava> (raw)
In-Reply-To: <20240816101031.6dd1361b@rorschach.local.home>
On Fri, Aug 16, 2024 at 10:10:31AM -0400, Steven Rostedt wrote:
> On Thu, 15 Aug 2024 14:37:18 +0200
> Alexei Starovoitov <alexei.starovoitov@gmail.com> wrote:
>
> > > I checked bit more and there are more tracepoints with the same issue,
> > > the first diff stat looks like:
> > >
> > > include/trace/events/afs.h | 44 ++++++++++++++++++++++----------------------
> > > include/trace/events/cachefiles.h | 96 ++++++++++++++++++++++++++++++++++++++++++++++++------------------------------------------------
> > > include/trace/events/ext4.h | 6 +++---
> > > include/trace/events/fib.h | 16 ++++++++--------
> > > include/trace/events/filelock.h | 38 +++++++++++++++++++-------------------
> > > include/trace/events/host1x.h | 10 +++++-----
> > > include/trace/events/huge_memory.h | 24 ++++++++++++------------
> > > include/trace/events/kmem.h | 18 +++++++++---------
> > > include/trace/events/netfs.h | 16 ++++++++--------
> > > include/trace/events/power.h | 6 +++---
> > > include/trace/events/qdisc.h | 8 ++++----
> > > include/trace/events/rxrpc.h | 12 ++++++------
> > > include/trace/events/sched.h | 12 ++++++------
> > > include/trace/events/sunrpc.h | 8 ++++----
> > > include/trace/events/tcp.h | 14 +++++++-------
> > > include/trace/events/tegra_apb_dma.h | 6 +++---
> > > include/trace/events/timer_migration.h | 10 +++++-----
> > > include/trace/events/writeback.h | 16 ++++++++--------
> > >
> > > plus there's one case where pointer needs to be checked with IS_ERR in
> > > include/trace/events/rdma_core.h trace_mr_alloc/mr_integ_alloc
> > >
> > > I'm not excited about the '_nullable' argument suffix, because it's lot
> > > of extra changes/renames in TP_fast_assign and it does not solve the
> > > IS_ERR case above
> > >
> > > I checked on the type tag and with llvm build we get the TYPE_TAG info
> > > nicely in BTF:
> > >
> > > [119148] TYPEDEF 'btf_trace_sched_pi_setprio' type_id=119149
> > > [119149] PTR '(anon)' type_id=119150
> > > [119150] FUNC_PROTO '(anon)' ret_type_id=0 vlen=3
> > > '(anon)' type_id=27
> > > '(anon)' type_id=678
> > > '(anon)' type_id=119152
> > > [119151] TYPE_TAG 'nullable' type_id=679
> > > [119152] PTR '(anon)' type_id=119151
> > >
> > > [679] STRUCT 'task_struct' size=15424 vlen=277
> > >
> > > which we can easily check in verifier.. the tracepoint definition would look like:
> > >
> > > - TP_PROTO(struct task_struct *tsk, struct task_struct *pi_task),
> > > + TP_PROTO(struct task_struct *tsk, struct task_struct __nullable *pi_task),
> > >
> > > and no other change in TP_fast_assign is needed
> > >
> > > I think using the type tag for this is nicer, but I'm not sure where's
> > > gcc at with btf_type_tag implementation, need to check on that
> >
> > Unfortunately last time I heard gcc was still far.
> > So we cannot rely on decl_tag or type_tag yet.
> > Aside from __nullable we would need another suffix to indicate is_err.
> >
> > Maybe we can do something with the TP* macro?
> > So the suffix only seen one place instead of search-and-replace
> > through the body?
> >
> > but imo above diff stat doesn't look too bad.
>
> I'm fine with annotation of parameters, but I really don't want this
> being part of the TP_fast_assign() content. What would that look like
> anyway?
best option would be using btf_type_tag annotation, which would look like:
- TP_PROTO(struct task_struct *tsk, struct task_struct *pi_task),
+ TP_PROTO(struct task_struct *tsk, struct task_struct __nullable *pi_task),
but gcc does not support that yet, just clang
so far the only working solution I have is adding '__nullable' suffix
to argument name:
diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h
index 9ea4c404bd4e..fc46f0b42741 100644
--- a/include/trace/events/sched.h
+++ b/include/trace/events/sched.h
@@ -559,9 +559,9 @@ DEFINE_EVENT(sched_stat_runtime, sched_stat_runtime,
*/
TRACE_EVENT(sched_pi_setprio,
- TP_PROTO(struct task_struct *tsk, struct task_struct *pi_task),
+ TP_PROTO(struct task_struct *tsk, struct task_struct *pi_task__nullable),
- TP_ARGS(tsk, pi_task),
+ TP_ARGS(tsk, pi_task__nullable),
TP_STRUCT__entry(
__array( char, comm, TASK_COMM_LEN )
@@ -574,8 +574,8 @@ TRACE_EVENT(sched_pi_setprio,
memcpy(__entry->comm, tsk->comm, TASK_COMM_LEN);
__entry->pid = tsk->pid;
__entry->oldprio = tsk->prio;
- __entry->newprio = pi_task ?
- min(tsk->normal_prio, pi_task->prio) :
+ __entry->newprio = pi_task__nullable ?
+ min(tsk->normal_prio, pi_task__nullable->prio) :
tsk->normal_prio;
/* XXX SCHED_DEADLINE bits missing */
),
now I'm trying to make work something like:
diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h
index 9ea4c404bd4e..4e4aae2d5700 100644
--- a/include/trace/events/sched.h
+++ b/include/trace/events/sched.h
@@ -559,9 +559,9 @@ DEFINE_EVENT(sched_stat_runtime, sched_stat_runtime,
*/
TRACE_EVENT(sched_pi_setprio,
- TP_PROTO(struct task_struct *tsk, struct task_struct *pi_task),
+ TP_PROTO(struct task_struct *tsk, struct task_struct *__nullable(pi_task)),
- TP_ARGS(tsk, pi_task),
+ TP_ARGS(tsk, __nullable(pi_task)),
TP_STRUCT__entry(
__array( char, comm, TASK_COMM_LEN )
jirka
next prev parent reply other threads:[~2024-08-16 18:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-05 9:20 NULL pointer deref when running BPF monitor program (6.11.0-rc1) Juri Lelli
2024-08-05 16:49 ` Jiri Olsa
2024-08-05 17:00 ` Alexei Starovoitov
2024-08-06 7:08 ` Juri Lelli
2024-08-06 13:17 ` Jiri Olsa
2024-08-06 13:24 ` Jiri Olsa
2024-08-06 18:44 ` Alexei Starovoitov
2024-08-08 10:46 ` Jiri Olsa
2024-08-08 15:43 ` Alexei Starovoitov
2024-08-15 11:48 ` Jiri Olsa
2024-08-15 12:37 ` Alexei Starovoitov
2024-08-16 14:10 ` Steven Rostedt
2024-08-16 18:59 ` Jiri Olsa [this message]
2024-08-16 19:30 ` Steven Rostedt
2024-08-19 11:47 ` Jiri Olsa
2024-08-19 14:05 ` Jiri Olsa
2024-08-19 15:37 ` Steven Rostedt
2024-08-20 10:17 ` Jiri Olsa
2024-08-20 15:05 ` Steven Rostedt
2024-10-02 16:30 ` Jiri Olsa
2024-10-09 20:41 ` Jiri Olsa
2024-10-10 0:33 ` Josh Poimboeuf
2024-10-10 0:56 ` Steven Rostedt
2024-10-10 0:57 ` Steven Rostedt
2024-10-10 3:17 ` Josh Poimboeuf
2024-10-10 9:00 ` Jiri Olsa
2024-10-10 13:49 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr-ho0ncAk__sZiX@krava \
--to=olsajiri@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=asavkov@redhat.com \
--cc=bpf@vger.kernel.org \
--cc=jose.marchesi@oracle.com \
--cc=juri.lelli@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.