From: Anton Protopopov <a.s.protopopov@gmail.com>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: bpf <bpf@vger.kernel.org>, Alexei Starovoitov <ast@kernel.org>,
Andrii Nakryiko <andrii@kernel.org>,
Anton Protopopov <aspsk@isovalent.com>,
Daniel Borkmann <daniel@iogearbox.net>,
Eduard Zingerman <eddyz87@gmail.com>,
Quentin Monnet <qmo@kernel.org>,
Yonghong Song <yonghong.song@linux.dev>
Subject: Re: [PATCH v11 bpf-next 01/12] bpf, x86: add new map type: instructions array
Date: Sun, 16 Nov 2025 12:58:04 +0000 [thread overview]
Message-ID: <aRnKXNPkENDiRcnO@mail.gmail.com> (raw)
In-Reply-To: <CAADnVQJmg17Z9jWWZ8ejCCNWcnSU0YeRiDHSp__+A0C8QtTMvg@mail.gmail.com>
On 25/11/06 09:08AM, Alexei Starovoitov wrote:
> On Thu, Nov 6, 2025 at 1:54 AM Anton Protopopov
> <a.s.protopopov@gmail.com> wrote:
> >
> > On 25/11/05 06:03PM, Alexei Starovoitov wrote:
> > > On Wed, Nov 5, 2025 at 12:58 AM Anton Protopopov
> > > <a.s.protopopov@gmail.com> wrote:
> > > > @@ -21695,6 +21736,8 @@ static int jit_subprogs(struct bpf_verifier_env *env)
> > > > func[i]->aux->jited_linfo = prog->aux->jited_linfo;
> > > > func[i]->aux->linfo_idx = env->subprog_info[i].linfo_idx;
> > > > func[i]->aux->arena = prog->aux->arena;
> > > > + func[i]->aux->used_maps = env->used_maps;
> > > > + func[i]->aux->used_map_cnt = env->used_map_cnt;
> > >
> > > ...
> > >
> > > > It might be called before the used_maps are copied into aux...
> > >
> > > wat?
> >
> > It is called from fixup_call_arg() which happens before
> > the env->prog->aux->used_maps is populated as a copy of
> > env->used_maps.
> >
> > In any case, I will take a closer look and follow up on
> > this after Kubecon (which is the next week).
>
> Pls look at the diff
> and also
> line 22074:
> func[i]->aux->main_prog_aux = prog->aux;
> line 22099:
> func[i]->aux->used_maps = env->used_maps;
[Sorry for the delay, I was travelling and didn't have access to my lab.]
I've seen this diff and tested it before sending the previous reply.
It didn't work, and it doesn't work now on bpf-next/master: the
"./test_progs -a bpf_insn_array/deletions-with-functions" test
still breaks.
The reason is as follows. There are two cases for which JIT is called
differently.
1) For a program without sub-functions the JIT is called from the
bpf_prog_select_runtime() function. By this time
aux->main_prog_aux->used_maps are populated and thus
aux->main_prog_aux could be used; or just aux, as there is only one
prog.
2) When program has sub-functions, say one, the jit is called from
jit_subprogs() and later the call in bpf_prog_select_runtime() is
skipped. The jit_subprogs() is called before the bpf_check()
epilogue, and thus not func[i]->aux nor aux->main_prog_aux
contain a copy of used_maps, it is only copied later.
To make two cases look the same ("aux->used_maps is correct"), I've
added
func[i]->aux->used_maps = env->used_maps;
func[i]->aux->used_map_cnt = env->used_map_cnt;
Note, again, that in case 2, without this copy, no functions will
have used_maps set, even main_prog.
> > > on top of the set:
> > > diff --git a/kernel/bpf/bpf_insn_array.c b/kernel/bpf/bpf_insn_array.c
> > > index 61ce52882632..97fcde6d7f07 100644
> > > --- a/kernel/bpf/bpf_insn_array.c
> > > +++ b/kernel/bpf/bpf_insn_array.c
> > > @@ -278,8 +278,8 @@ void bpf_prog_update_insn_ptrs(struct bpf_prog
> > > *prog, u32 *offsets, void *image)
> > > if (!offsets || !image)
> > > return;
> > >
> > > - for (i = 0; i < prog->aux->used_map_cnt; i++) {
> > > - map = prog->aux->used_maps[i];
> > > + for (i = 0; i < prog->aux->main_prog_aux->used_map_cnt; i++) {
> > > + map = prog->aux->main_prog_aux->used_maps[i];
> > > if (!is_insn_array(map))
> > > continue;
> > >
> > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > > index 1268fa075d4c..53b9a6cee156 100644
> > > --- a/kernel/bpf/verifier.c
> > > +++ b/kernel/bpf/verifier.c
> > > @@ -22096,8 +22096,6 @@ static int jit_subprogs(struct bpf_verifier_env *env)
> > > func[i]->aux->jited_linfo = prog->aux->jited_linfo;
> > > func[i]->aux->linfo_idx = env->subprog_info[i].linfo_idx;
> > > func[i]->aux->arena = prog->aux->arena;
> > > - func[i]->aux->used_maps = env->used_maps;
> > > - func[i]->aux->used_map_cnt = env->used_map_cnt;
> > > num_exentries = 0;
> > > insn = func[i]->insnsi;
> > > for (j = 0; j < func[i]->len; j++, insn++) {
> > >
> > >
> > > all tests still pass.
> > >
> > > If I'm not missing anything, please send a follow up.
> > >
> > > The plan is to split prog_aux into main and subprog,
> > > and subprog will be a fraction of main.
> > > Right now we copy more and more fields for no good reason.
> > > Let's avoid this.
next prev parent reply other threads:[~2025-11-16 12:51 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-05 9:03 [PATCH v11 bpf-next 00/12] BPF indirect jumps Anton Protopopov
2025-11-05 9:03 ` [PATCH v11 bpf-next 01/12] bpf, x86: add new map type: instructions array Anton Protopopov
2025-11-06 2:03 ` Alexei Starovoitov
2025-11-06 10:01 ` Anton Protopopov
2025-11-06 17:08 ` Alexei Starovoitov
2025-11-16 12:58 ` Anton Protopopov [this message]
2025-11-22 2:40 ` Alexei Starovoitov
2025-11-24 15:17 ` Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 02/12] bpftool: Recognize insn_array map type Anton Protopopov
2025-11-05 9:21 ` bot+bpf-ci
2025-11-05 9:29 ` Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 03/12] libbpf: " Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 04/12] selftests/bpf: add selftests for new insn_array map Anton Protopopov
2025-11-05 9:28 ` bot+bpf-ci
2025-11-05 9:52 ` Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 05/12] bpf: support instructions arrays with constants blinding Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 06/12] selftests/bpf: test instructions arrays with blinding Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 07/12] bpf, x86: allow indirect jumps to r8...r15 Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 08/12] bpf, x86: add support for indirect jumps Anton Protopopov
2025-11-05 11:23 ` Anton Protopopov
2025-11-05 17:45 ` Ihor Solodrai
2025-11-05 20:16 ` Anton Protopopov
2025-11-05 22:42 ` Alexei Starovoitov
2025-11-06 10:03 ` Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 09/12] bpf: disasm: add support for BPF_JMP|BPF_JA|BPF_X Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 10/12] libbpf: support llvm-generated indirect jumps Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 11/12] selftests/bpf: add new verifier_gotox test Anton Protopopov
2025-11-05 9:04 ` [PATCH v11 bpf-next 12/12] selftests/bpf: add C-level selftests for indirect jumps Anton Protopopov
2025-11-05 9:28 ` bot+bpf-ci
2025-11-05 9:37 ` Anton Protopopov
2025-11-05 20:51 ` [PATCH v11 bpf-next 00/12] BPF " Eduard Zingerman
2025-11-05 21:54 ` Anton Protopopov
2025-11-06 1:56 ` Alexei Starovoitov
2025-11-06 2:00 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRnKXNPkENDiRcnO@mail.gmail.com \
--to=a.s.protopopov@gmail.com \
--cc=alexei.starovoitov@gmail.com \
--cc=andrii@kernel.org \
--cc=aspsk@isovalent.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=eddyz87@gmail.com \
--cc=qmo@kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.