From: Namhyung Kim <namhyung@kernel.org>
To: Howard Chu <howardchu95@gmail.com>
Cc: Qiao Zhao <qzhao@redhat.com>,
Arnaldo Carvalho de Melo <arnaldo.melo@gmail.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
linux-perf-users <linux-perf-users@vger.kernel.org>,
bpf@vger.kernel.org
Subject: Re: [BUG] perf trace: failed to load -E2BIG
Date: Fri, 6 Dec 2024 12:23:09 -0800 [thread overview]
Message-ID: <Z1NdLbOUBzj91Jut@google.com> (raw)
In-Reply-To: <CAH0uvojjyEm0Ezf6sXXvykzjtD9JxijTCNr=8WGGT_r6Fyu_FQ@mail.gmail.com>
Cc-ing bpf list.
On Fri, Dec 06, 2024 at 11:03:19AM -0800, Howard Chu wrote:
> Forgot to mention clang-13 gave unbounded memory access too:
>
> ffffffff,var_off=(0x0; 0xffffffff))
> R9=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> 0xffffffff))
> 90: (85) call bpf_probe_read_user#112
> R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
> processed 490 insns (limit 1000000) max_states_per_insn 2 total_states
> 23 peak_states 23 mark_read 15
> -- END PROG LOAD LOG --
> libbpf: prog 'sys_enter': failed to load: -13
> libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -13
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> (was it created?)
> Not enough memory to run!
>
> Kernel:
>
> perf $ uname -r
> 6.11.0-061100-generic
>
> Thanks,
> Howard
>
> On Fri, Dec 6, 2024 at 10:36 AM Howard Chu <howardchu95@gmail.com> wrote:
> >
> > Hi Qiao, Namhyung, and Arnaldo,
> >
> > Apologies. I observed the same issue and tested perf with trace BPF
> > skel generated by clang-13 to clang-18, turns out BPF skelw generated
> > by clang version <= clang-16 are not loadable, with clang-15 and -16
> > showing the same error as yours. Additionally, the BPF verifier is
> > running longer than usual to process the instructions.
> >
> > perf $ ./perf trace -e write --max-events=1
> > libbpf: prog 'sys_enter': BPF program load failed: Argument list too long
> > libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG --
> > 0: R1=ctx() R10=fp0
> > ; int sys_enter(struct syscall_enter_args *args) @
> > augmented_raw_syscalls.bpf.c:527
> > 0: (bf) r7 = r1 ; R1=ctx() R7_w=ctx()
> > ; return bpf_get_current_pid_tgid(); @ augmented_raw_syscalls.bpf.c:423
> > ...
> > 140: (79) r7 = *(u64 *)(r10 -48) ; R7_w=ctx() R10=fp0 fp-48=ctx()
> > 141: (79) r0 = *(u64 *)(r10 -56)
> > BPF program is too large. Processed 1000001 insn
> > processed 1000001 insns (limit 1000000) max_states_per_insn 28
> > total_states 37670 peak_states 330 mark_read 16
> > -- END PROG LOAD LOG --
> > libbpf: prog 'sys_enter': failed to load: -7
> > libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> > libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -7
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > Not enough memory to run!
> >
> > For clang-14 however, I encountered an unbounded memory access:
> >
> > perf $ ./perf trace -e write --max-events=1
> > libbpf: prog 'sys_enter': BPF program load failed: Permission denied
> > libbpf: prog 'sys_enter': -- BEGIN PROG LOAD LOG --
> > 0: R1=ctx() R10=fp0
> > ; int sys_enter(struct syscall_enter_args *args) @
> > augmented_raw_syscalls.bpf.c:527
> > 0: (bf) r7 = r1 ; R1=ctx() R7_w=ctx()
> > ; return bpf_get_current_pid_tgid(); @ augmented_raw_syscalls.bpf.c:423
> > 1: (85) call bpf_get_current_pid_tgid#14 ; R0_w=scalar()
> > 2: (63) *(u32 *)(r10 -4) = r0 ; R0_w=scalar() R10=fp0 fp-8=mmmm????
> > 88: (79) r1 = *(u64 *)(r10 -16) ;
> > R1_w=map_value(map=beauty_payload_,ks=4,vs=24688,off=112) R10=fp0
> > fp-16=map_value(map=beauty_payload_,ks=4,vs=24688,off=112)
> > 89: (bf) r2 = r9 ;
> > R2_w=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> > 0xffffffff)) R9=scalar(id=14,smin=umin=umin32=2,smax=umax=0xffffffff,var_off=(0x0;
> > 0xffffffff))
> > 90: (85) call bpf_probe_read_user#112
> > R2 unbounded memory access, use 'var &= const' or 'if (var < const)'
> > processed 490 insns (limit 1000000) max_states_per_insn 2 total_states
> > 23 peak_states 23 mark_read 15
> > -- END PROG LOAD LOG --
> > libbpf: prog 'sys_enter': failed to load: -13
> > libbpf: failed to load object 'augmented_raw_syscalls_bpf'
> > libbpf: failed to load BPF skeleton 'augmented_raw_syscalls_bpf': -13
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > libbpf: map '__augmented_syscalls__': can't use BPF map without FD
> > (was it created?)
> > Not enough memory to run!
> >
> > I thought I had tested them, but apparently I didn’t. My apologies
> > again, and fixes are on the way.
> >
> > Thanks,
> > Howard
next prev parent reply other threads:[~2024-12-06 20:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 0:14 [BUG] perf trace: failed to load -E2BIG Namhyung Kim
[not found] ` <CA+JHD90D86YC=Kn3P_B1xLamxKS9+_zOxmKxXMWyTDQGwGnNsQ@mail.gmail.com>
2024-12-06 0:49 ` Namhyung Kim
2024-12-06 3:25 ` Qiao Zhao
2024-12-06 18:36 ` Howard Chu
2024-12-06 19:03 ` Howard Chu
2024-12-06 20:23 ` Namhyung Kim [this message]
2024-12-10 19:02 ` Arnaldo Carvalho de Melo
2024-12-10 20:24 ` Howard Chu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z1NdLbOUBzj91Jut@google.com \
--to=namhyung@kernel.org \
--cc=acme@kernel.org \
--cc=arnaldo.melo@gmail.com \
--cc=bpf@vger.kernel.org \
--cc=howardchu95@gmail.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=qzhao@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).