From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-179.mta1.migadu.com (out-179.mta1.migadu.com [95.215.58.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3FAEF305E29; Mon, 25 Aug 2025 18:27:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.179 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756146481; cv=none; b=mKjge6JMwOUwHcWKGIE8ZAy3gt2DA6U0KhpIzIxlXpi3P4nsWPSgCxTX46ZZvAvHa5IEW9bFKE/4TJxuYuERSI9gcIDvCrq3mrFarimpAKkm4VhqNn+Zrr7/H5c190QgGLgYZJ0KIq7q401v1kETSp+X/WATkwy+4i6c8LMJbMo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756146481; c=relaxed/simple; bh=iw2A7b8HfUY4C8oFRCU1gTmF2DPSqkrcOtKnUUygbjs=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=NxlJDdp+iGzw5Mib2CriAdpJ0ysllp+uKZurzY52+rKpogyecvOxP7RXSwrc2Q7LXaR8gfPpWu3y82oLEryMbDP3bkIlqlVKCceNK2h6pp7Am/HpcxCbH80rdxV9au6fYU60UM4hWRVSt2M3Ar5TzxEHA0z3+bQ4VzmKL5/HgEU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=oc4M9Ndi; arc=none smtp.client-ip=95.215.58.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="oc4M9Ndi" Message-ID: <43b9d0ff-9922-490a-ac6b-7e8e7baa2247@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1756146476; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VzmE5jm1E2E79Bi4ISsxWAGliYekiS7P+xPBgawpmGA=; b=oc4M9NdiiejKaBXakXsS4zooMNN2MsioZ7KruoSX1YBGsCK4zvN6kaZYRRuJrdlE3a84NR 6RGIj0kIACEyALUkKYgSvaqhdiWlSQ/h9ACTHNNgopeT7UAithShq2bJeLWIctApQ34LaC lha6t5mA+BBkAIZPlYpnnZVLltKBYfg= Date: Mon, 25 Aug 2025 11:27:49 -0700 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH bpf-next RESEND v4 1/2] bpf: refactor max_depth computation in bpf_get_stack() Content-Language: en-GB To: "Lecomte, Arnaud" , Martin KaFai Lau Cc: andrii@kernel.org, ast@kernel.org, bpf@vger.kernel.org, daniel@iogearbox.net, eddyz87@gmail.com, haoluo@google.com, john.fastabend@gmail.com, jolsa@kernel.org, kpsingh@kernel.org, linux-kernel@vger.kernel.org, sdf@fomichev.me, syzbot+c9b724fbb41cf2538b7b@syzkaller.appspotmail.com, syzkaller-bugs@googlegroups.com, song@kernel.org References: <20250819162652.8776-1-contact@arnaud-lcm.com> <3d8fe484-2889-4367-9405-91aeee7d2ef0@linux.dev> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Yonghong Song In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT On 8/25/25 9:39 AM, Lecomte, Arnaud wrote: > > On 19/08/2025 22:15, Martin KaFai Lau wrote: >> On 8/19/25 9:26 AM, Arnaud Lecomte wrote: >>> A new helper function stack_map_calculate_max_depth() that >>> computes the max depth for a stackmap. >>> >>> Changes in v2: >>>   - Removed the checking 'map_size % map_elem_size' from >>>     stack_map_calculate_max_depth >>>   - Changed stack_map_calculate_max_depth params name to be more >>> generic >>> >>> Changes in v3: >>>   - Changed map size param to size in max depth helper >>> >>> Changes in v4: >>>   - Fixed indentation in max depth helper for args >>> >>> Link to v3: >>> https://lore.kernel.org/all/09dc40eb-a84e-472a-8a68-36a2b1835308@linux.dev/ >>> >>> Signed-off-by: Arnaud Lecomte >>> Acked-by: Yonghong Song >>> --- >>>   kernel/bpf/stackmap.c | 30 ++++++++++++++++++++++++------ >>>   1 file changed, 24 insertions(+), 6 deletions(-) >>> >>> diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c >>> index 3615c06b7dfa..b9cc6c72a2a5 100644 >>> --- a/kernel/bpf/stackmap.c >>> +++ b/kernel/bpf/stackmap.c >>> @@ -42,6 +42,27 @@ static inline int stack_map_data_size(struct >>> bpf_map *map) >>>           sizeof(struct bpf_stack_build_id) : sizeof(u64); >>>   } >>>   +/** >>> + * stack_map_calculate_max_depth - Calculate maximum allowed stack >>> trace depth >>> + * @size:  Size of the buffer/map value in bytes >>> + * @elem_size:  Size of each stack trace element >>> + * @flags:  BPF stack trace flags (BPF_F_USER_STACK, >>> BPF_F_USER_BUILD_ID, ...) >>> + * >>> + * Return: Maximum number of stack trace entries that can be safely >>> stored >>> + */ >>> +static u32 stack_map_calculate_max_depth(u32 size, u32 elem_size, >>> u64 flags) >>> +{ >>> +    u32 skip = flags & BPF_F_SKIP_FIELD_MASK; >>> +    u32 max_depth; >>> + >>> +    max_depth = size / elem_size; >>> +    max_depth += skip; >>> +    if (max_depth > sysctl_perf_event_max_stack) >>> +        return sysctl_perf_event_max_stack; >> >> hmm... this looks a bit suspicious. Is it possible that >> sysctl_perf_event_max_stack is being changed to a larger value in >> parallel? >> > Hi Martin, this is a valid concern as sysctl_perf_event_max_stack can > be modified at runtime through /proc/sys/kernel/perf_event_max_stack. > What we could maybe do instead is to create a copy: u32 current_max = > READ_ONCE(sysctl_perf_event_max_stack); > Any thoughts on this ? There is no need to have READ_ONCE. Jut do int curr_sysctl_max_stack = sysctl_perf_event_max_stack; if (max_depth > curr_sysctl_max_stack) return curr_sysctl_max_stack; Because of the above change, the patch is not a refactoring change any more. > >>> + >>> +    return max_depth; >>> +} >>> + >>>   static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) >>>   { >>>       u64 elem_size = sizeof(struct stack_map_bucket) + >>> @@ -406,7 +427,7 @@ static long __bpf_get_stack(struct pt_regs >>> *regs, struct task_struct *task, >>>                   struct perf_callchain_entry *trace_in, >>>                   void *buf, u32 size, u64 flags, bool may_fault) >>>   { >>> -    u32 trace_nr, copy_len, elem_size, num_elem, max_depth; >>> +    u32 trace_nr, copy_len, elem_size, max_depth; >>>       bool user_build_id = flags & BPF_F_USER_BUILD_ID; >>>       bool crosstask = task && task != current; >>>       u32 skip = flags & BPF_F_SKIP_FIELD_MASK; >>> @@ -438,10 +459,7 @@ static long __bpf_get_stack(struct pt_regs >>> *regs, struct task_struct *task, >>>           goto clear; >>>       } >>>   -    num_elem = size / elem_size; >>> -    max_depth = num_elem + skip; >>> -    if (sysctl_perf_event_max_stack < max_depth) >>> -        max_depth = sysctl_perf_event_max_stack; >>> +    max_depth = stack_map_calculate_max_depth(size, elem_size, flags); >>>         if (may_fault) >>>           rcu_read_lock(); /* need RCU for perf's callchain below */ >>> @@ -461,7 +479,7 @@ static long __bpf_get_stack(struct pt_regs >>> *regs, struct task_struct *task, >>>       } >>>         trace_nr = trace->nr - skip; >>> -    trace_nr = (trace_nr <= num_elem) ? trace_nr : num_elem; >> >> I suspect it was fine because trace_nr was still bounded by num_elem. >> > We should bring back the num_elem bound as an additional safe net. >>> +    trace_nr = min(trace_nr, max_depth - skip); >> >> but now the min() is also based on max_depth which could be >> sysctl_perf_event_max_stack. >> >> beside, if I read it correctly, in "max_depth - skip", the max_depth >> could also be less than skip. I assume trace->nr is bound by >> max_depth, so should be less of a problem but still a bit unintuitive >> to read. >> >>>       copy_len = trace_nr * elem_size; >>>         ips = trace->ip + skip; >>