The Linux Kernel Mailing List
 help / color / mirror / Atom feed
From: "Alexei Starovoitov" <alexei.starovoitov@gmail.com>
To: "Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
	"Steven Rostedt" <rostedt@goodmis.org>,
	"Shuah Khan" <shuah@kernel.org>
Cc: "Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
	<linux-kernel@vger.kernel.org>,
	<linux-trace-kernel@vger.kernel.org>,
	<linux-kselftest@vger.kernel.org>, <bpf@vger.kernel.org>
Subject: Re: [RFC PATCH 2/4] tracing/probes: Compile all fetchargs into a single BPF program per event
Date: Wed, 01 Jul 2026 11:41:26 -0700	[thread overview]
Message-ID: <DJNGE5JG5ZY4.FEO5DZ21TL7Z@gmail.com> (raw)
In-Reply-To: <178291354144.1566898.14374948740441958770.stgit@devnote2>

On Wed Jul 1, 2026 at 6:45 AM PDT, Masami Hiramatsu (Google) wrote:
> +static bool trace_probe_can_compile_bpf(struct trace_probe *tp)
> +{
> +	int i;
> +
> +	if (tp->nr_args == 0)
> +		return false;
> +
> +	for (i = 0; i < tp->nr_args; i++) {
> +		struct probe_arg *parg = &tp->args[i];
> +		struct fetch_insn *code = parg->code;
> +
> +		while (code->op != FETCH_OP_END) {
> +			switch (code->op) {
> +			case FETCH_OP_REG:
> +			case FETCH_OP_IMM:
> +			case FETCH_OP_DEREF:
> +			case FETCH_OP_ST_RAW:
> +			case FETCH_OP_ST_MEM:
> +				break;
> +			case FETCH_OP_ARG:
> +				if (regs_get_kernel_argument_offset(code->param) < 0)
> +					return false;
> +				break;
> +			default:
> +				return false;
> +			}
> +			code++;
> +		}
> +	}
> +	return true;
> +}
> +
> +static void trace_probe_compile_bpf(struct trace_probe *tp)
> +{
> +	struct bpf_insn *insns;
> +	int i = 0;
> +	struct bpf_prog *prog;
> +	int err, idx;
> +
> +	if (!trace_probe_can_compile_bpf(tp))
> +		return;
> +
> +	insns = kmalloc_array(512, sizeof(struct bpf_insn), GFP_KERNEL);
> +	if (!insns)
> +		return;
> +
> +	/* Prologue: R6 = ctx */
> +	insns[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
> +	/* R7 = ctx->rec */
> +	insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_6,
> +				 offsetof(struct fetch_bpf_ctx, rec));
> +	/* R8 = ctx->data */
> +	insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_8, BPF_REG_6,
> +				 offsetof(struct fetch_bpf_ctx, data));
> +	/* R9 = total size (0) */
> +	insns[i++] = BPF_MOV64_IMM(BPF_REG_9, 0);
> +
> +	for (idx = 0; idx < tp->nr_args; idx++) {
> +		struct probe_arg *parg = &tp->args[idx];
> +		struct fetch_insn *code = parg->code;
> +
> +		while (code->op != FETCH_OP_END && i < 500) {
> +			switch (code->op) {
> +			case FETCH_OP_REG:
> +				/* R0 = *(unsigned long *)(R7 + code->param) */
> +				insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, code->param);
> +				break;
> +			case FETCH_OP_ARG: {
> +				int offset = regs_get_kernel_argument_offset(code->param);
> +				/* R0 = *(unsigned long *)(R7 + offset) */
> +				insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, offset);
> +				break;
> +			}
> +			case FETCH_OP_IMM:
> +				insns[i++] = BPF_LD_IMM64(BPF_REG_0, code->immediate);
> +				break;
> +			case FETCH_OP_DEREF:
> +				/* Add offset: R3 = R0 + code->offset (src) */
> +				insns[i++] = BPF_MOV64_REG(BPF_REG_2, BPF_REG_0);
> +				if (code->offset)
> +					insns[i++] = BPF_ALU64_IMM(BPF_ADD, BPF_REG_2,
> +								   code->offset);
> +				/* R1 = dst (R10 - 8 on stack) */
> +				insns[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_10);
> +				insns[i++] = BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -8);
> +				/* R3 = size */
> +				insns[i++] = BPF_MOV64_IMM(BPF_REG_3, sizeof(unsigned long));
> +				/* Call copy_from_kernel_nofault(dst, src, size) */
> +				insns[i++] = BPF_EMIT_CALL(copy_from_kernel_nofault);
> +				/* if (R0 < 0) return R0; */
> +				insns[i++] = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1);
> +				insns[i++] = BPF_EXIT_INSN();
> +				/* R0 = *(unsigned long *)(R10 - 8) */
> +				insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_10, -8);
> +				break;
> +			case FETCH_OP_ST_RAW:
> +				/* Store R0 into R8 (data) + parg->offset based on size */
> +				switch (code->size) {
> +				case 1:
> +					insns[i++] = BPF_STX_MEM(BPF_B, BPF_REG_8, BPF_REG_0,
> +								 parg->offset);
> +					break;
> +				case 2:
> +					insns[i++] = BPF_STX_MEM(BPF_H, BPF_REG_8, BPF_REG_0,
> +								 parg->offset);
> +					break;
> +				case 4:
> +					insns[i++] = BPF_STX_MEM(BPF_W, BPF_REG_8, BPF_REG_0,
> +								 parg->offset);
> +					break;
> +				case 8:
> +					insns[i++] = BPF_STX_MEM(BPF_DW, BPF_REG_8, BPF_REG_0,
> +								  parg->offset);
> +					break;
> +				}
> +				break;
> +			case FETCH_OP_ST_MEM:
> +				/* Add offset: R2 = R0 + code->offset (src) */
> +				insns[i++] = BPF_MOV64_REG(BPF_REG_2, BPF_REG_0);
> +				if (code->offset)
> +					insns[i++] = BPF_ALU64_IMM(BPF_ADD, BPF_REG_2,
> +								   code->offset);
> +				/* R1 = dst (R8 + parg->offset) */
> +				insns[i++] = BPF_MOV64_REG(BPF_REG_1, BPF_REG_8);
> +				if (parg->offset)
> +					insns[i++] = BPF_ALU64_IMM(BPF_ADD, BPF_REG_1,
> +								   parg->offset);
> +				/* R3 = size */
> +				insns[i++] = BPF_MOV64_IMM(BPF_REG_3, code->size);
> +				/* Call copy_from_kernel_nofault(dst, src, size) */
> +				insns[i++] = BPF_EMIT_CALL(copy_from_kernel_nofault);
> +				/* if (R0 < 0) return R0; */
> +				insns[i++] = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1);
> +				insns[i++] = BPF_EXIT_INSN();
> +				break;
> +			default:
> +				goto out;
> +			}
> +			code++;
> +		}
> +	}

Nack.
I really don't like it.
There were days in the past when the kernel generating bpf directly was appealing.
These days are gone. Performance improvements for fetchargs is not a good reason
to add all this complexity and bypass verifier checks.
bpf insns should come from user space.

  reply	other threads:[~2026-07-01 18:41 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-01 13:45 [RFC PATCH 0/4] tracing/probes: Optimize fetcharg with BPF Masami Hiramatsu (Google)
2026-07-01 13:45 ` [RFC PATCH 1/4] tools/tracing: Add fetcharg performance micro-benchmark Masami Hiramatsu (Google)
2026-07-01 13:45 ` [RFC PATCH 2/4] tracing/probes: Compile all fetchargs into a single BPF program per event Masami Hiramatsu (Google)
2026-07-01 18:41   ` Alexei Starovoitov [this message]
2026-07-01 18:47     ` Steven Rostedt
2026-07-01 18:53       ` Alexei Starovoitov
2026-07-01 22:40     ` Masami Hiramatsu
2026-07-02  0:01       ` Alexei Starovoitov
2026-07-02  1:01         ` Masami Hiramatsu
2026-07-02 14:04         ` Steven Rostedt
2026-07-01 13:45 ` [RFC PATCH 3/4] tracing: Add disable_bpf trace option to ignore eBPF for fetchargs Masami Hiramatsu (Google)
2026-07-01 13:46 ` [RFC PATCH 4/4] selftests/ftrace: Add a test for eBPF compiled fetchargs Masami Hiramatsu (Google)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DJNGE5JG5ZY4.FEO5DZ21TL7Z@gmail.com \
    --to=alexei.starovoitov@gmail.com \
    --cc=bpf@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=shuah@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox