lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <YhLKeAShYUtELvTJ@krava>
Date:   Mon, 21 Feb 2022 00:10:48 +0100
From:   Jiri Olsa <olsajiri@...il.com>
To:     Yonghong Song <yhs@...com>
Cc:     Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <a.p.zijlstra@...llo.nl>,
        Ingo Molnar <mingo@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Namhyung Kim <namhyung@...nel.org>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Ian Rogers <irogers@...gle.com>,
        "linux-perf-use." <linux-perf-users@...r.kernel.org>,
        bpf <bpf@...r.kernel.org>
Subject: Re: [PATCH 3/3] perf tools: Rework prologue generation code

On Sun, Feb 20, 2022 at 10:43:42AM -0800, Yonghong Song wrote:
> 
> 
> On 2/20/22 5:44 AM, Jiri Olsa wrote:
> > On Fri, Feb 18, 2022 at 11:55:16AM -0800, Andrii Nakryiko wrote:
> > > On Fri, Feb 18, 2022 at 1:01 AM Jiri Olsa <olsajiri@...il.com> wrote:
> > > > 
> > > > On Thu, Feb 17, 2022 at 01:53:16PM -0800, Andrii Nakryiko wrote:
> > > > > On Thu, Feb 17, 2022 at 5:19 AM Jiri Olsa <jolsa@...nel.org> wrote:
> > > > > > 
> > > > > > Some functions we use now for bpf prologue generation are
> > > > > > going to be deprecated, so reworking the current code not
> > > > > > to use them.
> > > > > > 
> > > > > > We need to replace following functions/struct:
> > > > > >     bpf_program__set_prep
> > > > > >     bpf_program__nth_fd
> > > > > >     struct bpf_prog_prep_result
> > > > > > 
> > > > > > Current code uses bpf_program__set_prep to hook perf callback
> > > > > > before the program is loaded and provide new instructions with
> > > > > > the prologue.
> > > > > > 
> > > > > > We workaround this by using objects's 'unloaded' programs instructions
> > > > > > for that specific program and load new ebpf programs with prologue
> > > > > > using separate bpf_prog_load calls.
> > > > > > 
> > > > > > We keep new ebpf program instances descriptors in bpf programs
> > > > > > private struct.
> > > > > > 
> > > > > > Suggested-by: Andrii Nakryiko <andrii@...nel.org>
> > > > > > Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> > > > > > ---
> > > > > >   tools/perf/util/bpf-loader.c | 122 +++++++++++++++++++++++++++++------
> > > > > >   1 file changed, 104 insertions(+), 18 deletions(-)
> > > > > > 
> > > > > 
> > > > > [...]
> > > > > 
> > > > > >   errout:
> > > > > > @@ -696,7 +718,7 @@ static int hook_load_preprocessor(struct bpf_program *prog)
> > > > > >          struct bpf_prog_priv *priv = program_priv(prog);
> > > > > >          struct perf_probe_event *pev;
> > > > > >          bool need_prologue = false;
> > > > > > -       int err, i;
> > > > > > +       int i;
> > > > > > 
> > > > > >          if (IS_ERR_OR_NULL(priv)) {
> > > > > >                  pr_debug("Internal error when hook preprocessor\n");
> > > > > > @@ -727,6 +749,12 @@ static int hook_load_preprocessor(struct bpf_program *prog)
> > > > > >                  return 0;
> > > > > >          }
> > > > > > 
> > > > > > +       /*
> > > > > > +        * Do not load programs that need prologue, because we need
> > > > > > +        * to add prologue first, check bpf_object__load_prologue.
> > > > > > +        */
> > > > > > +       bpf_program__set_autoload(prog, false);
> > > > > 
> > > > > if you set autoload to false, program instructions might be invalid in
> > > > > the end. Libbpf doesn't apply some (all?) relocations to such
> > > > > programs, doesn't resolve CO-RE, etc, etc. You have to let
> > > > > "prototypal" BPF program to be loaded before you can grab final
> > > > > instructions. It's not great, but in your case it should work, right?
> > > > 
> > > > hum, do we care? it should all be done when the 'new' program with
> > > > the prologue is loaded, right?
> > > 
> > > yeah, you should care. If there is any BPF map involved, it is
> > > properly resolved to correct FD (which is put into ldimm64 instruction
> > > in BPF program code) during the load. If program is not autoloaded,
> > > this is skipped. Same for any global variable or subprog call (if it's
> > > not always inlined). So you very much should care for any non-trivial
> > > program.
> > 
> > ah too bad.. all that is in the load path, ok
> > 
> > > 
> > > > 
> > > > I switched it off because the verifier failed to load the program
> > > > without the prologue.. because in the original program there's no
> > > > code to grab the arguments that the rest of the code depends on,
> > > > so the verifier sees invalid access
> > > 
> > > Do you have an example of C code and corresponding BPF instructions
> > > before/after prologue generation? Just curious to see in details how
> > > this is done.
> > 
> > so with following example:
> > 
> > 	SEC("func=do_sched_setscheduler param->sched_priority@...r")
> > 	int bpf_func__setscheduler(void *ctx, int err, int param)
> > 	{
> > 		char fmt[] = "prio: %ld";
> > 		bpf_trace_printk(fmt, sizeof(fmt), param);
> > 		return 1;
> > 	}
> > 
> > perf will attach the code to do_sched_setscheduler function,
> > and read 'param->sched_priority' into 'param' argument
> > 
> > so the resulting clang object expects 'param' to be in R3
> > 
> > 	0000000000000000 <bpf_func__setscheduler>:
> > 	       0:       b7 01 00 00 64 00 00 00 r1 = 100
> > 	       1:       6b 1a f8 ff 00 00 00 00 *(u16 *)(r10 - 8) = r1
> > 	       2:       18 01 00 00 70 72 69 6f 00 00 00 00 3a 20 25 6c r1 = 77926701655
> > 	       4:       7b 1a f0 ff 00 00 00 00 *(u64 *)(r10 - 16) = r1
> > 	       5:       bf a1 00 00 00 00 00 00 r1 = r10
> > 	       6:       07 01 00 00 f0 ff ff ff r1 += -16
> > 	       7:       b7 02 00 00 0a 00 00 00 r2 = 10
> > 	       8:       85 00 00 00 06 00 00 00 call 6
> > 	       9:       b7 00 00 00 01 00 00 00 r0 = 1
> > 	      10:       95 00 00 00 00 00 00 00 exit
> > 
> > and R3 is loaded in the prologue code (first 15 instructions)
> > and it also sets 'err' (R2) with the result of the reading:
> > 
> > 	   0: (bf) r6 = r1
> > 	   1: (79) r3 = *(u64 *)(r6 +96)
> > 	   2: (bf) r7 = r10
> > 	   3: (07) r7 += -8
> > 	   4: (7b) *(u64 *)(r10 -8) = r3
> > 	   5: (b7) r2 = 8
> > 	   6: (bf) r1 = r7
> > 	   7: (85) call bpf_probe_read_user#-60848
> > 	   8: (55) if r0 != 0x0 goto pc+2
> > 	   9: (61) r3 = *(u32 *)(r10 -8)
> > 	  10: (05) goto pc+3
> > 	  11: (b7) r2 = 1
> > 	  12: (b7) r3 = 0
> > 	  13: (05) goto pc+1
> > 	  14: (b7) r2 = 0
> > 	  15: (bf) r1 = r6
> > 
> > 	  16: (b7) r1 = 100
> > 	  17: (6b) *(u16 *)(r10 -8) = r1
> > 	  18: (18) r1 = 0x6c25203a6f697270
> > 	  20: (7b) *(u64 *)(r10 -16) = r1
> > 	  21: (bf) r1 = r10
> > 	  22: (07) r1 += -16
> > 	  23: (b7) r2 = 10
> > 	  24: (85) call bpf_trace_printk#-54848
> > 	  25: (b7) r0 = 1
> > 	  26: (95) exit
> 
> Just curious. Is the prologue code generated through C code or through
> asm code? Is it possible prologue code can be generated through C

it's C code in perf generating bpf instructions:
  https://git.kernel.org/pub/scm/linux/kernel/git/acme/linux.git/tree/tools/perf/util/bpf-prologue.c?h=perf/core

> code with similar mechanism like BPF_PROG macro? Or this is already
> an API which cannot be changed?

do you mean to have some stub like:

  int bpf_func__setscheduler_stub(void *ctx)
  {
          return bpf_func__setscheduler(ctx, 0, 0)
  }

  int bpf_func__setscheduler(void *ctx, int err, int param)
  {
          char fmt[] = "prio: %ld";
          bpf_trace_printk(fmt, sizeof(fmt), param);
          return 1;
  }

to make verifier happy

then we'd need instructions for bpf_func__setscheduler

it looks like subprogram instructions are appended and we should
be able to locate bpf_func__setscheduler start in instructions
returned in bpf_program__insns ? anyway does not look nice ;-)

jirka

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ