lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <98436a72-236a-43c4-b6ac-9d74b53b0223@oracle.com>
Date: Tue, 13 Jan 2026 11:02:33 +0000
From: Alan Maguire <alan.maguire@...cle.com>
To: Jiri Olsa <olsajiri@...il.com>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Steven Rostedt <rostedt@...nel.org>, Florent Revest <revest@...gle.com>,
        Mark Rutland <mark.rutland@....com>, bpf@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-trace-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>,
        Menglong Dong <menglong8.dong@...il.com>, Song Liu <song@...nel.org>
Subject: Re: [PATCHv6 bpf-next 7/9] bpf: Add trampoline ip hash table

On 12/01/2026 21:27, Jiri Olsa wrote:
> On Fri, Jan 09, 2026 at 04:36:41PM -0800, Andrii Nakryiko wrote:
>> On Tue, Dec 30, 2025 at 6:51 AM Jiri Olsa <jolsa@...nel.org> wrote:
>>>
>>> Following changes need to lookup trampoline based on its ip address,
>>> adding hash table for that.
>>>
>>> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
>>> ---
>>>  include/linux/bpf.h     |  7 +++++--
>>>  kernel/bpf/trampoline.c | 30 +++++++++++++++++++-----------
>>>  2 files changed, 24 insertions(+), 13 deletions(-)
>>>
>>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>>> index 4e7d72dfbcd4..c85677aae865 100644
>>> --- a/include/linux/bpf.h
>>> +++ b/include/linux/bpf.h
>>> @@ -1325,14 +1325,17 @@ struct bpf_tramp_image {
>>>  };
>>>
>>>  struct bpf_trampoline {
>>> -       /* hlist for trampoline_table */
>>> -       struct hlist_node hlist;
>>> +       /* hlist for trampoline_key_table */
>>> +       struct hlist_node hlist_key;
>>> +       /* hlist for trampoline_ip_table */
>>> +       struct hlist_node hlist_ip;
>>>         struct ftrace_ops *fops;
>>>         /* serializes access to fields of this trampoline */
>>>         struct mutex mutex;
>>>         refcount_t refcnt;
>>>         u32 flags;
>>>         u64 key;
>>> +       unsigned long ip;
>>>         struct {
>>>                 struct btf_func_model model;
>>>                 void *addr;
>>> diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
>>> index 789ff4e1f40b..bdac9d673776 100644
>>> --- a/kernel/bpf/trampoline.c
>>> +++ b/kernel/bpf/trampoline.c
>>> @@ -24,9 +24,10 @@ const struct bpf_prog_ops bpf_extension_prog_ops = {
>>>  #define TRAMPOLINE_HASH_BITS 10
>>>  #define TRAMPOLINE_TABLE_SIZE (1 << TRAMPOLINE_HASH_BITS)
>>>
>>> -static struct hlist_head trampoline_table[TRAMPOLINE_TABLE_SIZE];
>>> +static struct hlist_head trampoline_key_table[TRAMPOLINE_TABLE_SIZE];
>>> +static struct hlist_head trampoline_ip_table[TRAMPOLINE_TABLE_SIZE];
>>>
>>> -/* serializes access to trampoline_table */
>>> +/* serializes access to trampoline tables */
>>>  static DEFINE_MUTEX(trampoline_mutex);
>>>
>>>  #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
>>> @@ -135,15 +136,15 @@ void bpf_image_ksym_del(struct bpf_ksym *ksym)
>>>                            PAGE_SIZE, true, ksym->name);
>>>  }
>>>
>>> -static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
>>> +static struct bpf_trampoline *bpf_trampoline_lookup(u64 key, unsigned long ip)
>>>  {
>>>         struct bpf_trampoline *tr;
>>>         struct hlist_head *head;
>>>         int i;
>>>
>>>         mutex_lock(&trampoline_mutex);
>>> -       head = &trampoline_table[hash_64(key, TRAMPOLINE_HASH_BITS)];
>>> -       hlist_for_each_entry(tr, head, hlist) {
>>> +       head = &trampoline_key_table[hash_64(key, TRAMPOLINE_HASH_BITS)];
>>> +       hlist_for_each_entry(tr, head, hlist_key) {
>>>                 if (tr->key == key) {
>>>                         refcount_inc(&tr->refcnt);
>>>                         goto out;
>>> @@ -164,8 +165,12 @@ static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
>>>  #endif
>>>
>>>         tr->key = key;
>>> -       INIT_HLIST_NODE(&tr->hlist);
>>> -       hlist_add_head(&tr->hlist, head);
>>> +       tr->ip = ftrace_location(ip);
>>> +       INIT_HLIST_NODE(&tr->hlist_key);
>>> +       INIT_HLIST_NODE(&tr->hlist_ip);
>>> +       hlist_add_head(&tr->hlist_key, head);
>>> +       head = &trampoline_ip_table[hash_64(tr->ip, TRAMPOLINE_HASH_BITS)];
>>
>> For key lookups we check that there is no existing trampoline for the
>> given key. Can it happen that we have two trampolines at the same IP
>> but using two different keys?
> 
> so multiple keys (different static functions with same name) resolving to
> the same ip happened in past and we should now be able to catch those in
> pahole, right? CC-ing Alan ;-)
>

We could catch this I think, but today we don't. We have support to avoid 
encoding BTF where a function name has multiple instances (ambiguous address).
Here you're concerned with mapping from ip to function name, where multiple 
names share the same ip, right?

A quick scan of System.map suggests there's a ~150 of these,
excluding __pfx_ entries:

$ awk 'NR > 1 && ($2 == "T" || $2 == "t") && $1 == prev_field { print;} { prev_field = $1}' System.map|egrep -v __pfx|wc -l
155

Alan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ