d3/dac/bpf-prologue_8c_source.html

 // SPDX-License-Identifier: GPL-2.0
 /*
  * bpf-prologue.c
  *
  * Copyright (C) 2015 He Kuang <hekuang@huawei.com>
  * Copyright (C) 2015 Wang Nan <wangnan0@huawei.com>
  * Copyright (C) 2015 Huawei Inc.
  */

 #include <bpf/libbpf.h>
 #include "perf.h"
 #include "debug.h"
 #include "bpf-loader.h"
 #include "bpf-prologue.h"
 #include "probe-finder.h"
 #include <errno.h>
 #include <dwarf-regs.h>
 #include <linux/filter.h>

 #define BPF_REG_SIZE        8

 #define JMP_TO_ERROR_CODE   -1
 #define JMP_TO_SUCCESS_CODE -2
 #define JMP_TO_USER_CODE    -3

 struct bpf_insn_pos {
     struct bpf_insn *begin;
     struct bpf_insn *end;
     struct bpf_insn *pos;
 };

 static inline int
 pos_get_cnt(struct bpf_insn_pos *pos)
 {
     return pos->pos - pos->begin;
 }

 static int
 append_insn(struct bpf_insn new_insn, struct bpf_insn_pos *pos)
 {
     if (!pos->pos)
         return -BPF_LOADER_ERRNO__PROLOGUE2BIG;

     if (pos->pos + 1 >= pos->end) {
         pr_err("bpf prologue: prologue too long\n");
         pos->pos = NULL;
         return -BPF_LOADER_ERRNO__PROLOGUE2BIG;
     }

     *(pos->pos)++ = new_insn;
     return 0;
 }

 static int
 check_pos(struct bpf_insn_pos *pos)
 {
     if (!pos->pos || pos->pos >= pos->end)
         return -BPF_LOADER_ERRNO__PROLOGUE2BIG;
     return 0;
 }

 /*
  * Convert type string (u8/u16/u32/u64/s8/s16/s32/s64 ..., see
  * Documentation/trace/kprobetrace.txt) to size field of BPF_LDX_MEM
  * instruction (BPF_{B,H,W,DW}).
  */
 static int
 argtype_to_ldx_size(const char *type)
 {
     int arg_size = type ? atoi(&type[1]) : 64;

     switch (arg_size) {
     case 8:
         return BPF_B;
     case 16:
         return BPF_H;
     case 32:
         return BPF_W;
     case 64:
     default:
         return BPF_DW;
     }
 }

 static const char *
 insn_sz_to_str(int insn_sz)
 {
     switch (insn_sz) {
     case BPF_B:
         return "BPF_B";
     case BPF_H:
         return "BPF_H";
     case BPF_W:
         return "BPF_W";
     case BPF_DW:
         return "BPF_DW";
     default:
         return "UNKNOWN";
     }
 }

 /* Give it a shorter name */
 #define ins(i, p) append_insn((i), (p))

 /*
  * Give a register name (in 'reg'), generate instruction to
  * load register into an eBPF register rd:
  *   'ldd target_reg, offset(ctx_reg)', where:
  * ctx_reg is pre initialized to pointer of 'struct pt_regs'.
  */
 static int
 gen_ldx_reg_from_ctx(struct bpf_insn_pos *pos, int ctx_reg,
              const char *reg, int target_reg)
 {
     int offset = regs_query_register_offset(reg);

     if (offset < 0) {
         pr_err("bpf: prologue: failed to get register %s\n",
                reg);
         return offset;
     }
     ins(BPF_LDX_MEM(BPF_DW, target_reg, ctx_reg, offset), pos);

     return check_pos(pos);
 }

 /*
  * Generate a BPF_FUNC_probe_read function call.
  *
  * src_base_addr_reg is a register holding base address,
  * dst_addr_reg is a register holding dest address (on stack),
  * result is:
  *
  *  *[dst_addr_reg] = *([src_base_addr_reg] + offset)
  *
  * Arguments of BPF_FUNC_probe_read:
  *     ARG1: ptr to stack (dest)
  *     ARG2: size (8)
  *     ARG3: unsafe ptr (src)
  */
 static int
 gen_read_mem(struct bpf_insn_pos *pos,
          int src_base_addr_reg,
          int dst_addr_reg,
          long offset)
 {
     /* mov arg3, src_base_addr_reg */
     if (src_base_addr_reg != BPF_REG_ARG3)
         ins(BPF_MOV64_REG(BPF_REG_ARG3, src_base_addr_reg), pos);
     /* add arg3, #offset */
     if (offset)
         ins(BPF_ALU64_IMM(BPF_ADD, BPF_REG_ARG3, offset), pos);

     /* mov arg2, #reg_size */
     ins(BPF_ALU64_IMM(BPF_MOV, BPF_REG_ARG2, BPF_REG_SIZE), pos);

     /* mov arg1, dst_addr_reg */
     if (dst_addr_reg != BPF_REG_ARG1)
         ins(BPF_MOV64_REG(BPF_REG_ARG1, dst_addr_reg), pos);

     /* Call probe_read  */
     ins(BPF_EMIT_CALL(BPF_FUNC_probe_read), pos);
     /*
      * Error processing: if read fail, goto error code,
      * will be relocated. Target should be the start of
      * error processing code.
      */
     ins(BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, JMP_TO_ERROR_CODE),
         pos);

     return check_pos(pos);
 }

 /*
  * Each arg should be bare register. Fetch and save them into argument
  * registers (r3 - r5).
  *
  * BPF_REG_1 should have been initialized with pointer to
  * 'struct pt_regs'.
  */
 static int
 gen_prologue_fastpath(struct bpf_insn_pos *pos,
               struct probe_trace_arg *args, int nargs)
 {
     int i, err = 0;

     for (i = 0; i < nargs; i++) {
         err = gen_ldx_reg_from_ctx(pos, BPF_REG_1, args[i].value,
                        BPF_PROLOGUE_START_ARG_REG + i);
         if (err)
             goto errout;
     }

     return check_pos(pos);
 errout:
     return err;
 }

 /*
  * Slow path:
  *   At least one argument has the form of 'offset($rx)'.
  *
  * Following code first stores them into stack, then loads all of then
  * to r2 - r5.
  * Before final loading, the final result should be:
  *
  * low address
  * BPF_REG_FP - 24  ARG3
  * BPF_REG_FP - 16  ARG2
  * BPF_REG_FP - 8   ARG1
  * BPF_REG_FP
  * high address
  *
  * For each argument (described as: offn(...off2(off1(reg)))),
  * generates following code:
  *
  *  r7 <- fp
  *  r7 <- r7 - stack_offset  // Ideal code should initialize r7 using
  *                           // fp before generating args. However,
  *                           // eBPF won't regard r7 as stack pointer
  *                           // if it is generated by minus 8 from
  *                           // another stack pointer except fp.
  *                           // This is why we have to set r7
  *                           // to fp for each variable.
  *  r3 <- value of 'reg'-> generated using gen_ldx_reg_from_ctx()
  *  (r7) <- r3       // skip following instructions for bare reg
  *  r3 <- r3 + off1  . // skip if off1 == 0
  *  r2 <- 8           \
  *  r1 <- r7           |-> generated by gen_read_mem()
  *  call probe_read    /
  *  jnei r0, 0, err  ./
  *  r3 <- (r7)
  *  r3 <- r3 + off2  . // skip if off2 == 0
  *  r2 <- 8           \  // r2 may be broken by probe_read, so set again
  *  r1 <- r7           |-> generated by gen_read_mem()
  *  call probe_read    /
  *  jnei r0, 0, err  ./
  *  ...
  */
 static int
 gen_prologue_slowpath(struct bpf_insn_pos *pos,
               struct probe_trace_arg *args, int nargs)
 {
     int err, i;

     for (i = 0; i < nargs; i++) {
         struct probe_trace_arg *arg = &args[i];
         const char *reg = arg->value;
         struct probe_trace_arg_ref *ref = NULL;
         int stack_offset = (i + 1) * -8;

         pr_debug("prologue: fetch arg %d, base reg is %s\n",
              i, reg);

         /* value of base register is stored into ARG3 */
         err = gen_ldx_reg_from_ctx(pos, BPF_REG_CTX, reg,
                        BPF_REG_ARG3);
         if (err) {
             pr_err("prologue: failed to get offset of register %s\n",
                    reg);
             goto errout;
         }

         /* Make r7 the stack pointer. */
         ins(BPF_MOV64_REG(BPF_REG_7, BPF_REG_FP), pos);
         /* r7 += -8 */
         ins(BPF_ALU64_IMM(BPF_ADD, BPF_REG_7, stack_offset), pos);
         /*
          * Store r3 (base register) onto stack
          * Ensure fp[offset] is set.
          * fp is the only valid base register when storing
          * into stack. We are not allowed to use r7 as base
          * register here.
          */
         ins(BPF_STX_MEM(BPF_DW, BPF_REG_FP, BPF_REG_ARG3,
                 stack_offset), pos);

         ref = arg->ref;
         while (ref) {
             pr_debug("prologue: arg %d: offset %ld\n",
                  i, ref->offset);
             err = gen_read_mem(pos, BPF_REG_3, BPF_REG_7,
                        ref->offset);
             if (err) {
                 pr_err("prologue: failed to generate probe_read function call\n");
                 goto errout;
             }

             ref = ref->next;
             /*
              * Load previous result into ARG3. Use
              * BPF_REG_FP instead of r7 because verifier
              * allows FP based addressing only.
              */
             if (ref)
                 ins(BPF_LDX_MEM(BPF_DW, BPF_REG_ARG3,
                         BPF_REG_FP, stack_offset), pos);
         }
     }

     /* Final pass: read to registers */
     for (i = 0; i < nargs; i++) {
         int insn_sz = (args[i].ref) ? argtype_to_ldx_size(args[i].type) : BPF_DW;

         pr_debug("prologue: load arg %d, insn_sz is %s\n",
              i, insn_sz_to_str(insn_sz));
         ins(BPF_LDX_MEM(insn_sz, BPF_PROLOGUE_START_ARG_REG + i,
                 BPF_REG_FP, -BPF_REG_SIZE * (i + 1)), pos);
     }

     ins(BPF_JMP_IMM(BPF_JA, BPF_REG_0, 0, JMP_TO_SUCCESS_CODE), pos);

     return check_pos(pos);
 errout:
     return err;
 }

 static int
 prologue_relocate(struct bpf_insn_pos *pos, struct bpf_insn *error_code,
           struct bpf_insn *success_code, struct bpf_insn *user_code)
 {
     struct bpf_insn *insn;

     if (check_pos(pos))
         return -BPF_LOADER_ERRNO__PROLOGUE2BIG;

     for (insn = pos->begin; insn < pos->pos; insn++) {
         struct bpf_insn *target;
         u8 class = BPF_CLASS(insn->code);
         u8 opcode;

         if (class != BPF_JMP)
             continue;
         opcode = BPF_OP(insn->code);
         if (opcode == BPF_CALL)
             continue;

         switch (insn->off) {
         case JMP_TO_ERROR_CODE:
             target = error_code;
             break;
         case JMP_TO_SUCCESS_CODE:
             target = success_code;
             break;
         case JMP_TO_USER_CODE:
             target = user_code;
             break;
         default:
             pr_err("bpf prologue: internal error: relocation failed\n");
             return -BPF_LOADER_ERRNO__PROLOGUE;
         }

         insn->off = target - (insn + 1);
     }
     return 0;
 }

 int bpf__gen_prologue(struct probe_trace_arg *args, int nargs,
               struct bpf_insn *new_prog, size_t *new_cnt,
               size_t cnt_space)
 {
     struct bpf_insn *success_code = NULL;
     struct bpf_insn *error_code = NULL;
     struct bpf_insn *user_code = NULL;
     struct bpf_insn_pos pos;
     bool fastpath = true;
     int err = 0, i;

     if (!new_prog || !new_cnt)
         return -EINVAL;

     if (cnt_space > BPF_MAXINSNS)
         cnt_space = BPF_MAXINSNS;

     pos.begin = new_prog;
     pos.end = new_prog + cnt_space;
     pos.pos = new_prog;

     if (!nargs) {
         ins(BPF_ALU64_IMM(BPF_MOV, BPF_PROLOGUE_FETCH_RESULT_REG, 0),
             &pos);

         if (check_pos(&pos))
             goto errout;

         *new_cnt = pos_get_cnt(&pos);
         return 0;
     }

     if (nargs > BPF_PROLOGUE_MAX_ARGS) {
         pr_warning("bpf: prologue: %d arguments are dropped\n",
                nargs - BPF_PROLOGUE_MAX_ARGS);
         nargs = BPF_PROLOGUE_MAX_ARGS;
     }

     /* First pass: validation */
     for (i = 0; i < nargs; i++) {
         struct probe_trace_arg_ref *ref = args[i].ref;

         if (args[i].value[0] == '@') {
             /* TODO: fetch global variable */
             pr_err("bpf: prologue: global %s%+ld not support\n",
                 args[i].value, ref ? ref->offset : 0);
             return -ENOTSUP;
         }

         while (ref) {
             /* fastpath is true if all args has ref == NULL */
             fastpath = false;

             /*
              * Instruction encodes immediate value using
              * s32, ref->offset is long. On systems which
              * can't fill long in s32, refuse to process if
              * ref->offset too large (or small).
              */
 #ifdef __LP64__
 #define OFFSET_MAX  ((1LL << 31) - 1)
 #define OFFSET_MIN  ((1LL << 31) * -1)
             if (ref->offset > OFFSET_MAX ||
                     ref->offset < OFFSET_MIN) {
                 pr_err("bpf: prologue: offset out of bound: %ld\n",
                        ref->offset);
                 return -BPF_LOADER_ERRNO__PROLOGUEOOB;
             }
 #endif
             ref = ref->next;
         }
     }
     pr_debug("prologue: pass validation\n");

     if (fastpath) {
         /* If all variables are registers... */
         pr_debug("prologue: fast path\n");
         err = gen_prologue_fastpath(&pos, args, nargs);
         if (err)
             goto errout;
     } else {
         pr_debug("prologue: slow path\n");

         /* Initialization: move ctx to a callee saved register. */
         ins(BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1), &pos);

         err = gen_prologue_slowpath(&pos, args, nargs);
         if (err)
             goto errout;
         /*
          * start of ERROR_CODE (only slow pass needs error code)
          *   mov r2 <- 1  // r2 is error number
          *   mov r3 <- 0  // r3, r4... should be touched or
          *                // verifier would complain
          *   mov r4 <- 0
          *   ...
          *   goto usercode
          */
         error_code = pos.pos;
         ins(BPF_ALU64_IMM(BPF_MOV, BPF_PROLOGUE_FETCH_RESULT_REG, 1),
             &pos);

         for (i = 0; i < nargs; i++)
             ins(BPF_ALU64_IMM(BPF_MOV,
                       BPF_PROLOGUE_START_ARG_REG + i,
                       0),
                 &pos);
         ins(BPF_JMP_IMM(BPF_JA, BPF_REG_0, 0, JMP_TO_USER_CODE),
                 &pos);
     }

     /*
      * start of SUCCESS_CODE:
      *   mov r2 <- 0
      *   goto usercode  // skip
      */
     success_code = pos.pos;
     ins(BPF_ALU64_IMM(BPF_MOV, BPF_PROLOGUE_FETCH_RESULT_REG, 0), &pos);

     /*
      * start of USER_CODE:
      *   Restore ctx to r1
      */
     user_code = pos.pos;
     if (!fastpath) {
         /*
          * Only slow path needs restoring of ctx. In fast path,
          * register are loaded directly from r1.
          */
         ins(BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX), &pos);
         err = prologue_relocate(&pos, error_code, success_code,
                     user_code);
         if (err)
             goto errout;
     }

     err = check_pos(&pos);
     if (err)
         goto errout;

     *new_cnt = pos_get_cnt(&pos);
     return 0;
 errout:
     return err;
 }
insn_sz_to_str
static const char * insn_sz_to_str(int insn_sz)
Definition: bpf-prologue.c:86

insn
Definition: insn.h:36

BPF_PROLOGUE_START_ARG_REG
#define BPF_PROLOGUE_START_ARG_REG
Definition: bpf-prologue.h:14

value
int value
Definition: python.c:1143

gen_prologue_fastpath
static int gen_prologue_fastpath(struct bpf_insn_pos *pos, struct probe_trace_arg *args, int nargs)
Definition: bpf-prologue.c:182

gen_ldx_reg_from_ctx
static int gen_ldx_reg_from_ctx(struct bpf_insn_pos *pos, int ctx_reg, const char *reg, int target_reg)
Definition: bpf-prologue.c:112

bpf_insn_pos::pos
struct bpf_insn * pos
Definition: bpf-prologue.c:29

debug.h

JMP_TO_USER_CODE
#define JMP_TO_USER_CODE
Definition: bpf-prologue.c:24

gen_prologue_slowpath
static int gen_prologue_slowpath(struct bpf_insn_pos *pos, struct probe_trace_arg *args, int nargs)
Definition: bpf-prologue.c:241

err
int int err
Definition: 5sec.c:44

stackcollapse.args
args
Definition: stackcollapse.py:56

probe_trace_arg::value
char * value
Definition: probe-event.h:43

regs_query_register_offset
int regs_query_register_offset(const char *name)
Definition: dwarf-regs.c:88

BPF_PROLOGUE_MAX_ARGS
#define BPF_PROLOGUE_MAX_ARGS
Definition: bpf-prologue.h:13

pr_err
#define pr_err(fmt,...)
Definition: json.h:21

bpf_insn_pos
Definition: bpf-prologue.c:26

perf.h

append_insn
static int append_insn(struct bpf_insn new_insn, struct bpf_insn_pos *pos)
Definition: bpf-prologue.c:39

probe_trace_arg_ref::next
struct probe_trace_arg_ref * next
Definition: probe-event.h:36

JMP_TO_ERROR_CODE
#define JMP_TO_ERROR_CODE
Definition: bpf-prologue.c:22

BPF_LOADER_ERRNO__PROLOGUE2BIG
Definition: bpf-loader.h:27

bpf-prologue.h

pr_debug
#define pr_debug(fmt,...)
Definition: json.h:27

JMP_TO_SUCCESS_CODE
#define JMP_TO_SUCCESS_CODE
Definition: bpf-prologue.c:23

bpf_insn_pos::end
struct bpf_insn * end
Definition: bpf-prologue.c:28

pos_get_cnt
static int pos_get_cnt(struct bpf_insn_pos *pos)
Definition: bpf-prologue.c:33

gen_read_mem
static int gen_read_mem(struct bpf_insn_pos *pos, int src_base_addr_reg, int dst_addr_reg, long offset)
Definition: bpf-prologue.c:142

bpf__gen_prologue
int bpf__gen_prologue(struct probe_trace_arg *args, int nargs, struct bpf_insn *new_prog, size_t *new_cnt, size_t cnt_space)
Definition: bpf-prologue.c:358

check_pos
static int check_pos(struct bpf_insn_pos *pos)
Definition: bpf-prologue.c:55

ins
#define ins(i, p)
Definition: bpf-prologue.c:103

bpf-loader.h

probe_trace_arg
Definition: probe-event.h:41

prologue_relocate
static int prologue_relocate(struct bpf_insn_pos *pos, struct bpf_insn *error_code, struct bpf_insn *success_code, struct bpf_insn *user_code)
Definition: bpf-prologue.c:319

BPF_REG_SIZE
#define BPF_REG_SIZE
Definition: bpf-prologue.c:20

probe_trace_arg_ref
Definition: probe-event.h:35

BPF_LOADER_ERRNO__PROLOGUEOOB
Definition: bpf-loader.h:28

BPF_LOADER_ERRNO__PROLOGUE
Definition: bpf-loader.h:26

bpf_insn_pos::begin
struct bpf_insn * begin
Definition: bpf-prologue.c:27

BPF_PROLOGUE_FETCH_RESULT_REG
#define BPF_PROLOGUE_FETCH_RESULT_REG
Definition: bpf-prologue.h:15

probe-finder.h

pr_warning
#define pr_warning(fmt,...)
Definition: debug.h:25

target
char * target
Definition: builtin-probe.c:59

argtype_to_ldx_size
static int argtype_to_ldx_size(const char *type)
Definition: bpf-prologue.c:68

dwarf-regs.h

probe_trace_arg_ref::offset
long offset
Definition: probe-event.h:37

probe_trace_arg::ref
struct probe_trace_arg_ref * ref
Definition: probe-event.h:45