tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

bpf: Add bpf_task_pt_regs() helper

The motivation behind this helper is to access userspace pt_regs in a
kprobe handler.

uprobe's ctx is the userspace pt_regs. kprobe's ctx is the kernelspace
pt_regs. bpf_task_pt_regs() allows accessing userspace pt_regs in a
kprobe handler. The final case (kernelspace pt_regs in uprobe) is
pretty rare (usermode helper) so I think that can be solved later if
necessary.

More concretely, this helper is useful in doing BPF-based DWARF stack
unwinding. Currently the kernel can only do framepointer based stack
unwinds for userspace code. This is because the DWARF state machines are
too fragile to be computed in kernelspace [0]. The idea behind
DWARF-based stack unwinds w/ BPF is to copy a chunk of the userspace
stack (while in prog context) and send it up to userspace for unwinding
(probably with libunwind) [1]. This would effectively enable profiling
applications with -fomit-frame-pointer using kprobes and uprobes.

[0]: https://lkml.org/lkml/2012/2/10/356
[1]: https://github.com/danobi/bpf-dwarf-walk

Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/e2718ced2d51ef4268590ab8562962438ab82815.1629772842.git.dxu@dxuuu.xyz

authored by

Daniel Xu and committed by
Alexei Starovoitov dd6e10fb a396eda5

+36
+7
include/uapi/linux/bpf.h
··· 4871 4871 * Return 4872 4872 * Value specified by user at BPF link creation/attachment time 4873 4873 * or 0, if it was not specified. 4874 + * 4875 + * long bpf_task_pt_regs(struct task_struct *task) 4876 + * Description 4877 + * Get the struct pt_regs associated with **task**. 4878 + * Return 4879 + * A pointer to struct pt_regs. 4874 4880 */ 4875 4881 #define __BPF_FUNC_MAPPER(FN) \ 4876 4882 FN(unspec), \ ··· 5054 5048 FN(timer_cancel), \ 5055 5049 FN(get_func_ip), \ 5056 5050 FN(get_attach_cookie), \ 5051 + FN(task_pt_regs), \ 5057 5052 /* */ 5058 5053 5059 5054 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
+3
kernel/bpf/helpers.c
··· 1327 1327 const struct bpf_func_proto bpf_probe_read_user_str_proto __weak; 1328 1328 const struct bpf_func_proto bpf_probe_read_kernel_proto __weak; 1329 1329 const struct bpf_func_proto bpf_probe_read_kernel_str_proto __weak; 1330 + const struct bpf_func_proto bpf_task_pt_regs_proto __weak; 1330 1331 1331 1332 const struct bpf_func_proto * 1332 1333 bpf_base_func_proto(enum bpf_func_id func_id) ··· 1425 1424 return &bpf_snprintf_btf_proto; 1426 1425 case BPF_FUNC_snprintf: 1427 1426 return &bpf_snprintf_proto; 1427 + case BPF_FUNC_task_pt_regs: 1428 + return &bpf_task_pt_regs_proto; 1428 1429 default: 1429 1430 return NULL; 1430 1431 }
+19
kernel/trace/bpf_trace.c
··· 723 723 .ret_btf_id = &btf_task_struct_ids[0], 724 724 }; 725 725 726 + BPF_CALL_1(bpf_task_pt_regs, struct task_struct *, task) 727 + { 728 + return (unsigned long) task_pt_regs(task); 729 + } 730 + 731 + BTF_ID_LIST(bpf_task_pt_regs_ids) 732 + BTF_ID(struct, pt_regs) 733 + 734 + const struct bpf_func_proto bpf_task_pt_regs_proto = { 735 + .func = bpf_task_pt_regs, 736 + .gpl_only = true, 737 + .arg1_type = ARG_PTR_TO_BTF_ID, 738 + .arg1_btf_id = &btf_task_struct_ids[0], 739 + .ret_type = RET_PTR_TO_BTF_ID, 740 + .ret_btf_id = &bpf_task_pt_regs_ids[0], 741 + }; 742 + 726 743 BPF_CALL_2(bpf_current_task_under_cgroup, struct bpf_map *, map, u32, idx) 727 744 { 728 745 struct bpf_array *array = container_of(map, struct bpf_array, map); ··· 1049 1032 return &bpf_get_current_task_proto; 1050 1033 case BPF_FUNC_get_current_task_btf: 1051 1034 return &bpf_get_current_task_btf_proto; 1035 + case BPF_FUNC_task_pt_regs: 1036 + return &bpf_task_pt_regs_proto; 1052 1037 case BPF_FUNC_get_current_uid_gid: 1053 1038 return &bpf_get_current_uid_gid_proto; 1054 1039 case BPF_FUNC_get_current_comm:
+7
tools/include/uapi/linux/bpf.h
··· 4871 4871 * Return 4872 4872 * Value specified by user at BPF link creation/attachment time 4873 4873 * or 0, if it was not specified. 4874 + * 4875 + * long bpf_task_pt_regs(struct task_struct *task) 4876 + * Description 4877 + * Get the struct pt_regs associated with **task**. 4878 + * Return 4879 + * A pointer to struct pt_regs. 4874 4880 */ 4875 4881 #define __BPF_FUNC_MAPPER(FN) \ 4876 4882 FN(unspec), \ ··· 5054 5048 FN(timer_cancel), \ 5055 5049 FN(get_func_ip), \ 5056 5050 FN(get_attach_cookie), \ 5051 + FN(task_pt_regs), \ 5057 5052 /* */ 5058 5053 5059 5054 /* integer value in 'imm' field of BPF_CALL instruction selects which helper