Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix error in dereferencing kernel double pointers
BPF verifier can detect safety of pointer accesses for BTF-based probes (k(ret)func, iter) and therefore it is not necessary to use bpf_probe_read_kernel inside such probes. This feature was enabled in bpftrace by commit c2c3ab9 ("Support identifying btf type"). Unfortunately, the verifier is not able to track BTF information for dereferences and array accesses on double pointers so, e.g. the following script fails to load: # bpftrace -e 'kfunc:__module_get { print(args.module->trace_events[0]->flags);' } -v INFO: node count: 13 Attaching 1 probe... Error log: reg type unsupported for arg#0 function kfunc_vmlinux___module_get#22 0: R1=ctx(off=0,imm=0) R10=fp0 0: (79) r1 = *(u64 *)(r1 +0) func '__module_get' arg0 has btf_id 250 type STRUCT 'module' 1: R1_w=ptr_module(off=0,imm=0) 1: (79) r1 = *(u64 *)(r1 +1128) ; R1_w=scalar() 2: (79) r1 = *(u64 *)(r1 +0) R1 invalid mem access 'scalar' processed 3 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0 ERROR: Error loading program: kfunc:vmlinux:__module_get A similar error happens when dereferencing the double pointer with `*` # bpftrace -e 'kfunc:__module_get { print((*args.module->trace_events)->flags);' } -v An analogous program fails to load even when written using libbpf. We need to use bpf_probe_read_kernel for such cases so do not propagate the SizedType::is_btftype flag when observing a dereference or array access of a double pointer in semantic analyser.
- Loading branch information