Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support big strings #3228

Merged
merged 6 commits into from
Jun 12, 2024
Merged

Support big strings #3228

merged 6 commits into from
Jun 12, 2024

Conversation

danobi
Copy link
Member

@danobi danobi commented Jun 10, 2024
edited
Loading

Previously, all strings needed to be stored on the stack. Given that BPF
has a 512B stack limit, this put serious limits on strings. In practice,
it was limited to about 200B.

This PR raises the limit much higher to around 1024. The new limit
we hit is from the LLVM memset() builtin. It only supports up to 1K. To
go above this, we need to create our own memset() routine in BPF. This
is quite easy to do and will be attempted in a later commit.

The way big strings work is by assigning each str() call in the script a
unique ID. Then we create a percpu array map such that for each CPU,
there is a percpu entry that can accomodate each str() callsite. This
makes it so scripts can keep as many strings "on the stack" as they'd
like, with the tradeoff being the amount of memory we need to
preallocate.

As long as the kernel never allows BPF programs to nest (eg execute prog
A while prog A is already on the call stack), this approach is robust to
self-corruption.

This closes #305.

Checklist
  • Language changes are updated in man/adoc/bpftrace.adoc
  • User-visible and non-trivial changes updated in CHANGELOG.md
  • The new behaviour is covered by tests

@danobi
Copy link
Member Author

danobi commented Jun 10, 2024
edited
Loading

In another window:

$ /usr/bin/asdf/asdf/dsf/sdfddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd
bash: /usr/bin/asdf/asdf/dsf/sdfddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd: No such file or directory

$ sudo BPFTRACE_MAX_STRLEN=1024 ./build/src/bpftrace -e 't:syscalls:sys_enter_execve { @[str(args.filename)] = count() }'
Attaching 1 probe...
^C

@[/usr/bin/asdf/asdf/dsf/sdfddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd]: 1
@[/home/dxu/.tmux/plugins/tmux-continuum/scripts/continuum_save.sh]: 2
@[/bin/sh]: 2
@[/usr/bin/cut]: 2

@tyroguru you'll be happy to know I woke up this morning with the approach fully formed in my head. But perhaps also sad to know it blew up my sunday :)

@danobi danobi mentioned this pull request Jun 10, 2024
Open
@danobi
Copy link
Member Author

danobi commented Jun 10, 2024

Related but not done: #2853

@danobi danobi mentioned this pull request Jun 10, 2024
Open
@danobi danobi force-pushed the big_str branch 2 times, most recently from bf0893f to c919a83 Compare June 10, 2024 03:02
@marc-hb marc-hb mentioned this pull request Jun 10, 2024
Open
@danobi danobi force-pushed the big_str branch 2 times, most recently from 1fd35fa to d026d58 Compare June 10, 2024 17:16
@danobi danobi marked this pull request as ready for review June 10, 2024 17:32
jordalgo
jordalgo reviewed Jun 11, 2024
View reviewed changes
src/main.cpp Show resolved Hide resolved
jordalgo
jordalgo reviewed Jun 11, 2024
View reviewed changes
tests/runtime/call Outdated Show resolved Hide resolved
@jordalgo
Copy link
Contributor

This all looks great and surprisingly straightforward.

@danobi
codegen: NFC: Order saved IDs in create_reset_ids()
2f69d77 
Order the ids in the order they were defined in codegen_llvm.h. This
makes it easier to spot missing ids.
@danobi
codegen: Add missing IDs in create_reset_ids()
4b80df8 
We were missing cgroup_path_id and watchpoint_id. Without this, there
would be bugs for cgroupid() if it is used inside a loop or in an
expanded probe. Similarly, if watchpoint probes are expanded, there
would have been bugs.
@danobi
codegen: NFC: Avoid storing str() len param explicitly on stack
0ffb4de 
There is no need to keep the strlen value explicitly on stack. We can
leave it up to LLVM whether or not to spill onto stack or keep in a
register.
@danobi
codegen: strncmp: Generalize to support all string types
9942d91 
Before, strncmp codegen assumed that caller was passing in two alloca'd
strings. This assumption was fine but overly narrow now that we are
implementing big strings. Big strings are not an array type (alloca),
but rather a proper pointer.

Relax assumption by using a more general pointer to i8.
@danobi
Support big strings
723275b 
Previously, all strings needed to be stored on the stack. Given that BPF
has a 512B stack limit, this put serious limits on strings. In practice,
it was limited to about 200B.

This commit raises the limit much higher to around 1024. The new limit
we hit is from the LLVM memset() builtin. It only supports up to 1K. To
go above this, we need to create our own memset() routine in BPF. This
is quite easy to do and will be attempted in a later commit.

The way big strings work is by assigning each str() call in the script a
unique ID. Then we create a percpu array map such that for each CPU,
there is a percpu entry that can accomodate each str() callsite. This
makes it so scripts can keep as many strings "on the stack" as they'd
like, with the tradeoff being the amount of memory we need to
preallocate.

As long as the kernel never allows BPF programs to nest (eg execute prog
A while prog A is already on the call stack), this approach is robust to
self-corruption.

Note we do not yet remove or change default value of
BPFTRACE_MAX_STRLEN. That is b/c a few other helpers (buf(), path(),
maybe more) also read the value and allocate space on stack accordingly.
We need to decouple or convert those helpers to scratch maps as well.

This closes bpftrace#305.
@danobi
Update CHANGELOG
e7b5f01
@danobi danobi merged commit 81b6a51 into bpftrace:master Jun 12, 2024
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jordalgo jordalgo jordalgo approved these changes

@ajor ajor Awaiting requested review from ajor ajor is a code owner

@viktormalik viktormalik Awaiting requested review from viktormalik viktormalik is a code owner

@fbs fbs Awaiting requested review from fbs fbs is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

str() to support large strings
2 participants
@danobi @jordalgo