wild cards not working, quantize() not working

[fifteenhex]

Hi,

This should maybe be two issues but I'm posting them as one for now because maybe the root cause is the same i.e. user error on my part.

I've added ply to buildroot and have basic scripts like the snippet below working on x86_64. I'm using kernel 5.4. buildroot is building that kernel alongside the toolchain so I don't think this is a problem with the kernel headers and toolchain being out of sync.

kprobe:vfs_read
{
        @[caller] = count();
}

I'm having problems getting wildcards and quantize() working.

if I change vfs_read to vfs_* in the above snippet it looks like attaching the probes fails:

openat(AT_FDCWD, "/sys/kernel/debug/tracing/kprobe_events", O_RDWR|O_CREAT|O_APPEND, 0666) = 7
fstat(7, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
write(7, "p:ply195/p610b50_vfs_fadvise vfs"..., 3119) = -1 EINVAL (Invalid argument)
close(7)                                = 0
close(6)                                = 0
close(5)                                = 0
munmap(0x7fef69ff4000, 3425280)         = 0
close(4)                                = 0
fstat(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(0x5, 0x1), ...}) = 0
ioctl(1, TCGETS, {B9600 opost isig icanon echo ...}) = 0
write(1, "ERR:-22\n", 8ERR:-22
)                = 8
exit_group(1)                           = ?
+++ exited with 1 +++

If I change the above snippet to this:

#!/usr/bin/env ply

kretprobe:vfs_read
{
        @["rdsz"] = quantize(retval);
}

I get a huge wall of output like this:

from 72 to 75: R0=inv28 R1=inv1 R2=inv0 R6=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=mmmmmmmm fp-16=mmmmmmmm fp-24=mmmmmmmm fp-32=mmmmmmmm fp-40=mmmmmmmm fp-48=mmmmmmmm fp-56=mmmmmmmm fp-64=mmmmmmmm fp-72=mmmmmmmm fp-80=mmmmmmmm fp-88=mmmmmmmm fp-96=mmmmmmmm fp-104=mmmmmmmm fp-112=mmmmmmmm fp-120=mmmmmmmm fp-128=mmmmmmmm fp-136=mmmmmmmm fp-144=mmmmmmmm fp-152=mmmmmmmm fp-160=mmmmmmmm fp-168=mmmmmmmm fp-176=mmmmmmmm fp-184=mmmmmmmm fp-192=mmmmmmmm fp-200=mmmmmmmm fp-208=mmmmmmmm fp-216=mmmmmmmm fp-224=mmmmmmmm fp-232=mmmmmmmm fp-240=mmmmmmmm fp-248=mmmmmmmm fp-256=mmmmmmmm fp-264=mmmmmmmm fp-272=mmmmmmmm
75: (67) r0 <<= 2
76: (bf) r1 = r10
77: (07) r1 += -264
78: (0f) r1 += r0
last_idx 78 first_idx 69
regs=1 stack=0 before 77: (07) r1 += -264
regs=1 stack=0 before 76: (bf) r1 = r10
regs=1 stack=0 before 75: (67) r0 <<= 2
regs=1 stack=0 before 72: (b5) if r1 <= 0x1 goto pc+2
regs=1 stack=0 before 69: (b5) if r1 <= 0x3 goto pc+2
 R0_rw=invP28 R1_rw=inv(id=0,umin_value=1,umax_value=68719476735,var_off=(0x0; 0xfffffffff)) R2=inv0 R6=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_r=mmmmmmmm fp-16_r=mmmmmmmm fp-24_r=mmmmmmmm fp-32_r=mmmmmmmm fp-40_r=mmmmmmmm fp-48_r=mmmmmmmm fp-56_r=mmmmmmmm fp-64_r=mmmmmmmm fp-72_r=mmmmmmmm fp-80_r=mmmmmmmm fp-88_r=mmmmmmmm fp-96_r=mmmmmmmm fp-104_r=mmmmmmmm fp-112_r=mmmmmmmm fp-120_r=mmmmmmmm fp-128_r=mmmmmmmm fp-136_r=mmmmmmmm fp-144_r=mmmmmmmm fp-152_r=mmmmmmmm fp-160_r=mmmmmmmm fp-168_r=mmmmmmmm fp-176_r=mmmmmmmm fp-184_r=mmmmmmmm fp-192_r=mmmmmmmm fp-200_r=mmmmmmmm fp-208_r=mmmmmmmm fp-216_r=mmmmmmmm fp-224_r=mmmmmmmm fp-232_r=mmmmmmmm fp-240_r=mmmmmmmm fp
ERR:-28

This seems to be output from the bpf verification in the kernel? I'm pretty new to bpf so I don't think I'll have much hope of debugging that. If posting the complete output/the code ply generates would be helpful I can do that.

Thanks,

Daniel

[wkz]

Thanks for this bug report. I've not had time to look into the quantize issue, other than to confirm that it is utterly broken. Weirdly enough it only seems to affect 64-bit targets, aarch64 and x86_64 are broken while arm and powerpc work as expected.

Wildcard matches on probes should work better using the latest wkz/ply now.

[kevinXYin]

I have enconter the same issue on arm32 , then I disable the config CONFIG_BPF_JIT_ALWAYS_ON to solve the problem , please check.