On Wed, May 31, 2023 at 4:01 PM Jiri Olsa [off-list ref] wrote:

On Tue, May 30, 2023 at 12:44:23PM +0800, menglong8.dong@gmail.com wrote:

quoted

From: Menglong Dong <redacted>

For now, the BPF program of type BPF_PROG_TYPE_TRACING can only be used
on the kernel functions whose arguments count less than 6. This is not
friendly at all, as too many functions have arguments count more than 6.

Therefore, let's enhance it by increasing the function arguments count
allowed in arch_prepare_bpf_trampoline(), for now, only x86_64.

For the case that we don't need to call origin function, which means
without BPF_TRAMP_F_CALL_ORIG, we need only copy the function arguments
that stored in the frame of the caller to current frame. The arguments
of arg6-argN are stored in "$rbp + 0x18", we need copy them to
"$rbp - regs_off + (6 * 8)".

For the case with BPF_TRAMP_F_CALL_ORIG, we need prepare the arguments
in stack before call origin function, which means we need alloc extra
"8 * (arg_count - 6)" memory in the top of the stack. Note, there should
not be any data be pushed to the stack before call the origin function.
Then, we have to store rbx with 'mov' instead of 'push'.

It works well for the FENTRY and FEXIT, I'm not sure if there are other
complicated cases.

Signed-off-by: Menglong Dong <redacted>
---
 arch/x86/net/bpf_jit_comp.c | 88 ++++++++++++++++++++++++++++++++-----

please add selftests for this.. I had to add one to be able to check
the generated trampoline

Okay!

BTW, I failed to compile the latest selftests/bpf with
the following errors:

progs/verifier_and.c:58:16: error: invalid operand for instruction
        asm volatile ("                                 \

The version of clang I used is:

clang --version
Debian clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin

Does anyone know the reason?

Thanks!
Menglong Dong

jirka