Merged
Conversation
jschwinger233
approved these changes
Oct 6, 2025
Andreagit97
reviewed
Oct 6, 2025
Contributor
Andreagit97
left a comment
There was a problem hiding this comment.
tested it locally and everything works fine! thanks!
LGTM
f0e420b to
09064ce
Compare
Member
|
@Asphaltt Thanks for the patch again! If we apply your patch, then do we need to bump a min kernel requirement for |
Since commit torvalds/linux@7d1cd70d4b16ff (v6.13), the private stack of bpf programs was introduced for fentry. As a result, when the private stack is used for fentry, it cannot retrieve the function IP by unwinding `rfp`. To avoid the issue caused by the private stack, it is able to retrieve the function IP by unwinding trampoline's `rfp`, which is `ctx + 8` always for our case. Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
When trampoline was introduced for arm64, `bpf_get_func_ip()` was introduced at the same time. See commit torvalds/linux@efc9909fdce0 ("bpf, arm64: Add bpf trampoline for arm64"). Therefore, it is able to get the IP of tracee using this helper. Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
When the stack layout become more and more complicated, it is not
reliable to detect the FP of trampoline by checking possible range.
To get rid of the stack layout, which will be updated along the kernel,
detect the FP of trampoline by utilizing the `ctx` of current fentry
prog. As for our case, there is only one argument, `skb` or `xdp`, on
the stack of trampoline for tracee. Therefore, it is able to confirm the
FP by checking whether the IP beyond the FP is the IP of tracee.
* | lr | IP of tracee
* | fp | FP of tracee
* +------+ FP of trampoline <--------- detect it
* | .. | padding
* | x20 | always
* | x19 | always
* | arg | skb/xdp always for our case
* +------+ ctx of current prog
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
09064ce to
b743513
Compare
Contributor
Author
No, we don’t need to bump the minimum kernel requirement. This change simply gets rid of the private stack feature, since the |
brb
approved these changes
Oct 22, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #602
Since commit torvalds/linux@7d1cd70d4b16ff (v6.13), the private stack of bpf programs was introduced for fentry.
As a result, when the private stack is used for fentry, it cannot retrieve the function IP by unwinding
rfp.To avoid the issue caused by the private stack, it is able to retrieve the function IP by unwinding trampoline's
rfp, which isctx + 8always for our case.