[DTrace-devel] BPF verifier question
Kris Van Hees
kris.van.hees at oracle.com
Thu Aug 27 14:57:37 PDT 2020
On Thu, Aug 27, 2020 at 02:22:28PM -0700, Eugene Loh wrote:
> On 08/26/2020 07:09 PM, Kris Van Hees wrote:
>
> > Can you post the actual verifier output plaese? Sometimes there are very
> > interesting nuances hidden in it.
> Here is what I have.
>
> In the probe clause, after the call to get_bvar(), I insert a
>
> jeq %r0, 0, pcb_exitlbl
>
> This means that when the BPF verifier walks the instructions and hits the
> problem, the value in question is no longer map_value_or_null but simply
> map_value.
>
> I run
>
> dtrace -Sen 'BEGIN { x = curcpu; exit(0) }' >& dis.out
> dtrace -n 'BEGIN { x = curcpu; exit(0) }' >& BPF.out
Ah yes, the problem here is that we're trying to store a pointer to a map
value. That is as far as I recall not allowed. You can store them on the
stack, but not in maps (because that would expose the pointer value to
userspace).
That is a limnitation in BPF that I have not yet found a reasonable workaround
for. One option would be to enfore copy-by-value in this case but that gets
very messy because x really needs to be a pointer in this case, so you'd almost
need to 'fake' it, e.g. convert struct T *x into struct T x, but allow it to be
used as if it were a pointer so allow x->foo but render it in code as x.foo.
Ugly, but it is a possible option. I am very option to other suggestions.
> The basic layout of BPF.out is
>
> instructions function description
>
> 0- 33 dt_dtrace entry until call dt_program()
> 36- 45 -> dt_program prologue
> 46- 49 dt_program clause until call to get_bvar()
> 74-113 -> get_bvar() case DIF_VAR_CURCPU
> 50- 50 dt_program map_value_or_null becomes
> map_value
> 51- 54 dt_program get map_value, call set_gvar()
> 129-138 -> set_gvar()
> bpf_map_update_elem(r1,fp-4,fp-16,0)
>
> At the last instruction (138), we have:
>
> R1_w=map_ptr(id=0,off=0,ks=4,vs=8,imm=0)
> R2_w=fp-4
> R3_w=fp-16
> R4_w=invP0
> R10=fp0
> fp-8=0000????
> fp-16_w=map_value
>
> BPF: 138: (85) call bpf_map_update_elem#2
> BPF: invalid indirect read from stack off -16+0 size 8
>
> Thanks for any help.
>
> Disassembly of :::BEGIN
> INS OFF OPCODE INSTRUCTION
> 000 0000: 7b a 1 fff8 00000000 stdw [%fp-8], %r1
> 001 0008: 79 0 a fff8 00000000 lddw %r0, [%fp-8]
> 002 0016: 79 9 0 0010 00000000 lddw %r9, [%r0+16]
> 003 0024: 79 0 0 0008 00000000 lddw %r0, [%r0+8]
> 004 0032: 7a 0 0 0008 00000000 stdw [%r0+8], 0
> 005 0040: 7a 0 0 0010 00000000 stdw [%r0+16], 0
> 006 0048: 62 0 0 0000 ffffffff stw [%r0+0], -1 ! = EPID
> 007 0056: 62 9 0 0000 ffffffff stw [%r9+0], -1 ! = EPID
> 008 0064: 62 0 0 0004 00000000 stw [%r0+4], 0
> 009 0072: 62 9 0 0004 00000000 stw [%r9+4], 0
> 010 0080: 79 1 a fff8 00000000 lddw %r1, [%fp-8]
> 011 0088: 79 1 1 0008 00000000 lddw %r1, [%r1+8]
> 012 0096: b7 2 0 0000 00000121 mov %r2, 289
> 013 0104: 85 0 1 0000 ffffffff call dt_get_bvar ! curcpu
> 014 0112: 15 0 0 0015 00000000 jeq %r0, 0, 21 ! -> 036
> 015 0120: bf 8 0 0000 00000000 mov %r8, %r0
> 016 0128: bf 2 8 0000 00000000 mov %r2, %r8
> 017 0136: b7 1 0 0000 00000000 mov %r1, 0
> 018 0144: 85 0 1 0000 ffffffff call dt_set_gvar ! x
> 019 0152: b7 8 0 0000 00000000 mov %r8, 0
> 020 0160: 63 9 8 0008 00000000 stw [%r9+8], %r8
> 021 0168: 79 0 a fff8 00000000 lddw %r0, [%fp-8]
> 022 0176: 79 0 0 0008 00000000 lddw %r0, [%r0+8]
> 023 0184: 79 0 0 0008 00000000 lddw %r0, [%r0+8]
> 024 0192: 55 0 0 000b 00000000 jne %r0, 0, 11 ! -> 036
> 025 0200: 79 1 a fff8 00000000 lddw %r1, [%fp-8]
> 026 0208: 79 1 1 0000 00000000 lddw %r1, [%r1+0]
> 027 0216: 18 2 0 0000 ffffffff lddw %r2, 0x00000000ffffffff
> 028 0224: 00 0 0 0000 00000000 ! buffers
> 029 0232: 18 3 0 0000 ffffffff lddw %r3, 0x00000000ffffffff
> 030 0240: 00 0 0 0000 00000000
> 031 0248: bf 4 9 0000 00000000 mov %r4, %r9
> 032 0256: 07 4 0 0000 fffffffc add %r4, -4
> 033 0264: b7 5 0 0000 0000000c mov %r5, 12
> 034 0272: 07 5 0 0000 00000004 add %r5, 4
> 035 0280: 85 0 0 0000 00000019 call bpf_perf_event_output
> 036 0288: b7 0 0 0000 00000000 mov %r0, 0
> 037 0296: 95 0 0 0000 00000000 exit
>
> NAME ID KND SCP RANGE FLAG TYPE
> curcpu 121 scl glb [0-37] r D type (pointer) (size 8)
> x 500 scl glb [0-37] w D type (pointer) (size 8)
>
> BPF OFFSET VALUE NAME
> R_BPF_INSN_DISP32 48 1 EPID
> R_BPF_INSN_DISP32 56 1 EPID
> R_BPF_INSN_DISP32 104 *UND* dt_get_bvar
> R_BPF_INSN_DISP32 144 *UND* dt_set_gvar
> R_BPF_INSN_64 216 *UND* buffers
> dtrace: description 'BEGIN ' matched 1 probe
> BPF: func#0 @0
> BPF: func#1 @36
> BPF: func#2 @74
> BPF: func#3 @129
> BPF: 0: R1=ctx(id=0,off=0,imm=0) R10=fp0
> BPF: 0: (7b) *(u64 *)(r10 -24) = r1
> BPF: 1: R1=ctx(id=0,off=0,imm=0) R10=fp0 fp-24_w=ctx
> BPF: 1: (62) *(u32 *)(r10 -16) = 0
> BPF: 2: R1=ctx(id=0,off=0,imm=0) R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 2: (18) r1 = 0xffff8f8f1fa54a00
> BPF: 4: R1_w=map_ptr(id=0,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 4: (bf) r2 = r10
> BPF: 5: R1_w=map_ptr(id=0,off=0,ks=4,vs=128,imm=0) R2_w=fp0 R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 5: (07) r2 += -16
> BPF: 6: R1_w=map_ptr(id=0,off=0,ks=4,vs=128,imm=0) R2_w=fp-16 R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 6: (85) call bpf_map_lookup_elem#1
> BPF: 7: R0_w=map_value_or_null(id=1,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 7: (15) if r0 == 0x0 goto pc+26
> BPF: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 8: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-16=????mmmm fp-24_w=ctx
> BPF: 8: (7b) *(u64 *)(r10 -16) = r0
> BPF: 9: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-16_w=map_value fp-24_w=ctx
> BPF: 9: (07) r0 += 104
> BPF: 10: R0_w=map_value(id=0,off=104,ks=4,vs=128,imm=0) R10=fp0 fp-16_w=map_value fp-24_w=ctx
> BPF: 10: (7a) *(u64 *)(r0 +0) = 0
> BPF: R0_w=map_value(id=0,off=104,ks=4,vs=128,imm=0) R10=fp0 fp-16_w=map_value fp-24_w=ctx
> BPF: 11: R0_w=map_value(id=0,off=104,ks=4,vs=128,imm=0) R10=fp0 fp-16_w=map_value fp-24_w=ctx
> BPF: 11: (07) r0 += 8
> BPF: 12: R0_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-16_w=map_value fp-24_w=ctx
> BPF: 12: (7b) *(u64 *)(r10 -8) = r0
> BPF: 13: R0_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 13: (79) r7 = *(u64 *)(r10 -16)
> BPF: 14: R0_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 14: (79) r8 = *(u64 *)(r10 -24)
> BPF: 15: R0_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 15: (79) r0 = *(u64 *)(r8 +112)
> BPF: 16: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 16: (7b) *(u64 *)(r7 +24) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 17: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 17: (79) r0 = *(u64 *)(r8 +104)
> BPF: 18: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 18: (7b) *(u64 *)(r7 +32) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 19: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 19: (79) r0 = *(u64 *)(r8 +96)
> BPF: 20: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 20: (7b) *(u64 *)(r7 +40) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 21: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 21: (79) r0 = *(u64 *)(r8 +88)
> BPF: 22: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 22: (7b) *(u64 *)(r7 +48) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 23: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 23: (79) r0 = *(u64 *)(r8 +72)
> BPF: 24: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 24: (7b) *(u64 *)(r7 +56) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 25: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 25: (79) r0 = *(u64 *)(r8 +64)
> BPF: 26: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 26: (7b) *(u64 *)(r7 +64) = r0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 27: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 27: (7a) *(u64 *)(r7 +48) = 0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 28: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 28: (7a) *(u64 *)(r7 +56) = 0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 29: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 29: (7a) *(u64 *)(r7 +64) = 0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 30: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 30: (7a) *(u64 *)(r7 +72) = 0
> BPF: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 31: R0_w=invP(id=0) R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 31: (bf) r1 = r10
> BPF: 32: R0_w=invP(id=0) R1_w=fp0 R7_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8_w=ctx(id=0,off=0,imm=0) R10=fp0 fp-8_w=map_value fp-16_w=map_value fp-24_w=ctx
> BPF: 32: (07) r1 += -24
> BPF: 33: R0=invP(id=0) R1=fp-24 R7=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=map_value fp-16=map_value fp-24=ctx
> BPF: 33: (85) call pc+2
> BPF: caller:
> BPF: R7=map_value(id=0,off=0,ks=4,vs=128,imm=0) R8=ctx(id=0,off=0,imm=0) R10=fp0 fp-8=map_value fp-16=map_value fp-24=ctx
> BPF: callee:
> BPF: frame1: R1=fp-24 R10=fp0
> BPF: 36: frame1: R1=fp-24 R10=fp0
> BPF: 36: (7b) *(u64 *)(r10 -8) = r1
> BPF: 37: frame1: R1=fp-24 R10=fp0 fp-8_w=fp
> BPF: 37: (79) r0 = *(u64 *)(r10 -8)
> BPF: 38: frame1: R0_w=fp-24 R1=fp-24 R10=fp0 fp-8_w=fp
> BPF: 38: (79) r9 = *(u64 *)(r0 +16)
> BPF: 39: frame1: R0_w=fp-24 R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 39: (79) r0 = *(u64 *)(r0 +8)
> BPF: 40: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 40: (7a) *(u64 *)(r0 +8) = 0
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 41: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 41: (7a) *(u64 *)(r0 +16) = 0
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 42: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 42: (62) *(u32 *)(r0 +0) = 1
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 43: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 43: (62) *(u32 *)(r9 +0) = 1
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 44: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 44: (62) *(u32 *)(r0 +4) = 0
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 45: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 45: (62) *(u32 *)(r9 +4) = 0
> BPF: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 46: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 46: (79) r1 = *(u64 *)(r10 -8)
> BPF: 47: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1_w=fp-24 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 47: (79) r1 = *(u64 *)(r1 +8)
> BPF: 48: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 48: (b7) r2 = 289
> BPF: 49: frame1: R0_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R1_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: 49: (85) call pc+24
> BPF: caller:
> BPF: frame1: R9_w=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8_w=fp
> BPF: callee:
> BPF: frame2: R1_w=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 74: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2=invP289 R10=fp0
> BPF: 74: (bc) w2 = w2
> BPF: 75: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 75: (15) if r2 == 0x110 goto pc+41
> BPF: 76: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 76: (b5) if r2 <= 0x110 goto pc+7
> BPF: 77: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 77: (15) if r2 == 0x11e goto pc+41
> BPF: 78: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 78: (25) if r2 > 0x11e goto pc+26
> BPF: 105: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 105: (15) if r2 == 0x11f goto pc+8
> BPF: 106: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 106: (55) if r2 != 0x121 goto pc-12
> BPF: 107: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0
> BPF: 107: (62) *(u32 *)(r10 -4) = 0
> BPF: 108: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=invP289 R10=fp0 fp-8=mmmm????
> BPF: 108: (bf) r2 = r10
> BPF: 109: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=fp0 R10=fp0 fp-8=mmmm????
> BPF: 109: (07) r2 += -4
> BPF: 110: frame2: R1=map_value(id=0,off=0,ks=4,vs=128,imm=0) R2_w=fp-4 R10=fp0 fp-8=mmmm????
> BPF: 110: (18) r1 = 0xffff8f8f1fa56600
> BPF: 112: frame2: R1_w=map_ptr(id=0,off=0,ks=4,vs=24,imm=0) R2_w=fp-4 R10=fp0 fp-8=mmmm????
> BPF: 112: (85) call bpf_map_lookup_elem#1
> BPF: 113: frame2: R0=map_value_or_null(id=2,off=0,ks=4,vs=24,imm=0) R10=fp0 fp-8=mmmm????
> BPF: 113: (95) exit
> BPF: returning from callee:
> BPF: frame2: R0=map_value_or_null(id=2,off=0,ks=4,vs=24,imm=0) R10=fp0 fp-8=mmmm????
> BPF: to caller at 50:
> BPF: frame1: R0=map_value_or_null(id=2,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 50: frame1: R0=map_value_or_null(id=2,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 50: (15) if r0 == 0x0 goto pc+21
> BPF: frame1: R0=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 51: frame1: R0=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 51: (bf) r8 = r0
> BPF: 52: frame1: R0=map_value(id=0,off=0,ks=4,vs=24,imm=0) R8_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 52: (bf) r2 = r8
> BPF: 53: frame1: R0=map_value(id=0,off=0,ks=4,vs=24,imm=0) R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R8_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 53: (b7) r1 = 0
> BPF: 54: frame1: R0=map_value(id=0,off=0,ks=4,vs=24,imm=0) R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R8_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: 54: (85) call pc+74
> BPF: caller:
> BPF: frame1: R8_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R9=map_value(id=0,off=112,ks=4,vs=128,imm=0) R10=fp0 fp-8=fp
> BPF: callee:
> BPF: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R10=fp0
> BPF: 129: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R10=fp0
> BPF: 129: (63) *(u32 *)(r10 -4) = r1
> BPF: 130: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R10=fp0 fp-8=0000????
> BPF: 130: (7b) *(u64 *)(r10 -16) = r2
> BPF: 131: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 131: (b7) r4 = 0
> BPF: 132: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 132: (bf) r3 = r10
> BPF: 133: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R3_w=fp0 R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 133: (07) r3 += -16
> BPF: 134: frame2: R1_w=invP0 R2_w=map_value(id=0,off=0,ks=4,vs=24,imm=0) R3_w=fp-16 R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 134: (bf) r2 = r10
> BPF: 135: frame2: R1_w=invP0 R2_w=fp0 R3_w=fp-16 R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 135: (07) r2 += -4
> BPF: 136: frame2: R1_w=invP0 R2_w=fp-4 R3_w=fp-16 R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 136: (18) r1 = 0xffff8f8f7f733200
> BPF: 138: frame2: R1_w=map_ptr(id=0,off=0,ks=4,vs=8,imm=0) R2_w=fp-4 R3_w=fp-16 R4_w=invP0 R10=fp0 fp-8=0000???? fp-16_w=map_value
> BPF: 138: (85) call bpf_map_update_elem#2
> BPF: invalid indirect read from stack off -16+0 size 8
> BPF: verification time 313 usec
> BPF: stack depth 24+8+4+16
> BPF: processed 74 insns (limit 1000000) max_states_per_insn 0 total_states 3 peak_states 3 mark_read 1
> dtrace: could not enable tracing: BPF program load for 'dtrace:::BEGIN' failed: Permission denied
> _______________________________________________
> DTrace-devel mailing list
> DTrace-devel at oss.oracle.com
> https://oss.oracle.com/mailman/listinfo/dtrace-devel
More information about the DTrace-devel
mailing list