struct pt_regs missing in /usr/include/ tree for eBPF program compile

From: Thomas-Mich Richter
Date: Wed Aug 02 2017 - 07:22:46 EST

Next message: Roberto Sassu: "Re: [Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type"
Previous message: Arvind Yadav: "[PATCH 3/3] char: virtio: constify attribute_group structures."
Next in thread: Daniel Borkmann: "Re: Fwd: struct pt_regs missing in /usr/include/ tree for eBPF program compile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I work on the perf tool and its bpf support for IBM s390 and came across a
strange issue compiling tools/testing/selftests/bpf/test_verifier.c on s390x.

This is the compile error:
gcc -Wall -O2 -I../../../include/uapi -I../../../lib -I../../../../include/generated
-DHAVE_GENHDR -I../../../include test_verifier.c
/root/linux-devel/tools/testing/selftests/bpf/libbpf.a -lcap -lelf -o
/root/linux-devel/tools/testing/selftests/bpf/test_verifier
In file included from test_verifier.c:63:0:
../../../include/uapi/linux/bpf_perf_event.h:14:17: error: field âregsâ has
incomplete type struct pt_regs regs;

This shows up in test case "unpriv: spill/fill of different pointers ldx"
at line 1811.
This issue is located in file /usr/include/linux/bpf_perf_event.h which is a
copy of the linux kernels include/uapi/linux/bpf_perf_event.h.

It contains:
struct bpf_perf_event_data {
struct pt_regs regs;
__u64 sample_period;
};

On s390 struct pt_regs is not exported to user space and does not appear
anywhere in /usr/include.
How about other architectures beside Intel?
As far as I know
1. the struct pt_regs contains only kernel registers, no user space registers?
2. Is part of the kernel API and should not be exported at all?

When I investigated the kernel side of the bpf() system call, the test case ends
up in functions pe_prog_is_valid_access() and pe_prog_convert_ctx_access()
via syscall(bpf)
+--> bpf_prog_load()
+--> find_prog_type() to load eBPF type specific verifiers
| pe_prog_is_valid_access() and pe_prog_convert_ctx_access()
+--> bpf_check() to verify (and modify) the eBPF
+--> check_vfg()
+--> do_check()
+--> check_xadd()
+--> check_mem_access()
+--> check_ctx_access()
+--> env->prog->aux->ops->is_valid_access
which is set to
pe_prog_is_valid_access()

Now this last function expects and verifies struct pt_regs via struct member
offsets which needs a correct struct pt_regs previously setup by user space
eBPF program.

This also requires a correct struct pt_regs in /usr/include/linux/bpf_perf_event.h
(which includes /usr/include/{linux,asm,sym}/ptrace.h

How to achieve this on a platform which does not export struct pt_regs to the
user?

Thanks a lot for your help.

--
Thomas Richter, Dept 3303, IBM LTC Boeblingen Germany
--
Vorsitzende des Aufsichtsrats: Martina Koederitz
GeschÃftsfÃhrung: Dirk Wittkopp
Sitz der Gesellschaft: BÃblingen / Registergericht: Amtsgericht Stuttgart, HRB 243294

Next message: Roberto Sassu: "Re: [Linux-ima-devel] [PATCH, RESEND 08/12] ima: added parser for RPM data type"
Previous message: Arvind Yadav: "[PATCH 3/3] char: virtio: constify attribute_group structures."
Next in thread: Daniel Borkmann: "Re: Fwd: struct pt_regs missing in /usr/include/ tree for eBPF program compile"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]