On Sat, Oct 25, 2025 at 8:02 PM Menglong Dong <[email protected]> wrote:
>
> If TRACE_SESSION exists, we will use extra 8-bytes in the stack of the
> trampoline to store the flags that we needed, and the 8-bytes lie after
> the return value, which means ctx[nr_args + 1]. And we will store the
> flag "is_exit" to the first bit of it.
>
> Introduce the kfunc bpf_tracing_is_exit(), which is used to tell if it
> is fexit currently. Meanwhile, inline it in the verifier.
>
> Add the kfunc bpf_fsession_cookie(), which is similar to
> bpf_session_cookie() and return the address of the session cookie. The
> address of the session cookie is stored after session flags, which means
> ctx[nr_args + 2]. Inline this kfunc in the verifier too.
>
> Signed-off-by: Menglong Dong <[email protected]>
> Co-developed-by: Leon Hwang <[email protected]>
> Signed-off-by: Leon Hwang <[email protected]>
> ---
> v3:
> - merge the bpf_tracing_is_exit and bpf_fsession_cookie into a single
> patch
>
> v2:
> - store the session flags after return value, instead of before nr_args
> - inline the bpf_tracing_is_exit, as Jiri suggested
> ---
> include/linux/bpf.h | 1 +
> kernel/bpf/verifier.c | 33 ++++++++++++++++++++--
> kernel/trace/bpf_trace.c | 59 ++++++++++++++++++++++++++++++++++++++--
> 3 files changed, 88 insertions(+), 5 deletions(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 6b5855c80fa6..ce55d3881c0d 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -1736,6 +1736,7 @@ struct bpf_prog {
> enforce_expected_attach_type:1, /* Enforce
> expected_attach_type checking at attach time */
> call_get_stack:1, /* Do we call
> bpf_get_stack() or bpf_get_stackid() */
> call_get_func_ip:1, /* Do we call
> get_func_ip() */
> + call_session_cookie:1, /* Do we call
> bpf_fsession_cookie() */
> tstamp_type_access:1, /* Accessed
> __sk_buff->tstamp_type */
> sleepable:1; /* BPF program is sleepable */
> enum bpf_prog_type type; /* Type of BPF program */
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 818deb6a06e4..6f8aa4718d6f 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -12293,6 +12293,8 @@ enum special_kfunc_type {
> KF___bpf_trap,
> KF_bpf_task_work_schedule_signal,
> KF_bpf_task_work_schedule_resume,
> + KF_bpf_tracing_is_exit,
we have bpf_session_is_return(), can't we just implement it for
fsession program type? Is that because we need ctx access? But we can
get bpf_run_ctx without that, can't we store this flag in run_ctx?
> + KF_bpf_fsession_cookie,
same, we have bpf_session_cookie, can we support that? And again, we
can just make sure that session cookie is put into run_ctx.
And if not, let's at least use consistent naming then?
bpf_fsession_is_return() and bpf_fsession_cookie() as one more
consistent example?
> };
>
> BTF_ID_LIST(special_kfunc_list)
> @@ -12365,6 +12367,8 @@ BTF_ID(func, bpf_res_spin_unlock_irqrestore)
> BTF_ID(func, __bpf_trap)
> BTF_ID(func, bpf_task_work_schedule_signal)
> BTF_ID(func, bpf_task_work_schedule_resume)
> +BTF_ID(func, bpf_tracing_is_exit)
> +BTF_ID(func, bpf_fsession_cookie)
>
> static bool is_task_work_add_kfunc(u32 func_id)
> {
[...]
