1. Patchew
  2. linux
  3. [PATCH bpf-next 0/3] bpf: Show precise rejected function when attaching to __noreturn and __btf_id functions
  4. View patch

[PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions

KaFai Wan posted 3 patches 2 months, 4 weeks ago
[PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions
Posted by KaFai Wan 2 months, 4 weeks ago 
Show the precise rejected function name when attaching tracing to
__btf_id functions.

$ ./fentry
libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL
libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG --
Attaching tracing to __btf_id function 'migrate_disable' is rejected.

Signed-off-by: KaFai Wan <mannkafai@gmail.com>
---
 kernel/bpf/verifier.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 275d82fb1a1a..2779d63e1f8b 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -23938,6 +23938,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
 			return ret;
 	} else if (prog->type == BPF_PROG_TYPE_TRACING &&
 		   btf_id_set_contains(&btf_id_deny, btf_id)) {
+		verbose(env, "Attaching tracing to __btf_id function '%s' is rejected.\n",
+			tgt_info.tgt_name);
 		return -EINVAL;
 	} else if ((prog->expected_attach_type == BPF_TRACE_FEXIT ||
 		   prog->expected_attach_type == BPF_MODIFY_RETURN) &&
-- 
2.43.0
Re: [PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions
Posted by Alexei Starovoitov 2 months, 4 weeks ago 
On Thu, Jul 10, 2025 at 9:27 AM KaFai Wan <mannkafai@gmail.com> wrote:
>
> Show the precise rejected function name when attaching tracing to
> __btf_id functions.
>
> $ ./fentry
> libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL
> libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG --
> Attaching tracing to __btf_id function 'migrate_disable' is rejected.
>
> Signed-off-by: KaFai Wan <mannkafai@gmail.com>
> ---
>  kernel/bpf/verifier.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> index 275d82fb1a1a..2779d63e1f8b 100644
> --- a/kernel/bpf/verifier.c
> +++ b/kernel/bpf/verifier.c
> @@ -23938,6 +23938,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
>                         return ret;
>         } else if (prog->type == BPF_PROG_TYPE_TRACING &&
>                    btf_id_set_contains(&btf_id_deny, btf_id)) {
> +               verbose(env, "Attaching tracing to __btf_id function '%s' is rejected.\n",
> +                       tgt_info.tgt_name);

"Attaching tracing to __btf_id" ?! What does it mean?
Drop "__btf_id" and "tracing" bits.

--
pw-bot: cr
Re: [PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions
Posted by KaFai Wan 2 months, 3 weeks ago 
On Thu, 2025-07-10 at 10:19 -0700, Alexei Starovoitov wrote:
> On Thu, Jul 10, 2025 at 9:27 AM KaFai Wan <mannkafai@gmail.com>
> wrote:
> > 
> > Show the precise rejected function name when attaching tracing to
> > __btf_id functions.
> > 
> > $ ./fentry
> > libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL
> > libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG --
> > Attaching tracing to __btf_id function 'migrate_disable' is
> > rejected.
> > 
> > Signed-off-by: KaFai Wan <mannkafai@gmail.com>
> > ---
> >  kernel/bpf/verifier.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index 275d82fb1a1a..2779d63e1f8b 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -23938,6 +23938,8 @@ static int check_attach_btf_id(struct
> > bpf_verifier_env *env)
> >                         return ret;
> >         } else if (prog->type == BPF_PROG_TYPE_TRACING &&
> >                    btf_id_set_contains(&btf_id_deny, btf_id)) {
> > +               verbose(env, "Attaching tracing to __btf_id
> > function '%s' is rejected.\n",
> > +                       tgt_info.tgt_name);
> 
> "Attaching tracing to __btf_id" ?! What does it mean?
> Drop "__btf_id" and "tracing" bits.
> 

My fault, I mean "Attaching tracing programs to function" in
'btf_id_deny'.

I will change it in v2.

> --
> pw-bot: cr

-- 
Thanks,
KaFai
Re: [PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions
Posted by Yafang Shao 2 months, 3 weeks ago 
On Fri, Jul 11, 2025 at 1:19 AM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Thu, Jul 10, 2025 at 9:27 AM KaFai Wan <mannkafai@gmail.com> wrote:
> >
> > Show the precise rejected function name when attaching tracing to
> > __btf_id functions.
> >
> > $ ./fentry
> > libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL
> > libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG --
> > Attaching tracing to __btf_id function 'migrate_disable' is rejected.
> >
> > Signed-off-by: KaFai Wan <mannkafai@gmail.com>
> > ---
> >  kernel/bpf/verifier.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > index 275d82fb1a1a..2779d63e1f8b 100644
> > --- a/kernel/bpf/verifier.c
> > +++ b/kernel/bpf/verifier.c
> > @@ -23938,6 +23938,8 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
> >                         return ret;
> >         } else if (prog->type == BPF_PROG_TYPE_TRACING &&
> >                    btf_id_set_contains(&btf_id_deny, btf_id)) {
> > +               verbose(env, "Attaching tracing to __btf_id function '%s' is rejected.\n",
> > +                       tgt_info.tgt_name);
>
> "Attaching tracing to __btf_id" ?! What does it mean?

The term "tracing" refers to BPF_PROG_TYPE_TRACING. I believe it is
useful because it helps identify which functions cannot be attached by
a given BPF program type.
Perhaps we should replace "tracing" with "a tracing prog" for clarity?

> Drop "__btf_id" and "tracing" bits.

-- 
Regards
Yafang
Re: [PATCH bpf-next 2/3] bpf: Show precise rejected function when attaching to __btf_id functions
Posted by KaFai Wan 2 months, 3 weeks ago 
On Fri, 2025-07-11 at 17:57 +0800, Yafang Shao wrote:
> On Fri, Jul 11, 2025 at 1:19 AM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> > 
> > On Thu, Jul 10, 2025 at 9:27 AM KaFai Wan <mannkafai@gmail.com>
> > wrote:
> > > 
> > > Show the precise rejected function name when attaching tracing to
> > > __btf_id functions.
> > > 
> > > $ ./fentry
> > > libbpf: prog 'migrate_disable': BPF program load failed: -EINVAL
> > > libbpf: prog 'migrate_disable': -- BEGIN PROG LOAD LOG --
> > > Attaching tracing to __btf_id function 'migrate_disable' is
> > > rejected.
> > > 
> > > Signed-off-by: KaFai Wan <mannkafai@gmail.com>
> > > ---
> > >  kernel/bpf/verifier.c | 2 ++
> > >  1 file changed, 2 insertions(+)
> > > 
> > > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
> > > index 275d82fb1a1a..2779d63e1f8b 100644
> > > --- a/kernel/bpf/verifier.c
> > > +++ b/kernel/bpf/verifier.c
> > > @@ -23938,6 +23938,8 @@ static int check_attach_btf_id(struct
> > > bpf_verifier_env *env)
> > >                         return ret;
> > >         } else if (prog->type == BPF_PROG_TYPE_TRACING &&
> > >                    btf_id_set_contains(&btf_id_deny, btf_id)) {
> > > +               verbose(env, "Attaching tracing to __btf_id
> > > function '%s' is rejected.\n",
> > > +                       tgt_info.tgt_name);
> > 
> > "Attaching tracing to __btf_id" ?! What does it mean?
> 
> The term "tracing" refers to BPF_PROG_TYPE_TRACING. I believe it is
> useful because it helps identify which functions cannot be attached
> by
> a given BPF program type.

Thanks, this is what I want to express.

> Perhaps we should replace "tracing" with "a tracing prog" for
> clarity?

Looks good, may be 'tracing programs' could be fine.

> 
> > Drop "__btf_id" and "tracing" bits.
> 

-- 
Thanks,
KaFai

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.