Re: __builtin_memcpy behavior


Tristan Mayfield
 

Toke, thanks for the quick response!

Yes, I was checking the bpf_probe_read return values, and was reading the number of bytes expected, so nothing wrong there!

Now that you mention CO-RE, it does actually make sense that these sorts of errors could be shifted to load time rather than attach time (that the right phrase?). I've fiddled with CO-RE a bit but I haven't adopted it for a few reasons (which I could certainly be mistaken about).
I don't have control over kernel versions or compilation flags for the kernel on the systems I'm targeting and I've had significant difficulty trying to compile CO-RE programs (e.g. from the BCC repo's libbpf-tools) on Linux <5.4 because I've had a hard time getting the vmlinux. I can't remember if I used bpftool though (this was about a year ago that I last played with CO-RE), so perhaps I'll give it another shot.
I've also been very unclear, and have gotten many different answers regarding the target systems and whether they need to be custom compiled with BTF enabled for CO-RE programs to run on them, or if you can put a CO-RE program onto a generic kernel build and it "just works?" From your answer, the answer seems to be that /sys/kernel/btf/vmlinux needs to be on the target system, so it must have that BTF_ENABLE flag set? If that's set, do you also need a vmlinux.h file as well? A coworker was recently messing with CO-RE and seemed to think that deploying a CO-RE program required shipping the vmlinux.h file and I think he mentioned that file was about 1Gb big, which is certainly a no-go for our position.

In addition to that, I've been unclear in the role of BTF in BPF generally. When I began tinkering with BPF I was under the impression that BTF was *only* something used for CO-RE programs (something I actually might've gotten from the article referenced and written by Andrii), but I've periodically seen errors arise that cite BTF reasons for erroring. Unfortunately I haven't saved any of these errors and can't remember the causes specifically, but something like the "updated" maps declarations, i.e.

struct {
    __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
    __uint(key_size, sizeof(u32));
    __uint(value_size, sizeof(u32));
} events SEC(".maps");

I've learned does use BTF? Am I misunderstanding what BTF is and the role it plays in BPF? Or maybe has libbpf development moved so far toward CO-RE that non-CO-RE development gets similar or the same error messages that just aren't as clear for it?

I have tons of other questions, like the relationship with BPF and perf's utilities, but I think I've probably asked enough for this message!

Join iovisor-dev@lists.iovisor.org to automatically receive all group messages.