Re: [PATCH bpf-next] libbpf: support module BTF for BPF_TYPE_ID_TARGET CO-RE relocation

[Alexei Starovoitov <alexei.starovoitov@gmail.com>]

On Mon, Dec 07, 2020 at 04:38:16PM +0000, Alan Maguire wrote:
> On Fri, 4 Dec 2020, Andrii Nakryiko wrote:
> 
> > When Clang emits ldimm64 instruction for BPF_TYPE_ID_TARGET CO-RE relocation,
> > put module BTF FD, containing target type, into upper 32 bits of imm64.
> > 
> > Because this FD is internal to libbpf, it's very cumbersome to test this in
> > selftests. Manual testing was performed with debug log messages sprinkled
> > across selftests and libbpf, confirming expected values are substituted.
> > Better testing will be performed as part of the work adding module BTF types
> > support to  bpf_snprintf_btf() helpers.
> > 
> > Cc: Alan Maguire <alan.maguire@oracle.com>
> > Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
> > ---
> >  tools/lib/bpf/libbpf.c | 19 ++++++++++++++++---
> >  1 file changed, 16 insertions(+), 3 deletions(-)
> > 
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index 9be88a90a4aa..539956f7920a 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -4795,6 +4795,7 @@ static int load_module_btfs(struct bpf_object *obj)
> >  
> >  		mod_btf = &obj->btf_modules[obj->btf_module_cnt++];
> >  
> > +		btf__set_fd(btf, fd);
> >  		mod_btf->btf = btf;
> >  		mod_btf->id = id;
> >  		mod_btf->fd = fd;
> > @@ -5445,6 +5446,10 @@ struct bpf_core_relo_res
> >  	__u32 orig_type_id;
> >  	__u32 new_sz;
> >  	__u32 new_type_id;
> > +	/* FD of the module BTF containing the target candidate, or 0 for
> > +	 * vmlinux BTF
> > +	 */
> > +	int btf_obj_fd;
> >  };
> >  
> >  /* Calculate original and target relocation values, given local and target
> > @@ -5469,6 +5474,7 @@ static int bpf_core_calc_relo(const struct bpf_program *prog,
> >  	res->fail_memsz_adjust = false;
> >  	res->orig_sz = res->new_sz = 0;
> >  	res->orig_type_id = res->new_type_id = 0;
> > +	res->btf_obj_fd = 0;
> >  
> >  	if (core_relo_is_field_based(relo->kind)) {
> >  		err = bpf_core_calc_field_relo(prog, relo, local_spec,
> > @@ -5519,6 +5525,9 @@ static int bpf_core_calc_relo(const struct bpf_program *prog,
> >  	} else if (core_relo_is_type_based(relo->kind)) {
> >  		err = bpf_core_calc_type_relo(relo, local_spec, &res->orig_val);
> >  		err = err ?: bpf_core_calc_type_relo(relo, targ_spec, &res->new_val);
> > +		if (!err && relo->kind == BPF_TYPE_ID_TARGET &&
> > +		    targ_spec->btf != prog->obj->btf_vmlinux) 
> > +			res->btf_obj_fd = btf__fd(targ_spec->btf);
> 
> Sorry about this Andrii, but I'm a bit stuck here.
> 
> I'm struggling to get tests working where the obj fd is used to designate
> the module BTF. Unless I'm missing something there are a few problems:
> 
> - the fd association is removed by libbpf when the BPF program has loaded; 
> the module fds are closed and the module BTF is discarded.  However even if 
> that isn't done (and as you mentioned, we could hold onto BTF that is in 
> use, and I commented out the code that does that to test) - there's 
> another problem:
> - I can't see a way to use the object fd value we set here later in BPF 
> program context; btf_get_by_fd() returns -EBADF as the fd is associated 
> with the module BTF in the test's process context, not necessarily in 
> the context that the BPF program is running.  Would it be possible in this 
> case to use object id? Or is there another way to handle the fd->module 
> BTF association that we need to make in BPF program context that I'm 
> missing?
> - A more long-term issue; if we use fds to specify module BTFs and write 
> the object fd into the program, we can pin the BPF program such that it 
> outlives fds that refer to its associated BTF.  So unless we pinned the 
> BTF too, any code that assumed the BTF fd-> module mapping was valid would 
> start to break once the user-space side went away and the pinned program 
> persisted. 

All of the above are not issues. They are features of FD based approach.
When the program refers to btf via fd the verifier needs to increment btf's refcnt
so it won't go away while the prog is running. For module's BTF it means
that the module can be unloaded, but its BTF may stay around if there is a prog
that needs to access it.
I think the missing piece in the above is that btf_get_by_fd() should be
done at load time instead of program run-time.
Everything FD based needs to behave similar to map_fds where ld_imm64 insn
contains map_fd that gets converted to map_ptr by the verifier at load time.
In this case single ld_imm64 with 32-bit FD + 32-bit btf_id is not enough.
So either libbpf or the verifier need to insert additional instruction.
I'm not sure yet how to extend 'struct btf_ptr' cleanly, so it looks good
from C side. 
In the other patch I saw:
struct btf_ptr {
        void *ptr;
        __u32 type_id;
-       __u32 flags;            /* BTF ptr flags; unused at present. */
+       __u32 obj_id;           /* BTF object; vmlinux if 0 */
 };
The removal of flags cannot be done, since it will break progs.
Probably something like this:
struct btf_ptr {
  void *ptr;
  __u32 type_id;
  __u32 flags;
  __u64 btf_obj_fd; /* this is 32-bit FD for libbpf which will become pointer after load */
};
would be the most convenient from the bpf prog side. The ld_imm64 init of
btf_obj_fd will be replaced with absolute btf pointer by the verifier. So when
bpf_snprintf_btf() is called the prog will pass the kernel internal pointer
of struct btf to the helper. No extra run-time checks needed.
bpf_snprintf_btf() would print that type_id within given struct btf object.
libbpf would need to deal with two relos. One to store btf_id from
bpf_core_type_id_kernel() into type_id. And another to find module's BTF and
store its FD into btf_obj_fd with ld_imm64. I'm still thinking to how to frame
that cleanly from C side.
Other ideas?