On Wed Jul 1, 2026 at 6:45 AM PDT, Masami Hiramatsu (Google) wrote:
> +static bool trace_probe_can_compile_bpf(struct trace_probe *tp)
> +{
> +     int i;
> +
> +     if (tp->nr_args == 0)
> +             return false;
> +
> +     for (i = 0; i < tp->nr_args; i++) {
> +             struct probe_arg *parg = &tp->args[i];
> +             struct fetch_insn *code = parg->code;
> +
> +             while (code->op != FETCH_OP_END) {
> +                     switch (code->op) {
> +                     case FETCH_OP_REG:
> +                     case FETCH_OP_IMM:
> +                     case FETCH_OP_DEREF:
> +                     case FETCH_OP_ST_RAW:
> +                     case FETCH_OP_ST_MEM:
> +                             break;
> +                     case FETCH_OP_ARG:
> +                             if 
> (regs_get_kernel_argument_offset(code->param) < 0)
> +                                     return false;
> +                             break;
> +                     default:
> +                             return false;
> +                     }
> +                     code++;
> +             }
> +     }
> +     return true;
> +}
> +
> +static void trace_probe_compile_bpf(struct trace_probe *tp)
> +{
> +     struct bpf_insn *insns;
> +     int i = 0;
> +     struct bpf_prog *prog;
> +     int err, idx;
> +
> +     if (!trace_probe_can_compile_bpf(tp))
> +             return;
> +
> +     insns = kmalloc_array(512, sizeof(struct bpf_insn), GFP_KERNEL);
> +     if (!insns)
> +             return;
> +
> +     /* Prologue: R6 = ctx */
> +     insns[i++] = BPF_MOV64_REG(BPF_REG_6, BPF_REG_1);
> +     /* R7 = ctx->rec */
> +     insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_7, BPF_REG_6,
> +                              offsetof(struct fetch_bpf_ctx, rec));
> +     /* R8 = ctx->data */
> +     insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_8, BPF_REG_6,
> +                              offsetof(struct fetch_bpf_ctx, data));
> +     /* R9 = total size (0) */
> +     insns[i++] = BPF_MOV64_IMM(BPF_REG_9, 0);
> +
> +     for (idx = 0; idx < tp->nr_args; idx++) {
> +             struct probe_arg *parg = &tp->args[idx];
> +             struct fetch_insn *code = parg->code;
> +
> +             while (code->op != FETCH_OP_END && i < 500) {
> +                     switch (code->op) {
> +                     case FETCH_OP_REG:
> +                             /* R0 = *(unsigned long *)(R7 + code->param) */
> +                             insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, 
> BPF_REG_7, code->param);
> +                             break;
> +                     case FETCH_OP_ARG: {
> +                             int offset = 
> regs_get_kernel_argument_offset(code->param);
> +                             /* R0 = *(unsigned long *)(R7 + offset) */
> +                             insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, 
> BPF_REG_7, offset);
> +                             break;
> +                     }
> +                     case FETCH_OP_IMM:
> +                             insns[i++] = BPF_LD_IMM64(BPF_REG_0, 
> code->immediate);
> +                             break;
> +                     case FETCH_OP_DEREF:
> +                             /* Add offset: R3 = R0 + code->offset (src) */
> +                             insns[i++] = BPF_MOV64_REG(BPF_REG_2, 
> BPF_REG_0);
> +                             if (code->offset)
> +                                     insns[i++] = BPF_ALU64_IMM(BPF_ADD, 
> BPF_REG_2,
> +                                                                
> code->offset);
> +                             /* R1 = dst (R10 - 8 on stack) */
> +                             insns[i++] = BPF_MOV64_REG(BPF_REG_1, 
> BPF_REG_10);
> +                             insns[i++] = BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, 
> -8);
> +                             /* R3 = size */
> +                             insns[i++] = BPF_MOV64_IMM(BPF_REG_3, 
> sizeof(unsigned long));
> +                             /* Call copy_from_kernel_nofault(dst, src, 
> size) */
> +                             insns[i++] = 
> BPF_EMIT_CALL(copy_from_kernel_nofault);
> +                             /* if (R0 < 0) return R0; */
> +                             insns[i++] = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 
> 0, 1);
> +                             insns[i++] = BPF_EXIT_INSN();
> +                             /* R0 = *(unsigned long *)(R10 - 8) */
> +                             insns[i++] = BPF_LDX_MEM(BPF_DW, BPF_REG_0, 
> BPF_REG_10, -8);
> +                             break;
> +                     case FETCH_OP_ST_RAW:
> +                             /* Store R0 into R8 (data) + parg->offset based 
> on size */
> +                             switch (code->size) {
> +                             case 1:
> +                                     insns[i++] = BPF_STX_MEM(BPF_B, 
> BPF_REG_8, BPF_REG_0,
> +                                                              parg->offset);
> +                                     break;
> +                             case 2:
> +                                     insns[i++] = BPF_STX_MEM(BPF_H, 
> BPF_REG_8, BPF_REG_0,
> +                                                              parg->offset);
> +                                     break;
> +                             case 4:
> +                                     insns[i++] = BPF_STX_MEM(BPF_W, 
> BPF_REG_8, BPF_REG_0,
> +                                                              parg->offset);
> +                                     break;
> +                             case 8:
> +                                     insns[i++] = BPF_STX_MEM(BPF_DW, 
> BPF_REG_8, BPF_REG_0,
> +                                                               parg->offset);
> +                                     break;
> +                             }
> +                             break;
> +                     case FETCH_OP_ST_MEM:
> +                             /* Add offset: R2 = R0 + code->offset (src) */
> +                             insns[i++] = BPF_MOV64_REG(BPF_REG_2, 
> BPF_REG_0);
> +                             if (code->offset)
> +                                     insns[i++] = BPF_ALU64_IMM(BPF_ADD, 
> BPF_REG_2,
> +                                                                
> code->offset);
> +                             /* R1 = dst (R8 + parg->offset) */
> +                             insns[i++] = BPF_MOV64_REG(BPF_REG_1, 
> BPF_REG_8);
> +                             if (parg->offset)
> +                                     insns[i++] = BPF_ALU64_IMM(BPF_ADD, 
> BPF_REG_1,
> +                                                                
> parg->offset);
> +                             /* R3 = size */
> +                             insns[i++] = BPF_MOV64_IMM(BPF_REG_3, 
> code->size);
> +                             /* Call copy_from_kernel_nofault(dst, src, 
> size) */
> +                             insns[i++] = 
> BPF_EMIT_CALL(copy_from_kernel_nofault);
> +                             /* if (R0 < 0) return R0; */
> +                             insns[i++] = BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 
> 0, 1);
> +                             insns[i++] = BPF_EXIT_INSN();
> +                             break;
> +                     default:
> +                             goto out;
> +                     }
> +                     code++;
> +             }
> +     }

Nack.
I really don't like it.
There were days in the past when the kernel generating bpf directly was 
appealing.
These days are gone. Performance improvements for fetchargs is not a good reason
to add all this complexity and bypass verifier checks.
bpf insns should come from user space.

Reply via email to