Bug 478774 - The coregrind linux syswrap does not handle fully the bpf BPF_OBJ_GET_INFO_BY_FD call which would return btf_info
Summary: The coregrind linux syswrap does not handle fully the bpf BPF_OBJ_GET_INFO_BY...
Status: CONFIRMED
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: Garrett Kajmowicz
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-20 16:27 UTC by Garrett Kajmowicz
Modified: 2024-08-24 13:30 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
untested patch (3.94 KB, patch)
2023-12-22 21:28 UTC, Paul Floyd 		Details
Handle btf_info for BPF_OBJ_GET_INFO_BY_FD syscall. (5.09 KB, application/mbox)
2024-04-09 14:09 UTC, Garrett Kajmowicz 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Garrett Kajmowicz 2023-12-20 16:27:59 UTC 
The Linux eBPF syscall (https://docs.kernel.org/userspace-api/ebpf/syscall.html) BPF_OBJ_GET_INFO_BY_FD type may populate multiple data formats based on the eBPF object type. The bpf_btf_info datatype contains a pointer which points to another block of memory which is populated. The coregrind linux syswrap handler does not account for that memory being written to by the kernel and thus properly initialized.

OBSERVED RESULT

Running valgrind against a program which executes these syscalls and uses the results will return a large number of errors such as "Conditional jump or move depends on uninitialised value(s)".

EXPECTED RESULT

No incorrect errors are returned.

SOFTWARE/OS VERSIONS
ADDITIONAL INFORMATION
Comment 1 Paul Floyd 2023-12-22 20:34:34 UTC 
In bpf_obj_get_info_size we only handle

   if (VG_(strstr)(buf, "prog_type:"))
      return sizeof(struct vki_bpf_prog_info);

   if (VG_(strstr)(buf, "map_type:"))
      return sizeof(struct vki_bpf_map_info);

   return 0;

Looks like we are missing btf_info and link_info.
Comment 2 Paul Floyd 2023-12-22 21:28:27 UTC 
Created attachment 164374 [details]
untested patch

Could you test this patch?
Comment 3 Paul Floyd 2023-12-23 16:44:38 UTC 
Looks like this is a can of worms. There are a lot of commands and struct members that are missing (comparing Fedora 29 and Valgrind hit HEAD). 

I tried

sudo valgrind bpftrace -e 'tracepoint:syscalls:sys_enter_open { printf("%s %s\n", comm, str(args->filename)); }'

from

https://brendangregg.com/ebpf.html

and I got quite a few string-related errors, two bpf unhandled commands and some uninit BPF syscall parameters.
Comment 4 Garrett Kajmowicz 2024-04-09 14:09:11 UTC 
Created attachment 168308 [details]
Handle btf_info for BPF_OBJ_GET_INFO_BY_FD syscall.

The eBPF syscall documented here: https://docs.kernel.org/userspace-api/ebpf/syscall.html
has a subtype of BPF_OBJ_GET_INFO_BY_FD which gets information about something based on the file descriptor passed in. The types of data structures used vary based on the type of object the file descriptor refers to.

The definition of enum bpf_obj_type is a copy of the data structure used in the kernel bpftool here:
https://elixir.bootlin.com/linux/v6.6.7/source/tools/bpf/bpftool/main.h#L67

Note that though the definition for BPF_OBJ_LINK was included for completeness, handling of that subtype was not implemented here and the existing behavior remains.