On Fri, Jan 24, 2025 at 2:00 PM Josh Poimboeuf <jpoim...@kernel.org> wrote:
>
> On Fri, Jan 24, 2025 at 10:13:23AM -0800, Andrii Nakryiko wrote:
> > On Tue, Jan 21, 2025 at 6:32 PM Josh Poimboeuf <jpoim...@kernel.org> wrote:
> > > @@ -430,10 +429,8 @@ static long __bpf_get_stack(struct pt_regs *regs,
> > > struct task_struct *task,
> > > if (task && user && !user_mode(regs))
> > > goto err_fault;
> > >
> > > - /* get_perf_callchain does not support crosstask user stack
> > > walking
> > > - * but returns an empty stack instead of NULL.
> > > - */
> > > - if (crosstask && user) {
> > > + /* get_perf_callchain() does not support crosstask stack walking
> > > */
> > > + if (crosstask) {
> >
> > crosstask stack trace is supported for kernel stack traces (see
> > get_callchain_entry_for_task() call), so this is breaking that case
>
> Oh I see, thanks.
>
> BTW, that seems dubious, does it do anything to ensure the task isn't
> running? Otherwise the unwind is going to be a wild ride.
Yeah, I think it's very speculative and doesn't pause the task in any
way (just makes sure it doesn't go away). We just rely on
stack_trace_save_tsk() -> arch_stack_walk(), which just optimistically
tries to unwind, it seems.
It's still useful and if the user is prepared to handle a potentially
garbage stack trace, why not. People do similar thing for user space
stack trace (with custom BPF code), and it's very useful (even if not
"reliable" by any means).
>
> --
> Josh
