For now, we can do the memory read with bpf_core_cast, which is faster than bpf_probe_read_kernel. But the memory probe read is not aware of the read failure, and the user can't get such failure information.
I wanted to introduce a fault_callback to the BPF program, which can be called when the memory read fails. Then I saw the BPF stream interface, and it's already used in the error reporting. So I implement the probe fault base on the BPF stream. This series adds a new function bpf_prog_report_probe_violation to report probe fault to BPF stderr. It is used to report probe read fault and probe write fault. The shortcoming of this way is that we can't report the fault event if the memory address is not a kernel address. I remember that we will check if the address is a kernel address in the JIT compiler, and it will not trigger the fault event if the address is not a kernel address. If we implement the fault callback, we call the callback during the address checking by JIT. Menglong Dong (3): bpf: report probe fault to BPF stderr x86,bpf: use bpf_prog_report_probe_violation for x86 selftests/bpf: add testcase for probe read fault arch/x86/net/bpf_jit_comp.c | 2 ++ include/linux/bpf.h | 1 + kernel/trace/bpf_trace.c | 18 +++++++++++++++ .../testing/selftests/bpf/prog_tests/stream.c | 22 ++++++++++++++++++- tools/testing/selftests/bpf/progs/stream.c | 21 ++++++++++++++++++ 5 files changed, 63 insertions(+), 1 deletion(-) -- 2.51.0
