You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, how do you actually read these values from user space? If I'm not mistaken, then you're using the bpf syscall to read the map's bucket list values. The kernel code for copying the value of a "plain" eBPF hash map is here, https://elixir.bootlin.com/linux/v6.10/source/kernel/bpf/syscall.c#L244:
rcu_read_lock();
if (map->ops->map_lookup_elem_sys_only)
ptr=map->ops->map_lookup_elem_sys_only(map, key);
elseptr=map->ops->map_lookup_elem(map, key);
if (IS_ERR(ptr)) {
err=PTR_ERR(ptr);
} elseif (!ptr) {
err=-ENOENT;
} else {
err=0;
if (flags&BPF_F_LOCK)
/* lock 'ptr' and copy everything but lock */copy_map_value_locked(map, value, ptr, true);
elsecopy_map_value(map, value, ptr);
/* mask lock and timer, since value wasn't zero inited */check_and_init_map_value(map, value);
}
rcu_read_unlock();
Please correct me if I'm wrong here, but isn't this inherently "unsafe" in that you now use a non-atomic read so you can get "botched" copies of the bucket counters? Am I missing something that makes this safe?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
The tutorial example 9 runqlat implements histograms in eBPF using an eBPF hash map and the histogram buckets for a particular process as a single map value, see also https://github.com/eunomia-bpf/bpf-developer-tutorial/blob/main/src/9-runqlat/runqlat.h#L9:
The eBPF program then basically does a look up, followed by an atomic bucket counter increment:
However, how do you actually read these values from user space? If I'm not mistaken, then you're using the
bpf
syscall to read the map's bucket list values. The kernel code for copying the value of a "plain" eBPF hash map is here, https://elixir.bootlin.com/linux/v6.10/source/kernel/bpf/syscall.c#L244:If I'm not mistaken this goes into
copy_map_value
and thenbpf_obj_memcpy(..., false)
, finally ending inmemcpy
.Please correct me if I'm wrong here, but isn't this inherently "unsafe" in that you now use a non-atomic read so you can get "botched" copies of the bucket counters? Am I missing something that makes this safe?
Beta Was this translation helpful? Give feedback.
All reactions