[PATCHv6 bpf-next 7/9] bpf: Add trampoline ip hash table
Alan Maguire
alan.maguire at oracle.com
Tue Jan 13 03:02:33 PST 2026
On 12/01/2026 21:27, Jiri Olsa wrote:
> On Fri, Jan 09, 2026 at 04:36:41PM -0800, Andrii Nakryiko wrote:
>> On Tue, Dec 30, 2025 at 6:51 AM Jiri Olsa <jolsa at kernel.org> wrote:
>>>
>>> Following changes need to lookup trampoline based on its ip address,
>>> adding hash table for that.
>>>
>>> Signed-off-by: Jiri Olsa <jolsa at kernel.org>
>>> ---
>>> include/linux/bpf.h | 7 +++++--
>>> kernel/bpf/trampoline.c | 30 +++++++++++++++++++-----------
>>> 2 files changed, 24 insertions(+), 13 deletions(-)
>>>
>>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>>> index 4e7d72dfbcd4..c85677aae865 100644
>>> --- a/include/linux/bpf.h
>>> +++ b/include/linux/bpf.h
>>> @@ -1325,14 +1325,17 @@ struct bpf_tramp_image {
>>> };
>>>
>>> struct bpf_trampoline {
>>> - /* hlist for trampoline_table */
>>> - struct hlist_node hlist;
>>> + /* hlist for trampoline_key_table */
>>> + struct hlist_node hlist_key;
>>> + /* hlist for trampoline_ip_table */
>>> + struct hlist_node hlist_ip;
>>> struct ftrace_ops *fops;
>>> /* serializes access to fields of this trampoline */
>>> struct mutex mutex;
>>> refcount_t refcnt;
>>> u32 flags;
>>> u64 key;
>>> + unsigned long ip;
>>> struct {
>>> struct btf_func_model model;
>>> void *addr;
>>> diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c
>>> index 789ff4e1f40b..bdac9d673776 100644
>>> --- a/kernel/bpf/trampoline.c
>>> +++ b/kernel/bpf/trampoline.c
>>> @@ -24,9 +24,10 @@ const struct bpf_prog_ops bpf_extension_prog_ops = {
>>> #define TRAMPOLINE_HASH_BITS 10
>>> #define TRAMPOLINE_TABLE_SIZE (1 << TRAMPOLINE_HASH_BITS)
>>>
>>> -static struct hlist_head trampoline_table[TRAMPOLINE_TABLE_SIZE];
>>> +static struct hlist_head trampoline_key_table[TRAMPOLINE_TABLE_SIZE];
>>> +static struct hlist_head trampoline_ip_table[TRAMPOLINE_TABLE_SIZE];
>>>
>>> -/* serializes access to trampoline_table */
>>> +/* serializes access to trampoline tables */
>>> static DEFINE_MUTEX(trampoline_mutex);
>>>
>>> #ifdef CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS
>>> @@ -135,15 +136,15 @@ void bpf_image_ksym_del(struct bpf_ksym *ksym)
>>> PAGE_SIZE, true, ksym->name);
>>> }
>>>
>>> -static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
>>> +static struct bpf_trampoline *bpf_trampoline_lookup(u64 key, unsigned long ip)
>>> {
>>> struct bpf_trampoline *tr;
>>> struct hlist_head *head;
>>> int i;
>>>
>>> mutex_lock(&trampoline_mutex);
>>> - head = &trampoline_table[hash_64(key, TRAMPOLINE_HASH_BITS)];
>>> - hlist_for_each_entry(tr, head, hlist) {
>>> + head = &trampoline_key_table[hash_64(key, TRAMPOLINE_HASH_BITS)];
>>> + hlist_for_each_entry(tr, head, hlist_key) {
>>> if (tr->key == key) {
>>> refcount_inc(&tr->refcnt);
>>> goto out;
>>> @@ -164,8 +165,12 @@ static struct bpf_trampoline *bpf_trampoline_lookup(u64 key)
>>> #endif
>>>
>>> tr->key = key;
>>> - INIT_HLIST_NODE(&tr->hlist);
>>> - hlist_add_head(&tr->hlist, head);
>>> + tr->ip = ftrace_location(ip);
>>> + INIT_HLIST_NODE(&tr->hlist_key);
>>> + INIT_HLIST_NODE(&tr->hlist_ip);
>>> + hlist_add_head(&tr->hlist_key, head);
>>> + head = &trampoline_ip_table[hash_64(tr->ip, TRAMPOLINE_HASH_BITS)];
>>
>> For key lookups we check that there is no existing trampoline for the
>> given key. Can it happen that we have two trampolines at the same IP
>> but using two different keys?
>
> so multiple keys (different static functions with same name) resolving to
> the same ip happened in past and we should now be able to catch those in
> pahole, right? CC-ing Alan ;-)
>
We could catch this I think, but today we don't. We have support to avoid
encoding BTF where a function name has multiple instances (ambiguous address).
Here you're concerned with mapping from ip to function name, where multiple
names share the same ip, right?
A quick scan of System.map suggests there's a ~150 of these,
excluding __pfx_ entries:
$ awk 'NR > 1 && ($2 == "T" || $2 == "t") && $1 == prev_field { print;} { prev_field = $1}' System.map|egrep -v __pfx|wc -l
155
Alan
More information about the linux-arm-kernel
mailing list