我有以下eBPF计划:
#include <stdio.h>
#include <string.h>
#include <linux/bpf.h>
#include <sys/socket.h>
#include <bpf/bpf_helpers.h>
char LICENSE[] SEC("license") = "GPL";
// msg_data_map carries a key-value pair of (msg_id, msg_length), and can record
// upto 65535 messages at once.
#define MAX_MSG_LEN 128
struct {
__uint(type, BPF_MAP_TYPE_HASH);
__uint(max_entries, 65535);
__type(key, int);
__type(value, char[MAX_MSG_LEN]);
} msg_data_map SEC(".maps");
SEC("sk_msg")
int msg_prog(struct sk_msg_md *msg) {
long len = (long)msg->data_end - (long)msg->data;
void *data_end = (void *)(long) msg->data_end;
void *data = (void *)(long) msg->data;
// Bounds check to make verifier happy
if (data + MAX_MSG_LEN > data_end) {
return SK_PASS;
}
char buf[MAX_MSG_LEN] = {0};
if (len > MAX_MSG_LEN) {
__builtin_memcpy(buf, data, MAX_MSG_LEN);
} else {
__builtin_memcpy(buf, data, len);
}
// Update in map
int index = 0;
bpf_map_update_elem(&msg_data_map, &index, &buf, BPF_ANY);
return SK_PASS;
}
编译上述程序会出现以下错误:
Looks like the BPF stack limit of 512 bytes is exceeded. Please move large on stack variables into BPF per-cpu array map.
- 因为
buf数组只有128个字节,所以它不应该超过堆栈限制. - 如果我注释 map 更新行,程序编译得很好.为何会是这样呢?