Re: [PATCH 05/13] kprobe: Allow to get traced function address for multi ftrace kprobes
From: Andrii Nakryiko
Date: Wed Jan 05 2022 - 23:31:10 EST
On Tue, Jan 4, 2022 at 12:10 AM Jiri Olsa <jolsa@xxxxxxxxxx> wrote:
>
> The current bpf_get_func_ip_kprobe helper does not work properly,
> when used in ebpf program triggered by the new multi kprobes.
>
> We can't use kprobe's func_addr in bpf_get_func_ip_kprobe helper,
> because there are multiple functions registered for single kprobe
> object.
>
> Adding new per cpu variable current_ftrace_multi_addr and extra
> address in kretprobe_instance object to keep current traced function
> address for each cpu for both kprobe handler and kretprobe trampoline.
>
> The address value is set/passed as follows, for kprobe:
>
> kprobe_ftrace_multi_handler
> {
> old = kprobe_ftrace_multi_addr_set(ip);
> handler..
> kprobe_ftrace_multi_addr_set(old);
> }
>
> For kretprobe:
>
> kprobe_ftrace_multi_handler
> {
> old = kprobe_ftrace_multi_addr_set(ip);
> ...
> pre_handler_kretprobe
> {
> ri->ftrace_multi_addr = kprobe_ftrace_multi_addr
> }
> ...
> kprobe_ftrace_multi_addr_set(old);
> }
>
> __kretprobe_trampoline_handler
> {
> prev_func_addr = kprobe_ftrace_multi_addr_set(ri->ftrace_multi_addr);
> handler..
> kprobe_ftrace_multi_addr_set(prev_func_addr);
> }
>
Is it possible to record or calculate the multi-kprobe "instance
index" (i.e., which position in addrs array did we get triggered for)?
If yes, then storing that index would allow to fetch both IP and
cookie value with just one per-cpu variable.
> Signed-off-by: Jiri Olsa <jolsa@xxxxxxxxxx>
> ---
> arch/x86/kernel/kprobes/ftrace.c | 3 +++
> include/linux/kprobes.h | 26 ++++++++++++++++++++++++++
> kernel/kprobes.c | 6 ++++++
> kernel/trace/bpf_trace.c | 7 ++++++-
> 4 files changed, 41 insertions(+), 1 deletion(-)
>
[...]