Re: [RFC PATCH v1 1/1] tracing/kprobe: Add multi-probe support for 'perf_kprobe' PMU

[Steven Rostedt]

On Thu, 17 Aug 2023 12:59:30 +0200
Francis Laniel <flaniel@xxxxxxxxxxxxxxxxxxx> wrote:

> > Why can't you just pass in the address like sysfs does?  
> 
> To get the addresses from /proc/kallsyms, you need to either have CAP_SYSLOG 
> or even CAP_SYS_ADMIN.
> But to call perf_event_open(), you only need CAP_PERFMON.
> This way, by giving only the name you can trace function with less privileges 
> (i.e. without CAP_SYS_ADMIN).
> Please correct me if I am wrong as I am not an expert in knowing the minimal 
> set of capabilities you need to trace.

I wonder if we should add an option to put in the non-relocated address?
One that can be acquired by debuginfo in the vmlinux. I'm assuming that the
kernel has access to the added offset (I haven't looked). If it does, then
we could allow users to just add something like "+@0xffffffffdeadbeef" and
add the relocation offset to get to the mapped address of the function.

This would allow those without kallsym privileges to pass in kernel address
for tracing.

-- Steve