Re: Broken kretprobe stack traces

From: Steven Rostedt
Date: Wed Mar 03 2021 - 12:54:17 EST

Next message: Lee Jones: "[PATCH 09/10] crypto: nx: nx-aes-cbc: Repair some kernel-doc problems"
Previous message: Matthew Wilcox: "Re: [PATCH v2 3/3] mm/slub: Use percpu partial free counter"
In reply to: Masami Hiramatsu: "Re: Broken kretprobe stack traces"
Next in thread: Daniel Xu: "Re: Broken kretprobe stack traces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 3 Mar 2021 13:48:28 +0900
Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:

>
> >
> > I think (can't prove) this used to work:

Would be good to find out if it did.

>
> I'm not sure the bpftrace had correctly handled it or not.
>
> >
> > # bpftrace -e 'kretprobe:__tcp_retransmit_skb { @[kstack()] = count() }'
> > Attaching 1 probe...
> > ^C
> >
> > @[
> > kretprobe_trampoline+0
> > ]: 1
>
> Would you know how the bpftrace stacktracer rewinds the stack entries?
> FYI, ftrace does it in trace_seq_print_sym()@kernel/trace/trace_output.c
>

The difference between trace events and normal function tracing stack
traces is that it keeps its original return address. But kretprobes (and
function graph tracing, and some bpf trampolines too) modify the return
pointer, and that could possibly cause havoc with the stack trace.

-- Steve

Next message: Lee Jones: "[PATCH 09/10] crypto: nx: nx-aes-cbc: Repair some kernel-doc problems"
Previous message: Matthew Wilcox: "Re: [PATCH v2 3/3] mm/slub: Use percpu partial free counter"
In reply to: Masami Hiramatsu: "Re: Broken kretprobe stack traces"
Next in thread: Daniel Xu: "Re: Broken kretprobe stack traces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]