Re: [RFC PATCH v3 0/9] fprobe: Introduce fprobe function entry/exit probe

From: Masami Hiramatsu
Date: Thu Jan 20 2022 - 23:55:51 EST


On Thu, 20 Jan 2022 14:24:15 -0800
Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> wrote:

> On Wed, Jan 19, 2022 at 6:56 AM Masami Hiramatsu <mhiramat@xxxxxxxxxx> wrote:
> >
> > Hello Jiri,
> >
> > Here is the 3rd version of fprobe. I added some comments and
> > fixed some issues. But I still saw some problems when I add
> > your selftest patches.
> >
> > This series introduces the fprobe, the function entry/exit probe
> > with multiple probe point support. This also introduces the rethook
> > for hooking function return as same as kretprobe does. This
> > abstraction will help us to generalize the fgraph tracer,
> > because we can just switch it from rethook in fprobe, depending
> > on the kernel configuration.
> >
> > The patch [1/9] and [7/9] are from Jiri's series[1]. Other libbpf
> > patches will not be affected by this change.
> >
> > [1] https://lore.kernel.org/all/20220104080943.113249-1-jolsa@xxxxxxxxxx/T/#u
> >
> > However, when I applied all other patches on top of this series,
> > I saw the "#8 bpf_cookie" test case has been stacked (maybe related
> > to the bpf_cookie issue which Andrii and Jiri talked?) And when I
> > remove the last selftest patch[2], the selftest stopped at "#112
> > raw_tp_test_run".
> >
> > [2] https://lore.kernel.org/all/20220104080943.113249-1-jolsa@xxxxxxxxxx/T/#m242d2b3a3775eeb5baba322424b15901e5e78483
> >
> > Note that I used tools/testing/selftests/bpf/vmtest.sh to check it.
> >
> > This added 2 more out-of-tree patches. [8/9] is for adding wildcard
> > support to the sample program, [9/9] is a testing patch for replacing
> > kretprobe trampoline with rethook.
> > According to this work, I noticed that using rethook in kretprobe
> > needs 2 steps.
> > 1. port the rethook on all architectures which supports kretprobes.
> > (some arch requires CONFIG_KPROBES for rethook)
> > 2. replace kretprobe trampoline with rethook for all archs, at once.
> > This must be done by one treewide patch.
> >
> > Anyway, I'll do the kretprobe update in the next step as another series.
> > (This testing patch is just for confirming the rethook is correctly
> > implemented.)
> >
> > BTW, on the x86, ftrace (with fentry) location address is same as
> > symbol address. But on other archs, it will be different (e.g. arm64
> > will need 2 instructions to save link-register and call ftrace, the
> > 2nd instruction will be the ftrace location.)
> > Does libbpf correctly handle it?
>
> libbpf doesn't do anything there. The interface for kprobe is based on
> function name and kernel performs name lookups internally to resolve
> IP. For fentry it's similar (kernel handles IP resolution), but
> instead of function name we specify BTF ID of a function type.

Hmm, according to Jiri's original patch, it seems to pass an array of
addresses. So I thought that has been resolved by libbpf.

+ struct {
+ __aligned_u64 addrs;
+ __u32 cnt;
+ __u64 bpf_cookie;
+ } kprobe;

Anyway, fprobe itself also has same issue. I'll try to fix it.

Thank you!

>
> >
> > Thank you,
> >
> > ---
> >
> > Jiri Olsa (2):
> > ftrace: Add ftrace_set_filter_ips function
> > bpf: Add kprobe link for attaching raw kprobes
> >
> > Masami Hiramatsu (7):
> > fprobe: Add ftrace based probe APIs
> > rethook: Add a generic return hook
> > rethook: x86: Add rethook x86 implementation
> > fprobe: Add exit_handler support
> > fprobe: Add sample program for fprobe
> > [DO NOT MERGE] Out-of-tree: Support wildcard symbol option to sample
> > [DO NOT MERGE] out-of-tree: kprobes: Use rethook for kretprobe
> >
> >
> > arch/x86/Kconfig | 1
> > arch/x86/include/asm/unwind.h | 8 +
> > arch/x86/kernel/Makefile | 1
> > arch/x86/kernel/kprobes/core.c | 106 --------------
> > arch/x86/kernel/rethook.c | 115 +++++++++++++++
> > include/linux/bpf_types.h | 1
> > include/linux/fprobe.h | 84 +++++++++++
> > include/linux/ftrace.h | 3
> > include/linux/kprobes.h | 85 +----------
> > include/linux/rethook.h | 99 +++++++++++++
> > include/linux/sched.h | 4 -
> > include/uapi/linux/bpf.h | 12 ++
> > kernel/bpf/syscall.c | 195 +++++++++++++++++++++++++-
> > kernel/exit.c | 3
> > kernel/fork.c | 4 -
> > kernel/kallsyms.c | 1
> > kernel/kprobes.c | 265 +++++------------------------------
> > kernel/trace/Kconfig | 22 +++
> > kernel/trace/Makefile | 2
> > kernel/trace/fprobe.c | 179 ++++++++++++++++++++++++
> > kernel/trace/ftrace.c | 54 ++++++-
> > kernel/trace/rethook.c | 295 +++++++++++++++++++++++++++++++++++++++
> > kernel/trace/trace_kprobe.c | 4 -
> > kernel/trace/trace_output.c | 2
> > samples/Kconfig | 7 +
> > samples/Makefile | 1
> > samples/fprobe/Makefile | 3
> > samples/fprobe/fprobe_example.c | 154 ++++++++++++++++++++
> > tools/include/uapi/linux/bpf.h | 12 ++
> > 29 files changed, 1283 insertions(+), 439 deletions(-)
> > create mode 100644 arch/x86/kernel/rethook.c
> > create mode 100644 include/linux/fprobe.h
> > create mode 100644 include/linux/rethook.h
> > create mode 100644 kernel/trace/fprobe.c
> > create mode 100644 kernel/trace/rethook.c
> > create mode 100644 samples/fprobe/Makefile
> > create mode 100644 samples/fprobe/fprobe_example.c
> >
> > --
> > Masami Hiramatsu (Linaro) <mhiramat@xxxxxxxxxx>


--
Masami Hiramatsu <mhiramat@xxxxxxxxxx>