lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230609131253.0d67e746@gandalf.local.home>
Date:   Fri, 9 Jun 2023 13:12:53 -0400
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Jiri Olsa <olsajiri@...il.com>
Cc:     Mark Rutland <mark.rutland@....com>,
        Andrii Nakryiko <andrii.nakryiko@...il.com>,
        Masami Hiramatsu <mhiramat@...nel.org>,
        Andrii Nakryiko <andrii@...nel.org>,
        lkml <linux-kernel@...r.kernel.org>,
        linux-trace-kernel@...r.kernel.org, bpf@...r.kernel.org,
        Jackie Liu <liu.yun@...ux.dev>
Subject: Re: [PATCH RFC] ftrace: Show all functions with addresses in
 available_filter_functions_addrs

On Fri, 9 Jun 2023 09:44:36 -0700
Jiri Olsa <olsajiri@...il.com> wrote:

> On Fri, Jun 09, 2023 at 09:24:10AM +0100, Mark Rutland wrote:
> > 
> > Do you need the address of the function entry-point or the address of the
> > patch-site within the function? Those can differ, and the rec->ip address won't
> > necessarily equal the address in /proc/kallsyms, so the pointer in
> > /proc/kallsyms won't (always) match the address we could print for the ftrace site.
> > 
> > On arm64, today we can have offsets of +0, +4, and +8, and within a single
> > kernel image different functions can have different offsets. I suspect in
> > future that we may have more potential offsets (e.g. due to changes for HW/SW
> > CFI).  
> 
> so we need that for kprobe_multi bpf link, which is based on fprobe,
> and that uses ftrace_set_filter_ips to setup the ftrace_ops filter
> 
> and ftrace_set_filter_ips works fine with ip address being the address
> of the patched instruction (it's matched in ftrace_location)

Yes, exactly. And it's off with the old "mcount" way of doing things too.

> 
> but right, I did not realize this.. it might cause confusion if people
> don't know it's patch-side addresses..  not sure if there's easy way to
> get real function address out of rec->ip, but it will also get more
> complicated on x86 when IBT is enabled, will check
> 
> or we could just use patch-side addresses and reflect that in the file's
> name like 'available_filter_functions_patch_addrs' .. it's already long
> name ;-)

No!  "available_filter_function_addrs" is enough to know that it's not
kallsyms. It's the filtered function address, which is enough description.
If people don't RTFM, then too bad ;-)

You can use ftrace_location() that takes an instruction pointer, and will
return the rec->ip of that function as long as it lands in between the
function's kallsyms start and end values.

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ