| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Jul 2021 17:14:20 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Jiri Olsa <jolsa@...hat.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andriin@...com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Alan Maguire <alan.maguire@...cle.com>
Subject: Re: [PATCHv3 bpf-next 6/7] libbpf: allow specification of "kprobe/function+offset"
On Wed, Jul 7, 2021 at 2:54 PM Jiri Olsa <jolsa@...hat.com> wrote:
>
> From: Alan Maguire <alan.maguire@...cle.com>
>
> kprobes can be placed on most instructions in a function, not
> just entry, and ftrace and bpftrace support the function+offset
> notification for probe placement. Adding parsing of func_name
> into func+offset to bpf_program__attach_kprobe() allows the
> user to specify
>
> SEC("kprobe/bpf_fentry_test5+0x6")
>
> ...for example, and the offset can be passed to perf_event_open_probe()
> to support kprobe attachment.
>
> Signed-off-by: Alan Maguire <alan.maguire@...cle.com>
> Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> ---
> tools/lib/bpf/libbpf.c | 20 +++++++++++++++++---
> 1 file changed, 17 insertions(+), 3 deletions(-)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 1e04ce724240..60c9e3e77684 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -10309,11 +10309,25 @@ struct bpf_link *bpf_program__attach_kprobe(struct bpf_program *prog,
> const char *func_name)
I think we should add bpf_program__attach_kprobe_opts instead for the
programmatic API instead of parsing it here from func_name. It's a
cumbersome API.
Parsing SEC() is fine, of course, but then it has to call into
bpf_program__attach_kprobe_opts() internally.
> {
> char errmsg[STRERR_BUFSIZE];
> + char func[BPF_OBJ_NAME_LEN];
> + unsigned long offset = 0;
> struct bpf_link *link;
> - int pfd, err;
> + int pfd, err, n;
> +
> + n = sscanf(func_name, "%[a-zA-Z0-9_.]+%lx", func, &offset);
> + if (n < 1) {
> + err = -EINVAL;
> + pr_warn("kprobe name is invalid: %s\n", func_name);
> + return libbpf_err_ptr(err);
> + }
> + if (retprobe && offset != 0) {
> + err = -EINVAL;
> + pr_warn("kretprobes do not support offset specification\n");
> + return libbpf_err_ptr(err);
> + }
>
> - pfd = perf_event_open_probe(false /* uprobe */, retprobe, func_name,
> - 0 /* offset */, -1 /* pid */);
> + pfd = perf_event_open_probe(false /* uprobe */, retprobe, func,
> + offset, -1 /* pid */);
> if (pfd < 0) {
> pr_warn("prog '%s': failed to create %s '%s' perf event: %s\n",
> prog->name, retprobe ? "kretprobe" : "kprobe", func_name,
> --
> 2.31.1
>
Powered by blists - more mailing lists