| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 11 Jul 2021 16:48:42 +0200
From: Jiri Olsa <jolsa@...hat.com>
To: Andrii Nakryiko <andrii.nakryiko@...il.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andriin@...com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...omium.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Alan Maguire <alan.maguire@...cle.com>
Subject: Re: [PATCHv3 bpf-next 6/7] libbpf: allow specification of
"kprobe/function+offset"
On Wed, Jul 07, 2021 at 05:14:20PM -0700, Andrii Nakryiko wrote:
> On Wed, Jul 7, 2021 at 2:54 PM Jiri Olsa <jolsa@...hat.com> wrote:
> >
> > From: Alan Maguire <alan.maguire@...cle.com>
> >
> > kprobes can be placed on most instructions in a function, not
> > just entry, and ftrace and bpftrace support the function+offset
> > notification for probe placement. Adding parsing of func_name
> > into func+offset to bpf_program__attach_kprobe() allows the
> > user to specify
> >
> > SEC("kprobe/bpf_fentry_test5+0x6")
> >
> > ...for example, and the offset can be passed to perf_event_open_probe()
> > to support kprobe attachment.
> >
> > Signed-off-by: Alan Maguire <alan.maguire@...cle.com>
> > Signed-off-by: Jiri Olsa <jolsa@...nel.org>
> > ---
> > tools/lib/bpf/libbpf.c | 20 +++++++++++++++++---
> > 1 file changed, 17 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index 1e04ce724240..60c9e3e77684 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -10309,11 +10309,25 @@ struct bpf_link *bpf_program__attach_kprobe(struct bpf_program *prog,
> > const char *func_name)
>
> I think we should add bpf_program__attach_kprobe_opts instead for the
> programmatic API instead of parsing it here from func_name. It's a
> cumbersome API.
>
> Parsing SEC() is fine, of course, but then it has to call into
> bpf_program__attach_kprobe_opts() internally.
ok, Alan, will you make the change, or should I do that?
thanks,
jirka
>
> > {
> > char errmsg[STRERR_BUFSIZE];
> > + char func[BPF_OBJ_NAME_LEN];
> > + unsigned long offset = 0;
> > struct bpf_link *link;
> > - int pfd, err;
> > + int pfd, err, n;
> > +
> > + n = sscanf(func_name, "%[a-zA-Z0-9_.]+%lx", func, &offset);
> > + if (n < 1) {
> > + err = -EINVAL;
> > + pr_warn("kprobe name is invalid: %s\n", func_name);
> > + return libbpf_err_ptr(err);
> > + }
> > + if (retprobe && offset != 0) {
> > + err = -EINVAL;
> > + pr_warn("kretprobes do not support offset specification\n");
> > + return libbpf_err_ptr(err);
> > + }
> >
> > - pfd = perf_event_open_probe(false /* uprobe */, retprobe, func_name,
> > - 0 /* offset */, -1 /* pid */);
> > + pfd = perf_event_open_probe(false /* uprobe */, retprobe, func,
> > + offset, -1 /* pid */);
> > if (pfd < 0) {
> > pr_warn("prog '%s': failed to create %s '%s' perf event: %s\n",
> > prog->name, retprobe ? "kretprobe" : "kprobe", func_name,
> > --
> > 2.31.1
> >
>
Powered by blists - more mailing lists