| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 31 Jan 2022 16:12:30 +0000
From: Alan Maguire <alan.maguire@...cle.com>
To: andrii@...nel.org, ast@...nel.org, daniel@...earbox.net
Cc: kafai@...com, songliubraving@...com, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, jolsa@...nel.org,
sunyucong@...il.com, netdev@...r.kernel.org, bpf@...r.kernel.org,
Alan Maguire <alan.maguire@...cle.com>
Subject: [PATCH v3 bpf-next 0/4] libbpf: name-based u[ret]probe attach
This patch series is a refinement of the RFC patchset [1], focusing
on support for attach by name for uprobes and uretprobes. v3
because there was an earlier RFC [2].
Currently attach for such probes is done by determining the offset
manually, so the aim is to try and mimic the simplicity of kprobe
attach, making use of uprobe opts to specify a name string.
Patch 1 adds the "func_name" option to allow uprobe attach by
name; the mechanics are described there.
Having name-based support allows us to support auto-attach for
uprobes; patch 2 adds auto-attach support while attempting
to handle backwards-compatibility issues that arise. The format
supported is
u[ret]probe//path/2/binary:[raw_offset|function[+offset]]
For example, to attach to libc malloc:
SEC("uprobe//usr/lib64/libc.so.6:malloc")
Patch 3 introduces a helper function to trace_helpers, allowing
us to retrieve the path to a library by reading /proc/self/maps.
Finally patch 4 add tests to the attach_probe selftests covering
attach by name, auto-attach and auto-attach failure.
Changes since RFC [1]:
- used "long" for addresses instead of ssize_t (Andrii, patch 1).
- used gelf_ interfaces to avoid assumptions about 64-bit
binaries (Andrii, patch 1)
- clarified string matching in symbol table lookups
(Andrii, patch 1)
- added support for specification of shared object functions
in a non-shared object binary. This approach instruments
the Procedure Linking Table (PLT) - malloc@....
- changed logic in symbol search to check dynamic symbol table
first, then fall back to symbol table (Andrii, patch 1).
- modified auto-attach string to require "/" separator prior
to path prefix i.e. uprobe//path/to/binary (Andrii, patch 2)
- modified auto-attach string to use ':' separator (Andrii,
patch 2)
- modified auto-attach to support raw offset (Andrii, patch 2)
- modified skeleton attach to interpret -ESRCH errors as
a non-fatal "unable to auto-attach" (Andrii suggested
-EOPNOTSUPP but my concern was it might collide with other
instances where that value is returned and reflects a
failure to attach a to-be-expected attachment rather than
skip a program that does not present an auto-attachable
section name. Admittedly -EOPNOTSUPP seems a more natural
value here).
- moved library path retrieval code to trace_helpers (Andrii,
patch 3)
[1] https://lore.kernel.org/bpf/1642678950-19584-1-git-send-email-alan.maguire@oracle.com/
[2] https://lore.kernel.org/bpf/1642004329-23514-1-git-send-email-alan.maguire@oracle.com/
Alan Maguire (4):
libbpf: support function name-based attach uprobes
libbpf: add auto-attach for uprobes based on section name
selftests/bpf: add get_lib_path() helper
selftests/bpf: add tests for u[ret]probe attach by name
tools/lib/bpf/libbpf.c | 327 ++++++++++++++++++++-
tools/lib/bpf/libbpf.h | 10 +-
.../selftests/bpf/prog_tests/attach_probe.c | 89 +++++-
.../selftests/bpf/progs/test_attach_probe.c | 37 +++
tools/testing/selftests/bpf/trace_helpers.c | 17 ++
tools/testing/selftests/bpf/trace_helpers.h | 2 +
6 files changed, 475 insertions(+), 7 deletions(-)
--
1.8.3.1
Powered by blists - more mailing lists