Commit 1034bd44 authored by Yonghong Song's avatar Yonghong Song

skip kprobe functions outside normal text section

Fix issue #1634.

When kernel is about to attach a kprobe, the following functions
are called:
  register_kprobe
    check_kprobe_address_safe
      kernel_text_address
        core_kernel_text

In core_kernel_text, we have:
        if (addr >= (unsigned long)_stext &&
            addr < (unsigned long)_etext)
                return 1;

Basically, any address outside of [_stext, _etext] will
be rejected.

The functions marked as __init are outside [_stext, _etext].
That is why vfs_caches_init_early and vfs_caches_init
are rejected by trace_kprobe.
Given a regex, this patch avoided attaching these functions
if their func addresses are outside [_stext, _etext] range.
Signed-off-by: default avatarYonghong Song <yhs@fb.com>
parent e0d808ec
...@@ -481,9 +481,18 @@ class BPF(object): ...@@ -481,9 +481,18 @@ class BPF(object):
with open("%s/../kprobes/blacklist" % TRACEFS, "rb") as blacklist_f: with open("%s/../kprobes/blacklist" % TRACEFS, "rb") as blacklist_f:
blacklist = set([line.rstrip().split()[1] for line in blacklist_f]) blacklist = set([line.rstrip().split()[1] for line in blacklist_f])
fns = [] fns = []
found_stext = False
with open("/proc/kallsyms", "rb") as avail_file: with open("/proc/kallsyms", "rb") as avail_file:
for line in avail_file: for line in avail_file:
(_, t, fn) = line.rstrip().split()[:3] (_, t, fn) = line.rstrip().split()[:3]
if found_stext is False:
if fn == b'_stext':
found_stext = True
continue
if fn == b'_etext':
break
if (t.lower() in [b't', b'w']) and re.match(event_re, fn) \ if (t.lower() in [b't', b'w']) and re.match(event_re, fn) \
and fn not in blacklist: and fn not in blacklist:
fns.append(fn) fns.append(fn)
...@@ -558,7 +567,7 @@ class BPF(object): ...@@ -558,7 +567,7 @@ class BPF(object):
ev_name = b"r_" + event.replace(b"+", b"_").replace(b".", b"_") ev_name = b"r_" + event.replace(b"+", b"_").replace(b".", b"_")
fd = lib.bpf_attach_kprobe(fn.fd, 1, ev_name, event) fd = lib.bpf_attach_kprobe(fn.fd, 1, ev_name, event)
if fd < 0: if fd < 0:
raise Exception("Failed to attach BPF to kprobe") raise Exception("Failed to attach BPF to kretprobe")
self._add_kprobe_fd(ev_name, fd) self._add_kprobe_fd(ev_name, fd)
return self return self
...@@ -877,7 +886,7 @@ class BPF(object): ...@@ -877,7 +886,7 @@ class BPF(object):
ev_name = self._get_uprobe_evname(b"r", path, addr, pid) ev_name = self._get_uprobe_evname(b"r", path, addr, pid)
fd = lib.bpf_attach_uprobe(fn.fd, 1, ev_name, path, addr, pid) fd = lib.bpf_attach_uprobe(fn.fd, 1, ev_name, path, addr, pid)
if fd < 0: if fd < 0:
raise Exception("Failed to attach BPF to uprobe") raise Exception("Failed to attach BPF to uretprobe")
self._add_uprobe_fd(ev_name, fd) self._add_uprobe_fd(ev_name, fd)
return self return self
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment