• Andrii Nakryiko's avatar
    perf,uprobes: fix user stack traces in the presence of pending uretprobes · 4a365eb8
    Andrii Nakryiko authored
    When kernel has pending uretprobes installed, it hijacks original user
    function return address on the stack with a uretprobe trampoline
    address. There could be multiple such pending uretprobes (either on
    different user functions or on the same recursive one) at any given
    time within the same task.
    
    This approach interferes with the user stack trace capture logic, which
    would report suprising addresses (like 0x7fffffffe000) that correspond
    to a special "[uprobes]" section that kernel installs in the target
    process address space for uretprobe trampoline code, while logically it
    should be an address somewhere within the calling function of another
    traced user function.
    
    This is easy to correct for, though. Uprobes subsystem keeps track of
    pending uretprobes and records original return addresses. This patch is
    using this to do a post-processing step and restore each trampoline
    address entries with correct original return address. This is done only
    if there are pending uretprobes for current task.
    
    This is a similar approach to what fprobe/kretprobe infrastructure is
    doing when capturing kernel stack traces in the presence of pending
    return probes.
    
    Link: https://lore.kernel.org/all/20240522013845.1631305-3-andrii@kernel.org/Reported-by: default avatarRiham Selim <rihams@meta.com>
    Signed-off-by: default avatarAndrii Nakryiko <andrii@kernel.org>
    Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
    4a365eb8
uprobes.c 57.7 KB