Topics

Getting function's address from BPF_TRACE_FENTRY BPF program

Yutaro Hayakawa
 

Hello,

Is there any way to get the address of the function in fentry type programs like
kprobe type programs does by PT_REGS_IP(pt_regs)?

I'd like to migrate my kprobe based tool[1] to fentry based one, but only this
feature is missing right now. Since the tool attaches single BPF program to
the multiple kernel functions, it needs to have function's address to identify
which function the trace data comes from.

Regards,
Yutaro

Alexei Starovoitov
 

On Fri, Mar 6, 2020 at 11:19 PM Yutaro Hayakawa <yhayakawa3720@...> wrote:

Hello,

Is there any way to get the address of the function in fentry type programs like
kprobe type programs does by PT_REGS_IP(pt_regs)?

I'd like to migrate my kprobe based tool[1] to fentry based one, but only this
feature is missing right now. Since the tool attaches single BPF program to
the multiple kernel functions, it needs to have function's address to identify
which function the trace data comes from.

[1] https://github.com/YutaroHayakawa/ipftrace
I think this approach won't quite work with fentry because
the same fenty type prog cannot be attached to multiple kernel functions.
At load time the kernel verifier needs to hold target kernel function,
check that arguments match, etc. So at that point the target function
address is fixed and when fentry prog is called it will see only one
'faddr' == regs_ip.

Yutaro Hayakawa
 

I see, so this means the fentry program
needs to load and verify the program for
every functions to attach right?

In my (maybe very specific) case, the
tool may attaches programs to more than
1000 functions. So it is important to
reduce the programs to reduce the attach
time.

I will continue to use kprobe. Thank you very
much for your help.

Yutaro

On Mar 8, 2020, at 4:19, Alexei Starovoitov <alexei.starovoitov@...> wrote:

´╗┐On Fri, Mar 6, 2020 at 11:19 PM Yutaro Hayakawa <yhayakawa3720@...> wrote:

Hello,

Is there any way to get the address of the function in fentry type programs like
kprobe type programs does by PT_REGS_IP(pt_regs)?

I'd like to migrate my kprobe based tool[1] to fentry based one, but only this
feature is missing right now. Since the tool attaches single BPF program to
the multiple kernel functions, it needs to have function's address to identify
which function the trace data comes from.

[1] https://github.com/YutaroHayakawa/ipftrace
I think this approach won't quite work with fentry because
the same fenty type prog cannot be attached to multiple kernel functions.
At load time the kernel verifier needs to hold target kernel function,
check that arguments match, etc. So at that point the target function
address is fixed and when fentry prog is called it will see only one
'faddr' == regs_ip.