Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

link/kprobe: specify symbol offset #613

Closed
wants to merge 3 commits into from
Closed

link/kprobe: specify symbol offset #613

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
746bd16
link/kprobe: Allow to parse symbol offset
xpu22 Mar 29, 2022
06f0ffc
link/kprobe: change the annotation
xpu22 Mar 30, 2022
0459611
link/kprobe: add kprobeToken test
xpu22 Mar 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 19 additions & 1 deletion link/kprobe.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,8 @@ type KprobeOptions struct {
//
// Needs kernel 5.15+.
Cookie uint64
// Kprobe symbol offset.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs more context. How is it used? Why is it necessary? How would the caller determine the correct offset to use?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, This offset is used for kprobe, because some functions in kernel is static or inline, we can't insert one probe. but we can use probe the caller with offset. This "offset" is same as tracefs kprobe_events

https://www.kernel.org/doc/html/latest/trace/kprobetrace.html

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Kprobe symbol offset.
// Offset of the kprobe relative to the traced symbol.
// Can be used to insert kprobes at arbitrary offsets in kernel functions,
// e.g. in places where functions have been inlined.

Offset uint64
}

const (
Expand Down Expand Up @@ -162,6 +164,7 @@ func kprobe(symbol string, prog *ebpf.Program, opts *KprobeOptions, ret bool) (*

if opts != nil {
args.cookie = opts.Cookie
args.offset = opts.Offset
}

// Use kprobe PMU if the kernel has it available.
Expand Down Expand Up @@ -234,8 +237,12 @@ func pmuProbe(typ probeType, args probeArgs) (*perfEvent, error) {
}

attr = unix.PerfEventAttr{
// The minimum size required for PMU kprobes is PERF_ATTR_SIZE_VER1,
// since it added the config2 (Ext2) field. Use Ext2 as probe_offset.
Size: unix.PERF_ATTR_SIZE_VER1,
Type: uint32(et), // PMU event type read from sysfs
Ext1: uint64(uintptr(sp)), // Kernel symbol to trace
Ext2: args.offset, // Kernel symbol offset
Config: config, // Retprobe flag
}
case uprobeType:
Expand Down Expand Up @@ -385,7 +392,7 @@ func createTraceFSProbeEvent(typ probeType, args probeArgs) error {
// subsampling or rate limiting logic can be more accurately implemented in
// the eBPF program itself.
// See Documentation/kprobes.txt for more details.
pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, args.symbol)
pe = fmt.Sprintf("%s:%s/%s %s", probePrefix(args.ret), args.group, args.symbol, kprobeToken(args))
case uprobeType:
// The uprobe_events syntax is as follows:
// p[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS] : Set a probe
Expand Down Expand Up @@ -489,3 +496,14 @@ func kretprobeBit() (uint64, error) {
})
return kprobeRetprobeBit.value, kprobeRetprobeBit.err
}

// kprobeToken creates the SYM[+offs] token for the tracefs api.
func kprobeToken(args probeArgs) string {
ti-mo marked this conversation as resolved.
Show resolved Hide resolved
po := args.symbol

if args.offset != 0 {
po += fmt.Sprintf("+%#x", args.offset)
}

return po
}