Thread (57 messages) 57 messages, 6 authors, 2017-03-08

Re: [PATCH v4 2/3] perf: kretprobes: offset from reloc_sym if kernel supports it

From: Naveen N. Rao <hidden>
Date: 2017-03-06 19:04:44
Also in: lkml 

On 2017/03/04 01:34PM, Masami Hiramatsu wrote:
On Sat, 4 Mar 2017 11:35:51 +0900
Masami Hiramatsu [off-list ref] wrote:
quoted
On Sat, 4 Mar 2017 09:49:11 +0900
Masami Hiramatsu [off-list ref] wrote:
quoted
On Thu,  2 Mar 2017 23:25:06 +0530
"Naveen N. Rao" [off-list ref] wrote:
quoted
We indicate support for accepting sym+offset with kretprobes through a
line in ftrace README. Parse the same to identify support and choose the
appropriate format for kprobe_events.
Could you give us an example of this change here? :)
for example, comment of commit 613f050d68a8 .

I think the code is OK, but we need actual example of result.
Hi Naveen,

I've tried following commands

$ grep "[Tt] user_read$" /proc/kallsyms  
0000000000000000 T user_read
0000000000000000 t user_read
$ sudo ./perf probe -D user_read%return
r:probe/user_read _text+3539616
r:probe/user_read_1 _text+3653408

OK, looks good. However, when I set the retprobes, I got an error.

$ sudo ./perf probe -a user_read%return
Failed to write event: Invalid argument
  Error: Failed to add events.

And kernel rejected that.

$ dmesg -k | tail -n 1
[  850.315068] Given offset is not valid for return probe.

Hmm, curious..
Ah, I see.

static int create_trace_kprobe(int argc, char **argv)
...
        } else {
                /* a symbol specified */
                symbol = argv[1];
                /* TODO: support .init module functions */
                ret = traceprobe_split_symbol_offset(symbol, &offset);
                if (ret) {
                        pr_info("Failed to parse symbol.\n");
                        return ret;
                }
                if (offset && is_return &&
                    !arch_function_offset_within_entry(offset)) {
                        pr_info("Given offset is not valid for return probe.\n");
                        return -EINVAL;
                }
        }

So, actually, traceprobe_split_symbol_offset() just split out symbol
and offset from symbol string (e.g. "_text+3539616").
So, you should use kallsyms_lookup_size_offset() here again to check
offset.
Ah, nice catch! I should have tested Steven's patch...

Please try attached patch (I've already tested on x86-64).

$ sudo ./perf probe -a user_read%return
Added new events:
  probe:user_read      (on user_read%return)
  probe:user_read_1    (on user_read%return)

You can now use it in all perf tools, such as:

	perf record -e probe:user_read_1 -aR sleep 1

$ sudo ./perf probe -l
  probe:user_read      (on user_read%return@security/keys/user_defined.c)
  probe:user_read_1    (on user_read%return@selinux/ss/policydb.c)
$ sudo cat /sys/kernel/debug/kprobes/list
ffffffff9637bf70  r  user_read+0x0    [DISABLED][FTRACE]
ffffffff963602f0  r  user_read+0x0    [DISABLED][FTRACE]
Thanks, I will test this.


- Naveen
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help