On Tue, Jan 01, 2019 at 10:16:54PM +0900, Masami Hiramatsu wrote: ... > > > > > Do you see a nice and clean way to blacklist all these functions > > > > > (something like arch_populate_kprobe_blacklist()), or should we just > > > > > flag all of them explicitly with NOKPROBE_SYMBOL()? > > > > > > > > As I pointed, you can probe it via your own kprobe module. Like > > > > systemtap, > > > > you still can probe it. The blacklist is for "kprobes", not for > > > > "kprobe_events". > > > > (Those are used to same, but since the above commit, those are > > > > different now) > > > > > > > > I think the most sane solution is, identifying which (combination of) > > > > functions > > > > in ftrace (kernel/trace/*) causes a problem, marking those > > > > NOKPROBE_SYMBOL() and > > > > removing CONFIG_KPROBE_EVENTS_ON_NOTRACE. > > > > I'm planning to spend a little bit more time on this and see if I can > > identify the problematic ftrace functions and eventually drop > > CONFIG_KPROBE_EVENTS_ON_NOTRACE, following the sane solution. > > > > However, in the meantime, with the following patch I've been able to get > > a more reliable kprobes blacklist and show also the notrace functions in > > debugfs when CONFIG_KPROBE_EVENTS_ON_NOTRACE is off. > > Hmm, if CONFIG_KPROBE_EVENTS_ON_NOTRACE=n, we already have a whitelist of > functions in /sys/kernel/debug/tracing/available_filter_functions, > so I don't think we need a blacklist.
OK. > > > It's probably ugly and inefficient, because it's iterating over all > > symbols in x86's arch_populate_kprobe_blacklist(), but it seems to work > > for my specific use case, so I thought it shouldn't be bad to share it, > > just in case (maybe someone else is also interested). > > Hmm, but in that case, it limits other native kprobes users like systemtap > to disable probing on notrace functions with no reasons. That may not be > acceptable. True... > > OK, I'll retry to find which notrace function combination tracing with > kprobes are problematic. Let me do it... OK. Thanks tons for looking into this! -Andrea
