Re: [PATCH v3] tracing: precise log info for kretprobe addr err

Tue, 26 Jan 2021 19:35:29 -0800 

On Tue, 26 Jan 2021 22:17:23 +0100
Oleg Nesterov <o...@redhat.com> wrote:

> On 01/26, Steven Rostedt wrote:
> >
> > On Tue, 26 Jan 2021 21:20:59 +0100
> > Oleg Nesterov <o...@redhat.com> wrote:
> >  
> > > > No, not wrong. Even offset != 0, if the symbol exists in the kernel,
> > > > kprobe_on_func_entry() will check it.  
> > >
> > > Yes, but unless I am totally confused... if kprobe_on_func_entry() 
> > > returns false,
> > > then trace_kprobe_create() should fail with BAD_RETPROBE even if offset 
> > > == 0 ?  
> >
> > From what I understand. kprobe_on_func_entry() can return false if you pass
> > in: "MOD:not_yet_loaded_module_func", but this is OK, because when the
> > module is loaded, and the "not_yet_loaded_module_func" exists, the
> > kretprobe will then be added.
> >
> > The strchr(symbol,":") check is to see if "MOD:" (or some other ":" command)
> > is in the name, and we don't want it to fail if it is. Which is why we
> > should have that commented.  
> 
> Agreed, this matches my understanding.
> 
> But just in case... not sure I read this code correctly, but I think that
> module_kallsyms_lookup_name("not_yet_loaded_module_func") should work even
> without the "MOD:" prefix.
> 
> IOW, kprobe_on_func_entry("not_yet_loaded_module_func") can fail, and then
> later succeed if you load the module which provides this symbol.
> 
> But even if I am right, I agree with the strchr(symbol,":") check.

I see what you are saying. If "MOD" is not loaded yet, the
kprobe_on_func_entry() should succeed.

kprobe_on_func_entry(name) {
        _kprobe_addr(name) {
                _kprobe_lookup_name(name) {
                        kallsyms_lookup_name(name) {
                                module_kallsyms_lookup_name(name) {

Which is:

unsigned long module_kallsyms_lookup_name(const char *name)
{
        struct module *mod;
        char *colon;
        unsigned long ret = 0;

        /* Don't lock: we're in enough trouble already. */
        preempt_disable();
        if ((colon = strnchr(name, MODULE_NAME_LEN, ':')) != NULL) {
                if ((mod = find_module_all(name, colon - name, false)) != NULL)
                        ret = find_kallsyms_symbol_value(mod, colon+1);
        } else {
                list_for_each_entry_rcu(mod, &modules, list) {
                        if (mod->state == MODULE_STATE_UNFORMED)
                                continue;
                        if ((ret = find_kallsyms_symbol_value(mod, name)) != 0)
                                break;
                }
        }
        preempt_enable();
        return ret;
}


And if find_module_all() fails, ret isn't updated, and "return ret" will
return zero.

That is, the ":" check may not be needed, but its at least good to have?

-- Steve

Reply via email to