git.baikalelectronics.ru Git - kernel.git/commit

author	Jiri Olsa <jolsa@kernel.org>
	Mon, 21 Mar 2022 07:01:13 +0000 (08:01 +0100)
committer	Daniel Borkmann <daniel@iogearbox.net>
	Mon, 21 Mar 2022 13:54:15 +0000 (14:54 +0100)
commit	44346efc1ec82d8f3b0e31cab0a6be57553fc6f8
tree	07d3fa348cd149225c1a5e6078b7994508324686	tree \| snapshot
parent	dc27d9a9fffb7c59b52e17768c11237230d77b51	commit \| diff

bpf: Fix kprobe_multi return probe backtrace

Andrii reported that backtraces from kprobe_multi program attached
as return probes are not complete and showing just initial entry [1].

It's caused by changing registers to have original function ip address
as instruction pointer even for return probe, which will screw backtrace
from return probe.

This change keeps registers intact and store original entry ip and
link address on the stack in bpf_kprobe_multi_run_ctx struct, where
bpf_get_func_ip and bpf_get_attach_cookie helpers for kprobe_multi
programs can find it.

[1] https://lore.kernel.org/bpf/CAEf4BzZDDqK24rSKwXNp7XL3ErGD4bZa1M6c_c4EvDSt3jrZcg@mail.gmail.com/T/#m8d1301c0ea0892ddf9dc6fba57a57b8cf11b8c51

Fixes: 457a3ba7d8c9 ("bpf: Add cookie support to programs attached with kprobe multi link")
Reported-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Andrii Nakryiko <andrii@kernel.org>
Link: https://lore.kernel.org/bpf/20220321070113.1449167-3-jolsa@kernel.org