core: probe: kernel: kprobe: fix ksym retrieval for CONFIG_X86_KERNEL_IBT=y

retis-org / retis

Tracing packets in the Linux networking stack & friends

https://retis.readthedocs.io/en/stable/

100 stars 14 forks source link

core: probe: kernel: kprobe: fix ksym retrieval for CONFIG_X86_KERNEL_IBT=y #132

Closed atenart closed 1 year ago

atenart commented 1 year ago

When CONFIG_X86_KERNEL_IBT=y an endbr instruction at the function entry is added, resulting in IP being +4 further. Add a conditional to select the right offset to subtract from PT_REGS_IP when retrieving the function IP (ksym).

A future work could be to use bpf_get_func_ip instead, but that isn't supported in all kernel versions so it should be done with care.

atenart commented 1 year ago

The fix should now work better, it is good to be reviewed and merged.

vlrpl commented 1 year ago

The fix should now work better, it is good to be reviewed and merged.

Nice catch! I added a note that should make sense for the user, but other than that the patch lgtm