bpf: change fake_ip for bpf_trace_printk helper
authorYonghong Song <yhs@fb.com>
Wed, 17 Jan 2018 17:19:32 +0000 (09:19 -0800)
committerDaniel Borkmann <daniel@iogearbox.net>
Thu, 18 Jan 2018 00:51:42 +0000 (01:51 +0100)
Currently, for bpf_trace_printk helper, fake ip address 0x1
is used with comments saying that fake ip will not be printed.
This is indeed true for 4.12 and earlier version, but for
4.13 and later version, the ip address will be printed if
it cannot be resolved with kallsym. Running samples/bpf/tracex5
program and you will have the following in the debugfs
trace_pipe output:
  ...
  <...>-1819  [003] ....   443.497877: 0x00000001: mmap
  <...>-1819  [003] ....   443.498289: 0x00000001: syscall=102 (one of get/set uid/pid/gid)
  ...

The kernel commit changed this behavior is:
  commit feaf1283d11794b9d518fcfd54b6bf8bee1f0b4b
  Author: Steven Rostedt (VMware) <rostedt@goodmis.org>
  Date:   Thu Jun 22 17:04:55 2017 -0400

      tracing: Show address when function names are not found
  ...

This patch changed the comment and also altered the fake ip
address to 0x0 as users may think 0x1 has some special meaning
while it doesn't. The new output:
  ...
  <...>-1799  [002] ....    25.953576: 0: mmap
  <...>-1799  [002] ....    25.953865: 0: read(fd=0, buf=00000000053936b5, size=512)
  ...

Signed-off-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
kernel/trace/bpf_trace.c

index f274468..fc2838a 100644 (file)
@@ -245,7 +245,7 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt, u32, fmt_size, u64, arg1,
  */
 #define __BPF_TP_EMIT()        __BPF_ARG3_TP()
 #define __BPF_TP(...)                                                  \
-       __trace_printk(1 /* Fake ip will not be printed. */,            \
+       __trace_printk(0 /* Fake ip */,                                 \
                       fmt, ##__VA_ARGS__)
 
 #define __BPF_ARG1_TP(...)                                             \