On Fri, 1 Apr 2022 01:11:01 +0000 Song Liu <songliubraving@xxxxxx> wrote: > Hi Steven, > > We hit an issue with bpf trampoline and kernel live patch on the > same function. > > Basically, we have tracing and live patch on the same function. > If we use kprobe (over ftrace) for tracing, it works fine with > live patch. However, fentry on the same function does not work > with live patch (the one comes later fails to attach). > > After digging into this, I found this is because bpf trampoline > uses register_ftrace_direct, which enables IPMODIFY by default. > OTOH, it seems that BPF doesn't really need IPMODIFY. As BPF > trampoline does a "goto do_fexit" in jit for BPF_TRAMP_MODIFY_RETURN. > > IIUC, we can let bpf trampoline and live patch work together with > an ipmodify-less version of register_ftrace_direct, like attached > below. > > Does this make sense to you? Did I miss something? I thought the BPF trampoline does: call bpf_trace_before_function call original_function + X86_PATCH_SIZE call bpf_trace_after_function Thus, the bpf direct trampoline calls the unpatched version of the function call making the live patch useless. Or is this not what it does? -- Steve
