From: Jackie Liu <liuyun01@xxxxxxxxxx> When using regular expression matching with "kprobe multi", it scans all the functions under "/proc/kallsyms" that can be matched. However, not all of them can be traced by kprobe.multi. If any one of the functions fails to be traced, it will result in the failure of all functions. The best approach is to filter out the functions that cannot be traced to ensure proper tracking of the functions. But, the addition of these checks will frequently probe whether a function complies with "available_filter_functions" and ensure that it has not been filtered by kprobe's blacklist. As a result, it may take a longer time during startup. The function implementation is referenced from BCC's "kprobe_exists()" Here is the test eBPF program [1]. [1] https://github.com/JackieLiu1/ketones/commit/a9e76d1ba57390e533b8b3eadde97f7a4535e867 Signed-off-by: Jackie Liu <liuyun01@xxxxxxxxxx> --- tools/lib/bpf/libbpf.c | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index ad1ec893b41b..6a201267fa08 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -10421,6 +10421,50 @@ struct kprobe_multi_resolve { size_t cnt; }; +static bool filter_available_function(const char *name) +{ + char addr_range[256]; + char sym_name[256]; + FILE *f; + int ret; + + f = fopen("/sys/kernel/debug/kprobes/blacklist", "r"); + if (!f) + goto avail_filter; + + while (true) { + ret = fscanf(f, "%s %s%*[^\n]\n", addr_range, sym_name); + if (ret == EOF && feof(f)) + break; + if (ret != 2) + break; + if (!strcmp(name, sym_name)) { + fclose(f); + return false; + } + } + fclose(f); + +avail_filter: + f = fopen("/sys/kernel/debug/tracing/available_filter_functions", "r"); + if (!f) + return true; + + while (true) { + ret = fscanf(f, "%s%*[^\n]\n", sym_name); + if (ret == EOF && feof(f)) + break; + if (ret != 1) + break; + if (!strcmp(name, sym_name)) { + fclose(f); + return true; + } + } + fclose(f); + return false; +} + static int resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type, const char *sym_name, void *ctx) @@ -10431,6 +10475,9 @@ resolve_kprobe_multi_cb(unsigned long long sym_addr, char sym_type, if (!glob_match(sym_name, res->pattern)) return 0; + if (!filter_available_function(sym_name)) + return 0; + err = libbpf_ensure_mem((void **) &res->addrs, &res->cap, sizeof(unsigned long), res->cnt + 1); if (err) -- 2.25.1