Re: Re: Is is possible to get the function calling stack in an fentry bpf program?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you Kui-Feng and Alan. I misunderstood the usage of bpf_stack_get(). I thought it would retrieve all data from the stack, including local variables. Now, I can get the following calling stack in my fentry bpf program:

ffffffffc07c9090 (bpf_prog_12dc2796861890d0_bpf_fentry___tcp_transmit_skb)
       |
ffffffffc07c9090 (bpf_prog_12dc2796861890d0_bpf_fentry___tcp_transmit_skb)
       |
ffffffffc465c000 (bpf_trampoline_6442564494_0)
       |
ffffffff85dd15a5 (__tcp_transmit_skb)
       |
ffffffff85dd15a5 (__tcp_push_pending_frames)
       |
ffffffff85dba8c9 (tcp_push)
       |
    ......

But the first two addresses look quite strange (bpf_fentry___tcp_transmit_skb is the name of my fentry bpf program), they are the same and look like they belong to the attached fentry bpf program. I don't know why this happens. Regardless, I can get the function that calls __tcp_transmit_skb() now.

> -----Original Messages-----
> From: "Kui-Feng Lee" <sinquersw@xxxxxxxxx>
> Sent Time: 2023-09-20 00:22:11 (Wednesday)
> To: "刘畅" <chang-liu22@xxxxxxxxxxxxxxxxxxxxx>, bpf@xxxxxxxxxxxxxxx
> Cc: 
> Subject: Re: Is is possible to get the function calling stack in an fentry bpf program?
> 
> 
> 
> On 9/19/23 06:55, 刘畅 wrote:
> > Hi all
> > 
> > I attached an fentry eBPF program to a kernel function, i.e., tcp_transmit_skb(). I want to implement different logic in the bpf program for different calling stack cases, e.g., __tcp_retransmit_skb()->tcp_transmit_skb() and tcp_write_xmit()->tcp_transmit_skb(). I know that I can access stack traces using the bpf_get_stack() helper function. However, in the fentry eBPF program, I don't know the value of the RSP and RBP register, which means I can not locate the return address even if I can get the stack traces. I want to know if there's any way that I can get the return address and thus get the function calling stack in an fentry bpf program.
> > 
> > I'd be appreciate if you can help me.
> > 
> > Chang Liu
> > Tsinghua University, China
> 
> Once you get stack returned by bpf_get_stack(), it is an array of
> addresses. For example,
> 
>   __u64 buf[256];
>   bpf_get_stack(ctx, buf, 256, 0);
> 
> buf[0], buf[1], ... will be addresses of caller sites from most inner.
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux