bpf: show real jited prog address in /proc/kallsyms

Currently, /proc/kallsyms shows page address of jited bpf program. The
main reason here is to not expose randomized start address. However,
This is not ideal for detailed profiling (find hot instructions from
stack traces). This patch replaces the page address with real prog start
address.

This change is OK because these addresses are still protected by sysctl
kptr_restrict (see kallsyms_show_value()), and only programs loaded by
root are added to kallsyms (see bpf_prog_kallsyms_add()).

Signed-off-by: Song Liu <songliubraving@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This commit is contained in:
Song Liu 2018-11-02 10:16:15 -07:00 committed by Daniel Borkmann
parent 7de414a9dd
commit df0734702a

View File

@ -553,7 +553,6 @@ bool is_bpf_text_address(unsigned long addr)
int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type, int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
char *sym) char *sym)
{ {
unsigned long symbol_start, symbol_end;
struct bpf_prog_aux *aux; struct bpf_prog_aux *aux;
unsigned int it = 0; unsigned int it = 0;
int ret = -ERANGE; int ret = -ERANGE;
@ -566,10 +565,9 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
if (it++ != symnum) if (it++ != symnum)
continue; continue;
bpf_get_prog_addr_region(aux->prog, &symbol_start, &symbol_end);
bpf_get_prog_name(aux->prog, sym); bpf_get_prog_name(aux->prog, sym);
*value = symbol_start; *value = (unsigned long)aux->prog->bpf_func;
*type = BPF_SYM_ELF_TYPE; *type = BPF_SYM_ELF_TYPE;
ret = 0; ret = 0;