From 2c6c2d8ad81cc16256887c1b1fa8ee2ffe147709 Mon Sep 17 00:00:00 2001 From: Leon Hwang Date: Sun, 15 Dec 2024 15:59:34 +0800 Subject: [PATCH] Fix getting FP on arm64 On arm64, R10 of bpf is not FP, aka A64_FP register. It should reuse `detect_tramp_fp()` function to get a valid FP. Signed-off-by: Leon Hwang --- bpf/kprobe_pwru.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/bpf/kprobe_pwru.c b/bpf/kprobe_pwru.c index 7c35bfcc..47de3d06 100644 --- a/bpf/kprobe_pwru.c +++ b/bpf/kprobe_pwru.c @@ -399,6 +399,24 @@ get_tracing_fp(void) return fp; } +#ifdef bpf_target_arm64 +static __always_inline u64 detect_tramp_fp(void); +#endif + +static __always_inline u64 +get_tramp_fp(void) { + u64 fp_tramp = 0; + +#ifdef bpf_target_x86 + u64 fp = get_tracing_fp(); + bpf_probe_read_kernel(&fp_tramp, sizeof(fp_tramp), (void *) fp); +#elif defined(bpf_target_arm64) + fp_tramp = detect_tramp_fp(); +#endif + + return fp_tramp; +} + static __always_inline u64 get_kprobe_fp(struct pt_regs *ctx) { @@ -408,7 +426,7 @@ get_kprobe_fp(struct pt_regs *ctx) static __always_inline u64 get_stackid(void *ctx, const bool is_kprobe) { u64 caller_fp; - u64 fp = is_kprobe ? get_kprobe_fp(ctx) : get_tracing_fp(); + u64 fp = is_kprobe ? get_kprobe_fp(ctx) : get_tramp_fp(); for (int depth = 0; depth < MAX_STACK_DEPTH; depth++) { if (bpf_probe_read_kernel(&caller_fp, sizeof(caller_fp), (void *)fp) < 0) break;