1

Is it possible to identify where the kernel function returned using kretprobe or BPF code? For example;

void func()
{
.........some line......
.........some line......
  if (condition1)
    return;
.........some line......
.........some line......
  if(condition2)
     return;
.........some line......
  if(condition3)
     return;
.........some line......
.........some line......
.........some line......
  return;
}

If I have a kernel function like this, how would I know which return was hit?

Franc
  • 319
  • 9
  • 28
  • The compiler will re-write your function to `void foo() { return; }`. There isn't much to check. Now it would be another story had you made the function non-void and returned different values in each branch. – Marco Bonelli Dec 16 '22 at 13:21
  • @MarcoBonelli, I have edited the code to avoid confusion. This code is to elaborate my question not the real one. Generally I would like to know how to get to know at what statement the function returned using kprobe/bpf . – Franc Dec 16 '22 at 13:44
  • You could kprobe on each return line. There is nothing in CPU instruction execution that remembers the past instruction path. – stark Dec 19 '22 at 13:28
  • @stark, you meant use the address of instruction and keep the probe there, like 'p:0x012345H' ? – Franc Dec 19 '22 at 15:53

1 Answers1

1

I guess you can create a kprobe on each return line.

If you are the author of the function you try to trace, I'd just set a global variable to certain value for each branch taken.

LITzman
  • 730
  • 1
  • 16