[External] Re: Question - Livepatch/Kprobe Coexistence on Ftrace-enabled Functions (Ubuntu kernel based on Linux stable 5.15.30)

Song Liu song at kernel.org
Fri Oct 17 19:07:40 UTC 2025 

On Fri, Oct 17, 2025 at 9:58 AM Song Liu <song at kernel.org> wrote:
>
> On Thu, Oct 16, 2025 at 2:55 PM Andrey Grodzovsky
> <andrey.grodzovsky at crowdstrike.com> wrote:
> [...]
> > [AG] - Trying first to point him at the original  function - but he
> > fails on the fexit I assume  - which is strange, I assumed fexit
> > (kretfunc) and livepatch can coexist ?
> >
> > ubuntu at ip-10-10-114-204:~$ sudo bpftrace -e
> > 'fentry:vmlinux:begin_new_exec { @start[tid] = nsecs; printf("-> EXEC
> > START (fentry): PID %d, Comm %s\n", pid, comm); }
> > fexit:vmlinux:begin_new_exec { $latency = nsecs - @start[tid];
> > delete(@start[tid]); printf("<- EXEC END (fexit): PID %d, Comm %s,
> > Retval %d, Latency %d us\n", pid, comm, retval, $latency / 1000); }'
> > Attaching 2 probes...
> > ERROR: Error attaching probe: kretfunc:vmlinux:begin_new_exec
> >
> > [AG] - Trying to skip the fexit and only do fentry - he still rejects
> > ubuntu at ip-10-10-114-204:~$ sudo bpftrace -vvv -e
> > 'fentry:vmlinux:begin_new_exec { @start[tid] = nsecs; printf("-> EXEC
> > START (fentry): PID %d, Comm %s\n", pid, comm); }'
> > sudo: unable to resolve host ip-10-10-114-204: Temporary failure in name
> > resolution
> > INFO: node count: 12
> > Attaching 1 probe...
> >
> > Program ID: 295
> >
> > The verifier log:
> > processed 50 insns (limit 1000000) max_states_per_insn 0 total_states 3
> > peak_states 3 mark_read 1
> >
> > Attaching kfunc:vmlinux:begin_new_exec
> > ERROR: Error attaching probe: kfunc:vmlinux:begin_new_exec
>
> OK, I could reproduce this issue and found the issue. In my test,
> fexit+livepatch works on some older kernel, but fails on some newer
> kernel. I haven't bisected to the commit that broke it.
>
> Something like the following make it work:
>
> diff --git i/kernel/trace/ftrace.c w/kernel/trace/ftrace.c
> index 2e113f8b13a2..4277b4f33eb8 100644
> --- i/kernel/trace/ftrace.c
> +++ w/kernel/trace/ftrace.c
> @@ -5985,6 +5985,8 @@ int register_ftrace_direct(struct ftrace_ops
> *ops, unsigned long addr)
>         ops->direct_call = addr;
>
>         err = register_ftrace_function_nolock(ops);
> +       if (err)
> +               remove_direct_functions_hash(direct_functions, addr);
>
>   out_unlock:
>         mutex_unlock(&direct_mutex);
>
> Andrey, could you also test this change?

Attached is a better version of the fix.

Thanks,
Song
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ftrace-Fix-BPF-fexit-with-livepatch.patch
Type: application/octet-stream
Size: 2100 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251017/4a118f3f/attachment.obj>

More information about the kernel-team mailing list