Skip to content

v0.11

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 30 Sep 22:17
· 8 commits to master since this release
v0.11
b92f465

What's Changed

  • argument capture support for ARM64 added;
  • specially handle BPF helpers tracing, as normally they would be detected as non-failing (as they return u64); now retsnoop has hard-coded table with all BPF helpers and overrides return result according to UAPI semantics: pointer, signed integer, void, etc;
  • work around objpool -ENOMEM kernel bug that can prevent multi-kprobe attachment; now retsnoop will automatically reduce attachment batch size until it succeeds, finding reasonable tradeoff between very slow singular kprobe mode and full multi-kprobe mode;
  • added warning when entry (-e) function is detected as non-failing by retsnoop, which otherwise would lead to user confusion (unless --successes/-S mode is specified);
  • detect bogus /proc/kallsyms addresses (most probably due to kernel.kptr_restrict=2 sysctl setting), and propose steps to resolve this;
  • extended denylist of dangerous functions which shouldn't be traced, increasing safety.

Full Changelog: v0.10.1...v0.11

Assets 8
Loading