Thread (57 messages) 57 messages, 5 authors, 2024-09-10

Re: [PATCH v2] tracing/uprobe: Add missing PID filter for uretprobe

From: Andrii Nakryiko <hidden>
Date: 2024-08-26 22:08:45
Also in: bpf 

On Mon, Aug 26, 2024 at 3:01 PM Jiri Olsa [off-list ref] wrote:
On Mon, Aug 26, 2024 at 11:25:53PM +0200, Oleg Nesterov wrote:
quoted
This is offtopic, sorry for the spam, but...

On 08/26, Jiri Olsa wrote:
quoted
On Mon, Aug 26, 2024 at 01:57:52PM +0200, Oleg Nesterov wrote:
quoted
Does bpftrace use bpf_uprobe_multi_link_attach/etc ? I guess not...
Then which userspace tool uses this code? ;)
yes, it will trigger if you attach to multiple uprobes, like with your
test example with:

  # bpftrace -p xxx -e 'uprobe:./ex:func* { printf("%d\n", pid); }'
Hmm. I reserved the testing machine with fedora 40 to play with bpftrace.

dummy.c:

      #include <unistd.h>

      void func1(void) {}
      void func2(void) {}

      int main(void) { for (;;) pause(); }

If I do

      # ./dummy &
      # bpftrace -p $! -e 'uprobe:./dummy:func* { printf("%d\n", pid); }'

and run

      # bpftrace -e 'kprobe:__uprobe_register { printf("%s\n", kstack); }'
did you just bpftrace-ed bpftrace? ;-) on my setup I'm getting:

[root@qemu ex]# ../bpftrace/build/src/bpftrace -e 'kprobe:uprobe_register { printf("%s\n", kstack); }'
Attaching 1 probe...

        uprobe_register+1
        bpf_uprobe_multi_link_attach+685
        __sys_bpf+9395
        __x64_sys_bpf+26
        do_syscall_64+128
        entry_SYSCALL_64_after_hwframe+118


I'm not sure what's bpftrace version in fedora 40, I'm using upstream build:

[root@qemu ex]# ../bpftrace/build/src/bpftrace --info 2>&1 | grep uprobe_multi
  uprobe_multi: yes
[root@qemu ex]# ../bpftrace/build/src/bpftrace --version
bpftrace v0.20.0

So what's the conclusion for the original issue? Do we have a path
forward with the fix?

jirka
quoted
on another console I get

      Attaching 1 probe...

        __uprobe_register+1
        probe_event_enable+399
        perf_trace_event_init+440
        perf_uprobe_init+152
        perf_uprobe_event_init+74
        perf_try_init_event+71
        perf_event_alloc+1681
        __do_sys_perf_event_open+447
        do_syscall_64+130
        entry_SYSCALL_64_after_hwframe+118

        __uprobe_register+1
        probe_event_enable+399
        perf_trace_event_init+440
        perf_uprobe_init+152
        perf_uprobe_event_init+74
        perf_try_init_event+71
        perf_event_alloc+1681
        __do_sys_perf_event_open+447
        do_syscall_64+130
        entry_SYSCALL_64_after_hwframe+118

so it seems that bpftrace doesn't use bpf_uprobe_multi_link_attach()
(called by sys_bpf(BPF_LINK_CREATE) ?) in this case.

But again, this is offtopic, please forget.

Oleg.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help