uprobe DWARF location attachment does not work with uprobe_multi #3173

viktormalik · 2024-05-16T11:05:11Z

#3095 introduced parsing of DWARF for a binary and attaching uprobes after the function prologue. This is currently not used in combination with uprobe_multi, compare:

# bpftrace  -e 'uprobe:tests/testprogs/uprobe_loop:uprobeFunction1 {  printf("%s\n", ustack); exit(); }' -c tests/testprogs/uprobe_loop
Attaching 1 probe...

        uprobeFunction1+13
        spin+37
        main+25
        __libc_start_call_main+122
        __libc_start_main_alias_1+139
        _start+37

# bpftrace  -e 'uprobe:tests/testprogs/uprobe_loop:uprobeFunction* {  printf("%s\n", ustack); exit(); }' -c tests/testprogs/uprobe_loop
Attaching 1 probe...

        uprobeFunction1+0
        main+25
        __libc_start_call_main+122
        __libc_start_main_alias_1+139
        _start+37

In the second stack, uprobe is not attached after the prologue.

Since uprobe_multi link actually accepts offsets rather that function names, it should be possible to use these two mechanisms together.

cc @ttreyer

The text was updated successfully, but these errors were encountered:

ttreyer · 2024-05-16T18:15:41Z

Since uprobe_multi link actually accepts offsets rather that function names, it should be possible to use these two mechanisms together.

Just to understand clearly, I could pass something like "uprobeFunction1+1234" inside the probe.funcs vector and the Kernel will set the probe at the specified offset? Or does it accept stringified addresses too?

ajor · 2024-05-16T18:48:15Z

It's bpftrace that does the symbol resolution already in resolve_offset_uprobe_multi.

Then we just pass the raw offsets to the kernel here:

bpftrace/src/attached_probe.cpp

Line 1102 in d592be8

opts.uprobe_multi.offsets = offsets.data();

viktormalik · 2024-05-17T05:49:37Z

It's bpftrace that does the symbol resolution already in resolve_offset_uprobe_multi.

Then we just pass the raw offsets to the kernel here:

bpftrace/src/attached_probe.cpp

Line 1102 in d592be8

opts.uprobe_multi.offsets = offsets.data();

Exactly. So, we could support storing function+offset in probe.funcs and then just add offset to the raw ELF offset passed to opts.uprobe_multi.offsets.

ttreyer · 2024-05-17T18:06:03Z

Is there something I need to enable in the Kernel?
I'm running Linux 6.8.9-300.fc40.aarch64, but bpftrace --info shows:

Probe types
  kprobe: yes
  tracepoint: yes
  perf_event: yes
  kfunc: yes
  kprobe_multi: no
  uprobe_multi: no
  raw_tp_special: yes
  iter: yes

ajor · 2024-05-20T13:03:52Z

I don't think there are any kernel settings to configure. Have you got a recent version of libbpf? Looks like it'll need 1.3 or newer: https://github.com/libbpf/libbpf/releases

viktormalik added the bug Something isn't working label May 16, 2024

viktormalik mentioned this issue May 16, 2024

Move probe expansion into codegen #3155

Merged

3 tasks

ajor added the userland Issues or PRs related to tracing userland applications and higher level languages label May 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

uprobe DWARF location attachment does not work with uprobe_multi #3173

uprobe DWARF location attachment does not work with uprobe_multi #3173

viktormalik commented May 16, 2024

ttreyer commented May 16, 2024 •

edited

ajor commented May 16, 2024

viktormalik commented May 17, 2024

ttreyer commented May 17, 2024

ajor commented May 20, 2024

uprobe DWARF location attachment does not work with uprobe_multi #3173

uprobe DWARF location attachment does not work with uprobe_multi #3173

Comments

viktormalik commented May 16, 2024

ttreyer commented May 16, 2024 • edited

ajor commented May 16, 2024

viktormalik commented May 17, 2024

ttreyer commented May 17, 2024

ajor commented May 20, 2024

ttreyer commented May 16, 2024 •

edited