This repository has been archived by the owner on Oct 6, 2023. It is now read-only.
src/python: fix filtering by containers when kfunc are supported #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
get_mntns_id() has to access current_task->nsproxy->mnt_ns->ns.inum to get the mount namespace id. Before this commit, that line was written in C natural syntax and we're relying on the BCC rewriter to transform that to valid eBPF code by emitting some bpf_probe_read calls. This support was not working when using opensnoop in systems supporting kfuncs because in this case the BCC rewriter doesn't transform that line and the verifier claims about an invalid memory access: 7: (85) call bpf_get_current_task#35 ; return current_task->nsproxy->mnt_ns->ns.inum; 8: (79) r1 = *(u64 *)(r0 +2896) R0 invalid mem access 'inv' This commit fixes that by explicitly using bpf_probe_kernel_read() instead of the C natural syntax.
alban
approved these changes
Sep 8, 2021
mauriciovasquezbernal
deleted the
mauricio/fix-filtering-by-containers-opensnoop
branch
mauriciovasquezbernal
pushed a commit
that referenced
this pull request
Dec 20, 2022
…for -v option
Add additional information and change format of backtrace
- add symbol base offset, dso name, dso base offset
- symbol and dso info is included if it's available in target binary
- changed format:
INDEX ADDR [SYMBOL+OFFSET] (MODULE+OFFSET)
Print backtrace of ip if it failed to get syms.
Before:
# offcputime -v
psiginfo
vscanf
__snprintf_chk
[unknown]
[unknown]
[unknown]
[unknown]
[unknown]
sd_event_exit
sd_event_dispatch
sd_event_run
[unknown]
__libc_start_main
[unknown]
- systemd-journal (204)
1
xas_load
xas_find
filemap_map_pages
__handle_mm_fault
handle_mm_fault
do_page_fault
do_translation_fault
do_mem_abort
do_el0_ia_bp_hardening
el0_ia
xas_load
--
failed to get syms
- PmLogCtl (138757)
1
After:
# offcputime -v
#0 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
#1 0xffffffc01009a93c el0_svc_handler+0x34
#2 0xffffffc010084a08 el0_svc+0x8
#3 0xffffffc01018b7e8 __arm64_sys_clock_nanosleep+0x0
--
#4 0x0000007fa0bffd14 clock_nanosleep+0x94 (/usr/lib/libc-2.31.so+0x9ed14)
#5 0x0000007fa0c0530c nanosleep+0x1c (/usr/lib/libc-2.31.so+0xa430c)
#6 0x0000007fa0c051e4 sleep+0x34 (/usr/lib/libc-2.31.so+0xa41e4)
#7 0x000000558a5a9608 flb_loop+0x28 (/usr/bin/fluent-bit+0x52608)
#8 0x000000558a59f1c4 flb_main+0xa84 (/usr/bin/fluent-bit+0x481c4)
#9 0x0000007fa0b85124 __libc_start_main+0xe4 (/usr/lib/libc-2.31.so+0x24124)
#10 0x000000558a59d828 _start+0x34 (/usr/bin/fluent-bit+0x46828)
- fluent-bit (1238)
1
#0 0xffffffc01027daa4 generic_copy_file_checks+0x334
#1 0xffffffc0102ba634 __handle_mm_fault+0x8dc
#2 0xffffffc0102baa20 handle_mm_fault+0x168
#3 0xffffffc010ad23c0 do_page_fault+0x148
#4 0xffffffc010ad27c0 do_translation_fault+0xb0
#5 0xffffffc0100816b0 do_mem_abort+0x50
#6 0xffffffc0100843b0 el0_da+0x1c
#7 0xffffffc01027daa4 generic_copy_file_checks+0x334
--
#8 0x0000007f8dc12648 [unknown]
#9 0x0000007f8dc0aef8 [unknown]
#10 0x0000007f8dc1c990 [unknown]
#11 0x0000007f8dc08b0c [unknown]
#12 0x0000007f8dc08e48 [unknown]
#13 0x0000007f8dc081c8 [unknown]
- PmLogCtl (2412)
1
Fixed: iovisor#3884
Signed-off-by: Eunseon Lee <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
get_mntns_id() has to access current_task->nsproxy->mnt_ns->ns.inum to
get the mount namespace id. Before this commit, that line was written in
C natural syntax and we're relying on the BCC rewriter to transform that
to valid eBPF code by emitting some bpf_probe_read calls.
This support was not working when using opensnoop in systems supporting
kfuncs because in this case the BCC rewriter doesn't transform that line
and the verifier claims about an invalid memory access:
7: (85) call bpf_get_current_task#35
; return current_task->nsproxy->mnt_ns->ns.inum;
8: (79) r1 = *(u64 *)(r0 +2896)
R0 invalid mem access 'inv'
This commit fixes that by explicitly using bpf_probe_kernel_read()
instead of the C natural syntax.
It's not yet 100% clear that this is the best solution to that problem. I've asked for some more information about that error but I have received no response yet. I'm proposing a local fix to our fork to solve inspektor-gadget/inspektor-gadget#244, once we totally understand what's going on I'll propose a fix upstream.