lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170530142437.656ec63d@redhat.com>
Date:   Tue, 30 May 2017 14:24:37 +0200
From:   Jesper Dangaard Brouer <brouer@...hat.com>
To:     Adel Fuchs <adelfuchs@...il.com>
Cc:     brouer@...hat.com, netdev@...r.kernel.org,
        "xdp-newbies@...r.kernel.org" <xdp-newbies@...r.kernel.org>,
        "iovisor-dev@...ts.iovisor.org" <iovisor-dev@...ts.iovisor.org>
Subject: Re: Error with printk and bpf_trace_printk


Notice, there are two mailing lists (Cc'ed) that you should likely ask
these kind of questions on (instead of netdev), depending on if this is
mostly related to bpf (iovisor-dev@...ts.iovisor.org) or somehow
related to XDP (xdp-newbies@...r.kernel.org).

See my answer inlined below:

On Sun, 28 May 2017 17:48:20 +0300 Adel Fuchs <adelfuchs@...il.com> wrote:

> I have a working eBPF program, and I'm trying to add outputs to it.
> I'm not able to use both printk and bpf_trace_printk functions. I get
> this error:
> 
> ELF contains non-map related relo data in entry 0 pointing to section
> 8! Compiler bug?!
> 
> Prog section 'ingress' rejected: Invalid argument (22)!
>  - Type:         3
>  - Instructions: 16 (0 over limit)
>  - License:      GPL
> 
> Verifier analysis:
> 
> 0: (bf) r6 = r1
> 1: (18) r1 = 0x0
> 3: (85) call bpf_unspec#0
> unknown func bpf_unspec#0
> 
> Error fetching program/map!
> Failed to retrieve (e)BPF data!
> 
> Are there certain "includes" that I need to add?
> In addition, I'm not sure I'm using the function correctly. I just
> wrote: printk("hi")

You obviously cannot call printk directly from and eBPF program.
I wonder how you got this compiling...

As you hinted yourself, you should be using: bpf_trace_printk().
But it is actually tricky to use... and not much help is around to
figure this out.

First of all the output end-up in this file: /sys/kernel/debug/tracing/trace_pipe
Remember to read the output use 'cat' like:

 sudo cat /sys/kernel/debug/tracing/trace_pipe

And only the first process to read the output gets the output...


I deduct you are using the TC/iproute2 examples:
 https://git.kernel.org/pub/scm/linux/kernel/git/shemminger/iproute2.git/tree/examples/bpf

Next gotcha is that, you need to provide the char* string in a very
special way to make this compile correctly.  The iproute2 provide a
helper define called "printt()" in include/bpf_api.h for this:

#ifndef printt
# define printt(fmt, ...)                                               \
        ({                                                              \
                char ____fmt[] = fmt;                                   \
                trace_printk(____fmt, sizeof(____fmt), ##__VA_ARGS__);  \
        })
#endif

Or see my solution here:
[1] https://github.com/netoptimizer/prototype-kernel/blob/master/kernel/samples/bpf/xdp_ddos01_blacklist_kern.c#L86:L99


Another gotcha I've experienced is that if you format the string
incorrectly, or use a modifier like %X, which bpf_trace_printk() does
not seem to understand, then you "hear-nothing"...  Also experienced if
using more than 3 arguments, then it fails or also go silent. Be
careful when using this somewhat "flaky" debug facility.

Do remember these bpf_trace_printk() should only be used for debugging,
as it is very slow...
-- 
Best regards,
  Jesper Dangaard Brouer
  MSc.CS, Principal Kernel Engineer at Red Hat
  LinkedIn: http://www.linkedin.com/in/brouer

Powered by blists - more mailing lists