| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Jan 2022 09:04:30 -0800
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Alan Maguire <alan.maguire@...cle.com>
Cc: Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
john fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
Yucong Sun <sunyucong@...il.com>,
Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [RFC bpf-next 0/4] libbpf: userspace attach by name
On Wed, Jan 12, 2022 at 8:19 AM Alan Maguire <alan.maguire@...cle.com> wrote:
>
> This patch series is a rough attempt to support attach by name for
> uprobes and USDT (Userland Static Defined Tracing) probes.
> Currently attach for such probes is done by determining the offset
> manually, so the aim is to try and mimic the simplicity of kprobe
> attach, making use of uprobe opts.
>
> One restriction applies: uprobe attach supports system-wide probing
> by specifying "-1" for the pid. That functionality is not supported,
> since we need a running process to determine the base address to
> subtract to get the uprobe-friendly offset. There may be a way
> to do this without a running process, so any suggestions would
> be greatly appreciated.
>
> There are probably a bunch of subtleties missing here; the aim
> is to see if this is useful and if so hopefully we can refine
> it to deal with more complex cases. I tried to handle one case
> that came to mind - weak library symbols - but there are probably
> other issues when determining which address to use I haven't
> thought of.
>
> Alan Maguire (4):
> libbpf: support function name-based attach for uprobes
> libbpf: support usdt provider/probe name-based attach for uprobes
> selftests/bpf: add tests for u[ret]probe attach by name
> selftests/bpf: add test for USDT uprobe attach by name
>
Hey Alan,
I've been working on USDT support last year. It's considerably more
code than in this RFC, but it handles not just finding a location of
USDT probe(s), but also fetching its arguments based on argument
location specification and more usability focused BPF-side APIs to
work with USDTs.
I don't remember how up to date it is, but the last "open source"
version of it can be found at [0]. I currently have the latest
debugged and tested version internally in the process of being
integrated into our profiling solution here at Meta. So far it seems
to be working fine and covers our production use cases well.
The plan is to open source it as a separate companion library to
libbpf some time in the next few months. Hopefully that would work for
you. Once it is available, I hope we can also utilize it to convert
some more BCC-based tools (that rely on USDT) to libbpf ([1]).
[0] https://github.com/anakryiko/linux/commit/d473d042c8058da0a9e6c0353d97aeaf574925c6
[1] https://github.com/iovisor/bcc/tree/master/libbpf-tools
> tools/lib/bpf/libbpf.c | 244 +++++++++++++++++++++
> tools/lib/bpf/libbpf.h | 17 +-
> tools/testing/selftests/bpf/Makefile | 34 +++
> .../selftests/bpf/prog_tests/attach_probe.c | 74 ++++++-
> .../selftests/bpf/progs/test_attach_probe.c | 24 ++
> 5 files changed, 391 insertions(+), 2 deletions(-)
>
> --
> 1.8.3.1
>
Powered by blists - more mailing lists