lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAEf4BzYRLxzVHw00DUphqqdv2m_AU7Mu=S0JF0PZYN40hBvHgA@mail.gmail.com>
Date:   Wed, 12 Jan 2022 09:04:30 -0800
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Alan Maguire <alan.maguire@...cle.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        john fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>, Jiri Olsa <jolsa@...nel.org>,
        Yucong Sun <sunyucong@...il.com>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>
Subject: Re: [RFC bpf-next 0/4] libbpf: userspace attach by name

On Wed, Jan 12, 2022 at 8:19 AM Alan Maguire <alan.maguire@...cle.com> wrote:
>
> This patch series is a rough attempt to support attach by name for
> uprobes and USDT (Userland Static Defined Tracing) probes.
> Currently attach for such probes is done by determining the offset
> manually, so the aim is to try and mimic the simplicity of kprobe
> attach, making use of uprobe opts.
>
> One restriction applies: uprobe attach supports system-wide probing
> by specifying "-1" for the pid.  That functionality is not supported,
> since we need a running process to determine the base address to
> subtract to get the uprobe-friendly offset.  There may be a way
> to do this without a running process, so any suggestions would
> be greatly appreciated.
>
> There are probably a bunch of subtleties missing here; the aim
> is to see if this is useful and if so hopefully we can refine
> it to deal with more complex cases.  I tried to handle one case
> that came to mind - weak library symbols - but there are probably
> other issues when determining which address to use I haven't
> thought of.
>
> Alan Maguire (4):
>   libbpf: support function name-based attach for uprobes
>   libbpf: support usdt provider/probe name-based attach for uprobes
>   selftests/bpf: add tests for u[ret]probe attach by name
>   selftests/bpf: add test for USDT uprobe attach by name
>

Hey Alan,

I've been working on USDT support last year. It's considerably more
code than in this RFC, but it handles not just finding a location of
USDT probe(s), but also fetching its arguments based on argument
location specification and more usability focused BPF-side APIs to
work with USDTs.

I don't remember how up to date it is, but the last "open source"
version of it can be found at [0]. I currently have the latest
debugged and tested version internally in the process of being
integrated into our profiling solution here at Meta. So far it seems
to be working fine and covers our production use cases well.

The plan is to open source it as a separate companion library to
libbpf some time in the next few months. Hopefully that would work for
you. Once it is available, I hope we can also utilize it to convert
some more BCC-based tools (that rely on USDT) to libbpf ([1]).

  [0] https://github.com/anakryiko/linux/commit/d473d042c8058da0a9e6c0353d97aeaf574925c6
  [1] https://github.com/iovisor/bcc/tree/master/libbpf-tools

>  tools/lib/bpf/libbpf.c                             | 244 +++++++++++++++++++++
>  tools/lib/bpf/libbpf.h                             |  17 +-
>  tools/testing/selftests/bpf/Makefile               |  34 +++
>  .../selftests/bpf/prog_tests/attach_probe.c        |  74 ++++++-
>  .../selftests/bpf/progs/test_attach_probe.c        |  24 ++
>  5 files changed, 391 insertions(+), 2 deletions(-)
>
> --
> 1.8.3.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ