科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>ebpf - libbpf failure on system with BTF disabled(bpf program load failure with CORE and NON CORE kernel handlers) - Stack Overf

    ebpf - libbpf failure on system with BTF disabled(bpf program load failure with CORE and NON CORE kernel handlers) - Stack Overf

    programmeradmin8浏览0评论

    (sorry for posting here, couldn't create ticket on github/libbpf ) libbf failure on system with BTF disabled. Issue : we are doing negative testing for our product like disabling BTF INFO from kernel.

    Current failure test we have BPF_SYSCALL enabled but disabled CONFIG_DEBUG_INFO_BTF=n. meaning we don't have /sys/kernel/btf/vmlinux.

    we have code with both CORE dependent and non CORE bpf kernel code handlers. Features are enabled or disabled based on config.

    some of CORE depended programs are not loaded ( bpf_program__set_autoload(). but user space failing with following error because libbpf looking for vmlinux.

    libbpf: kernel BTF is missing at '/sys/kernel/btx/vmlinux', was CONFIG_DEBUG_INFO_BTF enabled?

    obj_needs_vmlinux_btf-> hitting if (obj->btf_ext && obj->btf_ext->core_relo_info.len && !obj->btf_custom_path) -> true;

    Question is, How do we stop libbpf to stop looking for BTF and vmlinux when CORE related programs are disabled. is there way to set some flags for bpf object to stop this.

    Tried to simulate our product code with libbpf-bootstrap/examples/c /bootstrap.bpf.c

    userspace CORE handlers disabled while loading bootstrap.bpf.c.

        +       bpf_program__set_autoload(skel->progs.handle_exec, false);
    +       bpf_program__set_autoload(skel->progs.handle_exit, false);

    added extra tracepoint (non core) in bootstrap.bpf.c (along with core handlers)

        +SEC("tp/syscalls/sys_enter_write")
    +int handle_tp(void *ctx)
    +{
    +       int my_pid = 0;
    +        int pid = bpf_get_current_pid_tgid() >> 32;
    +
    +        if (pid != my_pid)
    +                return 0;
    +
    +        bpf_printk("BPF triggered from PID %d.\n", pid);
    +
    +        return 0;
    +}

    following error we are getting because while opening bpf object , libbpf inpsecting and preparing btf

    libbpf: kernel BTF is missing at '/sys/kernel/btf/vmlinux', was CONFIG_DEBUG_INFO_BTF enabled?
libbpf: failed to find '.BTF' ELF section in /lib/modules/6.0.7/build/vmlinux
libbpf: failed to find valid kernel BTF
libbpf: Error loading vmlinux BTF: -ESRCH
libbpf: failed to load BPF skeleton 'bootstrap_bpf': -ESRCH

    FYI : using latest libbpf version from github (updated libbpf-bootstrap libbpf )

    OS Details : Linux Ubuntu 24.04 LTS-64 Distribution Details : "Ubuntu 24.04 LTS" Kernel Details : 6.0.7

    Giving smaller reproducer code ,sorry for confusion.

    Adding code : example is taken from .git

    Files : user kprobe.c kernel : kprobe.bpf.c

    Modifications : added non core handler code tp/syscalls/sys_enter_write

    user space code:

// SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
/* Copyright (c) 2021 Sartura
 * Based on minimal.c by Facebook */

#include <stdio.h>
#include <unistd.h>
#include <signal.h>
#include <string.h>
#include <errno.h>
#include <sys/resource.h>
#include <bpf/libbpf.h>
#include "kprobe.skel.h"

static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args)
{
        return vfprintf(stderr, format, args);
}

static volatile sig_atomic_t stop;

static void sig_int(int signo)
{
        stop = 1;
}

int main(int argc, char **argv)
{
        struct kprobe_bpf *skel;
        int err;

        /* Set up libbpf errors and debug info callback */
        libbpf_set_print(libbpf_print_fn);

        /* Open load and verify BPF application */
        skel = kprobe_bpf__open_and_load();
        if (!skel) {
                fprintf(stderr, "Failed to open BPF skeleton\n");
                return 1;
        }

        /* Attach tracepoint handler */
        err = kprobe_bpf__attach(skel);
        if (err) {
                fprintf(stderr, "Failed to attach BPF skeleton\n");
                goto cleanup;
        }

        if (signal(SIGINT, sig_int) == SIG_ERR) {
                fprintf(stderr, "can't set signal handler: %s\n", strerror(errno));
                goto cleanup;
        }

        printf("Successfully started! Please run `sudo cat /sys/kernel/debug/tracing/trace_pipe` "
               "to see output of the BPF programs.\n");

        while (!stop) {
                fprintf(stderr, ".");
                sleep(1);
        }

cleanup:
        kprobe_bpf__destroy(skel);
     

kerne space code

// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
/* Copyright (c) 2021 Sartura */
#include "vmlinux.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include <bpf/bpf_core_read.h>

char LICENSE[] SEC("license") = "Dual BSD/GPL";

// CORE dependent code
SEC("kprobe/do_unlinkat")
int BPF_KPROBE(do_unlinkat, int dfd, struct filename *name)
{
        pid_t pid;
        const char *filename;

        pid = bpf_get_current_pid_tgid() >> 32;
        filename = BPF_CORE_READ(name, name);
        bpf_printk("KPROBE ENTRY pid = %d, filename = %s\n", pid, filename);
        u64 ip = PT_REGS_IP(ctx);
        bpf_printk("KPROBE entry pid = %d, ip  %llx\n", pid, ip);

        return 0;
}

SEC("kretprobe/do_unlinkat")
int BPF_KRETPROBE(do_unlinkat_exit, long ret)
{
        pid_t pid;

        pid = bpf_get_current_pid_tgid() >> 32;
        bpf_printk("KPROBE EXIT: pid = %d, ret = %ld\n", pid, ret);
        u64 ip = PT_REGS_IP(ctx);
        bpf_printk("KPROBE exit pid = %d, ip  %llx\n", pid, ip);
        return 0;
}

//


// Non core code
SEC("tp/syscalls/sys_enter_write")
int handle_tp(void *ctx)
{
    int my_pid = 0;
    int pid = bpf_get_current_pid_tgid() >> 32;

    if (pid != my_pid)
        return 0;

    bpf_printk("BPF triggered from PID %d.\n", pid);

    return 0;
}
    继续浏览有关 的文章

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论