Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to track BPF helpers in XDP programs #445

Open
brb opened this issue Oct 23, 2024 · 4 comments
Open

Unable to track BPF helpers in XDP programs #445

brb opened this issue Oct 23, 2024 · 4 comments
Assignees
Labels
enhancement New feature or request

Comments

@brb
Copy link
Member

brb commented Oct 23, 2024

I was expecting that pwru is able to track BPF helpers called by XDP progs when running with --filter-trace-xdp --filter-track-bpf-helpers. That turned to be not the case.

The --filter-track-bpf-helpers relies on attaching the kprobe_skb_by_stackid kprobe to the BPF helper functions. The latter is implemented by --filter-track-skb-by-stackid and friends.

In order to track BPF helpers from XDP, we need to extend --filter-track-skb-by-stackid to support XDP. Its kprobe calls kprobe_skb(..) https://github.com/cilium/pwru/blob/v1.0.8/bpf/kprobe_pwru.c#L542 (and later on handle_everything(...)). Both do expect to get an skb addr as param, which is not available for XDP. We should probably refactor the kprobe_skb and handle_everything to make it generic. Afterwards, the tracking should work.

@brb brb added the enhancement New feature or request label Oct 23, 2024
@jschwinger233
Copy link
Member

Is it possible to unwind stack (to get stackid) in native/offload XDP? Honestly I don't even know if bpf_get_stackid() can be used in XDP, https://docs.ebpf.io/linux/helper-function/bpf_get_stackid/ doesn't show BPF_PROG_TYPE_XDP for this helper.

Sometimes I fear non-generic XDP as they has something to do with hardware 😥

@brb
Copy link
Member Author

brb commented Oct 23, 2024

But we would execute it from the fentry (the fentry/xdp), hence BPF_PROG_TYPE_TRACING is enough?

@jschwinger233
Copy link
Member

yes🥵

@Asphaltt
Copy link
Contributor

I think static long (*bpf_get_stack)(void *ctx, void *buf, __u32 size, __u64 flags) would be better as this helper puts the stack into the buf. Then, walk the buf to check the stack ids.

AFAIK, tracing is unable to get FP directly.

@brb brb self-assigned this Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants