| Message ID | cover.1653861287.git.dxu@dxuuu.xyz (mailing list archive) |
|---|---|
| Headers | show |
| Series | Add PROG_TEST_RUN support to BPF_PROG_TYPE_KPROBE | expand |
On Sun, May 29, 2022 at 3:06 PM Daniel Xu <dxu@dxuuu.xyz> wrote: > > This patchset adds PROG_TEST_RUN support to BPF_PROG_TYPE_KPROBE progs. > On top of being generally useful for unit testing kprobe progs, this > feature more specifically helps solve a relability problem with bpftrace > BEGIN and END probes. > > BEGIN and END probes are run exactly once at the beginning and end of a > bpftrace tracing session, respectively. bpftrace currently implements > the probes by creating two dummy functions and attaching the BEGIN and > END progs, if defined, to those functions and calling the dummy > functions as appropriate. This works pretty well most of the time except > for when distros strip symbols from bpftrace. Every now and then this > happens and users get confused. Having PROG_TEST_RUN support will help > solve this issue by allowing us to directly trigger uprobes from > userspace. > > Admittedly, this is a pretty specific problem and could probably be > solved other ways. However, PROG_TEST_RUN also makes unit testing more > convenient, especially as users start building more complex tracing > applications. So I see this as killing two birds with one stone. We have BPF_PROG_RUN which is an alias of BPF_PROG_TEST_RUN. I guess that's a better name for the BEGIN/END use case. Have you checked out bpf_prog_test_run_raw_tp()? AFAICT, it works as good as kprobe for this use case. Thanks, Song
Hi Song, On Sun, May 29, 2022 at 11:00:48PM -0700, Song Liu wrote: > On Sun, May 29, 2022 at 3:06 PM Daniel Xu <dxu@dxuuu.xyz> wrote: > > > > This patchset adds PROG_TEST_RUN support to BPF_PROG_TYPE_KPROBE progs. > > On top of being generally useful for unit testing kprobe progs, this > > feature more specifically helps solve a relability problem with bpftrace > > BEGIN and END probes. > > > > BEGIN and END probes are run exactly once at the beginning and end of a > > bpftrace tracing session, respectively. bpftrace currently implements > > the probes by creating two dummy functions and attaching the BEGIN and > > END progs, if defined, to those functions and calling the dummy > > functions as appropriate. This works pretty well most of the time except > > for when distros strip symbols from bpftrace. Every now and then this > > happens and users get confused. Having PROG_TEST_RUN support will help > > solve this issue by allowing us to directly trigger uprobes from > > userspace. > > > > Admittedly, this is a pretty specific problem and could probably be > > solved other ways. However, PROG_TEST_RUN also makes unit testing more > > convenient, especially as users start building more complex tracing > > applications. So I see this as killing two birds with one stone. > > We have BPF_PROG_RUN which is an alias of BPF_PROG_TEST_RUN. I guess > that's a better name for the BEGIN/END use case. Right, sorry. Was getting names mixed up. > > Have you checked out bpf_prog_test_run_raw_tp()? AFAICT, it works as good as > kprobe for this use case. I just took a look -- I think it'll work for BEGIN/END use case. But also like I mentioned, BPF_PROG_RUN/BPF_PROG_TEST_RUN support for kprobes is probably still useful. For example if kprobe accesses 13th register. I suppose the raw_tp 12 arg limit could be lifted but it might be tricky to capture that logic in the absence of something like `struct pt_regs` to check the ctx_size_in against. Thanks, Daniel
On Mon, May 30, 2022 at 7:56 AM Daniel Xu <dxu@dxuuu.xyz> wrote: > > Hi Song, > > On Sun, May 29, 2022 at 11:00:48PM -0700, Song Liu wrote: > > On Sun, May 29, 2022 at 3:06 PM Daniel Xu <dxu@dxuuu.xyz> wrote: > > > > > > This patchset adds PROG_TEST_RUN support to BPF_PROG_TYPE_KPROBE progs. > > > On top of being generally useful for unit testing kprobe progs, this > > > feature more specifically helps solve a relability problem with bpftrace > > > BEGIN and END probes. > > > > > > BEGIN and END probes are run exactly once at the beginning and end of a > > > bpftrace tracing session, respectively. bpftrace currently implements > > > the probes by creating two dummy functions and attaching the BEGIN and > > > END progs, if defined, to those functions and calling the dummy > > > functions as appropriate. This works pretty well most of the time except > > > for when distros strip symbols from bpftrace. Every now and then this > > > happens and users get confused. Having PROG_TEST_RUN support will help > > > solve this issue by allowing us to directly trigger uprobes from > > > userspace. > > > > > > Admittedly, this is a pretty specific problem and could probably be > > > solved other ways. However, PROG_TEST_RUN also makes unit testing more > > > convenient, especially as users start building more complex tracing > > > applications. So I see this as killing two birds with one stone. > > > > We have BPF_PROG_RUN which is an alias of BPF_PROG_TEST_RUN. I guess > > that's a better name for the BEGIN/END use case. > > Right, sorry. Was getting names mixed up. > > > > > Have you checked out bpf_prog_test_run_raw_tp()? AFAICT, it works as good as > > kprobe for this use case. > > I just took a look -- I think it'll work for BEGIN/END use case. But > also like I mentioned, BPF_PROG_RUN/BPF_PROG_TEST_RUN support for > kprobes is probably still useful. For example if kprobe accesses 13th > register. I suppose the raw_tp 12 arg limit could be lifted but it might > be tricky to capture that logic in the absence of something like `struct > pt_regs` to check the ctx_size_in against. Agreed that unit tests support for kprobe programs is great. Thanks, Song