search

eunomia-bpf / bpftime

Userspace eBPF runtime for Observability, Network & General Extensions Framework
https://eunomia.dev/bpftime/
MIT License
791 stars 74 forks source link

[BUG] bpftime fails to find the base address of a simple ELF file from a simple C source file #190

Open agentzh opened 8 months ago

agentzh commented 8 months ago

I'm getting errors with LLVM JIT mode of bpftime on Fedora Linux x86_64:

[2024-01-28 00:38:50][info][707114] Created uprobe/uretprobe perf event handler, module name /500g-a/git/ebpf-plus/libbpf/uprobes/a.out, offset 1106
[2024-01-28 00:38:50.707] [info] [agent.cpp:66] Entering bpftime agent
[2024-01-28 00:38:50.708] [info] [bpftime_shm_internal.cpp:618] Global shm constructed. shm_open_type 1 for bpftime_maps_shm
[2024-01-28 00:38:50.709] [info] [agent.cpp:81] Initializing agent..
[2024-01-28 00:38:50][info][707119] Initializing llvm
[2024-01-28 00:38:50][info][707119] Executable path: /usr/bin/bash
[2024-01-28 00:38:50][error][707119] Failed to find module base address for /500g-a/git/ebpf-plus/libbpf/uprobes/a.out
[2024-01-28 00:38:50][error][707119] Failed to initialize attach context
[2024-01-28 00:38:50.720] [info] [agent.cpp:66] Entering bpftime agent
[2024-01-28 00:38:50.721] [info] [bpftime_shm_internal.cpp:618] Global shm constructed. shm_open_type 1 for bpftime_maps_shm
[2024-01-28 00:38:50.721] [info] [agent.cpp:81] Initializing agent..
[2024-01-28 00:38:50][info][707119] Initializing llvm
[2024-01-28 00:38:50][info][707119] Executable path: /500g-a/git/ebpf-plus/libbpf/uprobes/a.out
[2024-01-28 00:38:50][info][707119] Attached 1 uprobe programs to function 401106
[2024-01-28 00:38:50][info][707119] Attach successfully
INFO [707119]: Global shm destructed

Note the lines containing [error] in the output:

[2024-01-28 00:38:50][error][707119] Failed to find module base address for /500g-a/git/ebpf-plus/libbpf/uprobes/a.out
[2024-01-28 00:38:50][error][707119] Failed to initialize attach context

The a.out is a simple ELF executable which is not a PIE:

a.out: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ce095a0663ef61c1651820dc3642301d489aeffa, for GNU/Linux 3.2.0, not stripped

And it is built from the following C source file a.c:

#include <unistd.h>
#include <stdio.h>

int blah = 7;

int foo(int a) {
    return a + 1;
}

int main(void) {
    foo(3 + 1);
    return 0;
}

And the command to build it is like this:

gcc -fno-PIC a.c -fno-pie -o a.out

Using other tools can easily find its base address is 0x400000. Nothing unusual.

How to debug and workaround this issue?

agentzh commented 8 months ago

Another issue here is why it still went forward to attach to the uprobe when it failed to find the base address of the target program? Missing proper error handling here?

agentzh commented 8 months ago

OK, found that it is because the target process for ./a.out is spawned by a parent bash process, and that both of them have libbpftime-agent.so preloaded. If I get rid of the parent bash process, then the errors are gone:

[2024-01-28 00:53:06][info][707271] Created uprobe/uretprobe perf event handler, module name /500g-a/git/ebpf-plus/libbpf/uprobes/a.out, offset 1106
[2024-01-28 00:53:06.163] [info] [agent.cpp:66] Entering bpftime agent
[2024-01-28 00:53:06.163] [info] [bpftime_shm_internal.cpp:618] Global shm constructed. shm_open_type 1 for bpftime_maps_shm
[2024-01-28 00:53:06.164] [info] [agent.cpp:81] Initializing agent..
[2024-01-28 00:53:06][info][707276] Initializing llvm
[2024-01-28 00:53:06][info][707276] Executable path: /500g-a/git/ebpf-plus/libbpf/uprobes/a.out
[2024-01-28 00:53:06][info][707276] Attached 1 uprobe programs to function 401106
[2024-01-28 00:53:06][info][707276] Attach successfully

Still, this special case is worth fixing. I think for irrelevant processes with the bpftime agent preloaded, they should just be silently ignored.