Re: [RFC PATCH v1 0/1] tracing/uprobe: Add missing filter for uretprobe

Linux Trace Kernel
 help / color / mirror / Atom feed

From: Steven Rostedt <rostedt@goodmis.org>
To: Tianyi Liu <i.pear@outlook.com>
Cc: mhiramat@kernel.org, mathieu.desnoyers@efficios.com,
	flaniel@linux.microsoft.com, albancrequy@linux.microsoft.com,
	linux-trace-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v1 0/1] tracing/uprobe: Add missing filter for uretprobe
Date: Thu, 22 Aug 2024 13:48:49 -0400	[thread overview]
Message-ID: <20240822134849.185f868e@gandalf.local.home> (raw)
In-Reply-To: <ME0P300MB04166144CDF92A72B9E1BAEA9D8F2@ME0P300MB0416.AUSP300.PROD.OUTLOOK.COM>

On Fri, 23 Aug 2024 01:36:20 +0800
Tianyi Liu <i.pear@outlook.com> wrote:

> U(ret)probes are designed to be filterable using the PID, which is the
> second parameter in the perf_event_open syscall. Currently, uprobe works
> well with the filtering, but uretprobe is not affected by it. This often
> leads to users being disturbed by events from uninterested processes while
> using uretprobe.
> 
> We found that the filter function was not invoked when uretprobe was
> initially implemented, and this has been existing for ten years. We have
> tested the patch under our workload, binding eBPF programs to uretprobe
> tracepoints, and confirmed that it resolved our problem.
> 
> Following are the steps to reproduce the issue:
> 
> Step 1. Compile the following reproducer program:
> ```
> #include <stdlib.h>
> #include <unistd.h>
> #include <stdio.h>
> 
> int main() {
>     printf("pid: %d\n", getpid());
>     while (1) {
>         sleep(2);
>         void *ptr = malloc(1024);
>         free(ptr);
>     }
> }
> ```
> We will then use uretprobe to trace the `malloc` function.
> 
> Step 2. Run two instances of the reproducer program and record their PIDs.
> 
> Step 3. Use uretprobe to trace each of the two running reproducers
> separately. We use bpftrace to make it easier to reproduce. Please run two
> instances of bpftrace simultaneously: the first instance filters events
> from PID1, and the second instance filters events from PID2.
> 
> The expected behavior is that each bpftrace instance would only print
> events matching its respective PID filter. However, in practice, both
> bpftrace instances receive events from both processes, the PID filter is
> ineffective at this moment:
> ```
> PID1=55256
> bpftrace -p $PID1 -e 'uretprobe:libc:malloc { printf("time=%llu pid=%d\n", elapsed / 1000000000, pid); }'
> Attaching 1 probe...
> time=0 pid=55256
> time=2 pid=55273
> time=2 pid=55256
> time=4 pid=55273
> time=4 pid=55256
> time=6 pid=55273
> time=6 pid=55256
> 
> PID2=55273
> bpftrace -p $PID2 -e 'uretprobe:libc:malloc { printf("time=%llu pid=%d\n", elapsed / 1000000000, pid); }'
> Attaching 1 probe...
> time=0 pid=55273
> time=0 pid=55256
> time=2 pid=55273
> time=2 pid=55256
> time=4 pid=55273
> time=4 pid=55256
> time=6 pid=55273
> time=6 pid=55256
> ```
> 
> After applying this patch, both bpftrace instances will show the expected
> behavior, only printing events from the PID specified by their respective
> filters:
> ```
> PID1=1621
> bpftrace -p $PID1 -e 'uretprobe:libc:malloc { printf("time=%llu pid=%d\n", elapsed / 1000000000, pid); }'
> Attaching 1 probe...
> time=0 pid=1621
> time=2 pid=1621
> time=4 pid=1621
> time=6 pid=1621
> 
> PID2=1633
> bpftrace -p $PID2 -e 'uretprobe:libc:malloc { printf("time=%llu pid=%d\n", elapsed / 1000000000, pid); }'
> Attaching 1 probe...
> time=0 pid=1633
> time=2 pid=1633
> time=4 pid=1633
> time=6 pid=1633
> ```

This did not need a cover letter. The above could be added to the patch
itself.

Just don't say "After applying this patch", it should be:

    
  The expected behavior is that each bpftrace instance would only print
  events matching its respective PID filter. However, in practice, both
  bpftrace instances receive events from both processes, the PID filter is
  ineffective at this moment:

  Before:
  ```
  PID1=55256
  [..]
  time=6 pid=55256
  ```
 
  After: Both bpftrace instances will show the expected behavior, only
  printing events from the PID specified by their respective filters:
  ```
  PID1=1621


-- Steve

     prev parent reply	other threads:[~2024-08-22 17:48 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-22 17:36 [RFC PATCH v1 0/1] tracing/uprobe: Add missing filter for uretprobe Tianyi Liu
2024-08-22 17:40 ` [RFC PATCH v1 1/1] " Tianyi Liu
2024-08-22 17:48 ` Steven Rostedt [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240822134849.185f868e@gandalf.local.home \
    --to=rostedt@goodmis.org \
    --cc=albancrequy@linux.microsoft.com \
    --cc=flaniel@linux.microsoft.com \
    --cc=i.pear@outlook.com \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox