Unify and improve ignoring of missing probes #3246
Conversation
viktormalik
force-pushed
the
probe-warnings
branch
from
53dc17b
to
06d26ad
Compare
|
There are several user-facing changes here so I ended up adding changelog entries for almost each commit (except for the second one as that fixes an unreleased bug). |
src/attached_probe.cpp
Outdated
| if (error_on_missing_symbol) { | ||
| throw FatalUserException(msg); | ||
| } else { | ||
| LOG(WARNING) << msg << ", skipping."; |
There was a problem hiding this comment.
I think it'd be more clear to say "skipping probe." rather than just "skipping."
There was a problem hiding this comment.
Good point, I updated the error/warning messages.
src/attached_probe.cpp
Outdated
| @@ -1155,7 +1163,7 @@ void AttachedProbe::attach_uprobe(int pid, bool safe_mode) | |||
| return; | |||
| } | |||
|
|
|||
| if (!resolve_offset_uprobe(safe_mode)) | |||
| if (!resolve_offset_uprobe(safe_mode, probe_.orig_name == probe_.name)) | |||
There was a problem hiding this comment.
So basically if multiple attachpoints are on a probe, we allow missing attachpoint with a warning. But if only one attachpoint is specified, it's an error.
I think this makes sense
There was a problem hiding this comment.
Yes, exactly. That's also how it works for kprobes.
viktormalik
force-pushed
the
probe-warnings
branch
2 times, most recently
from
423fb76
to
b778fa2
Compare
|
I'm thinking that it might be useful to add the option to have missing probes trigger an error instead of a warning too. e.g. in some kind of automated tracing system it's unlikely that people will see the warnings - an error would stop them going unnoticed. We don't have to implement that now, but it'd be good to make the config option future-proof, e.g. maybe with options like: |
|
+1 to @ajor 's suggestion for making the config an enum of sorts |
viktormalik
force-pushed
the
probe-warnings
branch
from
b778fa2
to
14c25ab
Compare
Great idea! I implemented it with the above proposed options. |
| @@ -23,13 +24,11 @@ class AttachedProbe { | |||
| AttachedProbe(Probe &probe, | |||
| BpfProgram &&prog, | |||
| bool safe_mode, | |||
| BPFfeature &feature, | |||
| BTF &btf); | |||
| BPFtrace &bpftrace); | |||
There was a problem hiding this comment.
If this was just to add access to Config, I'd prefer to pass bpftrace.config_ into AttachedProbe along with feature and btf to make it simpler to understand what AttachedProbe needs specifically - BPFtrace is a monstrosity that's too big for its own good!
is_traceable_func() complicates things though :(
There was a problem hiding this comment.
Yes, you just described my line of thought - I started with passing just Config and moving to BPFtrace once I realized that I need is_traceable_func, too.
Some editors keep removing the trailing whitespaces on saving so better remove them in a separate commit rather than merging the change with another manual update.
When an invalid value is passed to the "cache_user_symbols" config
option, we print an error but do not fail b/c the error is not printed
to ConfigAnalyser::err_. Since the method for setting the value is
called from other places than ConfigAnalyser (when setting the option
from env), let's keep the current behaviour but add an extra empty
LOG(ERROR, assignment.expr->loc, err_);
to ConfigAnalyser. This will make ConfigAnalyser fail and also print the
error location:
ERROR: Invalid value for cache_user_symbols: valid values are PER_PID, PER_PROGRAM, and NONE.
stdin:1:33-41: ERROR:
config = { cache_user_symbols = "PERPID" } u:/bin/bash:readline { exit(); }
This a bit of a hack and the output is not super-nice but it's the
cleanest thing code-wise.
We cannot use cached fds (pre-loaded BPF programs) for kprobes in
presence of kprobe_multi b/c the BPF_TRACE_KPROBE_MULTI attach type must
be passed upon program loading. If we use prog fd caching and we have a
probe with both wildcarded and non-wildcarded attach points, attachment
will fail based on the order of probes.
For example, for the following program:
# bpftrace -e 'k:vfs_open,k:vfs_read* {}'
it depends on which probe is loaded first. If it's 'k:vfs_open', then
the BPF_TRACE_KPROBE_MULTI will be missing and when the other probe
tries to reuse the BPF program but attach it using kprobe_multi link,
the attachment will fail.
This fixes the issue by forbidding progfd reuse in presence of
kprobe_multi. It doesn't bring much advantage in such a case anyways.
When a probe is attached to multiple attach points, do not fail hard when some of the attach points are missing as it may be intentional. Just show a warning as we do for kprobes. Previously, we would silently ignore such probes but commit 056005a ("Move probe expansion into codegen") changed that behaviour so take the opportunity here and unify the behaviour for kprobes and uprobes.
viktormalik
force-pushed
the
probe-warnings
branch
from
14c25ab
to
e3ecd4a
Compare
Yes, good idea, added. |
This is just to get the location in the code for the error output right? If so, that makes sense and doesn't seem too hacky. |
I don't think we need to do that for every new config option. I see env vars as mainly being for backwards compatibility |
I will say that the one benefit is that they go into the |
Add a new config option "missing_probes" which allows the user to choose how to handle missing k(u)probes for probes which have multiple attach points. The possible options are: - "error" - print an error and terminate, - "warn" - (default) print a warning but continue execution, - "ignore" - silently ignore missing probes. Note that this only applies to probes with multiple attach points. For probes with a single attachpoint, a missing probe always triggers an error.
Many tools try to attach the same probe to multiple k(u)probes as different attach points may be available on different systems. For such tools, use the newly introduced config option to disable warnings about the missing probes as they are often expected.
viktormalik
force-pushed
the
probe-warnings
branch
from
e3ecd4a
to
54f2b5b
Compare
Agreed with @ajor here, no need to add more env vars.
Putting config options to help instead of env vars sounds good to me. Let's discuss in office hours. |
For kprobes and uprobes, when a probe is attaching to multiple functions, we do not fail when some functions do not exist. The reason is that k(u)probes are dynamic events which regularly change between versions of kernel/binaries and we want to allow the tools to attach to all potential events while expecting some attachments to fail.
The problem is that we're not doing the ignoring consistently. For kprobes, we always show a warning if an attachment fails. For uprobes, bpftrace currently fails due to #3235 but even without the bug, we would just silently ignore the missing functions.
This PR unifies the approaches by always showing the warning. In addition, it adds a new config option
warn_missing_probes, by default set to true, which allows to turn the warnings off. This is done for all the shipped tools.Fixes #3235.
The first commit also fixes another attachment issue caused by a combination of kprobe_multi and progfd caching. See the commit message for details.
Note: one potential problem with ignoring missing probe warnings is that when all attach points of a probe are missing, the probe will not be attached at all without any warning. Normally, this is IMHO fine as the user must have requested to ignore warnings so he must be prepared that this may happen. The only problem is the shipped
xfsdist.bttool which behaves like this when the XFS module is not loaded but I wouldn't expect people to try to trace XFS calls without XFS being present on their system.Checklist
man/adoc/bpftrace.adocCHANGELOG.md