-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to enable BTF support for ubuntu 20.04? #2948
Comments
Could you make sure you have pahole >= 1.16 on your system? |
Yes, you need >= 1.16 pahole. |
I rebuild my kernel with pahole 1.16 and also rebuild bcc. Now it works. Pahole 1.16 solve the problem of "libbpf: bpf_prog_put is not found in vmulinux BTF"! However, I encounter another problem. I tried the opensnoop example and check whether KRETFUNC for do_sys_open is loaded successfully.
Result shows that is_support_kfunc return a false value. Or is this problem blame to not-upate-to-date kernel and clang/llvm version? Thanks for your help! |
I think 5.4 does not support kfunc/kretfunc. You probably need 5.6. cc @olsajiri |
Got it. I'll have a try for newer version! |
Hey, I'm using kernel 5.7 now. It works but another new problem comes. I'm tring to get the filled arguments after function returns. A simple example will be like this:
Then I can get the filename which may be filled after the function returns. The problem is that KREFUNC_PROBE cannot deal with the type of pointer to a struct. As attached below, struct sock * is unrecognized! Actually, the probe tries to pass void * of 'ctx[0]?' (I cannot remember exactly) to the first argument of the probed function, however, it cannot recognize the correct type. By the way, when I tried to include "vmlinux.h" instead of using kernel header, it causes errors of duplicate definitions. Part results are attached below. |
Canonical has updated Ubuntu 20.04's 5.4 kernel to include BTF support. Installing the kernel 5.4 package from the focal-updates repository will fix that issue. Additionally, the Here is the last 20.04 kernel config that did not have BTF support:
The next version has it enabled: |
I tried to enable BTF support by rebuilding kernel with CONFIG_DEBUG_INFO_BTF=y.
The specific configuration is shown below:
Kernel version:
Clang and LLVM version:
And /sys/kernel/btf/vmlinux exist.
bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h is OK.
However, I encouter this problem:
So actually opensnoop use kprobe and kretprobe to get the filled funcation arguments.
KFUNC and KRETFUNC are not load successfully.
I don't know what's going wrong. Is there anybody meet similar problems? Very gratefull if you have any suggestions!
The text was updated successfully, but these errors were encountered: