-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
usdt: use ProcMountNSGuard for pid and path attach #2064
Conversation
Since the probe may be in a descendent namespace, ensure that when `stat()`ing for HINTs and resolving linked elf locations, be sure to always perform them relative to any observed mount namespace. However, usage of the mount namespace must be surgical, since we're observing the pid with its outter identity, make sure we're not in the mount namespace when attempting to `readlink` the `/proc/<pid>/exe`
[buildbot, test this please] |
@palmtenor could you help check the patch as well? currently, we have some mount related tests at |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks good. Thanks!
ProcMountNSGuard g(new ProcMountNS(pid)); | ||
struct stat buffer; | ||
if (strlen(path) >= 1 && path[0] != '/') { | ||
fprintf(stderr, "HINT: Binary path should be absolute.\n\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well, I personally have used say trace.py u:./somebinary:tracePoint --pid PID
. If the target Process is in global namespace this would actually work. Maybe just add a hint if the actual context construction failed and say this might be the reason, instead of just directly fail?
Good observation. |
What is still outstanding to merge this? Ran into the same issues as @tjfontaine when looking at usdt support in bpftrace, and discovered that bcc itself doesn't properly handle mount namespaces for its own path check, which this seems to fix. |
Let us merge this then. |
Since the probe may be in a descendent namespace, ensure that when `stat()`ing for HINTs and resolving linked elf locations, be sure to always perform them relative to any observed mount namespace. However, usage of the mount namespace must be surgical, since we're observing the pid with its outter identity, make sure we're not in the mount namespace when attempting to `readlink` the `/proc/<pid>/exe`
Since the probe may be in a descendent namespace, ensure that when `stat()`ing for HINTs and resolving linked elf locations, be sure to always perform them relative to any observed mount namespace. However, usage of the mount namespace must be surgical, since we're observing the pid with its outter identity, make sure we're not in the mount namespace when attempting to `readlink` the `/proc/<pid>/exe`
This adds a couple of lexical scopes for usage with
ProcMountNSGuard
so the hint'ing works for the C interface when usingbcc_usdt_new_frompid()
. Also, add a guard for theContext::Context(pid, path)
constructor for resolving the probes.From the commit message:
Since the probe may be in a descendent namespace, ensure that when
stat()
ing for HINTs and resolving linked elf locations, be sure to always perform them relative to any observed mount namespace.However, usage of the mount namespace must be surgical, since we're observing the pid with its outter identity, make sure we're not in the mount namespace when attempting to
readlink
the/proc/<pid>/exe