[uprobe] support for pid targeting for shared libs

[jordalgo]

This adds support for specifying the pid even when targeting a uprobe/uretprobe in a library shared by multiple pids.

Example:

sudo bpftrace -p 1899508 -e 'uprobe:libc:getaddrinfo {
  print((comm, pid));
}

Issue 2817

Checklist

• Language changes are updated in man/adoc/bpftrace.adoc and if needed in docs/reference_guide.md
• User-visible and non-trivial changes updated in CHANGELOG.md
• The new behaviour is covered by tests

[jordalgo]

Note: I looked into making a runtime test for this but it seems pretty tricky in that you'd have to run two programs that use the same shared library and assert you weren't getting samples for one of them.

[ajor]

I'm a bit conflicted about this feature. I can definitely see it being useful to retrofit PID-filtering into existing scripts, but I feel like the better way of doing this would be to have the script include a PID predicate itself:

uprobe:libc:getaddrinfo
/ $# == 0 || pid == $1 /
{
  print((comm, pid));
}

If we sort out script-level argument parsing properly then this could be made more powerful by filtering on multiple PIDs, e.g. --pid 123 --pid 124 or --pids 123,124 and / @cli_pids[pid] == 1 /.

[ajor]

Seems reasonable to put in at least until we do have proper argument parsing support though.

This new feature applies to all uprobes, not just on shared libs, right?
A runtime test could be done as a program which takes a command line argument, and which is invoked multiple times with different arguments. If we trace this program and print the argument then we can check we've attached to the right PID.

[jordalgo]

If we sort out script-level argument parsing properly then this could be made more powerful by filtering on multiple PIDs

It's definitely more powerful doing it this way but I think this change is (at least for me) about matching expected behavior. Because we already support pid filtering for USDTs and uprobes/uretprobes (when there is a wildcard involved) I feel like it makes sense to do this as well for all uprobe/uretprobe invocations.

This new feature applies to all uprobes, not just on shared libs, right?

Yeah I believe so.

A runtime test could be done as a program which takes a command line argument, and which is invoked multiple times with different arguments. If we trace this program and print the argument then we can check we've attached to the right PID.

Maybe I'm confused but I think the problem is not so much attaching to the right pid but testing that we're not attaching to the other pids (or maybe you're saying I should write a NOT_EXPECT predicate). I could write a simple test that passing a pid argument doesn't affect attaching, which ensures we're not breaking existing behavior, but is not testing the new behavior. Maybe an example would help my brain 🧠

[ajor]

If we sort out script-level argument parsing properly then this could be made more powerful by filtering on multiple PIDs

It's definitely more powerful doing it this way but I think this change is (at least for me) about matching expected behavior. Because we already support pid filtering for USDTs and uprobes/uretprobes (when there is a wildcard involved) I feel like it makes sense to do this as well for all uprobe/uretprobe invocations.

Yep, makes sense.

For the tests, I was imagining something like this:

BEFORE ./a.out 123
BEFORE ./a.out 456 # SOMEHOW PICK THIS ONE
BEFORE ./a.out 789
RUN bpftrace -p $PID -e 'BEGIN { print("BEGIN") } uprobe:a.out:func { print(arg0) }' END { print("END") }'
EXPECT "BEGIN\n456\nEND"
TIMEOUT 5

Although I don't know how well the test framework will cope with this, particularly getting the PID of a process.

[jordalgo]

@ajor Thanks for the suggestion on the test. I got around the limitation of having multiple BEFOREs but needing the BEFORE_PID by just spinning up a program that forks. I confirmed that this test fails on master.

[viktormalik]

If we sort out script-level argument parsing properly then this could be made more powerful by filtering on multiple PIDs

It's definitely more powerful doing it this way but I think this change is (at least for me) about matching expected behavior. Because we already support pid filtering for USDTs and uprobes/uretprobes (when there is a wildcard involved) I feel like it makes sense to do this as well for all uprobe/uretprobe invocations.

Agreed with @jordalgo here, this is the expected behaviour to me. I don't see a situation where I would want to attach binary uprobes to a PID but attach library uprobes system-wide.

Just a couple of remarks, otherwise looks good, thanks!

[viktormalik]

I'm not sure that this is correct. IIUC, we use process' PID in this case, set in bpftrace.cpp:1090. This should probably use the same approach.

[ajor]

spin() is run in both the true and false cases - can the if-statement be removed entirely?

[jordalgo]

Good call. It can. This is what I get from just copying from the interwebs

[jordalgo]

Updated based on comments.

[viktormalik]

LGTM, just two nits (see the CodeQL warnings).

[jordalgo]

Lint fixes.

[danobi]

Why default to non safe mode?

[jordalgo]

This default isn't being used by anything checking safe_mode so fine to make it default to true.

[danobi]

Should we wait for the child? Otherwise zombie process right

[jordalgo]

We want them to be running at the same time.

[danobi]

Ah yeah. Thought spin() had finite iterations. If we rely on runtime test runner to kill the process group this should be fine

[jordalgo]

make safe_mode default to true