bcc: Can't use syscall tracepoints
# ./tools/trace.py t:syscalls:sys_enter_newfstat
Ioctl(PERF_EVENT_IOC_SET_BPF): Invalid argument
Failed to attach BPF to tracepoint
Here’s newfstat.py:
#!/usr/bin/python
from __future__ import print_function
from bcc import BPF
# load BPF program
b = BPF(text="""
TRACEPOINT_PROBE(syscalls, sys_enter_newfstat) {
bpf_trace_printk("%d\\n", args->fd);
return 0;
};
""", debug=0)
# header
print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "FD"))
# format output
while 1:
try:
(task, pid, cpu, flags, ts, msg) = b.trace_fields()
except ValueError:
continue
print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))
output:
# ./newfstat.py
ioctl(PERF_EVENT_IOC_SET_BPF): Invalid argument
Traceback (most recent call last):
File "./newfstat.py", line 12, in <module>
""", debug=0)
File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 212, in __init__
self._trace_autoload()
File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 767, in _trace_autoload
self.attach_tracepoint(tp=tp, fn_name=fn.name)
File "/usr/lib/python2.7/dist-packages/bcc/__init__.py", line 585, in attach_tracepoint
raise Exception("Failed to attach BPF to tracepoint")
Exception: Failed to attach BPF to tracepoint
Testing on 4.8-rc4. Same problem with other syscall tracepoints.
I can use kprobes as a workaround in the meantime, but this should be a nice example of using tracepoints…
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 3
- Comments: 34 (10 by maintainers)
Commits related to this issue
- bpf: add support for sys_{enter|exit}_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/iovisor/... — committed to 0day-ci/linux by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to 0day-ci/linux by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to 0day-ci/linux by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to 0day-ci/linux by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to idosch/linux by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to michalgr/kernel_msm by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to michalgr/kernel_msm by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to michalgr/kernel_msm by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to michalgr/kernel_msm by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to michalgr/kernel_goldfish by yonghong-song 7 years ago
- bpf: add support for sys_enter_* and sys_exit_* tracepoints Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_* style tracepoints. The iovisor/bcc issue #748 (https://github.com/... — committed to LGE-G5-G6-V20/msm8996_lge_kernel by yonghong-song 7 years ago
You’re right, thanks! Tracing sys_* and SyS_* produces the desired result. Now just need to fix a bug in
BPF.get_kprobe_functionsthat returns the same function name multiple times.The patch has been pushed into net-next. It should be available for 4.13. Close the issue.
hmm. looks like syscalls:sys_(enter|exit)_* are not considered proper ‘tracepoint’ from kernel point of view, though perf thinks they are.