Public bug reported:
Support for decoding bpf() syscall arguments with current packaged
version of strace is incomplete.
In particular, on Ubuntu 16.04 LTS with kernel 4.4.0, strace is packaged in
version 4.11 and does not decode arguments for bpf(BPF_OBJ_PIN, …) or
bpf(BPF_OBJ_GET, …) calls.
Also, other constants are added in kernel 4.8 and are missing on Ubuntu 16.10,
such as BPF_MAP_TYPE_CGROUP_ARRAY.
For calls to bpf() with these commands, strace output is similar to:
bpf(0x6 /* BPF_??? */, 0x7fffbf33efe0, 48) = 0
bpf(0x7 /* BPF_??? */, 0x7fffbf33ffe0, 48) = -1 ENOENT (No such file or
directory)
A patch to update bpf() support was recently merged to strace code base:
https://github.com/strace/strace/commit/0a8dd6a68c108654ba5a17dce6c5839495cd26d3
The output of the same calls, after this patch, is as follows, and makes
things much easier to debug:
bpf(BPF_OBJ_PIN, {pathname="/sys/fs/bpf/tc/globals/foo", bpf_fd=5}, 48) = 0
bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/tc/globals/bar", bpf_fd=0}, 48) =
-1 ENOENT (No such file or directory)
Would it be possible to have it somehow (new strace release, or
backport) on 16.04 LTS?
** Affects: strace (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1660309
Title:
packaged strace does not decode all arguments for bpf() syscall
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strace/+bug/1660309/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
