Ubuntu
strace package

packaged strace does not decode all arguments for bpf() syscall

Bug #1660309 reported by Quentin Monnet
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strace (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Support for decoding bpf() syscall arguments with current packaged version of strace is incomplete.

In particular, on Ubuntu 16.04 LTS with kernel 4.4.0, strace is packaged in version 4.11 and does not decode arguments for bpf(BPF_OBJ_PIN, …) or bpf(BPF_OBJ_GET, …) calls.
Also, other constants are added in kernel 4.8 and are missing on Ubuntu 16.10, such as BPF_MAP_TYPE_CGROUP_ARRAY.

For calls to bpf() with these commands, strace output is similar to:

    bpf(0x6 /* BPF_??? */, 0x7fffbf33efe0, 48) = 0
    bpf(0x7 /* BPF_??? */, 0x7fffbf33ffe0, 48) = -1 ENOENT (No such file or directory)

A patch to update bpf() support was recently merged to strace code base:
https://github.com/strace/strace/commit/0a8dd6a68c108654ba5a17dce6c5839495cd26d3

The output of the same calls, after this patch, is as follows, and makes things much easier to debug:

    bpf(BPF_OBJ_PIN, {pathname="/sys/fs/bpf/tc/globals/foo", bpf_fd=5}, 48) = 0
    bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/tc/globals/bar", bpf_fd=0}, 48) = -1 ENOENT (No such file or directory)

Would it be possible to have it somehow (new strace release, or backport) on 16.04 LTS?

Revision history for this message
Matthias Klose (doko) wrote :

Ubuntu 20.04 LTS ships with 5.5, 22.04 LTS will ship with 5.16. There are no plans to backport these to 16.04 LTS

Changed in strace (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.