packaged strace does not decode all arguments for bpf() syscall

Bug #1660309 reported by Quentin Monnet on 2017-01-30
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
strace (Ubuntu)
Undecided
Unassigned

Bug Description

Support for decoding bpf() syscall arguments with current packaged version of strace is incomplete.

In particular, on Ubuntu 16.04 LTS with kernel 4.4.0, strace is packaged in version 4.11 and does not decode arguments for bpf(BPF_OBJ_PIN, …) or bpf(BPF_OBJ_GET, …) calls.
Also, other constants are added in kernel 4.8 and are missing on Ubuntu 16.10, such as BPF_MAP_TYPE_CGROUP_ARRAY.

For calls to bpf() with these commands, strace output is similar to:

    bpf(0x6 /* BPF_??? */, 0x7fffbf33efe0, 48) = 0
    bpf(0x7 /* BPF_??? */, 0x7fffbf33ffe0, 48) = -1 ENOENT (No such file or directory)

A patch to update bpf() support was recently merged to strace code base:
https://github.com/strace/strace/commit/0a8dd6a68c108654ba5a17dce6c5839495cd26d3

The output of the same calls, after this patch, is as follows, and makes things much easier to debug:

    bpf(BPF_OBJ_PIN, {pathname="/sys/fs/bpf/tc/globals/foo", bpf_fd=5}, 48) = 0
    bpf(BPF_OBJ_GET, {pathname="/sys/fs/bpf/tc/globals/bar", bpf_fd=0}, 48) = -1 ENOENT (No such file or directory)

Would it be possible to have it somehow (new strace release, or backport) on 16.04 LTS?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers