tools and mechanisms to debug bpf programs
play

Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole - PowerPoint PPT Presentation

Feb 18, 2024 •460 likes •900 views

FOSDEM20 Brussels, 2020-02-02 Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole eBPF Programming e xtended B erkeley P acket F ilter : with clang/LLVM, to assembly-like bytecode Q. Monnet Tools and Mechanisms to

  1. FOSDEM’20 • Brussels, 2020-02-02 Tools and Mechanisms to Debug BPF Programs Quentin Monnet @qeole

  2. eBPF Programming e xtended B erkeley P acket F ilter : with clang/LLVM, to assembly-like bytecode Q. Monnet • Tools and Mechanisms to Debug BPF Programs 2/42 • User-written programs, usually compiled from C (or Go, Rust, Lua…) • Programs are injected into the kernel with the bpf() system call • Verifjer: programs terminate, are safe • In-kernel interpreter, JIT (Just-in-Time) compiler • Once loaded, programs can be attached to a hook in the kernel • 64-bit instructions, 11 registers, 512 B stack, not Turing-complete • Additional features: “maps”, kernel helper functions, BTF, …

  3. eBPF Workfmow Q. Monnet • Tools and Mechanisms to Debug BPF Programs 3/42 C program Management LLVM Userspace eBPF bytecode bpf() syscall Kernel Veri fi er (JIT compiler) Attach point

  4. eBPF Use Cases Main use cases: Q. Monnet • Tools and Mechanisms to Debug BPF Programs 4/42 • Networking (tc, XDP: driver-level hook) • Tracing, monitoring (think DTrace) • Socket fjltering (cgroups) • Security (LSM, work in progress) • And more!

  5. Outline Q. Monnet • Tools and Mechanisms to Debug BPF Programs 5/42 • (Reminder on eBPF… DONE) • The tools to inspect eBPF objects, at each step of the workfmow • Getting familiar with bpftool • Next steps for BPF introspection and debugging

  6. Inspecting BPF Objects Q. Monnet • Tools and Mechanisms to Debug BPF Programs 6/42

  7. eBPF Workfmow Q. Monnet • Tools and Mechanisms to Debug BPF Programs 7/42 C program Management LLVM Userspace eBPF bytecode bpf() syscall Kernel Veri fi er (JIT compiler) Attach point

  8. Compile Time Objective: from C to eBPF Q. Monnet • Tools and Mechanisms to Debug BPF Programs 8/42 • Make sure the eBPF bytecode is generated as intended when compiling

  9. Compile Time: Compile and Dump b7 00 00 00 00 00 00 00 Tools and Mechanisms to Debug BPF Programs • Q. Monnet exit 95 00 00 00 00 00 00 00 1: r0 = 0 0: func: Disassembly of section .text: file format ELF64-BPF sample.o: $ llvm-objdump -d -r -print-imm-hex sample.o (prior to kernel injection, relocation, rewrites) llc -march=bpf -mcpu=probe -filetype=obj -o sample.o $ clang -O2 -emit-llvm -c sample.c -o - | \ 9/42 • Compile with clang/LLVM (or gcc, but fewer BPF features supported): • Dump instructions from object fjle with llvm-objdump (v4.0+) • If -g is passed to clang, llvm-objdump -S can dump the original C code

  10. Compile Time, in Two Steps: eBPF Assembly # %bb.0: Tools and Mechanisms to Debug BPF Programs • Q. Monnet $ clang -target bpf -c -o sample.o sample.S # -- End function exit r0 = 0 # @func func: 3 .p2align # -- Begin function func func .globl .text $ cat sample.S $ clang -target bpf -S -o sample.S sample.c 10/42 • Compile from C to eBPF assembly fjle • … Hack… • Then compile from assembly to eBPF bytecode (LLVM v6.0+)

  11. eBPF Workfmow Q. Monnet • Tools and Mechanisms to Debug BPF Programs 11/42 C program Management LLVM Userspace eBPF bytecode bpf() syscall Kernel Veri fi er (JIT compiler) Attach point

  12. Load Time Objective: Resources: Q. Monnet • Tools and Mechanisms to Debug BPF Programs 12/42 • Load program and pass the verifjer, or understand why it is rejected • libbpf / bpftool / ip / tc / bcc : load or list programs, manage objects • Output from verifjer logs, libbpf, kernel logs, extack messages • Documentation ( filter.txt , Cilium guide)

  13. The Kernel eBPF Verifjer: Checking Programs for Safety The verifjer performs checks on control fmow graph and individual insns: Tools and Mechanisms to Debug BPF Programs • Q. Monnet element 13/42 • Erroneous syntax (unknown or incorrect usage for the instruction) • Too many instructions or maps or branches • Back edges (i.e. loops, not bounded) in the control fmow graph • Unreachable instructions • Jump out of range • Out of bounds memory access • Access to forbidden context fjelds (read or write) • Reading access to non-initialized memory (stack or registers) • Use of forbidden helpers for the current type of program • Use of GPL helpers in non-GPL program (mostly tracing) • R0 not initialized before exiting the program • Memory access with incorrect alignment • Missing check on result from map_lookup_elem() before accessing map • …

  14. The Kernel eBPF Verifjer: Example message 1: (7b) *(u64 *)(r10 -16) = r1 Tools and Mechanisms to Debug BPF Programs • Q. Monnet Problem: error messages good for developers, but cryptic for newcomers Error fetching program/map! invalid bpf_context access off=76 size=4 3: (61) r1 = *(u32 *)(r1 +76) 2: (79) r1 = *(u64 *)(r10 -16) 0: (bf) r2 = r1 Possible out-of-bound access to packet data (no check on packet length): Verifier analysis: GPL - License: - Instructions: 41 (0 over limit) 6 - Type: Prog section 'action' rejected: Permission denied (13)! # ip link set dev eth0 xdp object sample.o 14/42

  15. Make Sure to Get Verifjer Information Still, we do want the messages! Q. Monnet • Tools and Mechanisms to Debug BPF Programs 15/42 • Use debug fmags when available • Debug bufger for verifjer logs (pass to bpf() ) • Debug fmag for libbpf • Activate both in bpftool with --debug • Interpret information: • Search the docs, Documentation/networking/filter.txt , Cilium guide • Read kernel code • To do: some kind of documentation/FAQ detailing the errors?

  16. Program is Loaded: Introspection We have passed the verifjer! The program is loaded in the kernel We will come back to bpftool later Q. Monnet • Tools and Mechanisms to Debug BPF Programs 16/42 • For map and program introspection: bpftool • List maps and programs • Load a program, pin it • Dump program instructions (eBPF or JIT-ed) • Dump and edit map contents • etc.

  17. BTF: BPF Type Format struct my_value *value; Tools and Mechanisms to Debug BPF Programs • Q. Monnet (See kernel commit abd29c931459) }; .max_entries = 16, .type = BPF_MAP_TYPE_ARRAY, } btf_map SEC(”.maps”) = { int *key; BTF objects embed debug information on programs and maps int max_entries; int type; struct { struct my_value { int x, y, z; }; They are also use internally by the kernel for some advanced BPF features 17/42 • Embed BTF information when compiling programs: Compile with LLVM v8+, use -g fmag • For maps, some wrapping needed in the C source code

  18. BTF: BPF Type Format Exemple: Program dump from kernel, with C source code Q. Monnet • Tools and Mechanisms to Debug BPF Programs 18/42

  19. eBPF Workfmow Q. Monnet • Tools and Mechanisms to Debug BPF Programs 19/42 C program Management LLVM Userspace eBPF bytecode bpf() syscall Kernel Veri fi er (JIT compiler) Attach point

  20. Runtime Objective: Several solutions Q. Monnet • Tools and Mechanisms to Debug BPF Programs 20/42 • Understand why a program does not run as intended

  21. Debugging at Runtime with bpf_trace_printk() Prints to /sys/kernel/debug/tracing/trace Example snippet: const char fmt[] = ”First four bytes of packet: %x\n”; bpf_trace_printk(fmt, sizeof(fmt), *(uint32_t *)data); Q. Monnet • Tools and Mechanisms to Debug BPF Programs 21/42 • eBPF helper bpf_trace_printk()

  22. Debugging at Runtime with Perf Events int key = 0; Tools and Mechanisms to Debug BPF Programs • Q. Monnet } return XDP_PASS; bpf_perf_event_output(xdp, &pa, 0x20ffffffffULL, &key, 0); { int xdp_prog1(struct xdp_md *xdp) }; .max_entries = 64, .value_size = sizeof(int), .key_size = sizeof(int), .type = BPF_MAP_TYPE_PERF_EVENT_ARRAY, struct bpf_map_def SEC(”maps”) pa = { Example: dump data from packet 22/42 • “Perf event arrays”, more effjcient than bpf_trace_printk() • Contrary to bpf_trace_printk() , can be used with hardware offmoad

  23. Debug BPF with BPF BPF can be used for tracing, and comes to the rescue networking BPF program (Linux 5.5) used at verifjcation time to follow verifjcation steps) Q. Monnet • Tools and Mechanisms to Debug BPF Programs 23/42 • Possible to attach tracing BPF programs at entry and exit of a • E.g. get packet data in input and/or output of the program • See tools/testing/selftests/bpf/progs/test_xdp_bpf2bpf.c and related • Not sure if compatible with tracing programs? • Use bcc or bpftrace to examine what happens in the kernel (can also be

  24. Testing Programs: BPF_PROG_TEST_RUN BPF_PROG_TEST_RUN subcommand for the bpf() system call Limitations: Q. Monnet • Tools and Mechanisms to Debug BPF Programs 24/42 • Manually run a program with given input data and context • Output data and context are retrieved • Not available for all programs (mostly networking for now) • Tracing: How to check kernel data structures are changed? • Some BPF helpers hard to support ( bpf_redirect() etc.) • Non-root accessibility would be nice? • (Proposal on the topic for next Netdev conference in March 2020)

  25. Statistics for Programs Statistics for BPF programs: completion time and number of runs # sysctl -w kernel.bpf_stats_enabled=1 Q. Monnet • Tools and Mechanisms to Debug BPF Programs 25/42 • Activate (slight overhead) with: • Displayed by e.g. bpftool:

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

What are Programming Tools? Programs and applications that help developers to create

What are Programming Tools? Programs and applications that help developers to create

Department of Computer Science - COS121 08/30/2012 COS121 Programming Tools Introduction to programming tools for C++ development What are Programming Tools? Programs and applications that help developers to create software debug

414 views • 19 slides
Modern tools to debug GStreamer applications Guillaume Desmottes

Modern tools to debug GStreamer applications Guillaume Desmottes

Modern tools to debug GStreamer applications Guillaume Desmottes guillaume.desmottes@collabora.com 3 rd February 2018 Plan T racers Leak tracer GstShark Dealing with logs 2 GstTracer Introduced in 1.8 T racing module

436 views • 16 slides
Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have

Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have

Cool Cisco IOS Commands: debug interface debug interface When you are performing debugs you have at least two concerns: 1) making sure the that debug does not clobber the CPU of your device, and 2) filtering the debug output to get to the

460 views • 9 slides
ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The

ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The

ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The Porting/Optimisation Cycle Modify Optimise Debug Cray Performance ATP, STAT, Analysis Toolkit FTD, DDT (CrayPAT) Debug ATP, STAT, FTD, Totalview Abnormal

547 views • 35 slides
ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The

ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The

ARCHER Performance and Debugging Tools Slides contributed by Cray and EPCC The Porting/Optimisation Cycle Modify Optimise Debug Cray Performance ATP, STAT, Analysis Toolkit FTD, DDT (CrayPAT) Debug ATP, STAT, FTD, Totalview Abnormal

644 views • 36 slides
To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o

To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o

To use it, you must compile your code with the -g option CXXFLAGS += -g g++ -g debug.cpp -o debug To run, type in gdb ./debug After typing in gdb ./debug you will enter the debugger Type run and it will run

502 views • 6 slides
Computing Algorithms Debug Whats new? Decomposing Physical Systems Programs Digital

Computing Algorithms Debug Whats new? Decomposing Physical Systems Programs Digital

The Curriculum from September 2014 Computing Algorithms Debug Whats new? Decomposing Physical Systems Programs Digital Devices Networks The Curriculum from September 2014 Many words / phrases / ideas in Computer Science started in the

210 views • 17 slides
Parallel Debugging Objective Learn the basics of debugging parallel programs

Parallel Debugging Objective Learn the basics of debugging parallel programs

Parallel Debugging Objective Learn the basics of debugging parallel programs Contents Launching a debug session The Parallel Debug Perspective Controlling sets of processes Controlling individual processes

594 views • 36 slides
Anne Hampson Financing Mechanisms and ICF Resilience Tools CHP Financing Primer Summary of

Anne Hampson Financing Mechanisms and ICF Resilience Tools CHP Financing Primer Summary of

U.S. Department of Energy Anne Hampson Financing Mechanisms and ICF Resilience Tools CHP Financing Primer Summary of financing options Considerations for what financing option is right for your project Case study examples for

699 views • 27 slides
Programs as tools for knowledge Henri Salha, IHPST Paris-I University HAPOP4 symposium

Programs as tools for knowledge Henri Salha, IHPST Paris-I University HAPOP4 symposium

Programs as tools for knowledge Henri Salha, IHPST Paris-I University HAPOP4 symposium Oxford, 23rd March, 2018 What can we learn from computer programs? Some preliminary definitions Scope restriction: programs at run-time, i.e.

449 views • 17 slides
Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October

Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October

Debug Info for Optimized Code LLVM BoF Session Adrian Prantl & Vedant Kumar, Apple October 2018 Ten years of LLVM Debug Info Ten years of debug info in LLVM #commits to LLVM 12000 9000 6000 3000 0 2007 2008 2009 2010 2011

380 views • 8 slides
Federal Funding Mechanisms and Tools for Upper Susquehanna Carin Bisland Branch Chief

Federal Funding Mechanisms and Tools for Upper Susquehanna Carin Bisland Branch Chief

Federal Funding Mechanisms and Tools for Upper Susquehanna Carin Bisland Branch Chief Chesapeake Bay Program Office October 1, 2019 Binghamton, NY 1 Where Do I Find Money? Environmental Finance Center Work EPA Chesapeake Bay Program

598 views • 14 slides
Can residential mobility programs improve human capital? Comparing social mechanisms in different

Can residential mobility programs improve human capital? Comparing social mechanisms in different

Can residential mobility programs improve human capital? Comparing social mechanisms in different mobility programs James Rosenbaum Northwestern University, Evanston, IL. j-rosenbaum@northwestern.edu 11/15/07 Defining terms Human Capital

298 views • 12 slides
Debug info in optimized code how far can we go? Improving LLVM debug info with function entry

Debug info in optimized code how far can we go? Improving LLVM debug info with function entry

Debug info in optimized code how far can we go? Improving LLVM debug info with function entry values RT-RK LLC Speakers: Djordje Todorovic djordje.todorovic@rt-rk.com Nikola Prica nikola.prica@rt-rk.com 1 CONFIDENTIAL Reproduction

543 views • 30 slides
efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT

efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT

Making your debugging efforts count: Best practices with the CDT Debugger Marc Khouzam ABOUT Me Working with CDT Debug since 2007 CDT project co-lead, lead for Debug component Things you don't like about CDT Debug are probably my

636 views • 50 slides
DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho

DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho

DeBIN: Predicting Debug Information in Stripped Binaries ht https://debin.ai Jingxuan Pesho Petar Veselin Martin He Ivanov Tsankov Raychev Vechev Binaries with debug symbols Descriptive names for functions and variables Assembly

304 views • 29 slides
Type Checking (Example) int x, y; float z; z = x + y; /* + takes ints, int assignable to real

Type Checking (Example) int x, y; float z; z = x + y; /* + takes ints, int assignable to real

Type Checking (Example) int x, y; float z; z = x + y; /* + takes ints, int assignable to real */ x = z + y; /* + takes float/int, but float not assignable to int */ Compiler prints foo.c, line 20: float not assignable to int Type

384 views • 10 slides
CMSC 110 Introduc/on to Compu/ng Eric Eaton

CMSC 110 Introduc/on to Compu/ng Eric Eaton

CMSC 110 Introduc/on to Compu/ng Eric Eaton Paul Ruvolo What is Compu5ng? Compu5ng: internet, e-mail, network Compu5ng:

726 views • 61 slides
Introduction to Machine Learning If there are no open seats, you will have to surrender yours

Introduction to Machine Learning If there are no open seats, you will have to surrender yours

Welcome to CSCE 496/896: Deep Learning! Please check off your name on the roster, or write your name if you're not listed Indicate if you wish to register or sit in Policy on sit-ins: You may sit in on the course without registering,

444 views • 5 slides
TDDC17 Board games are one of the oldest branches of AI (Shannon and Turing 1950). Seminar 3

TDDC17 Board games are one of the oldest branches of AI (Shannon and Turing 1950). Seminar 3

Why Study Board Games? TDDC17 Board games are one of the oldest branches of AI (Shannon and Turing 1950). Seminar 3 Plus Board games present a very abstract and pure form of competition between two opponents and clearly Search III:

189 views • 7 slides
RFGo: A Seamless Self-checkout System for Apparel Stores Using RFID Carlos Bocanegra (Northeastern

RFGo: A Seamless Self-checkout System for Apparel Stores Using RFID Carlos Bocanegra (Northeastern

RFGo: A Seamless Self-checkout System for Apparel Stores Using RFID Carlos Bocanegra (Northeastern University) Mohammad A. (Amir) Khojastepour (NEC Laboratories America) Mustafa Y. Arslan (NEC Laboratories America) Eugene Chai (NEC Laboratories

404 views • 7 slides
You will learn what git is . You will learn how you can use git . You will learn how to learn more

You will learn what git is . You will learn how you can use git . You will learn how to learn more

You will learn what git is . You will learn how you can use git . You will learn how to learn more about git. You will learn what git is . You will learn how you can use git . You will learn how to learn more about git. We will try everything out.

503 views • 21 slides
GIT in PandaRoot Ralf Kliemt Panda Meeting I 2017 1 A Small GIT Tutorial Repositories

GIT in PandaRoot Ralf Kliemt Panda Meeting I 2017 1 A Small GIT Tutorial Repositories

GIT in PandaRoot Ralf Kliemt Panda Meeting I 2017 1 A Small GIT Tutorial Repositories pandaatfair.githost.io UserSpace PandaRootGroup Local Computer 2 A Small GIT Tutorial Repositories pandaatfair.githost.io UserSpace

257 views • 22 slides
Version Control Systems (Part 2) Devin J. Pohly <djpohly@cse.psu.edu> CMPSC 311:

Version Control Systems (Part 2) Devin J. Pohly <djpohly@cse.psu.edu> CMPSC 311:

Systems and Internet i Infrastructure Security i Institute for Networking and Security Research Department of Computer Science and Engineering Pennsylvania State University, University Park, PA Version Control Systems (Part 2) Devin J.

406 views • 40 slides

More recommend