Attaching uprobes with special characters in function names fails
stevenjohnstone opened this issue · comments
Steven Johnstone commented
What reproduces the bug?
Using version bpftrace v0.16.0-20-g720b
try to attach to a uprobe to a golang function e.g.
uprobe:"/home/stevie/code/go-bpf-gen/tests/tests":"crypto/rand.(*devReader).Read" {
}
This fails with
ERROR: Error loading program: uprobe:/home/stevie/code/go-bpf-gen/tests/tests:crypto/rand.(*devReader).Read (try -v)
With strace I see
bpf(BPF_PROG_LOAD, {prog_type=BPF_PROG_TYPE_KPROBE, insn_cnt=29, insns=0x55c0cf700040, license="GPL", log_level=1, log_size=1000000, log_buf="", kern_version=KERNEL_VERSION(0, 0, 0), prog_flags=0, prog_name="crypto/rand.(*d", prog_ifindex=0, expected_attach_type=BPF_CGROUP_INET_INGRESS, prog_btf_fd=0, func_info_rec_size=0, func_info=NULL, func_info_cnt=0, line_info_rec_size=0, line_info=NULL, line_info_cnt=0, attach_btf_id=0, attach_prog_fd=0, fd_array=NULL}, 128) = -1 EINVAL (Invalid argument)
It looks like there are symbols in prog_name="crypto/rand.(*d
which will be rejected.
The last working revision seems to be 5ab53fa, just before changes to replace bcc loading with libbpf.
This patch fixes the issue for me:
diff --git a/src/attached_probe.cpp b/src/attached_probe.cpp
index 1e079039..2ef23ba3 100644
--- a/src/attached_probe.cpp
+++ b/src/attached_probe.cpp
@@ -690,11 +690,7 @@ void AttachedProbe::load_prog(BPFfeature &feature)
// start the name after the probe type, after ':'
if (auto last_colon = name.rfind(':'); last_colon != std::string::npos)
name = name.substr(last_colon + 1);
- // replace '+' and ',' by '.'
- std::replace(name.begin(), name.end(), '+', '.');
- std::replace(name.begin(), name.end(), ',', '.');
- // remove quotes
- name.erase(std::remove(name.begin(), name.end(), '"'), name.end());
+ name = sanitise(name);
auto prog_type = progtype(probe_.type);
if (probe_.type == ProbeType::special && !feature.has_raw_tp_special())
bpftrace --info
Viktor Malík commented
Your patch looks good, could you submit it as a PR? Thanks!