ebpf debugging infrastructure current techniques and
play

eBPF Debugging Infrastructure Current Techniques and Additional - PowerPoint PPT Presentation

May 01, 2023 •487 likes •628 views

BPF Microconference 2018-11-15 eBPF Debugging Infrastructure Current Techniques and Additional Proposals Quentin Monnet <quentin.monnet@netronome.com> Debugging Infrastructure What do we want to debug, troubleshoot? To achieve

  1. BPF Microconference • 2018-11-15 eBPF Debugging Infrastructure • Current Techniques and Additional Proposals Quentin Monnet <quentin.monnet@netronome.com>

  2. Debugging Infrastructure What do we want to debug, troubleshoot? To achieve this: Q. Monnet | eBPF Debugging Infrastructure 2/9 • What debugging tools and methods are available? • What is missing?

  3. Q. Monnet | eBPF Debugging Infrastructure What to Debug: Many Levels 3/9 Compile time User space programming Load time User space Kernel Veri fi er development JIT-compiling Kernel Runtime Hardware Agilio SmartNIC

  4. Compile Time Objectives: Make sure the eBPF bytecode is generated as intended when compiling from C to eBPF We have: LLVM backend: compilation llvm-objdump: dump generated bytecode eBPF assembly (LLVM): hack a sequence of instructions Q. Monnet | eBPF Debugging Infrastructure 4/9

  5. Load Time Objectives: Load the program and make it pass the verifier, or understand why it is rejected We have: libbpf / ip / tc : load or list programs libbpf / bpftool (and tc to some extent): eBPF object management Output from verifier logs, kernel logs, extack messages Documentation (filter.txt, Cilium guide) What about: Checking what loads: bpftool prog probe my_file.o (work in progress, idea from Daniel) man pages ( bpf(2) or tc-bpf(8) are badly outdated) Troubleshooting F.A.Q.? (e.g. some items already in filter.txt) Q. Monnet | eBPF Debugging Infrastructure 5/9

  6. Runtime (Limited user space eBPF virtual machines) Q. Monnet | eBPF Debugging Infrastructure Debugger: break points, possibility to dump registers / stack / context? What about: tools/bpf/bpf_dbg.c (cBPF) Objectives: Hooks in binutils-gdb, but no simulator support bpf_trace_printk() , perf events: print items, data Readability improved with BTF bpftool: introspection for maps / programs, object management We have: when processing network packets Understand why a program does not run as intended, for example 6/9 • Complete support in GDB? • Anything doable with LLDB? But how to pass packet data? • Extend BPF_PROG_TEST_RUN infrastructure? (idea: Daniel)

  7. Kernel Development Objectives: Improve the eBPF architecture in the kernel, without breaking existing features We have: Selftests: verifier, test programs Samples programs BPF_PROG_TEST_RUN infrastructure KASAN, syzkaller What about: Having all JITs built-in, dump (then test) images for all architectures (idea: Daniel) Q. Monnet | eBPF Debugging Infrastructure 7/9

  8. User Space Programming Objectives: Debug or enhance a program managing eBPF objects Generally improve eBPF support in the toolchain We have: strace , valgrind support: tracing system calls, memory checks What about: Probing kernel for features (with bpftool)? (idea: Daniel) Bytecode generation: ethtool n-tuples (in progress), libpcap? Q. Monnet | eBPF Debugging Infrastructure 8/9

  9. Thank you! Discussion What do you feel is missing for debugging eBPF? Q. Monnet | eBPF Debugging Infrastructure 9/9

  10. Backup: Dump All JIT Images Kernel JITs: ARM64, ARM32, PowerPC64, s390, Sparc64, MIPS, x86_64, x86_32 Offload: NFP Objectives: Test images for all architectures Find bugs or low hanging perf improvements Idea (Daniel) : All JIT built-in in the kernel Pass a flag to bpf(PROG_LOAD, ...) to JIT-compile for all arch Pass a flag to bpf(OBJ_GET_INFO_BY_ID, ...) to dump all images Simulate execution on several architectures Add tools/ to bootstrap VMs to test the images? Q. Monnet | eBPF Debugging Infrastructure 10/9

  11. Backup: Extend BPF_PROG_TEST_RUN data_out; Q. Monnet | eBPF Debugging Infrastructure Maybe a front-end loader? bpftool? Add fields or buffer to dump internal state: register values, stack, data? Add a field to pass break points (insn number, program entry point?) Idea: Fields data_out , data_out_size , retval , duration are filled by kernel } test; duration; __u32 repeat; __u32 __aligned_u64 Member in union bpf_attr for bpf(BPF_PROG_TEST_RUN, attr, size) : data_in; __aligned_u64 data_size_out; __u32 data_size_in; __u32 retval; __u32 prog_fd; __u32 struct { /* anonymous struct used by BPF_PROG_TEST_RUN command */ 11/9

  12. Backup: Probe Kernel with Bpftool /* HAVE_STACK_MAP_TYPE is not set */ Q. Monnet | eBPF Debugging Infrastructure /* HAVE_BPF_MSG_PUSH_DATA_HELPER is not set */ ... #define HAVE_BPF_MAP_UPDATE_ELEM_HELPER #define HAVE_BPF_MAP_LOOKUP_ELEM_HELPER /* eBPF helper functions */ ... #define HAVE_ARRAY_MAP_TYPE #define HAVE_HASH_MAP_TYPE /* eBPF map types */ ... Example output: #define HAVE_KPROBE_PROG_TYPE #define HAVE_SOCKET_FILTER_PROG_TYPE /* eBPF program types */ #define LINUX_VERSION_CODE 267008 #define JIT_COMPILER_KALLSYMS 0 #define JIT_COMPILER_HARDEN 0 #define JIT_COMPILER_ENABLE 0 #define UNPRIVILEGED_BPF_DISABLED 0 #define HAVE_BPF_SYSCALL /* System configuration */ # bpftool kernel probe 12/9

  13. Backup: Generate eBPF with Libpcap / Ethtool Syntax (004) ldh Q. Monnet | eBPF Debugging Infrastructure <drop incoming SSH packets on a server> # ethtool --config-ntuple eth0 flow-type tcp dst-port 22 action -1 ethtool: implement a library to turn such rules into eBPF programs #0 (019) ret ... jf 6 jt 18 #0x16 (005) jeq [54] jf 19 libpcap: patch the library or create an equivalent to use a similar jt 4 #0x6 (003) jeq [20] (002) ldb jf 8 jt 2 #0x86dd (001) jeq [12] (000) ldh # tcpdump -d ”port ssh” syntax to produce eBPF programs 13/9

Recommend

Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination.

Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination.

Debugging Techniques for C Programs Debugging Basics Will focus on the gcc/gdb combination. Will also talk about the ddd gui for gdb (lots of value added to gdb). First, debugging in the abstract: Program state is a snapshot

475 views • 20 slides
Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group

Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group

Embedded Software TI2726-B 8. Debugging techniques Koen Langendoen Embedded Software Group Grace Hopper 1947 2 Overview Debugging techniques Debugging a distributed system Preparation for the exam Debugging Write good code!

733 views • 45 slides
Debugging Techniques for Drupal TexasCamp 2016

Debugging Techniques for Drupal TexasCamp 2016

Debugging Techniques for Drupal TexasCamp 2016 https://www.texascamp.org/sessions/debugging-techniques-drupal-and-other-web- applications Rob Ristroph Technical Architect, Acquia @robgr History My first Drupal Camp talk (in Dallas!)

630 views • 25 slides
eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why

eBPF Offload to Hardware: cls_bpf and XDP Motivation - Avoiding Whack-a-mole Motivation - Why eBPF? Target architecture (NFP based NIC) RX Path Flow of eBPF Packet The Flow Processing Core (Fully Programmable) Mapping eBPF -&gt; NFP

668 views • 24 slides
Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q.

FOSDEM20 Brussels, 2020-02-01 Endless Network Programming An Update from eBPF Land Quentin Monnet @qeole Outline Q. Monnet eBPF Update 2/18 eBPF Basics New Features eBPF Universe eBPF Basics Q. Monnet

531 views • 18 slides
Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique

Kernel debugging Tools to understand whatever it is that is happening in there Dominique Martinet CEA January 9, 2020 CEA | January 9, 2020 | PAGE 1/75 Introduction 1 Foreword Hands on setup Crash 2 3 Perf SystemTap 4 eBPF:

1.43k views • 85 slides
Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and

Chapter 15 Debugging Debugging with High Level Languages Same goals as low-level debugging Examine and set values in memory Execute portions of program Stop execution when (and where) desired Want debugging tools to operate on

274 views • 9 slides
eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium

eBPF and XDP walkthrough and recent updates Daniel Borkmann &lt;daniel@iogearbox.net&gt; cilium project fosdem17, February 4, 2017 Daniel Borkmann eBPF in tcs cls bpf and XDP February 4, 2017 1 / 11 Big Picture: eBPF and Networking eBPF:

476 views • 11 slides
Improved Debugging Using Automatic Fault-localization Techniques Mary Jean Harrold ADVANCE

Improved Debugging Using Automatic Fault-localization Techniques Mary Jean Harrold ADVANCE

Improved Debugging Using Automatic Fault-localization Techniques Mary Jean Harrold ADVANCE Professor of Computing Georgia Institute of Technology Supported by NSF, NASA Boeing Commercial Airplanes, Tata Consultancy Services MASPLAS 2007 My

736 views • 44 slides
Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production

Welcome to Advanced .NET Debugging Debugging Tools Module Overview Introduction to Debugging Problems in Production Challenges in debugging Production issues Production Environment Debugging Timeline Tools for .NET Debugging Review 3

622 views • 47 slides
Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall

Linux Plumbers Conference 2019 eBPF conf Beyond per-CPU atomics and rseq syscall: subset of eBPF bytecode for the do_on_cpu syscall mathieu.desnoyers@efcios.com Restartable Sequences (RSEQ) in a nutshell System call registering

457 views • 9 slides
Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja,

Model verification and debugging of EOO models aided by model reduction techniques Anton Sodja, Borut Zupan ci c EOOLT10, Oslo, 3. 10. 2010 Introduction Model verification assures that implemented model corresponds to the conceptual

562 views • 17 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

429 views • 39 slides
Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018

Bri Bring nging ng the the Power r of eB eBPF to to Open vSwitch ch Linux Plumber 2018 William Tu, Joe Stringer, Yifeng Sun, Yi-Hung Wei VMware Inc. and Cilium.io 1 Outline Introduction and Motivation OVS-eBPF Project

612 views • 45 slides
Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal

Replacing iptables with eBPF in Kubernetes with Cilium Cilium, eBPF, Envoy, Istio, Hubble Michal Rostecki Swaminathan Vasudevan Software Engineer Software Engineer mrostecki@suse.com svasudevan@suse.com mrostecki@opensuse.org Whats

2.06k views • 52 slides
Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing

Visual Debugging Software What is Debugging Visualization Visualizing Program State Incremental interactive unfolding (DDD) Visual Memory Abstract representations (traversal-based) Debugging Focusing: memory

433 views • 5 slides
Anti-debugging techniques Malware Analysis Seminar Meeting 3 Cody Cutler, Anton Burtsev

Anti-debugging techniques Malware Analysis Seminar Meeting 3 Cody Cutler, Anton Burtsev

Anti-debugging techniques Malware Analysis Seminar Meeting 3 Cody Cutler, Anton Burtsev Debugger detection PEB.BeingDebuggedFlag BeingDebugged flag in PEB Call kernel32!IsDebuggerPresent() call [IsDebuggerPresent] test eax,eax

1.09k views • 56 slides
Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT,

Security Monitoring with eBPF ALEX MAESTRETTI - MANAGER, SIRT BRENDAN GREGG - Sr ARCHITECT, PERFORMANCE The Brief. Extended Berkley Packet Filter (eBPF) is a new Linux feature which allows safe and efficient monitoring of kernel functions.

593 views • 27 slides
Memory Debugging Parallel Applications on BlueGene SciComp May 21, 2009 1 Ed Hinkel Agenda

Memory Debugging Parallel Applications on BlueGene SciComp May 21, 2009 1 Ed Hinkel Agenda

Memory Debugging Parallel Applications on BlueGene SciComp May 21, 2009 1 Ed Hinkel Agenda Introduction Memory (mis) Management Memory Debug Options &amp; Issues Memory Debugging Techniques Whats New 2 2 Memory Bugs

618 views • 32 slides
New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux

&lt;Insert Picture Here&gt; New (and Exciting!) Developments in Linux Tracing Elena Zannoni (elena.zannoni@oracle.com) Linux Engineering, Oracle America Linuxcon Japan 2015 Overview BPF eBPF eBPF main concepts and elements eBPF

601 views • 42 slides
TOS Arno Puder 1 Objectives Explain the TOS testing system Explain some debugging

TOS Arno Puder 1 Objectives Explain the TOS testing system Explain some debugging

TOS Arno Puder 1 Objectives Explain the TOS testing system Explain some debugging techniques when a program error typically crashes the whole system Explain symbolic debugging of TOS 2 Test Cases TOS comes with many test cases

483 views • 22 slides
1 Crashes, interrupts, and backtrace Watchpoints GDB will automatically stop if the program

1 Crashes, interrupts, and backtrace Watchpoints GDB will automatically stop if the program

Debugging and debuggers Debugging in the development cycle You have probably already had the experience of making Edit a mistake in a program Speaking roughly, debugging is the process: After you know that your code is wrong

911 views • 3 slides
Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018

Low-Overhead System Tracing With eBPF Akshay Kapoor DevOps Engineer @ SAP Labs May 2018 Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF Low-Overhead System Tracing With eBPF You don't need to know how to operate

632 views • 26 slides
Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines

Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines

Kotlin 1.4 Online Event Coroutines Update Seva Tolstopyatov @qwwdfsad October 13, 2020 Coroutines debugging Coroutines debugging Coroutines debugging Coroutines debugging Coroutines debugging IDEA 2020.1 Coroutines debugging Debugging

737 views • 41 slides

More recommend