-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to load BPF program trace_connect_v4_return: Permission denied #1236
Comments
I tried latest net-next and did not find the issue. It is possible that 4.4.0 has some verifier limitation which is fixed later on. I did not check the kernel code, but you can try to use bpf_probe_read for 2 4-byte read instead of one 8-byte read. Better if you could try a later kernel. |
I just checked with 4.8.0-58-generic and it is working. I had the same problem with your version of the kernel. Now it is working with newer one. |
I am running LFS based on 4.4.104. Some of the tools works fine from tools/old. Some doesnt work. For example, ./biosnoop HINT: The 'map_value_or_null' error can happen if you dereference a pointer value from a map lookup without first checking if that pointer is NULL. Traceback (most recent call last): Is it because of older kernel or am I missing something ? |
On Wed, Feb 7, 2018 at 11:01 PM, mukuntharajaa ***@***.***> wrote:
I am running LFS based on 4.4.104. Some of the tools works fine from
tools/old. Some doesnt work. For example,
./biosnoop
bpf: Failed to load program: Permission denied
0: (79) r1 = *(u64 *)(r1 +112)
1: (7b) *(u64 *)(r10 -8) = r1
2: (18) r1 = 0xffff880feb004700
4: (bf) r2 = r10
5: (07) r2 += -8
6: (85) call 1
7: (bf) r7 = r0
8: (15) if r0 == 0x0 goto pc+118
R0=map_value(ks=8,vs=8) R7=map_value_or_null(ks=8,vs=8) R10=fp
9: (85) call 5
10: (bf) r6 = r0
11: (79) r9 = *(u64 *)(r7 +0)
R7 invalid mem access 'map_value_or_null'
HINT: The 'map_value_or_null' error can happen if you dereference a pointer
value from a map lookup without first checking if that pointer is NULL.
This mostly an old kernel issue. The newer kernel is able to handle
the above case,
i.e., right before insn #9, R7 will be map_value instead of map_value_or_null.
…
Traceback (most recent call last):
File "./biosnoop", line 102, in
fn_name="trace_req_completion")
File "/usr/lib/python2.7/site-packages/bcc/init.py", line 519, in
attach_kprobe
fn = self.load_func(fn_name, BPF.KPROBE)
File "/usr/lib/python2.7/site-packages/bcc/init.py", line 349, in load_func
(func_name, errstr))
Exception: Failed to load BPF program trace_req_completion: Permission
denied
Is it because of older kernel or am I missing something ?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
I'm trying to trace tcp connection using
tools/tcptracer.py
. But following error messages appears. I found some similar problem, #382 #1007 #829 ..., but I don't know how to fix it.uname -r
:4.4.0-75-generic
root@iovisor-node:~/bcc/tools# ./tcptracer.py
bpf: Permission denied
0: (79) r7 = *(u64 *)(r1 +80)
1: (85) call 14
2: (7b) *(u64 *)(r10 -24) = r0
3: (18) r1 = 0x7a61e780
5: (bf) r2 = r10
6: (07) r2 += -24
7: (85) call 1
8: (bf) r6 = r0
9: (15) if r6 == 0x0 goto pc+88
R0=map_value_or_null(ks=8,vs=8) R6=map_value(ks=8,vs=8) R7=inv R10=fp
10: (18) r1 = 0x7a61e780
12: (bf) r2 = r10
13: (07) r2 += -24
14: (85) call 3
15: (67) r7 <<= 32
16: (77) r7 >>= 32
17: (55) if r7 != 0x0 goto pc+80
R0=inv R6=map_value(ks=8,vs=8) R7=imm0 R10=fp
18: (79) r6 = *(u64 *)(r6 +0)
19: (b7) r1 = 0
20: (63) *(u32 *)(r10 -32) = r1
21: (7b) *(u64 *)(r10 -40) = r1
22: (63) *(u32 *)(r10 -4) = r1
23: (63) *(u32 *)(r10 -8) = r1
24: (63) *(u32 *)(r10 -12) = r1
25: (6b) *(u16 *)(r10 -14) = r1
26: (6b) *(u16 *)(r10 -16) = r1
27: (bf) r3 = r6
28: (07) r3 += 4
29: (bf) r1 = r10
30: (07) r1 += -4
31: (b7) r2 = 4
32: (85) call 4
33: (bf) r1 = r10
34: (07) r1 += -8
35: (b7) r2 = 4
36: (bf) r3 = r6
37: (85) call 4
38: (bf) r3 = r6
39: (07) r3 += 720
40: (bf) r1 = r10
41: (07) r1 += -14
42: (b7) r2 = 2
43: (85) call 4
44: (bf) r3 = r6
45: (07) r3 += 12
46: (bf) r1 = r10
47: (07) r1 += -16
48: (b7) r2 = 2
49: (85) call 4
50: (07) r6 += 48
51: (bf) r1 = r10
52: (07) r1 += -64
53: (b7) r2 = 8
54: (bf) r3 = r6
55: (85) call 4
invalid indirect read from stack off -64+0 size 8
Traceback (most recent call last):
File "./tcptracer.py", line 530, in
b.attach_kretprobe(event="tcp_v4_connect", fn_name="trace_connect_v4_return")
File "/usr/lib/python2.7/dist-packages/bcc/init.py", line 551, in attach_kretprobe
fn = self.load_func(fn_name, BPF.KPROBE)
File "/usr/lib/python2.7/dist-packages/bcc/init.py", line 345, in load_func
(func_name, errstr))
Exception: Failed to load BPF program trace_connect_v4_return: Permission denied
The text was updated successfully, but these errors were encountered: