[Question] The type of uprobe does not match kernel

Open janetat opened this issue 1 year ago • 4 comments

问题

当劫持的是BPF_PROG_LOAD时，为什么uprobe/uretprobe -> BPF_PROG_TYPE_SOCKET_FILTER?

假如使用的是bpf_prog_attach_uprobe_with_override去挂载程序（error_inject.c）。

Jul 25 '24 01:07 janetat

kernel uses BPF_PROG_TYPE_SOCKET_FILTER as program type of uprobe/uretprobe programs, so do us. Program type is not the same things as attach type.

Jul 25 '24 05:07 Officeyutong

But link says uprobe/uretprobe program is BPF_PROG_TYPE_KPROBE

Jul 25 '24 06:07 janetat

BTW, After error_inject_bpf__open(), I print out the program type:

    # The bpf_prog_type is 2, BPF_PROG_TYPE_KPROBE
    fprintf(stderr, "!!!!!1: %d\n", skel->progs.do_error_inject_patch->type);
    fprintf(stderr, "!!!!!2: %s\n", skel->progs.do_error_inject_patch->name);

Jul 25 '24 06:07 janetat

The key problem is that bpf_prog_attach_uprobe_with_override is not supported by kernel.

It's a self-define type only in bpftime, so we choose a type for that. Maybe we should choose a new one....

Aug 09 '24 16:08 yunwei37

bpftime bpftime copied to clipboard

[Question] The type of uprobe does not match kernel

问题

bpftime
bpftime copied to clipboard