traceloop icon indicating copy to clipboard operation
traceloop copied to clipboard

Published 20 hours ago verified publisher icon kinvolk

Add support for ARM

Open alban opened this issue 4 years ago • 3 comments

traceloop currently only works on x86_64.

Non-exhaustive list of tasks:

  • [ ] The syscall table (syscall_table.go) needs to be per-architecture
  • [ ] straceback-guess-bpf.c hard code some syscall numbers
if (exit != 0 && id != 165) { // mount

if (id != 269) { // faccessat()
  • [ ] errno computation is x86_64 specific (if errNo >= -4095 && errNo <= -1 in event.go)

alban avatar Jan 26 '20 17:01 alban

Hi.

I thought to several approaches to deal with harcoded syscall numbers:

  1. If we can call any kernel functions from BPF code, we can do something like this:
#include <linux/kallsyms.h>
#include <linux/ftrace.h>

// ...

unsigned long addr;
char str[KSYM_SYMBOL_LEN];

addr = arch_syscall_addr(id);
kallsyms_lookup(addr, NULL, NULL, NULL, str);
if (!strcmp(str + 3, "faccessat"))
	return 0;
  1. If it exists a BPF helper to get CPU architecture, we can do something like this:
char *architecture = bpf_get_cpu_architecture()
if ((!strcmp(architecture, "x86_64") && id == 149) || (!strcmp(architecture, "aarch64) && id == 48 || ...)
        return 0;
  1. Otherwise, we can use __NR_faccessat macro:
#include <linux/unistd.h>

if (id == __NR_faccessat)
        return 0;

First solution seems to be the best one, sadly we cannot call any kernel function from BPF code for the moment. The second one is less generic but seems OK, sadly it does not exists a bpf helper to get cpu architecture. The last one would require to compile BPF code against the architecture kernel headers as __NR_faccesstat value would be replaced by corresponding value for the given architecture. This is doable but will not ease our build system.

Let me know what you think about these different solutions.

Best regards.

eiffel-fl avatar Dec 17 '21 15:12 eiffel-fl

I'm currently working on being able to build on aarch64 with make and docker.

retpolanne avatar Sep 20 '22 22:09 retpolanne

So, I tried porting it and saw a bunch of compiling errors due to ASM.

My patches are here https://github.com/kinvolk/traceloop/compare/main...retpolanne:traceloop:arm64

I'm seeing the same things as this issue https://github.com/iovisor/bcc/issues/1202 but bcc was fixed by adding bpfasmparser to the Cmake LLVM libraries: https://github.com/iovisor/bcc/commit/7abe63a08f00a09abe952c3e1afecd3a5feeecc6

I did some research and couldn't find a way to add this bpfasmparser to our Clang flags. However, I do see bpfasmparser on llvm-config --components.

retpolanne avatar Sep 21 '22 12:09 retpolanne