Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Gentoo Dtrace
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
pingtoo
Veteran
Veteran


Joined: 10 Sep 2021
Posts: 1223
Location: Richmond Hill, Canada

PostPosted: Thu Oct 31, 2024 4:59 pm    Post subject: Gentoo Dtrace Reply with quote

When enable dtrace, those kernel configuration options must be static link in to kernel? Can they be set to as module? This question is conceptual as in I know this can be find from kconfig. But question is about is it better to have it static therefor lesser limitation or it does not matter.

And is there additional kernel stuff (files) required on file system in order for dtrace to function? (I mean beside user space dtraec utilities)
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1946

PostPosted: Fri Nov 01, 2024 3:59 am    Post subject: Reply with quote

Thanks for playing with it! Really nice to see all the interest in it so far.

The kernel configuration options the ebuild marks (see https://wiki.gentoo.org/wiki/DTrace#Kernel_configuration) must be on, of course. As for whether they need to be a module or built-in "modules": there is better support for them being real modules for now. There are patches in gentoo-sources (not yet in the default config in gentoo-kernel so not in gentoo-kernel-bin but the patches are there too) which better support modules being built-in. The issue is obtaining range information when they're in the kernel image rather than separate modules. The only downside there is not being able to probe things in those affected modules.

No other stuff should be needed other than correct kernel configuration and dev-debug/dtrace installed.

TL;DR: Enable the kernel config options the ebuild mentions, prefer modules rather than built-in for now, install dev-debug/dtrace.
Back to top
View user's profile Send private message
pingtoo
Veteran
Veteran


Joined: 10 Sep 2021
Posts: 1223
Location: Richmond Hill, Canada

PostPosted: Fri Nov 01, 2024 3:07 pm    Post subject: Reply with quote

sam_,

Thank you for the information.
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Fri Nov 01, 2024 7:01 pm    Post subject: Reply with quote

Nice question and clarification from both of you.
Hence currently installing...

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Sat Nov 02, 2024 12:33 pm    Post subject: Reply with quote

Kernel config base is highly constrained here:
Only what is functionnaly required.
Mostly following app-admin/kernel-hardening-checker too.

Kernel config requirements aren't defined at ebuild level.

Thus emerging here throws:
Code:
>>> Running pre-merge checks for dev-debug/dtrace-2.0.1.1-r2
 * Determining the location of the kernel source code
 * Found kernel source directory:
 *     /usr/src/linux
 * Could not detect kernel version.
 * Please ensure that /usr/src/linux points to a complete set of Linux sources.
 * Unable to calculate Linux Kernel version for build, attempting to use running version
 * Checking for suitable kernel configuration options ...
 *   CONFIG_DEBUG_INFO_BTF:    is not set when it should be.
 *   CONFIG_KALLSYMS_ALL:    is not set when it should be.
 *   CONFIG_CUSE:    is not set when it should be.
 *   CONFIG_TRACING:    is not set when it should be.
 *   CONFIG_UPROBES:    is not set when it should be.
 *   CONFIG_UPROBE_EVENTS:    is not set when it should be.
 *   CONFIG_FTRACE:    is not set when it should be.
 *   CONFIG_FTRACE_SYSCALLS:    is not set when it should be.
 *   CONFIG_DYNAMIC_FTRACE:    is not set when it should be.
 *   CONFIG_FUNCTION_TRACER:    is not set when it should be.
 *   CONFIG_FPROBE:    is not set when it should be.
 *   CONFIG_GCC_PLUGIN_RANDSTRUCT:    should not be set. But it is.   [ !! ]
which is quite informative what should be changed here.
Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
pingtoo
Veteran
Veteran


Joined: 10 Sep 2021
Posts: 1223
Location: Richmond Hill, Canada

PostPosted: Sat Nov 02, 2024 2:19 pm    Post subject: Reply with quote

I think it was said in the Gentoo Wiki for Dtrace that harden kernel not supported.

But in any case does the package dev-debug/dtrace actually build?
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Sat Nov 02, 2024 2:56 pm    Post subject: Reply with quote

pingtoo wrote:
I think it was said in the Gentoo Wiki for Dtrace that harden kernel not supported.
Code:
eselect profile list
[45]  default/linux/amd64/23.0/split-usr (stable) *
However I admit kernel config is fully manual here.
pingtoo wrote:
But in any case does the package dev-debug/dtrace actually build?
Yes it does build, although
CONFIG_DEBUG_INFO_BTF wasn't configured yet.

As far as 6.11.6 is concerned here, diff is as follows:
Code:
diff config-2024-11-02_14:51:17  config-2024-11-02_17:20:29
117c117
< # CONFIG_BPF_SYSCALL is not set
---
> CONFIG_BPF_SYSCALL=y
118a119,120
> CONFIG_BPF_UNPRIV_DEFAULT_OFF=y
> # CONFIG_BPF_PRELOAD is not set
147a150,153
> CONFIG_TASKS_RCU_GENERIC=y
> CONFIG_NEED_TASKS_RCU=y
> CONFIG_TASKS_RUDE_RCU=y
> CONFIG_TASKS_TRACE_RCU=y
188a195
> # CONFIG_CGROUP_BPF is not set
247c254,257
< # CONFIG_KALLSYMS is not set
---
> CONFIG_KALLSYMS=y
> # CONFIG_KALLSYMS_SELFTEST is not set
> CONFIG_KALLSYMS_ALL=y
> CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
259a270
> CONFIG_TRACEPOINTS=y
648a660
> CONFIG_UPROBES=y
782,783c794
< CONFIG_GCC_PLUGINS=y
< CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
---
> # CONFIG_GCC_PLUGINS is not set
820c831
< CONFIG_UNUSED_KSYMS_WHITELIST="/usr/src/linux-6.11.6-gentoo-dtrc/KSYMS_WHITELIST.tMF5"
---
> CONFIG_UNUSED_KSYMS_WHITELIST="/usr/src/linux-6.11.6-gentoo-dtrc/KSYMS_WHITELIST.cXgE"
1019a1031,1032
> CONFIG_NET_EGRESS=y
> CONFIG_NET_XGRESS=y
1031a1045
> # CONFIG_XDP_SOCKETS is not set
1063a1078
> CONFIG_NETFILTER_BPF_LINK=y
1178a1194
> # CONFIG_NET_DROP_MONITOR is not set
1251a1268,1270
> CONFIG_NET_SOCK_MSG=y
> CONFIG_PAGE_POOL=y
> # CONFIG_PAGE_POOL_STATS is not set
1625a1645
> # CONFIG_NETKIT is not set
3936c3956
< # CONFIG_CUSE is not set
---
> CONFIG_CUSE=m
4123,4127d4142
< CONFIG_GCC_PLUGIN_STACKLEAK=y
< # CONFIG_GCC_PLUGIN_STACKLEAK_VERBOSE is not set
< CONFIG_STACKLEAK_TRACK_MIN_SIZE=100
< # CONFIG_STACKLEAK_METRICS is not set
< # CONFIG_STACKLEAK_RUNTIME_DISABLE is not set
4141,4145c4156
< # CONFIG_RANDSTRUCT_NONE is not set
< CONFIG_RANDSTRUCT_FULL=y
< # CONFIG_RANDSTRUCT_PERFORMANCE is not set
< CONFIG_RANDSTRUCT=y
< CONFIG_GCC_PLUGIN_RANDSTRUCT=y
---
> CONFIG_RANDSTRUCT_NONE=y
4374a4386,4387
> CONFIG_BINARY_PRINTF=y
>
4512a4526
> CONFIG_DEBUG_INFO=y
4514,4515c4528,4529
< CONFIG_DEBUG_INFO_NONE=y
< # CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set
---
> # CONFIG_DEBUG_INFO_NONE is not set
> CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y
4517a4532,4542
> # CONFIG_DEBUG_INFO_REDUCED is not set
> CONFIG_DEBUG_INFO_COMPRESSED_NONE=y
> # CONFIG_DEBUG_INFO_COMPRESSED_ZLIB is not set
> # CONFIG_DEBUG_INFO_COMPRESSED_ZSTD is not set
> # CONFIG_DEBUG_INFO_SPLIT is not set
> CONFIG_DEBUG_INFO_BTF=y
> CONFIG_PAHOLE_HAS_SPLIT_BTF=y
> CONFIG_PAHOLE_HAS_LANG_EXCLUDE=y
> CONFIG_DEBUG_INFO_BTF_MODULES=y
> # CONFIG_MODULE_ALLOW_BTF_MISMATCH is not set
> # CONFIG_GDB_SCRIPTS is not set
4572a4598
> # CONFIG_DEBUG_PAGE_REF is not set
4688a4715
> CONFIG_NOP_TRACER=y
4689a4717
> CONFIG_RETHOOK=y
4690a4719,4720
> CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
> CONFIG_HAVE_FUNCTION_GRAPH_RETVAL=y
4702a4733,4739
> CONFIG_BUILDTIME_MCOUNT_SORT=y
> CONFIG_TRACE_CLOCK=y
> CONFIG_RING_BUFFER=y
> CONFIG_EVENT_TRACING=y
> CONFIG_CONTEXT_SWITCH_TRACER=y
> CONFIG_TRACING=y
> CONFIG_GENERIC_TRACER=y
4704c4741,4785
< # CONFIG_FTRACE is not set
---
> CONFIG_FTRACE=y
> # CONFIG_BOOTTIME_TRACING is not set
> CONFIG_FUNCTION_TRACER=y
> # CONFIG_FUNCTION_GRAPH_TRACER is not set
> CONFIG_DYNAMIC_FTRACE=y
> CONFIG_DYNAMIC_FTRACE_WITH_REGS=y
> CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y
> CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y
> CONFIG_FPROBE=y
> # CONFIG_FUNCTION_PROFILER is not set
> # CONFIG_STACK_TRACER is not set
> # CONFIG_IRQSOFF_TRACER is not set
> # CONFIG_SCHED_TRACER is not set
> # CONFIG_HWLAT_TRACER is not set
> # CONFIG_OSNOISE_TRACER is not set
> # CONFIG_TIMERLAT_TRACER is not set
> # CONFIG_MMIOTRACE is not set
> CONFIG_FTRACE_SYSCALLS=y
> # CONFIG_TRACER_SNAPSHOT is not set
> CONFIG_BRANCH_PROFILE_NONE=y
> # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
> # CONFIG_BLK_DEV_IO_TRACE is not set
> CONFIG_FPROBE_EVENTS=y
> CONFIG_PROBE_EVENTS_BTF_ARGS=y
> CONFIG_UPROBE_EVENTS=y
> CONFIG_BPF_EVENTS=y
> CONFIG_DYNAMIC_EVENTS=y
> CONFIG_PROBE_EVENTS=y
> CONFIG_FTRACE_MCOUNT_RECORD=y
> CONFIG_FTRACE_MCOUNT_USE_CC=y
> # CONFIG_SYNTH_EVENTS is not set
> # CONFIG_USER_EVENTS is not set
> # CONFIG_HIST_TRIGGERS is not set
> # CONFIG_TRACE_EVENT_INJECT is not set
> # CONFIG_TRACEPOINT_BENCHMARK is not set
> # CONFIG_RING_BUFFER_BENCHMARK is not set
> # CONFIG_TRACE_EVAL_MAP_FILE is not set
> # CONFIG_FTRACE_RECORD_RECURSION is not set
> # CONFIG_FTRACE_VALIDATE_RCU_IS_WATCHING is not set
> # CONFIG_FTRACE_STARTUP_TEST is not set
> # CONFIG_FTRACE_SORT_STARTUP_TEST is not set
> # CONFIG_RING_BUFFER_STARTUP_TEST is not set
> # CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set
> # CONFIG_PREEMPTIRQ_DELAY_TEST is not set
> # CONFIG_RV is not set

Plz it could be some activated settings aren't required, and are only a result of kernel cascading activation.

CONFIG_BPF_SYSCALL, which seems required here, isn't explicitly mentioned in the wiki.
However it may be cascaded by another advised setting.

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Sat Nov 02, 2024 3:17 pm    Post subject: Reply with quote

On openrc, manual
Code:
rc-update add dtprobed default
wasn't required here.
From wiki
Code:
root #dtrace -l
...
As of August 2024, on an ~amd64 system with linux-6.6, around 125000 probes are registered. If the number is substantially lower than that, it's possible some required kernel config options are not enabled.
Something must be wrong here as:
Code:
dtrace -l|wc -l
172
Indeed wiki's first basic sanity check fails here as
Code:
dtrace -n 'BEGIN { exit(0); }'
dtrace: invalid probe specifier BEGIN { exit(0); }: "/usr/lib64/dtrace/6.10/ip.d", line 248: skc_v6_daddr is not a member of struct sock_common


My 2 cent is that ip6 kernel stack is expected...

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
nullnix
n00b
n00b


Joined: 04 Nov 2024
Posts: 1
Location: Ely, UK

PostPosted: Mon Nov 04, 2024 3:16 pm    Post subject: Reply with quote

CaptainBlood wrote:
On openrc, manual
Code:
rc-update add dtprobed default
wasn't required here.


Yeah, we try to start that automatically because it's really an implementation detail that users shouldn't need to be concerned by (and because it needs to be running before any processes with USDT probes start if you want to be able to probe them).

CaptainBlood wrote:
From wiki
Code:
root #dtrace -l
...
As of August 2024, on an ~amd64 system with linux-6.6, around 125000 probes are registered. If the number is substantially lower than that, it's possible some required kernel config options are not enabled.
Something must be wrong here as:
Code:
dtrace -l|wc -l
172
Indeed wiki's first basic sanity check fails here as
Code:
dtrace -n 'BEGIN { exit(0); }'
dtrace: invalid probe specifier BEGIN { exit(0); }: "/usr/lib64/dtrace/6.10/ip.d", line 248: skc_v6_daddr is not a member of struct sock_common


My 2 cent is that ip6 kernel stack is expected...


It's certainly the case that operation with unusual kernel configs is very little tested so far, and operation without IPv6 (or IPv4, for that matter) is likely even less tested. (Indeed, my local test systems are IPv6-only these days specifically so I can make sure IPv6 doesn't break, though they do have IPv4 compiled in as well.)

I'd recommend trying to compile IPv6 in and see what happens. If it still fails, try running with DTRACE_DEBUG=t set in the environment and post the spray of output it prints on stderr. There may be extra error messages hiding in there that we need to expose as non-debugging messages.

More generally, we should probably add some way to test kernel configs in translators and skip them if specific things aren't set (or disable bits of them, in this case). Right now we can test for the presence of providers, but since both ipv4 and ipv6 are implemented via the "ip" provider, this isn't much help...

More generally yet, if you only have hundreds of probes, something else is wrong: the fbt provider alone should be providing tens of thousands, so that's not initializing properly for some reason.

What does

Code:
cat /sys/kernel/debug/tracing/available_filter_functions | wc -l

report on your kernel? I get a figure around 60000...
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Mon Nov 04, 2024 7:08 pm    Post subject: Reply with quote

nullnix wrote:
I'd recommend trying to compile IPv6 in and see what happens. If it still fails, try running with DTRACE_DEBUG=t set in the environment and post the spray of output it prints on stderr. There may be extra error messages hiding in there that we need to expose as non-debugging messages.
dpaste
Obviously more work required beyond solely IPv6 activation... In progress.

nullnix wrote:
Code:
cat /sys/kernel/debug/tracing/available_filter_functions | wc -l

report on your kernel? I get a figure around 60000...
Code:
LC_MESSAGES=C cat /sys/kernel/debug/tracing/available_filter_functions|wc -l
cat: /sys/kernel/debug/tracing/available_filter_functions: No such file or directory
0


Any idea more than welcome.

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Mon Nov 04, 2024 8:55 pm    Post subject: Reply with quote

Oracle Dtrace tutorial refers to About DTrace Providers as kernel modules which seems to be missing in the dpaste above.
Code:
libdtrace DEBUG 1730746374: creating provider fbt
libdtrace DEBUG 1730746374: loaded 0 probes for fbt
libdtrace DEBUG 1730746374: creating provider sdt
libdtrace DEBUG 1730746374: loaded 0 probes for sdt
libdtrace DEBUG 1730746374: creating provider syscall
libdtrace DEBUG 1730746374: loaded 0 probes for syscall
However
Code:
libdtrace DEBUG 1730746374: creating provider profile
libdtrace DEBUG 1730746374: loaded 13 probes for profile
seems provided.

dtrace and fasttrap modules aren't reported for some reason.

I don't know how critical these are but I must have done something wrong.

Any idea?

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
CaptainBlood
Advocate
Advocate


Joined: 24 Jan 2010
Posts: 3839

PostPosted: Tue Nov 05, 2024 1:52 am    Post subject: Reply with quote

These missing modules are likely to be oracle specific, available with sys-kernel/uek-sources.

Thks 4 ur attention, interest & support.
_________________
USE="-* ..." in /etc/portage/make.conf here, i.e. a countermeasure to portage implicit braces, belt & diaper paradigm
LT: "I've been doing a passable imitation of the Fontana di Trevi, except my medium is mucus. Sooo much mucus. "
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum