Home > Blockchain >  Linux tracing/trace_pipe file not readable (debugfs)
Linux tracing/trace_pipe file not readable (debugfs)

Time:06-02

I have BPF program that writes into trace_pipe file, and even though the program executes correctly, I cannot read data from this file.

Whenever I try to cat /sys/kernel/debug/tracing/trace_pipe, the process gets stuck, and nothing is shown as output.

enter image description here

I have manually mounted the debugfs by running: mount -t debugfs none /sys/kernel/debug and when I try to cat, tail, vi, or somehow read the content of this file, the result is the same.

The "trace_pipe" file is not readable even right after I mount the debugfs, so I don't believe this is related to my BPF code execution.

This file is simply not readable, and I want to understand what should I do to be able to read it.

I can confirm the debugfs is properly mounted, and the file does exist:

enter image description here

enter image description here

I appreciate any tips on how should I read this file.

CodePudding user response:

So this was simply a mistake in your eBPF program. From your link:

int my_pid = 0;

SEC("tp/syscalls/sys_enter_write")
int handle_tp(void *ctx)
{
    int pid = bpf_get_current_pid_tgid() >> 32;

    if (pid != my_pid)
        return 0;

    bpf_printk("BPF triggered from PID %d.\n", pid);

    return 0;
}

Having if (pid != my_pid) return 0;, with my_pid = 0, means you exit each time the PID you collect is non-0 - which is pretty much all the time. So your program exits early and you don't get a chance to execute the call to bpf_printk() and send data to the trace pipe.

Page link:https//www.codepudding.com/Blockchain/427723.html

Prev:filter data From ansible_default_ipv4.macaddress
Next:automatice bash command for multiple files
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding