-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stack table symbol resolution uses wrong path for containerized processes #3487
Comments
Alternatively, since current code already assumes Using |
@d3dave Just want to clarify my understanding. In this case, the bcc tool is running inside the container or outside the container? I assume it should be outside the container, right? Why |
I think this is a TL;DR of the case @d3dave is describing. Please let me know if I'm not understanding correctly. When the containerized process is created, it's pulling the exe and libs from paths within the mountns of the container. So map paths in The I think the presented solution would work. An alternative that may be worth considering would be to stop treating the exe differently and rely on the map iteration code to pick it up when it looks at the first line in Regardless, this is definitely a bug and since I added a lot of the ns-relative stuff when a similar thing bit me a few years ago I'll work on a fix. |
Hey @yonghong-song,
Yes, bcc is running outside the container and is being used to resolve symbols of a pid that is in a container.
Note that in the second case, the file that exists on the same path on the host is not the same file as the file at that path in the container. Hey @davemarchevsky, thanks for taking your time to explain. I think your explanation is spot on.
I prefer this alternative, only because using
Thanks! |
@d3dave @davemarchevsky thanks for explanation. Looks like |
I agree with @davemarchevsky and @d3dave , the easiest & cleanest thing would be to remove the special treatment of Should anyone need to handle the |
symbolizing As reported in iovisor#3487, when `/proc/PID/exe`'s symlink points to a mountns-relative path from a different mountns than the tracing process, we can fail to open it as we don't prepend `/proc/PID/root` . A few potential solutions were discussed in that issue, we settled on treating the main exe like any other map in `/proc/PID/maps`. Since it's always the first map we can reuse existing code and get rid of exe-specific helpers.
Should be fixed by #3498 |
symbolizing As reported in iovisor#3487, when `/proc/PID/exe`'s symlink points to a mountns-relative path from a different mountns than the tracing process, we can fail to open it as we don't prepend `/proc/PID/root` . A few potential solutions were discussed in that issue, we settled on treating the main exe like any other map in `/proc/PID/maps`. Since it's always the first map we can reuse existing code and get rid of exe-specific helpers.
symbolizing As reported in iovisor#3487, when `/proc/PID/exe`'s symlink points to a mountns-relative path from a different mountns than the tracing process, we can fail to open it as we don't prepend `/proc/PID/root` . A few potential solutions were discussed in that issue, we settled on treating the main exe like any other map in `/proc/PID/maps`. Since it's always the first map we can reuse existing code and get rid of exe-specific helpers.
When calling
BPFStackTable::get_stack_symbol(stack_id, pid)
with a PID of a containerized process, symbols are resolved incorrectly, if at all. I tracked the issue down toProcSyms::load_exe
where the path to the executable of the process within the container is treated as a path on the host (https://github.com/iovisor/bcc/blob/master/src/cc/bcc_syms.cc#L128). Modifyingget_pid_exe
to simply return the/proc/<pid>/exe
path instead of the read link appears to work:Note this is only relevant for the executable itself and not any loaded modules because
_add_module
properly handles theenter_ns
argument. This is not a 100% proper solution as the result ofget_pid_exe
is also used by some USDT-related code which appears to rely on the error check ofreadlink
.The text was updated successfully, but these errors were encountered: