0

Messing around with eBPF and decided to try another crc32 algorithm to try but got stuck with another error that I can't seem to find too much information for. I keep getting a bpf: Failed to load program: Invalid argument last insn is not an exit or jmp. I tried to see if it has anything to do with the way I wrote my functions but all I generate are warnings and then jumping to this error.

bpf_text3 = '''

#include <uapi/linux/ptrace.h>


static int build_crc32_table(void) {
        uint32_t crc=0xFFFFFFFF;
        uint32_t str[256];
for(uint32_t i=0;i<256;i++) {
    uint32_t ch=i;
    for(size_t j=0;j<8;j++) {
        uint32_t b=(ch^crc)&1;
        crc>>=1;
        if(b) crc=crc^0xEDB88320;
        ch>>=1;
    }
    str[i]=crc;
}
return str;
}

int crc32(struct pt_regs *ctx) {
    char str[256];
    strcpy(str, buildcrc32_table());
    //uint32_t str[] = build_crc32_table();
    bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_RC(ctx));

    uint32_t crc=0xFFFFFFFF;
    bpf_trace_printk("BCC - Test Beginning...\\n");
    u64 startTime = bpf_ktime_get_ns();
    for (size_t i = 0; i < sizeof(str); i++) {
        char ch = str[i];
        if (ch == '\\0') break;
        uint32_t t=(ch^crc)&0xFF;
        crc=(crc>>8)^str[t];
        }
    int result = ~crc;
    u64 totalTime = bpf_ktime_get_ns() - startTime;
    bpf_trace_printk(">> BCC - CRC of \\"%s\\" is: 0x%x \\n",str, result);
    bpf_trace_printk(">> BCC - CRC took: %lu cycles\\n", totalTime);
    bpf_trace_printk("BCC - Test Complete.\\n\\n\\n");

    return 0;
    };

'''

Here's also a detailed error that I am seeing:

5 warnings generated. Attaching to uretprobe bpf: Failed to load program: Invalid argument last insn is not an exit or jmp processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

Qeole
  • 8,284
  • 1
  • 24
  • 52
Zarif Rahman
  • 79
  • 1
  • 8
  • What kernel version are you using? Where is strcpy defined? – pchaigno May 28 '21 at 20:39
  • Not really sure what version of BCC, I'm running, just installed the latest one the other day and the strcpy function is just being used from headers.h file – Zarif Rahman May 28 '21 at 22:41
  • I was wondering about the kernel version, not the bcc version. Also note you don't include any header file that has strcpy in the above code. – pchaigno May 29 '21 at 10:28
  • 1
    Added that header file but still get the same error. And is this what you're looking for? 5.8.0-1024-raspi and its running Ubunuty 20.04 – Zarif Rahman May 29 '21 at 16:22
  • 1
    Sounds like the eBPF-to-eBPF function call could be the cause of the error. It should be supported on 5.8, but I see this is on Raspberry Pi, maybe the arm64 JIT doesn't support it? In doubt, I'd try to declare `crc32()` as `static inline`. (Side note: Please check the descriptions for the tags, and don't use all `bcc-*` for your questions, `bcc-bpf` is the only relevant one for the eBPF-related BCC tools :-) ). – Qeole May 29 '21 at 19:10
  • Sorry about the BCC issue and I'll make sure it does not happen again. Sadly static inline did not seem to solve the issue and now I don't get an error anymore? Like there is no description anymore. I'll stop my messing around with CRC and get to some other problems I have been itching to solve. – Zarif Rahman May 30 '21 at 01:03
  • If you don't have an error from the verifier anymore then there's progress. What makes you think it doesn't work? – pchaigno May 30 '21 at 07:23
  • 5 warnings generated. Attaching to uretprobe Traceback (most recent call last): File "crc32.py", line 122, in b.attach_uretprobe(name="/bin/bash", sym="readline", fn_name="crc32") File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 1058, in attach_uretprobe fn = self.load_func(fn_name, BPF.KPROBE) File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 375, in load_func raise Exception("Unknown program %s" % func_name) Exception: Unknown program b'crc32' Now this is what I get as of now. No errors just warnings and then a crash. – Zarif Rahman May 30 '21 at 14:37
  • Ah, `crc32` was your main program? Sorry about the bad suggestion then. Back to pchaigno's questions in that case, if I were you I'd look closely at your `strcpy()` and see if it might be related to your error. Have you tried removing it? I'm not sure what headers.h file you referred to. – Qeole May 30 '21 at 23:24
  • I am pretty sure it's because of the strcpy() function but I don't know what else to use in lieu of that function. I am slowly finding out how eBPF does not seem to like pointers. As of now, I am not importing any functions since it does not seem necessary? Like it seems to work fine without it? I just have ptrace.h imported as of now. – Zarif Rahman Jun 02 '21 at 02:47

0 Answers0