Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

libbpf-tools/sigsnoop : reporting signal number '17' for all signal sent by kill utility. #5057

Open
devidasjadhav opened this issue Jul 8, 2024 · 4 comments
Open

libbpf-tools/sigsnoop : reporting signal number '17' for all signal sent by kill utility. #5057

devidasjadhav opened this issue Jul 8, 2024 · 4 comments

Comments

@devidasjadhav
Copy link
Contributor

to test a PR I used sigsnoop with kill utility.
got signal value 17.
So I reverted that patch.
same result.

so I added bpf_printk and verified that value.

it was 17 even with bpf_printk.

Value in ctx-sig. is 17.

I am using Debian 11 with 6.1.0-11-amd64 kernel.

Steps to reproduce.

  1. run sigsnoop with pid. i.e ./sigsnoop -p 1234
  2. kill -n 19 1234
  3. kill -n 18 1234
  4. verify output of sigsnoop
TIME     PID     COMM             SIG       TPID    RESULT
22:56:55 50918   a.py             17        30434   0
22:56:59 50918   a.py             17        30434   0
@devidasjadhav
Copy link
Contributor Author

even tracepoint from tracefs shows same.
echo 1 > /sys/kernel/tracing/events/signal/signal_generate/enable

          sh-72340   [003] dN.2.  9457.683068: signal_generate: sig=17 errno=0 code=1 comm=python pid=1258 grp=1 res=1
        grep-72348   [002] dN.2.  9458.691583: signal_generate: sig=17 errno=0 code=1 comm=sh pid=72347 grp=1 res=0
          sh-72347   [004] dN.2.  9458.692029: signal_generate: sig=17 errno=0 code=1 comm=python pid=1258 grp=1 res=1
         cat-72352   [001] dN.2.  9459.257847: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72351 grp=1 res=0
        grep-72353   [003] dN.2.  9459.258953: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72351 grp=1 res=2
          wc-72354   [005] dN.2.  9459.259009: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72351 grp=1 res=2
        bash-72351   [004] dN.2.  9459.259594: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72355   [001] dN.2.  9459.263742: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72356   [003] dN.2.  9459.267340: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72357   [002] dN.2.  9459.270904: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72358   [003] dN.2.  9459.274404: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72359   [002] dN.2.  9459.277936: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        expr-72360   [003] dN.2.  9459.281515: signal_generate: sig=17 errno=0 code=1 comm=bash pid=72350 grp=1 res=0
        bash-72350   [005] dN.2.  9459.282323: signal_generate: sig=17 errno=0 code=1 comm=sh pid=72349 grp=1 res=0
          sh-72349   [003] dN.2.  9459.282712: signal_generate: sig=17 errno=0 code=1 comm=python pid=1258 grp=1 res=1

@devidasjadhav
Copy link
Contributor Author

surprisingly with -k its working fine.

So Now in my setup tracepoint version of code is not performing as expected.

Can @chenhengqi please verify if its working in your setup ?

@ZhangYet
Copy link
Contributor

ZhangYet commented Jul 29, 2024
edited
Loading

Could I ask what platform you used to discover this problem?

I reproduced this on X86 vm by kill -19 pid, but saw nothing when kill -18 pid.

BTW I don't think this is a bug, just something we haven't understood in kernel.

And -k changed the probed function:

  1. with -k, sigsnoop traces some kill functions.
  2. without -k, sigsnoop traces trace_signal_generate.

@ZhangYet
Copy link
Contributor

I'm working on x86 platform.

// include/uapi/asm/signal.h
#define SIGCHLD		17
#define SIGCONT		18
#define SIGSTOP		19

And

// include/linux/signal.h
 *	|  SIGCHLD           |	ignore   	|
 *	|  SIGCONT           |	ignore(*)	|
 *	|  SIGSTOP           |	stop(*)(+)  	|

So when I test kill -18 {pid}, sigsnoop doesn't catch anything.

When I kill -19 {pid}, the process {pid} is stopped. When the process {pid} is stopped, it will call system call exit, in which calls exit_signals.

exit_signals-> do_notify_parent_cldstop -> __group_send_sig_info(SIGCHLD, &info, parent) -> send_signal.

syscall kill won't be called in this procedure, that's why you can catch SIGCHLD(17) without -k.

I'm using a 5.15 kernel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ZhangYet @devidasjadhav