diff options
| author | Jerome Marchand <jmarchan@redhat.com> | 2024-02-29 18:52:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-29 09:52:46 -0800 |
| commit | 516087d0895604148540f4050729dd3750a4553f (patch) | |
| tree | 095f50041d823cf6a84017214c349c3be0dd7559 | |
| parent | 699cd5f695b815e6e02ae92a4deed8c7ca23a2b6 (diff) | |
| download | bcc-516087d0895604148540f4050729dd3750a4553f.tar.gz | |
libbpf-tools: fix syscall tracepoints (#4920)
In BPF programs, syscall tracepoints returns a local syscall_tp_t
structure that's meant to mimic syscall_trace_enter/exit structures.
It just happen to have the same offsets for nr and args fields as
struct trace_event_raw_sys_enter/exit. However, a change in the
trace_entry structure in the linux-rt broke that assumption
(ea622076b76f "sched: Add support for lazy preemption").
Program calling syscall tracepoint should have used the right
structure in the first place. This patch replace the
trace_event_raw_sys_* by their syscall_trace_* counterpart when
calling a syscall tracepoint.
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
| -rw-r--r-- | libbpf-tools/execsnoop.bpf.c | 4 | ||||
| -rw-r--r-- | libbpf-tools/futexctn.bpf.c | 4 | ||||
| -rw-r--r-- | libbpf-tools/mountsnoop.bpf.c | 8 | ||||
| -rw-r--r-- | libbpf-tools/opensnoop.bpf.c | 10 | ||||
| -rw-r--r-- | libbpf-tools/sigsnoop.bpf.c | 12 | ||||
| -rw-r--r-- | libbpf-tools/statsnoop.bpf.c | 20 |
6 files changed, 29 insertions, 29 deletions
diff --git a/libbpf-tools/execsnoop.bpf.c b/libbpf-tools/execsnoop.bpf.c index ee5832e7..83aac754 100644 --- a/libbpf-tools/execsnoop.bpf.c +++ b/libbpf-tools/execsnoop.bpf.c @@ -36,7 +36,7 @@ static __always_inline bool valid_uid(uid_t uid) { } SEC("tracepoint/syscalls/sys_enter_execve") -int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter* ctx) +int tracepoint__syscalls__sys_enter_execve(struct syscall_trace_enter* ctx) { u64 id; pid_t pid, tgid; @@ -112,7 +112,7 @@ int tracepoint__syscalls__sys_enter_execve(struct trace_event_raw_sys_enter* ctx } SEC("tracepoint/syscalls/sys_exit_execve") -int tracepoint__syscalls__sys_exit_execve(struct trace_event_raw_sys_exit* ctx) +int tracepoint__syscalls__sys_exit_execve(struct syscall_trace_exit* ctx) { u64 id; pid_t pid; diff --git a/libbpf-tools/futexctn.bpf.c b/libbpf-tools/futexctn.bpf.c index 4126f356..ae620f9a 100644 --- a/libbpf-tools/futexctn.bpf.c +++ b/libbpf-tools/futexctn.bpf.c @@ -49,7 +49,7 @@ struct { static struct hist initial_hist = {}; SEC("tracepoint/syscalls/sys_enter_futex") -int futex_enter(struct trace_event_raw_sys_enter *ctx) +int futex_enter(struct syscall_trace_enter *ctx) { struct val_t v = {}; u64 pid_tgid; @@ -73,7 +73,7 @@ int futex_enter(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_futex") -int futex_exit(struct trace_event_raw_sys_exit *ctx) +int futex_exit(struct syscall_trace_exit *ctx) { u64 pid_tgid, slot, ts, min, max; struct hist_key hkey = {}; diff --git a/libbpf-tools/mountsnoop.bpf.c b/libbpf-tools/mountsnoop.bpf.c index 106f4216..a6d6148e 100644 --- a/libbpf-tools/mountsnoop.bpf.c +++ b/libbpf-tools/mountsnoop.bpf.c @@ -92,7 +92,7 @@ cleanup: } SEC("tracepoint/syscalls/sys_enter_mount") -int mount_entry(struct trace_event_raw_sys_enter *ctx) +int mount_entry(struct syscall_trace_enter *ctx) { const char *src = (const char *)ctx->args[0]; const char *dest = (const char *)ctx->args[1]; @@ -104,13 +104,13 @@ int mount_entry(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_mount") -int mount_exit(struct trace_event_raw_sys_exit *ctx) +int mount_exit(struct syscall_trace_exit *ctx) { return probe_exit(ctx, (int)ctx->ret); } SEC("tracepoint/syscalls/sys_enter_umount") -int umount_entry(struct trace_event_raw_sys_enter *ctx) +int umount_entry(struct syscall_trace_enter *ctx) { const char *dest = (const char *)ctx->args[0]; __u64 flags = (__u64)ctx->args[1]; @@ -119,7 +119,7 @@ int umount_entry(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_umount") -int umount_exit(struct trace_event_raw_sys_exit *ctx) +int umount_exit(struct syscall_trace_exit *ctx) { return probe_exit(ctx, (int)ctx->ret); } diff --git a/libbpf-tools/opensnoop.bpf.c b/libbpf-tools/opensnoop.bpf.c index 607fc8da..b9fb9f3c 100644 --- a/libbpf-tools/opensnoop.bpf.c +++ b/libbpf-tools/opensnoop.bpf.c @@ -47,7 +47,7 @@ bool trace_allowed(u32 tgid, u32 pid) } SEC("tracepoint/syscalls/sys_enter_open") -int tracepoint__syscalls__sys_enter_open(struct trace_event_raw_sys_enter* ctx) +int tracepoint__syscalls__sys_enter_open(struct syscall_trace_enter* ctx) { u64 id = bpf_get_current_pid_tgid(); /* use kernel terminology here for tgid/pid: */ @@ -65,7 +65,7 @@ int tracepoint__syscalls__sys_enter_open(struct trace_event_raw_sys_enter* ctx) } SEC("tracepoint/syscalls/sys_enter_openat") -int tracepoint__syscalls__sys_enter_openat(struct trace_event_raw_sys_enter* ctx) +int tracepoint__syscalls__sys_enter_openat(struct syscall_trace_enter* ctx) { u64 id = bpf_get_current_pid_tgid(); /* use kernel terminology here for tgid/pid: */ @@ -83,7 +83,7 @@ int tracepoint__syscalls__sys_enter_openat(struct trace_event_raw_sys_enter* ctx } static __always_inline -int trace_exit(struct trace_event_raw_sys_exit* ctx) +int trace_exit(struct syscall_trace_exit* ctx) { struct event event = {}; struct args_t *ap; @@ -122,13 +122,13 @@ cleanup: } SEC("tracepoint/syscalls/sys_exit_open") -int tracepoint__syscalls__sys_exit_open(struct trace_event_raw_sys_exit* ctx) +int tracepoint__syscalls__sys_exit_open(struct syscall_trace_exit* ctx) { return trace_exit(ctx); } SEC("tracepoint/syscalls/sys_exit_openat") -int tracepoint__syscalls__sys_exit_openat(struct trace_event_raw_sys_exit* ctx) +int tracepoint__syscalls__sys_exit_openat(struct syscall_trace_exit* ctx) { return trace_exit(ctx); } diff --git a/libbpf-tools/sigsnoop.bpf.c b/libbpf-tools/sigsnoop.bpf.c index e03981fc..9f16d695 100644 --- a/libbpf-tools/sigsnoop.bpf.c +++ b/libbpf-tools/sigsnoop.bpf.c @@ -68,7 +68,7 @@ cleanup: } SEC("tracepoint/syscalls/sys_enter_kill") -int kill_entry(struct trace_event_raw_sys_enter *ctx) +int kill_entry(struct syscall_trace_enter *ctx) { pid_t tpid = (pid_t)ctx->args[0]; int sig = (int)ctx->args[1]; @@ -77,13 +77,13 @@ int kill_entry(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_kill") -int kill_exit(struct trace_event_raw_sys_exit *ctx) +int kill_exit(struct syscall_trace_exit *ctx) { return probe_exit(ctx, ctx->ret); } SEC("tracepoint/syscalls/sys_enter_tkill") -int tkill_entry(struct trace_event_raw_sys_enter *ctx) +int tkill_entry(struct syscall_trace_enter *ctx) { pid_t tpid = (pid_t)ctx->args[0]; int sig = (int)ctx->args[1]; @@ -92,13 +92,13 @@ int tkill_entry(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_tkill") -int tkill_exit(struct trace_event_raw_sys_exit *ctx) +int tkill_exit(struct syscall_trace_exit *ctx) { return probe_exit(ctx, ctx->ret); } SEC("tracepoint/syscalls/sys_enter_tgkill") -int tgkill_entry(struct trace_event_raw_sys_enter *ctx) +int tgkill_entry(struct syscall_trace_enter *ctx) { pid_t tpid = (pid_t)ctx->args[1]; int sig = (int)ctx->args[2]; @@ -107,7 +107,7 @@ int tgkill_entry(struct trace_event_raw_sys_enter *ctx) } SEC("tracepoint/syscalls/sys_exit_tgkill") -int tgkill_exit(struct trace_event_raw_sys_exit *ctx) +int tgkill_exit(struct syscall_trace_exit *ctx) { return probe_exit(ctx, ctx->ret); } diff --git a/libbpf-tools/statsnoop.bpf.c b/libbpf-tools/statsnoop.bpf.c index 4ea887f8..9fd00e36 100644 --- a/libbpf-tools/statsnoop.bpf.c +++ b/libbpf-tools/statsnoop.bpf.c @@ -68,61 +68,61 @@ static int probe_return(void *ctx, int ret) } SEC("tracepoint/syscalls/sys_enter_statfs") -int handle_statfs_entry(struct trace_event_raw_sys_enter *ctx) +int handle_statfs_entry(struct syscall_trace_enter *ctx) { return probe_entry(ctx, (const char *)ctx->args[0]); } SEC("tracepoint/syscalls/sys_exit_statfs") -int handle_statfs_return(struct trace_event_raw_sys_exit *ctx) +int handle_statfs_return(struct syscall_trace_exit *ctx) { return probe_return(ctx, (int)ctx->ret); } SEC("tracepoint/syscalls/sys_enter_newstat") -int handle_newstat_entry(struct trace_event_raw_sys_enter *ctx) +int handle_newstat_entry(struct syscall_trace_enter *ctx) { return probe_entry(ctx, (const char *)ctx->args[0]); } SEC("tracepoint/syscalls/sys_exit_newstat") -int handle_newstat_return(struct trace_event_raw_sys_exit *ctx) +int handle_newstat_return(struct syscall_trace_exit *ctx) { return probe_return(ctx, (int)ctx->ret); } SEC("tracepoint/syscalls/sys_enter_statx") -int handle_statx_entry(struct trace_event_raw_sys_enter *ctx) +int handle_statx_entry(struct syscall_trace_enter *ctx) { return probe_entry(ctx, (const char *)ctx->args[1]); } SEC("tracepoint/syscalls/sys_exit_statx") -int handle_statx_return(struct trace_event_raw_sys_exit *ctx) +int handle_statx_return(struct syscall_trace_exit *ctx) { return probe_return(ctx, (int)ctx->ret); } SEC("tracepoint/syscalls/sys_enter_newfstatat") -int handle_newfstatat_entry(struct trace_event_raw_sys_enter *ctx) +int handle_newfstatat_entry(struct syscall_trace_enter *ctx) { return probe_entry(ctx, (const char *)ctx->args[1]); } SEC("tracepoint/syscalls/sys_exit_newfstatat") -int handle_newfstatat_return(struct trace_event_raw_sys_exit *ctx) +int handle_newfstatat_return(struct syscall_trace_exit *ctx) { return probe_return(ctx, (int)ctx->ret); } SEC("tracepoint/syscalls/sys_enter_newlstat") -int handle_newlstat_entry(struct trace_event_raw_sys_enter *ctx) +int handle_newlstat_entry(struct syscall_trace_enter *ctx) { return probe_entry(ctx, (const char *)ctx->args[0]); } SEC("tracepoint/syscalls/sys_exit_newlstat") -int handle_newlstat_return(struct trace_event_raw_sys_exit *ctx) +int handle_newlstat_return(struct syscall_trace_exit *ctx) { return probe_return(ctx, (int)ctx->ret); } |