diff options
| author | Yonghong Song <yhs@fb.com> | 2018-04-24 10:15:24 -0700 |
|---|---|---|
| committer | Yonghong Song <yhs@fb.com> | 2018-04-24 12:11:22 -0700 |
| commit | 83b49ad6cd9efba88f922c2e7b892fc275208514 (patch) | |
| tree | a94efaa934d74865bd9e218e0810a14389ac2743 /examples | |
| parent | 435dded9a2108852b327cd11b95db313bd1d52c8 (diff) | |
| download | bcc-83b49ad6cd9efba88f922c2e7b892fc275208514.tar.gz | |
introduce new BPF APIs to get kernel syscall entry func name/prefix
As described in issue #1695, on 4.17 for syscalls on x86,
both sys_<fnname> and SyS_<fnname> are gone, the replacements
are __ia32_sys_sync and __x64_sys_sync.
The commit in Linus tree:
https://github.com/torvalds/linux/commit/d5a00528b58cdb2c71206e18bd021e34c4eab878
This patch introduced two APIs for python BPF object.
The API get_syscall_prefix() returns the prefix "sys_"/"__x64_sys_".
The API get_syscall_fnname(name) returns kernel function name for the syscall,
e.g., on x64, get_syscall_fnname("clone") will return "sys_clone" if kernel
has it, otherwise, "__x64_sys_clone".
get_syscall_prefix() is mostly useful for the regex func specifier of
attach_kprobe().
This patch only fixed the code using python API on examples and tests directory.
TOTO: python on tools directory, C++ and lua
Signed-off-by: Yonghong Song <yhs@fb.com>
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/hello_world.py | 1 | ||||
| -rwxr-xr-x | examples/tracing/hello_fields.py | 2 | ||||
| -rwxr-xr-x | examples/tracing/hello_perf_output.py | 2 | ||||
| -rwxr-xr-x | examples/tracing/sync_timing.py | 2 | ||||
| -rwxr-xr-x | examples/tracing/trace_fields.py | 2 | ||||
| -rwxr-xr-x | examples/tracing/trace_perf_output.py | 6 |
6 files changed, 9 insertions, 6 deletions
diff --git a/examples/hello_world.py b/examples/hello_world.py index c23ed1cf..49c55353 100755 --- a/examples/hello_world.py +++ b/examples/hello_world.py @@ -8,4 +8,5 @@ from bcc import BPF +# This may not work for 4.17 on x64, you need replace kprobe__sys_clone with kprobe____x64_sys_clone BPF(text='int kprobe__sys_clone(void *ctx) { bpf_trace_printk("Hello, World!\\n"); return 0; }').trace_print() diff --git a/examples/tracing/hello_fields.py b/examples/tracing/hello_fields.py index 1525f040..bad1a229 100755 --- a/examples/tracing/hello_fields.py +++ b/examples/tracing/hello_fields.py @@ -14,7 +14,7 @@ int hello(void *ctx) { # load BPF program b = BPF(text=prog) -b.attach_kprobe(event="sys_clone", fn_name="hello") +b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello") # header print("%-18s %-16s %-6s %s" % ("TIME(s)", "COMM", "PID", "MESSAGE")) diff --git a/examples/tracing/hello_perf_output.py b/examples/tracing/hello_perf_output.py index f8802801..eb1e9979 100755 --- a/examples/tracing/hello_perf_output.py +++ b/examples/tracing/hello_perf_output.py @@ -32,7 +32,7 @@ int hello(struct pt_regs *ctx) { # load BPF program b = BPF(text=prog) -b.attach_kprobe(event="sys_clone", fn_name="hello") +b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello") # define output data structure in Python TASK_COMM_LEN = 16 # linux/sched.h diff --git a/examples/tracing/sync_timing.py b/examples/tracing/sync_timing.py index f68031d1..675ad14c 100755 --- a/examples/tracing/sync_timing.py +++ b/examples/tracing/sync_timing.py @@ -38,7 +38,7 @@ int do_trace(struct pt_regs *ctx) { } """) -b.attach_kprobe(event="sys_sync", fn_name="do_trace") +b.attach_kprobe(event=b.get_syscall_fnname("sync"), fn_name="do_trace") print("Tracing for quick sync's... Ctrl-C to end") # format output diff --git a/examples/tracing/trace_fields.py b/examples/tracing/trace_fields.py index 173f21f4..0baf03dc 100755 --- a/examples/tracing/trace_fields.py +++ b/examples/tracing/trace_fields.py @@ -15,6 +15,6 @@ int hello(void *ctx) { } """ b = BPF(text=prog) -b.attach_kprobe(event="sys_clone", fn_name="hello") +b.attach_kprobe(event=b.get_syscall_fnname("clone"), fn_name="hello") print "PID MESSAGE" b.trace_print(fmt="{1} {5}") diff --git a/examples/tracing/trace_perf_output.py b/examples/tracing/trace_perf_output.py index 5ce87d94..865a4593 100755 --- a/examples/tracing/trace_perf_output.py +++ b/examples/tracing/trace_perf_output.py @@ -25,7 +25,7 @@ def cb(cpu, data, size): prog = """ BPF_PERF_OUTPUT(events); BPF_ARRAY(counters, u64, 10); -int kprobe__sys_clone(void *ctx) { +int do_sys_clone(void *ctx) { struct { u64 ts; u64 magic; @@ -40,6 +40,8 @@ int kprobe__sys_clone(void *ctx) { } """ b = BPF(text=prog) +event_name = b.get_syscall_fnname("clone") +b.attach_kprobe(event=event_name, fn_name="do_sys_clone") b["events"].open_perf_buffer(cb) @atexit.register @@ -48,7 +50,7 @@ def print_counter(): global b print("counter = %d vs %d" % (counter, b["counters"][ct.c_int(0)].value)) -print("Tracing sys_write, try `dd if=/dev/zero of=/dev/null`") +print("Tracing " + event_name + ", try `dd if=/dev/zero of=/dev/null`") print("Tracing... Hit Ctrl-C to end.") while 1: b.perf_buffer_poll() |