diff options
| author | Andrii Nakryiko <[email protected]> | 2022-12-29 22:22:34 +0000 |
|---|---|---|
| committer | Andrii Nakryiko <[email protected]> | 2022-12-29 22:22:35 +0000 |
| commit | ac807e6839c0cef749da0e5a528c6ed3fb249236 (patch) | |
| tree | aa9d2bdc25de12d6558f43104783a8a4b8b302ae /tools/lib/bpf/bpf_tracing.h | |
| parent | bpf: rename list_head -> graph_root in field info types (diff) | |
| parent | libbpf: Fix invalid return address register in s390 (diff) | |
| download | kernel-ac807e6839c0cef749da0e5a528c6ed3fb249236.tar.gz kernel-ac807e6839c0cef749da0e5a528c6ed3fb249236.zip | |
Merge branch 'samples/bpf: enhance syscall tracing program'
"Daniel T. Lee" says:
====================
Syscall tracing using kprobe is quite unstable. Since it uses the exact
name of the kernel function, the program might broke due to the rename
of a function. The problem can also be caused by a changes in the
arguments of the function to which the kprobe connects. This commit
enhances syscall tracing program with the following instruments.
In this patchset, ksyscall is used instead of kprobe. By using
ksyscall, libbpf will detect the appropriate kernel function name.
(e.g. sys_write -> __s390_sys_write). This eliminates the need to worry
about which wrapper function to attach in order to parse arguments.
Also ksyscall provides more fine method with attaching system call, the
coarse SYSCALL helper at trace_common.h can be removed.
Next, BPF_SYSCALL is used to reduce the inconvenience of parsing
arguments. Since the nature of SYSCALL_WRAPPER function wraps the
argument once, additional process of argument extraction is required
to properly parse the argument. The BPF_SYSCALL macro will reduces the
hassle of parsing arguments from pt_regs.
Lastly, vmlinux.h is applied to syscall tracing program. This change
allows the bpf program to refer to the internal structure as a single
"vmlinux.h" instead of including each header referenced by the bpf
program.
Additionally, this patchset changes the suffix of _kern to .bpf to make
use of the new compile rule (CLANG-BPF) which is more simple and neat.
By just changing the _kern suffix to .bpf will inherit the benefit of
the new CLANG-BPF compile target.
Also, this commit adds dummy gnu/stub.h to the samples/bpf directory.
This will fix the compiling problem with 'clang -target bpf'.
To fix the build error with the s390x, this patchset also includes the
fix of libbpf invalid return address register mapping in s390.
---
Changes in V2:
- add gnu/stub.h hack to fix compile error with 'clang -target bpf'
Changes in V3:
- fix libbpf invalid return address register mapping in s390
====================
Signed-off-by: Andrii Nakryiko <[email protected]>
Diffstat (limited to 'tools/lib/bpf/bpf_tracing.h')
| -rw-r--r-- | tools/lib/bpf/bpf_tracing.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h index 2972dc25ff72..9c1b1689068d 100644 --- a/tools/lib/bpf/bpf_tracing.h +++ b/tools/lib/bpf/bpf_tracing.h @@ -137,7 +137,7 @@ struct pt_regs___s390 { #define __PT_PARM3_REG gprs[4] #define __PT_PARM4_REG gprs[5] #define __PT_PARM5_REG gprs[6] -#define __PT_RET_REG grps[14] +#define __PT_RET_REG gprs[14] #define __PT_FP_REG gprs[11] /* Works only with CONFIG_FRAME_POINTER */ #define __PT_RC_REG gprs[2] #define __PT_SP_REG gprs[15] |