Commit 86b819a3 authored by Brenden Blanco's avatar Brenden Blanco

Merge pull request #529 from rnav/ptregs_helpers_v2

Introduce helpers to access pt_regs in an arch-independent manner
parents 6acf4b67 4afa96a7
...@@ -11,11 +11,11 @@ int printret(struct pt_regs *ctx) ...@@ -11,11 +11,11 @@ int printret(struct pt_regs *ctx)
{ {
struct str_t data = {}; struct str_t data = {};
u32 pid; u32 pid;
if (!ctx->ax) if (!PT_REGS_RC(ctx))
return 0; return 0;
pid = bpf_get_current_pid_tgid(); pid = bpf_get_current_pid_tgid();
data.pid = pid; data.pid = pid;
bpf_probe_read(&data.str, sizeof(data.str), (void *)ctx->ax); bpf_probe_read(&data.str, sizeof(data.str), (void *)PT_REGS_RC(ctx));
events.perf_submit(ctx,&data,sizeof(data)); events.perf_submit(ctx, &data, sizeof(data));
return 0; return 0;
}; };
...@@ -48,7 +48,7 @@ int alloc_enter(struct pt_regs *ctx, size_t size) ...@@ -48,7 +48,7 @@ int alloc_enter(struct pt_regs *ctx, size_t size)
int alloc_exit(struct pt_regs *ctx) int alloc_exit(struct pt_regs *ctx)
{ {
u64 address = ctx->ax; u64 address = PT_REGS_RC(ctx);
u64 pid = bpf_get_current_pid_tgid(); u64 pid = bpf_get_current_pid_tgid();
u64* size64 = sizes.lookup(&pid); u64* size64 = sizes.lookup(&pid);
struct alloc_info_t info = {0}; struct alloc_info_t info = {0};
......
...@@ -20,13 +20,13 @@ assert(arg[1], "usage: strlen_count PID") ...@@ -20,13 +20,13 @@ assert(arg[1], "usage: strlen_count PID")
local program = string.gsub([[ local program = string.gsub([[
#include <uapi/linux/ptrace.h> #include <uapi/linux/ptrace.h>
int printarg(struct pt_regs *ctx) { int printarg(struct pt_regs *ctx) {
if (!ctx->di) if (!PT_REGS_PARM1(ctx))
return 0; return 0;
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
if (pid != PID) if (pid != PID)
return 0; return 0;
char str[128] = {}; char str[128] = {};
bpf_probe_read(&str, sizeof(str), (void *)ctx->di); bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx));
bpf_trace_printk("strlen(\"%s\")\n", &str); bpf_trace_printk("strlen(\"%s\")\n", &str);
return 0; return 0;
}; };
......
...@@ -24,13 +24,13 @@ struct key_t { ...@@ -24,13 +24,13 @@ struct key_t {
BPF_HASH(counts, struct key_t); BPF_HASH(counts, struct key_t);
int count(struct pt_regs *ctx) { int count(struct pt_regs *ctx) {
if (!ctx->si) if (!PT_REGS_PARM2(ctx))
return 0; return 0;
struct key_t key = {}; struct key_t key = {};
u64 zero = 0, *val; u64 zero = 0, *val;
bpf_probe_read(&key.c, sizeof(key.c), (void *)ctx->si); bpf_probe_read(&key.c, sizeof(key.c), (void *)PT_REGS_PARM2(ctx));
val = counts.lookup_or_init(&key, &zero); val = counts.lookup_or_init(&key, &zero);
(*val)++; (*val)++;
return 0; return 0;
......
...@@ -37,7 +37,7 @@ text = """ ...@@ -37,7 +37,7 @@ text = """
#include <uapi/linux/ptrace.h> #include <uapi/linux/ptrace.h>
BPF_HISTOGRAM(dist); BPF_HISTOGRAM(dist);
int count(struct pt_regs *ctx) { int count(struct pt_regs *ctx) {
dist.increment(bpf_log2l(ctx->ax)); dist.increment(bpf_log2l(PT_REGS_RC(ctx)));
return 0; return 0;
} }
""" """
......
...@@ -26,7 +26,7 @@ pid = sys.argv[1] ...@@ -26,7 +26,7 @@ pid = sys.argv[1]
bpf_text = """ bpf_text = """
#include <uapi/linux/ptrace.h> #include <uapi/linux/ptrace.h>
int printarg(struct pt_regs *ctx) { int printarg(struct pt_regs *ctx) {
if (!ctx->si) if (!PT_REGS_PARM2(ctx))
return 0; return 0;
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
...@@ -34,7 +34,7 @@ int printarg(struct pt_regs *ctx) { ...@@ -34,7 +34,7 @@ int printarg(struct pt_regs *ctx) {
return 0; return 0;
char str[80] = {}; char str[80] = {};
bpf_probe_read(&str, sizeof(str), (void *)ctx->si); bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM2(ctx));
bpf_trace_printk("%s\\n", &str); bpf_trace_printk("%s\\n", &str);
return 0; return 0;
......
...@@ -37,7 +37,7 @@ int kprobe__tcp_v4_connect(struct pt_regs *ctx, struct sock *sk) ...@@ -37,7 +37,7 @@ int kprobe__tcp_v4_connect(struct pt_regs *ctx, struct sock *sk)
int kretprobe__tcp_v4_connect(struct pt_regs *ctx) int kretprobe__tcp_v4_connect(struct pt_regs *ctx)
{ {
int ret = ctx->ax; int ret = PT_REGS_RC(ctx);
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
struct sock **skpp; struct sock **skpp;
......
...@@ -410,5 +410,29 @@ int bpf_num_cpus() asm("llvm.bpf.extra"); ...@@ -410,5 +410,29 @@ int bpf_num_cpus() asm("llvm.bpf.extra");
#define lock_xadd(ptr, val) ((void)__sync_fetch_and_add(ptr, val)) #define lock_xadd(ptr, val) ((void)__sync_fetch_and_add(ptr, val))
#ifdef __powerpc__
#define PT_REGS_PARM1(ctx) ((ctx)->gpr[3])
#define PT_REGS_PARM2(ctx) ((ctx)->gpr[4])
#define PT_REGS_PARM3(ctx) ((ctx)->gpr[5])
#define PT_REGS_PARM4(ctx) ((ctx)->gpr[6])
#define PT_REGS_PARM5(ctx) ((ctx)->gpr[7])
#define PT_REGS_PARM6(ctx) ((ctx)->gpr[8])
#define PT_REGS_RC(ctx) ((ctx)->gpr[3])
#define PT_REGS_IP(ctx) ((ctx)->nip)
#define PT_REGS_SP(ctx) ((ctx)->sp)
#elif defined(__x86_64__)
#define PT_REGS_PARM1(ctx) ((ctx)->di)
#define PT_REGS_PARM2(ctx) ((ctx)->si)
#define PT_REGS_PARM3(ctx) ((ctx)->dx)
#define PT_REGS_PARM4(ctx) ((ctx)->cx)
#define PT_REGS_PARM5(ctx) ((ctx)->r8)
#define PT_REGS_PARM6(ctx) ((ctx)->r9)
#define PT_REGS_RC(ctx) ((ctx)->ax)
#define PT_REGS_IP(ctx) ((ctx)->ip)
#define PT_REGS_SP(ctx) ((ctx)->sp)
#else
#error "bcc does not support this platform yet"
#endif
#endif #endif
)********" )********"
...@@ -99,7 +99,7 @@ class Tracepoint(object): ...@@ -99,7 +99,7 @@ class Tracepoint(object):
int __trace_entry_update(struct pt_regs *ctx) int __trace_entry_update(struct pt_regs *ctx)
{ {
u64 tid = bpf_get_current_pid_tgid(); u64 tid = bpf_get_current_pid_tgid();
u64 val = ctx->di; u64 val = PT_REGS_PARM1(ctx);
__trace_di.update(&tid, &val); __trace_di.update(&tid, &val);
return 0; return 0;
} }
......
...@@ -6,7 +6,7 @@ struct Counters { u64 stat1; }; ...@@ -6,7 +6,7 @@ struct Counters { u64 stat1; };
BPF_TABLE("hash", struct Ptr, struct Counters, stats, 1024); BPF_TABLE("hash", struct Ptr, struct Counters, stats, 1024);
int count_sched(struct pt_regs *ctx) { int count_sched(struct pt_regs *ctx) {
struct Ptr key = {.ptr=ctx->bx}; struct Ptr key = {.ptr = PT_REGS_PARM1(ctx)};
struct Counters zleaf = {0}; struct Counters zleaf = {0};
stats.lookup_or_init(&key, &zleaf)->stat1++; stats.lookup_or_init(&key, &zleaf)->stat1++;
return 0; return 0;
......
...@@ -15,11 +15,7 @@ struct Counters { u64 stat1; }; ...@@ -15,11 +15,7 @@ struct Counters { u64 stat1; };
BPF_TABLE("hash", struct Ptr, struct Counters, stats, 1024); BPF_TABLE("hash", struct Ptr, struct Counters, stats, 1024);
int count_sched(struct pt_regs *ctx) { int count_sched(struct pt_regs *ctx) {
#if defined(__powerpc__) struct Ptr key = {.ptr=PT_REGS_PARM1(ctx)};
struct Ptr key = {.ptr=ctx->gpr[3]};
#else
struct Ptr key = {.ptr=ctx->bx};
#endif
struct Counters zleaf = {0}; struct Counters zleaf = {0};
stats.lookup_or_init(&key, &zleaf)->stat1++; stats.lookup_or_init(&key, &zleaf)->stat1++;
return 0; return 0;
......
...@@ -28,22 +28,14 @@ static u32 log2l(u64 v) { ...@@ -28,22 +28,14 @@ static u32 log2l(u64 v) {
} }
int probe_blk_start_request(struct pt_regs *ctx) { int probe_blk_start_request(struct pt_regs *ctx) {
#if defined(__powerpc__) struct Request rq = {.rq = PT_REGS_PARM1(ctx)};
struct Request rq = {.rq = ctx->gpr[3]};
#else
struct Request rq = {.rq = ctx->di};
#endif
struct Time tm = {.start = bpf_ktime_get_ns()}; struct Time tm = {.start = bpf_ktime_get_ns()};
requests.update(&rq, &tm); requests.update(&rq, &tm);
return 0; return 0;
} }
int probe_blk_update_request(struct pt_regs *ctx) { int probe_blk_update_request(struct pt_regs *ctx) {
#if defined(__powerpc__) struct Request rq = {.rq = PT_REGS_PARM1(ctx)};
struct Request rq = {.rq = ctx->gpr[3]};
#else
struct Request rq = {.rq = ctx->di};
#endif
struct Time *tm = requests.lookup(&rq); struct Time *tm = requests.lookup(&rq);
if (!tm) return 0; if (!tm) return 0;
u64 delta = bpf_ktime_get_ns() - tm->start; u64 delta = bpf_ktime_get_ns() - tm->start;
......
...@@ -264,7 +264,7 @@ u64 __time = bpf_ktime_get_ns(); ...@@ -264,7 +264,7 @@ u64 __time = bpf_ktime_get_ns();
def _substitute_exprs(self): def _substitute_exprs(self):
def repl(expr): def repl(expr):
expr = self._substitute_aliases(expr) expr = self._substitute_aliases(expr)
return expr.replace("$retval", "ctx->ax") return expr.replace("$retval", "PT_REGS_RC(ctx)")
for i in range(0, len(self.exprs)): for i in range(0, len(self.exprs)):
self.exprs[i] = repl(self.exprs[i]) self.exprs[i] = repl(self.exprs[i])
self.filter = repl(self.filter) self.filter = repl(self.filter)
...@@ -445,7 +445,7 @@ QUALIFIER int PROBENAME(struct pt_regs *ctx SIGNATURE) ...@@ -445,7 +445,7 @@ QUALIFIER int PROBENAME(struct pt_regs *ctx SIGNATURE)
for alias, subst in Probe.aliases.items(): for alias, subst in Probe.aliases.items():
expr = expr.replace(subst, alias) expr = expr.replace(subst, alias)
# Replace retval expression with $retval # Replace retval expression with $retval
expr = expr.replace("ctx->ax", "$retval") expr = expr.replace("PT_REGS_RC(ctx)", "$retval")
# Replace ugly (*__param_val) expressions with param name # Replace ugly (*__param_val) expressions with param name
return re.sub(r"\(\*__(\w+)_val\)", r"\1", expr) return re.sub(r"\(\*__(\w+)_val\)", r"\1", expr)
......
...@@ -30,11 +30,11 @@ BPF_PERF_OUTPUT(events); ...@@ -30,11 +30,11 @@ BPF_PERF_OUTPUT(events);
int printret(struct pt_regs *ctx) { int printret(struct pt_regs *ctx) {
struct str_t data = {}; struct str_t data = {};
u32 pid; u32 pid;
if (!ctx->ax) if (!PT_REGS_RC(ctx))
return 0; return 0;
pid = bpf_get_current_pid_tgid(); pid = bpf_get_current_pid_tgid();
data.pid = pid; data.pid = pid;
bpf_probe_read(&data.str, sizeof(data.str), (void *)ctx->ax); bpf_probe_read(&data.str, sizeof(data.str), (void *)PT_REGS_RC(ctx));
events.perf_submit(ctx,&data,sizeof(data)); events.perf_submit(ctx,&data,sizeof(data));
return 0; return 0;
......
...@@ -210,7 +210,7 @@ static int trace_return(struct pt_regs *ctx, int type) ...@@ -210,7 +210,7 @@ static int trace_return(struct pt_regs *ctx, int type)
bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry); bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry);
// populate output struct // populate output struct
u32 size = ctx->ax; u32 size = PT_REGS_RC(ctx);
struct data_t data = {.type = type, .size = size, .delta_us = delta_us, struct data_t data = {.type = type, .size = size, .delta_us = delta_us,
.pid = pid}; .pid = pid};
data.ts_us = ts / 1000; data.ts_us = ts / 1000;
......
...@@ -100,7 +100,7 @@ int do_count(struct pt_regs *ctx) { ...@@ -100,7 +100,7 @@ int do_count(struct pt_regs *ctx) {
u64 zero = 0, *val; u64 zero = 0, *val;
u64 ip; u64 ip;
key.ip = ctx->ip; key.ip = PT_REGS_IP(ctx);
val = counts.lookup_or_init(&key, &zero); // update counter val = counts.lookup_or_init(&key, &zero); // update counter
(*val)++; (*val)++;
return 0; return 0;
......
...@@ -86,7 +86,7 @@ int kretprobe__d_lookup(struct pt_regs *ctx) ...@@ -86,7 +86,7 @@ int kretprobe__d_lookup(struct pt_regs *ctx)
if (ep == 0) { if (ep == 0) {
return 0; // missed entry return 0; // missed entry
} }
if (ctx->ax == 0) { if (PT_REGS_RC(ctx) == 0) {
bpf_trace_printk("M %s\\n", ep->name); bpf_trace_printk("M %s\\n", ep->name);
} }
entrybypid.delete(&pid); entrybypid.delete(&pid);
......
...@@ -81,7 +81,7 @@ void count_lookup(struct pt_regs *ctx) { ...@@ -81,7 +81,7 @@ void count_lookup(struct pt_regs *ctx) {
int key = S_SLOW; int key = S_SLOW;
u64 *leaf = stats.lookup(&key); u64 *leaf = stats.lookup(&key);
if (leaf) (*leaf)++; if (leaf) (*leaf)++;
if (ctx->ax == 0) { if (PT_REGS_RC(ctx) == 0) {
key = S_MISS; key = S_MISS;
leaf = stats.lookup(&key); leaf = stats.lookup(&key);
if (leaf) (*leaf)++; if (leaf) (*leaf)++;
......
...@@ -105,7 +105,7 @@ out: ...@@ -105,7 +105,7 @@ out:
int kretprobe__sys_execve(struct pt_regs *ctx) int kretprobe__sys_execve(struct pt_regs *ctx)
{ {
bpf_trace_printk("RET %d\\n", ctx->ax); bpf_trace_printk("RET %d\\n", PT_REGS_RC(ctx));
return 0; return 0;
} }
""" """
......
...@@ -205,7 +205,7 @@ static int trace_return(struct pt_regs *ctx, int type) ...@@ -205,7 +205,7 @@ static int trace_return(struct pt_regs *ctx, int type)
bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry); bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry);
// populate output struct // populate output struct
u32 size = ctx->ax; u32 size = PT_REGS_RC(ctx);
struct data_t data = {.type = type, .size = size, .delta_us = delta_us, struct data_t data = {.type = type, .size = size, .delta_us = delta_us,
.pid = pid}; .pid = pid};
data.ts_us = ts / 1000; data.ts_us = ts / 1000;
......
...@@ -68,7 +68,7 @@ int trace_count(struct pt_regs *ctx) { ...@@ -68,7 +68,7 @@ int trace_count(struct pt_regs *ctx) {
u64 *val; u64 *val;
// the kprobe pc is slightly after the function starting address, align // the kprobe pc is slightly after the function starting address, align
// back to the start (4 byte alignment) in order to match /proc/kallsyms // back to the start (4 byte alignment) in order to match /proc/kallsyms
key.ip = ctx->ip & ~3ull; key.ip = PT_REGS_IP(ctx) & ~3ull;
val = counts.lookup(&key); val = counts.lookup(&key);
if (!val) if (!val)
return 0; return 0;
......
...@@ -132,7 +132,7 @@ if args.function: ...@@ -132,7 +132,7 @@ if args.function:
'BPF_HISTOGRAM(dist, ip_key_t);') 'BPF_HISTOGRAM(dist, ip_key_t);')
# stash the IP on entry, as on return it's kretprobe_trampoline: # stash the IP on entry, as on return it's kretprobe_trampoline:
bpf_text = bpf_text.replace('ENTRYSTORE', bpf_text = bpf_text.replace('ENTRYSTORE',
'u64 ip = ctx->ip; ipaddr.update(&pid, &ip);') 'u64 ip = PT_REGS_IP(ctx); ipaddr.update(&pid, &ip);')
bpf_text = bpf_text.replace('STORE', bpf_text = bpf_text.replace('STORE',
'u64 ip, *ipp = ipaddr.lookup(&pid); if (ipp) { ip = *ipp; ' + 'u64 ip, *ipp = ipaddr.lookup(&pid); if (ipp) { ip = *ipp; ' +
'dist.increment((ip_key_t){ip, bpf_log2l(delta)}); ' + 'dist.increment((ip_key_t){ip, bpf_log2l(delta)}); ' +
......
...@@ -44,14 +44,14 @@ BPF_HASH(start, u32, struct val_t); ...@@ -44,14 +44,14 @@ BPF_HASH(start, u32, struct val_t);
BPF_PERF_OUTPUT(events); BPF_PERF_OUTPUT(events);
int do_entry(struct pt_regs *ctx) { int do_entry(struct pt_regs *ctx) {
if (!ctx->di) if (!PT_REGS_PARM1(ctx))
return 0; return 0;
struct val_t val = {}; struct val_t val = {};
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
if (bpf_get_current_comm(&val.comm, sizeof(val.comm)) == 0) { if (bpf_get_current_comm(&val.comm, sizeof(val.comm)) == 0) {
bpf_probe_read(&val.host, sizeof(val.host), (void *)ctx->di); bpf_probe_read(&val.host, sizeof(val.host), (void *)PT_REGS_PARM1(ctx));
val.pid = bpf_get_current_pid_tgid(); val.pid = bpf_get_current_pid_tgid();
val.ts = bpf_ktime_get_ns(); val.ts = bpf_ktime_get_ns();
start.update(&pid, &val); start.update(&pid, &val);
......
...@@ -98,7 +98,7 @@ int kretprobe__sys_kill(struct pt_regs *ctx) ...@@ -98,7 +98,7 @@ int kretprobe__sys_kill(struct pt_regs *ctx)
data.delta = tsp - valp->ts; data.delta = tsp - valp->ts;
data.ts = tsp / 1000; data.ts = tsp / 1000;
data.tpid = valp->tpid; data.tpid = valp->tpid;
data.ret = ctx->ax; data.ret = PT_REGS_RC(ctx);
data.sig = valp->sig; data.sig = valp->sig;
events.perf_submit(ctx, &data, sizeof(data)); events.perf_submit(ctx, &data, sizeof(data));
......
...@@ -191,7 +191,7 @@ int alloc_enter(struct pt_regs *ctx, size_t size) ...@@ -191,7 +191,7 @@ int alloc_enter(struct pt_regs *ctx, size_t size)
int alloc_exit(struct pt_regs *ctx) int alloc_exit(struct pt_regs *ctx)
{ {
u64 address = ctx->ax; u64 address = PT_REGS_RC(ctx);
u64 pid = bpf_get_current_pid_tgid(); u64 pid = bpf_get_current_pid_tgid();
u64* size64 = sizes.lookup(&pid); u64* size64 = sizes.lookup(&pid);
struct alloc_info_t info = {0}; struct alloc_info_t info = {0};
......
...@@ -97,7 +97,7 @@ int trace_return(struct pt_regs *ctx) ...@@ -97,7 +97,7 @@ int trace_return(struct pt_regs *ctx)
data.pid = valp->pid; data.pid = valp->pid;
data.delta = tsp - valp->ts; data.delta = tsp - valp->ts;
data.ts = tsp / 1000; data.ts = tsp / 1000;
data.ret = ctx->ax; data.ret = PT_REGS_RC(ctx);
events.perf_submit(ctx, &data, sizeof(data)); events.perf_submit(ctx, &data, sizeof(data));
infotmp.delete(&pid); infotmp.delete(&pid);
......
...@@ -63,7 +63,7 @@ BPF_HISTOGRAM(dist, irq_key_t); ...@@ -63,7 +63,7 @@ BPF_HISTOGRAM(dist, irq_key_t);
int trace_start(struct pt_regs *ctx) int trace_start(struct pt_regs *ctx)
{ {
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
u64 ip = ctx->ip, ts = bpf_ktime_get_ns(); u64 ip = PT_REGS_IP(ctx), ts = bpf_ktime_get_ns();
start.update(&pid, &ts); start.update(&pid, &ts);
iptr.update(&pid, &ip); iptr.update(&pid, &ip);
return 0; return 0;
......
...@@ -97,7 +97,7 @@ int trace_return(struct pt_regs *ctx) ...@@ -97,7 +97,7 @@ int trace_return(struct pt_regs *ctx)
data.pid = valp->pid; data.pid = valp->pid;
data.delta = tsp - valp->ts; data.delta = tsp - valp->ts;
data.ts = tsp / 1000; data.ts = tsp / 1000;
data.ret = ctx->ax; data.ret = PT_REGS_RC(ctx);
events.perf_submit(ctx, &data, sizeof(data)); events.perf_submit(ctx, &data, sizeof(data));
infotmp.delete(&pid); infotmp.delete(&pid);
......
...@@ -74,7 +74,7 @@ BPF_PERF_OUTPUT(ipv6_events); ...@@ -74,7 +74,7 @@ BPF_PERF_OUTPUT(ipv6_events);
int kretprobe__inet_csk_accept(struct pt_regs *ctx) int kretprobe__inet_csk_accept(struct pt_regs *ctx)
{ {
struct sock *newsk = (struct sock *)ctx->ax; struct sock *newsk = (struct sock *)PT_REGS_RC(ctx);
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
if (newsk == NULL) if (newsk == NULL)
......
...@@ -90,7 +90,7 @@ int trace_connect_entry(struct pt_regs *ctx, struct sock *sk) ...@@ -90,7 +90,7 @@ int trace_connect_entry(struct pt_regs *ctx, struct sock *sk)
static int trace_connect_return(struct pt_regs *ctx, short ipver) static int trace_connect_return(struct pt_regs *ctx, short ipver)
{ {
int ret = ctx->ax; int ret = PT_REGS_RC(ctx);
u32 pid = bpf_get_current_pid_tgid(); u32 pid = bpf_get_current_pid_tgid();
struct sock **skpp; struct sock **skpp;
......
...@@ -202,13 +202,13 @@ class Probe(object): ...@@ -202,13 +202,13 @@ class Probe(object):
self.values.append(part) self.values.append(part)
aliases = { aliases = {
"retval": "ctx->ax", "retval": "PT_REGS_RC(ctx)",
"arg1": "ctx->di", "arg1": "PT_REGS_PARM1(ctx)",
"arg2": "ctx->si", "arg2": "PT_REGS_PARM2(ctx)",
"arg3": "ctx->dx", "arg3": "PT_REGS_PARM3(ctx)",
"arg4": "ctx->cx", "arg4": "PT_REGS_PARM4(ctx)",
"arg5": "ctx->r8", "arg5": "PT_REGS_PARM5(ctx)",
"arg6": "ctx->r9", "arg6": "PT_REGS_PARM6(ctx)",
"$uid": "(unsigned)(bpf_get_current_uid_gid() & 0xffffffff)", "$uid": "(unsigned)(bpf_get_current_uid_gid() & 0xffffffff)",
"$gid": "(unsigned)(bpf_get_current_uid_gid() >> 32)", "$gid": "(unsigned)(bpf_get_current_uid_gid() >> 32)",
"$pid": "(unsigned)(bpf_get_current_pid_tgid() & 0xffffffff)", "$pid": "(unsigned)(bpf_get_current_pid_tgid() & 0xffffffff)",
......
...@@ -28,7 +28,7 @@ BPF_TABLE("hash", struct key_t, u64, counts, 256); ...@@ -28,7 +28,7 @@ BPF_TABLE("hash", struct key_t, u64, counts, 256);
int do_count(struct pt_regs *ctx) { int do_count(struct pt_regs *ctx) {
struct key_t key = {}; struct key_t key = {};
u64 zero = 0, *val; u64 zero = 0, *val;
key.ip = ctx->ip; key.ip = PT_REGS_IP(ctx);
val = counts.lookup_or_init(&key, &zero); val = counts.lookup_or_init(&key, &zero);
(*val)++; (*val)++;
return 0; return 0;
......
...@@ -176,7 +176,7 @@ static int trace_return(struct pt_regs *ctx, int type) ...@@ -176,7 +176,7 @@ static int trace_return(struct pt_regs *ctx, int type)
bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry); bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry);
// populate output struct // populate output struct
u32 size = ctx->ax; u32 size = PT_REGS_RC(ctx);
struct data_t data = {.type = type, .size = size, .delta_us = delta_us, struct data_t data = {.type = type, .size = size, .delta_us = delta_us,
.pid = pid}; .pid = pid};
data.ts_us = ts / 1000; data.ts_us = ts / 1000;
......
...@@ -180,7 +180,7 @@ static int trace_return(struct pt_regs *ctx, int type) ...@@ -180,7 +180,7 @@ static int trace_return(struct pt_regs *ctx, int type)
bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry); bpf_probe_read(&de, sizeof(de), &valp->fp->f_path.dentry);
// populate output struct // populate output struct
u32 size = ctx->ax; u32 size = PT_REGS_RC(ctx);
struct data_t data = {.type = type, .size = size, .delta_us = delta_us, struct data_t data = {.type = type, .size = size, .delta_us = delta_us,
.pid = pid}; .pid = pid};
data.ts_us = ts / 1000; data.ts_us = ts / 1000;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment