1. 30 May, 2018 2 commits
  2. 29 May, 2018 5 commits
    • yonghong-song's avatar
      Merge pull request #1786 from andihit/zfsdist-py3-fix · 548332bb
      yonghong-song authored
      zfsdist: fix for python3
      548332bb
    • yonghong-song's avatar
      Merge pull request #1785 from kernel-z/master · 4e479815
      yonghong-song authored
      within tc_perf_event.py,ping command fix
      4e479815
    • Andreas Gerstmayr's avatar
      zfsdist: fix for python3 · 0d08989d
      Andreas Gerstmayr authored
      The BPF.get_kprobe_functions method tests if the passed argument
      matches with a line of kallsyms, which is opened in binary mode.
      Therefore the regex pattern must be bytes as well.
      0d08989d
    • kernel-z's avatar
      tc_perf_event.py command fix · a82bfb03
      kernel-z authored
      a82bfb03
    • Yonghong Song's avatar
      let rewriter add code to define CONFIG_CC_STACKPROTECTOR · bace5f24
      Yonghong Song authored
      Fix issue #1730
      
      Linux kernel commit 2bc2f688fdf8 ("Makefile: move stack-protector
      availability out of Kconfig") moved CONFIG_CC_STACKPROTECTOR
      from Kconfig to Makefile. Commit 44c6dc940b19 ("Makefile: introduce
      CONFIG_CC_STACKPROTECTOR_AUTO") introduced CONFIG_CC_STACKPROTECTOR_AUTO.
      
      Whether CONFIG_CC_STACKPROTECTOR is defined depends on
      CONFIG_CC_STACKPROTECTOR_{AUTO,REGULAR,STRONG}. Since the clang supports
      stack-protector, CONFIG_CC_STACKPROTECTOR_AUTO will imply
      CONFIG_CC_STACKPROTECTOR for gcc/clang based compilation.
      
      Such changes are introduced in 4.16. For example, the following code
      is defined in linux/include/linux/sched.h,
      ```
              pid_t                           pid;
              pid_t                           tgid;
      
              /* Canary value for the -fstack-protector GCC feature: */
              unsigned long                   stack_canary;
              /*
               * Pointers to the (original) parent process, youngest child, younger sibling,
               * older sibling, respectively.  (p->father can be replaced with
               * p->real_parent->pid)
               */
      
              /* Real parent process: */
              struct task_struct __rcu        *real_parent;
      ```
      If kernel config has CONFIG_CC_STACKPROTECTOR_{STRONG,REGULAR,AUTO} defined,
      CONFIG_CC_STACKPROTECTOR will be defined in compilation flags by kernel toplevel Makefile.
      But since CONFIG_CC_STACKPROTECTOR is not defined in configuration file autoconf.h,
      bcc will consider it is not defined. This will cause bcc to access wrong data
      in task_struct for any fields after the above stack_canary.
      
      Instead to fix any individual tool, in this patch the bcc rewriter added necessary
      macro definition for CONFIG_CC_STACKPROTECTOR in the source code, depending on
      CONFIG_CC_STACKPROTECTOR_{AUTO,REGULAR,STRONG}.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      bace5f24
  3. 25 May, 2018 3 commits
  4. 24 May, 2018 2 commits
    • yonghong-song's avatar
      Merge pull request #1752 from pchaigno/fix-unaryop-deref · eee383cf
      yonghong-song authored
      Fix dereference replacements for pointers to pointers
      eee383cf
    • Yonghong Song's avatar
      fix tcplife.py rewriter issue · cb136c15
      Yonghong Song authored
      rewriter tried to rewrite an argument for a user written
      bpf_probe_read and triggers a clang compilation error.
      
        $ tcplife.py
        /virtual/main.c:134:41: error: cannot take the address of an rvalue of type 'typeof(u64)' (aka 'unsigned long long')
          ...&({ typeof(u64) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)&tp->bytes_received); _val; }));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        /virtual/main.c:135:41: error: cannot take the address of an rvalue of type 'typeof(u64)' (aka 'unsigned long long')
          ...&({ typeof(u64) _val; __builtin_memset(&_val, 0, sizeof(_val)); bpf_probe_read(&_val, sizeof(_val), (u64)&tp->bytes_acked); _val; }));
             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        2 errors generated.
      
      changing bpf_probe_read to regular pointer access fixed the issue.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      cb136c15
  5. 23 May, 2018 2 commits
    • Paul Chaignon's avatar
      55299115
    • Paul Chaignon's avatar
      Fix dereference replacements for pointers to pointers · 471f1ea1
      Paul Chaignon authored
      Currently, the bcc rewriter is unable to track external pointers if
      there is more than a single level of indirection (e.g., pointer to
      external pointer).  For example, in the following, the rewriter is
      unable to detect that ptr2 doesn't need a call to bpf_probe_read,
      only *ptr2 do.
      
      int test(struct pt_regs *ctx, struct sock *sk) {
          struct sock *ptr1;
          struct sock **ptr2 = &ptr1;
          *ptr2 = sk;
          return ((struct sock *)(*ptr2))->sk_daddr;
      }
      
      This commit fixes this issue by tracking the levels of indirections
      in addition to the variable declarations (identifies each variable).
      When traversing dereferences, the level of indirections is used to
      decide whether the base expression is an external pointer.  The level
      of indirections is inherited when a pointer is assigned to a new
      variable (assignments and function calls).
      471f1ea1
  6. 21 May, 2018 2 commits
  7. 20 May, 2018 2 commits
  8. 18 May, 2018 4 commits
  9. 17 May, 2018 2 commits
  10. 16 May, 2018 3 commits
    • Teng Qin's avatar
      Add extra_flag option to bpf_attach_perf_event_raw · bf2513df
      Teng Qin authored
      The bpf_attach_perf_event_raw API is designed to provide maximum
      flexibility for people to use advanced features of Kernel Perf Events
      with BPF. Some times specifying flags is neccesary, such as if we want
      to use `PERF_FLAG_PID_CGROUP` to profile a container. This commit adds
      `extra_flag` option to C and C++ interface
      bf2513df
    • 4ast's avatar
      Merge pull request #1763 from iovisor/yhs_dev · 683c19a8
      4ast authored
      link with bpf-static library for bps
      683c19a8
    • Teng Qin's avatar
      Misc fixes for C++ USDT class (#1764) · cb5bc0e0
      Teng Qin authored
      * Add stream debug output for C++ USDT class
      
      This commit adds ability to output USDT class debug message to iostream
      
      * USDT::init() as public function
      
      It would be nice for users be able to call init() and see if the probe
      exists / well-formatted before sending them to BPF instance
      cb5bc0e0
  11. 15 May, 2018 2 commits
  12. 14 May, 2018 1 commit
    • Teng Qin's avatar
      Do not calculate syscall prefix proactively in C++ API (#1755) · db6e2931
      Teng Qin authored
      Currently do calculate the syscall prefix in BPF::init, which requires
      loading kallsyms etc. But a lot of times the functionality will not be
      used. This commit changes that we only calculate the syscall prefix the
      first time we call get_syscall_fnname
      
      Also change to use the KSym class directly for better destruct
      production
      db6e2931
  13. 11 May, 2018 2 commits
  14. 10 May, 2018 3 commits
  15. 09 May, 2018 3 commits
  16. 08 May, 2018 2 commits
    • Paul Chaignon's avatar
      Trace all external pointers passed through a first map (#1737) · ad2d0d9f
      Paul Chaignon authored
      * Trace all external pointers going through a first map
      
      Currently, MapVisitor only detects maps with external pointers as
      values if the value was directly passed from a function's argument.
      For example, in the following, the rewriter is currently unable to
      detect currsock has an external pointer as value because an
      intermediate variable is used instead of passing directly sk as the
      map's value.
      
          int test(struct pt_regs *ctx, struct sock *sk) {
              u32 pid = bpf_get_current_pid_tgid();
              struct sock **skp = &sk;
              currsock.update(&pid, skp);
              return 0;
          };
      
      With this commit, MapVisitor is able to trace any external pointer
      derived from the function's argument and used as a map value. This
      commit breaks the ProbeVisitor traversal in two distinct traversals.
      The first rewrites dereferences of external pointers originating
      from function's arguments and helpers, while the second rewrites only
      dereferences of external pointers passed through maps.
      Maps with external pointers as values are identified between the two
      ProbeVisitor traversals.
      
      * New tests for external pointers passed through maps
      
      test_ext_ptr_maps_reverse ensures dereferences are correctly replaced
      even if the update happens after the lookup (in the order of
      MapVisitor traversal).
      test_ext_ptr_maps_indirect ensures the rewriter is able to trace
      external pointers used as map values even if using an intermediate
      variable.
      ad2d0d9f
    • Javier Honduvilla Coto's avatar
      Fix USDT probes arguments' encoding in Python3 (#1736) · 42da08aa
      Javier Honduvilla Coto authored
      * Fix USDT probes arguments' encoding in Python3
      
      Running `trace` on a binary's USDT while fetching some arguments (
      `sudo python3 trace.py -p $(pidof ruby) 'u:ruby:array__create "%d",
      arg1'`) fails with `argument 2: <class 'TypeError'>: wrong type`.
      
      This PR fixes the encoding of the USDT probe name in
      udst.py `get_probe_arg_ctype` function. I've tested this works on Python 2 too.
      42da08aa