1. 15 Jan, 2019 1 commit
    • vijunag's avatar
      Add build_id support for BPF stackmap · 2ddbc077
      vijunag authored
      A separate build_id stackmap can be created with the help of new macro BPF_STACK_TRACE_BUILDID. The kernel BPF reports stacktrace in the 
      structure bpf_stack_build_id. Changes have been made to BPF modules to
      support resolving symbols mentioned in the above format.
      An example tool is also available in examples/tracing/stack_buildid_example.py. 
      Both python and C++ test cases are added.
      2ddbc077
  2. 14 Jan, 2019 1 commit
  3. 12 Jan, 2019 1 commit
  4. 11 Jan, 2019 8 commits
  5. 10 Jan, 2019 5 commits
    • Teng Qin's avatar
      Merge pull request #2132 from iovisor/yhs_dev2 · d0deb6b2
      Teng Qin authored
      fix several printb usage with python3
      d0deb6b2
    • Yonghong Song's avatar
      fix several printb usage with python3 · ebe1951d
      Yonghong Song authored
      The following three tools are recently changed to use
      printb in order to flush out the result.
        opensnoop.py, tcpaccept.py, tcpconnect.py
      
      With python3, however, these tools have errors like below:
        TypeError: %b requires a bytes-like object, or an object that implements __bytes__, not 'str'
        Traceback (most recent call last):
          File "_ctypes/callbacks.c", line 234, in 'calling callback function'
          File "/usr/lib/python3.6/site-packages/bcc/table.py", line 572, in raw_cb_
            callback(cpu, data, size)
          File "../../tools/opensnoop.py", line 248, in print_event
            printb(b'%s' % event.fname.decode('utf-8', 'replace'))
      
      This patch fixed printb related issues for these three tools
      for python3. The python2 still works with the fix.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      ebe1951d
    • Prashant Bhole's avatar
      tools: mountsnoop, change memset to __builtin_memset (#2127) · 419a7db4
      Prashant Bhole authored
      The bpf program generated with memset() call in this tool contains
      BPF_JMP|BPF_CALL instruction with imm=-1. The verifier rejects the
      program. Let's use llvm built-in function __builtin_memset
      419a7db4
    • yonghong-song's avatar
      remove unused extern variables (#2125) · ae839790
      yonghong-song authored
      On fc29, compiling bcc from source, the following
      compiler warnings are seen:
        /home/yhs/work/bcc/src/cc/bcc_elf.c: In function ‘bcc_free_memory_with_file’:
        /home/yhs/work/bcc/src/cc/bcc_elf.c:802:36: warning: unused variable ‘_fini’ [-Wunused-variable]
             extern unsigned long _start, _fini;
                                          ^~~~~
      /home/yhs/work/bcc/src/cc/bcc_elf.c:802:28: warning: unused variable ‘_start’ [-Wunused-variable]
             extern unsigned long _start, _fini;
                                  ^~~~~~
      
      These unused externs are accidentally introduced by
      Commit 51480d05 ("implement free_bcc_memory() API").
      This patch removed them.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      ae839790
    • Alexey Ivanov's avatar
      cmake/python: fix build race condition (#2111) · 9b3b1274
      Alexey Ivanov authored
      * python: remove MANIFEST
      
      * cmake/python: fix build race condition
      9b3b1274
  6. 09 Jan, 2019 4 commits
    • Jerome Marchand's avatar
      Translate arch into source directory when ARCH is set (#2122) · 28949f17
      Jerome Marchand authored
      When ARCH is not defined, bcc get the architecture from uname. It then
      modifies it to get the name of arch directory in linux source.
      
      When ARCH is defined however, it just copy it as is, without the
      translation to the arch directory. If for instance ARCH is set to
      x86_64, it tries to look into the include directory
      build/arch/x86_64/, which doesn't exist.
      
      It fixes the following issue:
      $ echo $ARCH
      x86_64
      $ /usr/share/bcc/tools/bashreadline
      In file included from <built-in>:2:
      In file included from /virtual/include/bcc/bpf.h:12:
      In file included from /lib/modules/4.18.0-49.el8.x86_64/build/include/linux/types.h:6:
      /lib/modules/4.18.0-49.el8.x86_64/build/include/uapi/linux/types.h:5:10: fatal error: 'asm/types.h' file
            not found
               ^~~~~~~~~~~~~
      1 error generated.
      Traceback (most recent call last):
        File "/usr/share/bcc/tools/bashreadline", line 51, in <module>
          b = BPF(text=bpf_text)
        File "/usr/lib/python3.6/site-packages/bcc/__init__.py", line 318, in __init__
          raise Exception("Failed to compile BPF text")
      Exception: Failed to compile BPF text
      28949f17
    • Takuma Kume's avatar
      tcpconnect: support uid option (#2118) · b181a8e7
      Takuma Kume authored
      support uid option in tcpconnect.
      b181a8e7
    • Xiaozhou Liu's avatar
      docs: fix parameters of bpf_trace_printk() (#2121) · e96836d9
      Xiaozhou Liu authored
      bpf_trace_printk() does not have `fmt_size` as the second parameter in BCC.
      e96836d9
    • detailyang's avatar
      tools: allow tcpaccept filter via PID (#2117) · 54044d51
      detailyang authored
      add missing FILTER in the bpf program.
      54044d51
  7. 07 Jan, 2019 2 commits
  8. 06 Jan, 2019 1 commit
  9. 04 Jan, 2019 2 commits
  10. 03 Jan, 2019 5 commits
  11. 01 Jan, 2019 1 commit
    • yonghong-song's avatar
      better error meessage for error "unknown opcode" (#2101) · dccc4f28
      yonghong-song authored
      fix issue #226
      
      The unknown opcode typically happens if the bpf
      program has an external reference which does not
      get resolved. Note bcc does not even preform
      relocations for maps as map_id is directly
      used in bpf problem through bpf_pseudo_fd()
      intrinsic.
      
      Instead of the error:
        bpf: Failed to load program: Invalid argument
        unknown opcode 00
      
      A little explanation is added like the below:
        HINT: The 'unknown opcode' can happen if you referencea global
        or static variable, or data in read only section.
        For example,'char *p = "hello"' will result in p referencing a
        read only section,and 'char p[] = "hello"' will have "hello"
        stored on the stack.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      dccc4f28
  12. 31 Dec, 2018 1 commit
  13. 30 Dec, 2018 2 commits
    • Tim Douglas's avatar
      opensnoop: print flags, enable filtering (#2096) · d3583a8d
      Tim Douglas authored
      * opensnoop: print flags, enable filtering
      
      * Add docs, extended_fields option; filter flags in-kernel
      
      * Homogenize documentation
      
      * Add FLAGS to the FIELDS man page section
      d3583a8d
    • yonghong-song's avatar
      implement free_bcc_memory() API (#2097) · 51480d05
      yonghong-song authored
      The main purpose of this API is to proactively release llvm/clang
      .text memory which is brought in during compilation.
      bcc .text memory for some other functions, e.g., attach_tracepoint,
      bpf_prog_load, etc. can also be freed after all these tasks are done.
      
      Note that such memory is reclaimable in kernel since it has
      file backup. But certain applicaiton may want to reduce this
      memory immediately to satisfy constraints imposed by sysadmin, etc.
      
      The implementation uses madvise with MADV_DONTNEED.
      For the case where bcc is static linked into the binary,
      we do not really know the start and the end of memory regions
      used by bcc, so the implementation here bluntly returned
      all .text memory back to kernel. This will incur some performance
      overhead as later on executed instructions will need to bring
      back to memory again.
      
      For static linked library, instrumented RandomRead example,
      without this patch, the RSS memory before load is:
        VmRSS:     63644 kB
        RssAnon:           23876 kB
        RssFile:           39768 kB
        RssShmem:              0 kB
      
      After this patch,
        VmRSS:     34264 kB
        RssAnon:           23880 kB
        RssFile:           10384 kB
        RssShmem:              0 kB
      
      For shared library, a python unit test, test_free_llvm_memory.py, is
      added, which shows for a do-nothing bpf program, we have
        Before freeing llvm memory: RssFile:  43000 kB
        After  freeing llvm memory: RssFile:  11992 kB
      
      The RssFile reduction on Facebook internal applications
      also ranges in 30-40MB.
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      51480d05
  14. 27 Dec, 2018 1 commit
    • Prashant Bhole's avatar
      trace.py: fix compiler warning (#2094) · 05765eee
      Prashant Bhole authored
      Compiler shows warning "incompatible integer to pointer conversion
      initializing" while compiling bpf program.
      This patch adds necessary typecast when assigning PT_REGS_PARAM vaules
      to struct pt_regs pointer
      05765eee
  15. 26 Dec, 2018 1 commit
  16. 23 Dec, 2018 1 commit
    • torgil's avatar
      Make dependency on LLVM native target optional (#2080) · 61c063ae
      torgil authored
      * Make dependency on LLVM native target optional
      
      Adds an option ENABLE_LLVM_NATIVECODEGEN with default value ON.
      If set to off the "nativecodegen" llvm will not be enabled, thus
      reducing dependencies on needed libraries (reduced text size when
      building with statically linked libraries).
      
      Code that uses native target will not be compiled reducing text size.
      Currently this affects the rw_engine which needs the native target.
      
      BPF api "rw_engine_enabled" will have default value "true" if
      ENABLE_LLVM_NATIVECODEGEN="ON" and "false" if
      ENABLE_LLVM_NATIVECODEGEN="OFF"
      
      Not needed for BCC to work. It somehow brought in the interpreter and
      executionengine which is needed. Those features are added instead.
      
      * Remove garbage in code making it compile again
      
      * Remove interpreter and executionengine LLVM dependencies
      
      These doesn't seem to be needed on a Ubuntu 18.04 system (although
      executionengine is heavily used).
      
      Interpreter was added due to runtime dependency on ARM64. It brings in
      a dependency on ffi library.
      
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x3a): undefined reference to `ffi_type_float'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x43): undefined reference to `ffi_type_void'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x53): undefined reference to `ffi_type_pointer'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x63): undefined reference to `ffi_type_double'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x78): undefined reference to `ffi_type_sint8'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x83): undefined reference to `ffi_type_sint16'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0x93): undefined reference to `ffi_type_sint64'
      (.text._ZL10ffiTypeForPN4llvm4TypeE+0xb3): undefined reference to `ffi_type_sint32'
      /usr/lib/llvm-6.0/lib/libLLVMInterpreter.a
      61c063ae
  17. 21 Dec, 2018 1 commit
  18. 19 Dec, 2018 1 commit
  19. 18 Dec, 2018 1 commit