- 25 Oct, 2017 1 commit
-
-
yonghong-song authored
Introduce Bpf Program Snapshot (bps)
-
- 24 Oct, 2017 4 commits
-
-
Martin KaFai Lau authored
A simple program to list all bpf programs of a system. [root@arch-fb-vm1 bcc]# ./build/introspection/bps -h BPF Program Snapshot (bps): List of all BPF programs loaded into the system. Usage: bps [bpf-prog-id] [bpf-prog-id] If specified, it shows the details info of the bpf-prog * List all bpf programs * [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 82 kprobe 0 1 Oct19/23:52 map_perf_test 83 kprobe 0 1 Oct19/23:52 map_perf_test 84 kprobe 0 1 Oct19/23:52 map_perf_test 85 kprobe 0 1 Oct19/23:52 map_perf_test 86 kprobe 0 4 Oct19/23:52 map_perf_test 87 kprobe 0 1 Oct19/23:52 map_perf_test 88 kprobe 0 1 Oct19/23:52 map_perf_test 89 kprobe 0 1 Oct19/23:52 map_perf_test * List a particular bpf program * [root@arch-fb-vm1 bcc]# ./build/introspection/bps 86 BID TYPE UID #MAPS LoadTime NAME 86 kprobe 0 4 Oct19/23:52 map_perf_test MID TYPE FLAGS KeySz ValueSz MaxEnts NAME 120 lru hash 0x0 4 8 10000 lru_hash_map 129 lru hash 0x0 4 8 43 lru_hash_lookup 123 array of maps 0x0 4 4 1024 array_of_lru_ha 121 lru hash 0x2 4 8 10000 nocommon_lru_ha * JIT disabled * [root@arch-fb-vm1 bpf]# sysctl -w net.core.bpf_jit_enable=0 [root@arch-fb-vm1 bpf]# ./test_progs [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 94- socket filter 0 1 Oct19/23:55 test_obj_id 95- socket filter 0 1 Oct19/23:55 test_obj_id * Run without CAP_SYS_ADMIN * [kafai@arch-fb-vm1 ~]$ ./bps 1 Require CAP_SYS_ADMIN capability. Please retry as root * Older kernel * [root@arch-fb-vm2 build]# uname -r 4.12.14 [root@arch-fb-vm2 build]# ./introspection/bps 1 Kernel does not support BPF introspection Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
Martin KaFai Lau authored
This patch adds the following helpers to libbpf: int bpf_prog_get_next_id(uint32_t start_id, uint32_t *next_id); int bpf_prog_get_fd_by_id(uint32_t id); int bpf_map_get_fd_by_id(uint32_t id); It also changes the info_len arg of the existing bpf_obj_get_info() from int to uint32_t. Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
Martin KaFai Lau authored
This patch adds support for prog_name and map_name. For libbpf.{h,c}, the new functions, bpf_prog_load_name() and bpf_create_map_name() is created to avoid breaking the existing libbpf.{a,so} user. libbcc.py is also modified accordingly to reflect the availability of the new functions in libbpf. clang/b_frontend_action.cc, b/codegen_llvm.cc and BPF.cc are modified to take advantage of the prog and map name also. Run the following tests in new and old kernel (old kernel in the sense that it does not support the prog/map name): 1) tools/trace.py -K sys_clone 2) examples/cpp/HelloWorld Here is the output of the bpf (BPF Snapshot) that will be introduced in the later patch: [root@arch-fb-vm1 bcc]# ./tools/biosnoop.py [root@arch-fb-vm1 bcc]# ./build/introspection/bps BID TYPE UID #MAPS LoadTime NAME 113 kprobe 0 1 Oct20/13:11 trace_pid_start 114 kprobe 0 1 Oct20/13:11 trace_req_start 115 kprobe 0 3 Oct20/13:11 trace_req_compl [root@arch-fb-vm1 bcc]# ./build/introspection/bps 113 BID TYPE UID #MAPS LoadTime NAME 113 kprobe 0 1 Oct20/13:11 trace_pid_start MID TYPE FLAGS KeySz ValueSz MaxEnts NAME 186 hash 0x0 8 20 10240 infobyreq Signed-off-by: Martin KaFai Lau <kafai@fb.com>
-
yonghong-song authored
Explain possible reason of an error in scripts that rely on /proc/kallsyms (fixes #1391)
-
- 23 Oct, 2017 1 commit
-
-
Aleksander Alekseev authored
-
- 20 Oct, 2017 2 commits
-
-
Martin KaFai Lau authored
-
Brenden Blanco authored
Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
- 19 Oct, 2017 1 commit
-
-
4ast authored
bpf: rename helper function bpf_get_stackid
-
- 18 Oct, 2017 4 commits
-
-
yonghong-song authored
Fix helper to access stack pointer for powerpc
-
David Xia authored
add required linux-headers package
-
Sandipan Das authored
This fixes the definition of PT_REGS_SP() for powerpc to refer to GPR1. Fixes: #529 4afa96a7 ("cc: introduce helpers to access pt_regs in an arch-independent manner") Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Yonghong Song authored
The function bpf_get_stackid is defined in helpers.h: int bpf_get_stackid(uintptr_t map, void *ctx, u64 flags) But the same function is also defined in linux:include/linux/bpf.h: u64 bpf_get_stackid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); If a bpf program also includes, directly or indirectly, linux/bpf.h, compilation will fail because incompatible definition. This patch renames bcc helpers.h definition to bcc_get_stackid to avoid this issue. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 17 Oct, 2017 1 commit
-
-
4ast authored
bpf: print out the src debug info to a temporary file
-
- 16 Oct, 2017 3 commits
-
-
4ast authored
attempt to compile with system bpf.h if default compile failed
-
Yonghong Song authored
Currently, for C++ API and for each func, the original src and the rewritten source has been stored in BCC_PROG_TAG_DIR directory. This patch allows the source debug info (bytecode embedded by source code) also stored in the same BCC_PROG_TAG_DIR directory. This feature is not turned on by default now. It requires non-zero (debug_flag & DEBUG_SOURCE). The DEBUG_SOURCE enables "-g", with which a lot of more llvm insns executed and it may increase application RSS overhead by 4M (in my test). As an example, if you modify examples/cpp/RandomRead.cc to enable DEBUG_SOURCE, as below - bpf = new ebpf::BPF(); + bpf = new ebpf::BPF(8); After running the application, you can see: -bash-4.3$ ls /var/tmp/bcc/bpf_prog_7f01346289a53cc3/ on_urandom_read.c on_urandom_read.dis.txt on_urandom_read.rewritten.c -bash-4.3$ cat /var/tmp/bcc/bpf_prog_7f01346289a53cc3/on_urandom_read.dis.txt ; int on_urandom_read(struct urandom_read_args* attr) { // Line 23 0: bf 16 00 00 00 00 00 00 r6 = r1 1: b7 01 00 00 00 00 00 00 r1 = 0 ; struct event_t event = {}; // Line 24 2: 63 1a f8 ff 00 00 00 00 *(u32 *)(r10 - 8) = r1 3: 63 1a f4 ff 00 00 00 00 *(u32 *)(r10 - 12) = r1 ..... Signed-off-by: Yonghong Song <yhs@fb.com>
-
Yonghong Song authored
Currently, bcc uses its own version of bpf.h which tries to sync with upstream header regularly. If the host bpf.h version is lower, bcc can still compile as some bcc codes may requires a higher version of bpf.h. Such an approach does have a drawback. Suppose service A, statically linked with bcc, runs on kernel version X. Now, the kernel upgrades to version Y. After kernel upgrade/reboot, service A may not be able to compile since old bcc bpf.h may not align with the new kernel headers. For such cases, new version of service A needs rollout. This patch addresses this issue by attempting a second compilation using system bpf.h instead. The feature is not on by default. To enable it, pass -DBCC_BACKUP_COMPILE=1 in cmake setup stage. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 12 Oct, 2017 5 commits
-
-
Brendan Gregg authored
execsnoop: argument to change the number of arguments parsed
-
Edward Betts authored
-
Paul Chaignon authored
New argument to change the maximum number of arguments parsed and displayed.
-
Brendan Gregg authored
Fix 'tools/syscount' from using incorrect fallback values
-
4ast authored
sync src/cc/compat/linux headers with latest net-next
-
- 11 Oct, 2017 4 commits
-
-
Brendan Gregg authored
hardirqs, softirqs: Fix distribution mode units handling
-
Yonghong Song authored
Signed-off-by: Yonghong Song <yhs@fb.com>
-
Brendan Gregg authored
execsnoop: Fix -x handling
-
yonghong-song authored
Update SDT argument constraints
-
- 10 Oct, 2017 3 commits
-
-
yonghong-song authored
Fix segfault with enumerations
-
Sandipan Das authored
This prevents 'tools/syscount' from using incorrect system call descriptions if the 'ausyscall' command is not found. In this case, it uses a lookup table as a fallback. This, however, is compliant with x86_64 only. For now, we fix this by raising an exception and exiting if the 'ausyscall' executable is not available for non-x86_64 systems instead of having additional lookup tables for other architectures. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
This sets the default USDT argument parser for all the architectures that currently do not implement one to the parser for x86_64. This is to avoid a compilation error about the architecture being not supported yet. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
- 08 Oct, 2017 2 commits
-
-
Paul Chaignon authored
When serializing map types to JSON, if it encounters an enumeration, the rewriter goes into an infinite loop until it segfaults. This fix properly serializes enumerations in the same way unions and structs are. enum a { CHOICE_A, CHOICE_B, }; BPF_HASH(m, u32, enum a); is serialized as: ["a", ["CHOICE_A","CHOICE_B"], "enum"]
-
yonghong-song authored
Support resolve vDSO symbols
-
- 07 Oct, 2017 4 commits
-
-
Teng Qin authored
-
Teng Qin authored
Parse everything with one `fscanf` instead of using an extra `fgets`
-
Prashant Bhole authored
making it consistent with rest of the code
-
Prashant Bhole authored
sll_ifindex=0 matches any interface, which is not exepected here
-
- 06 Oct, 2017 4 commits
-
-
yonghong-song authored
Improve Kernel symbols loading
-
yonghong-song authored
Avoid potential SEGFAULT when resolving Kernel symbols
-
Brendan Gregg authored
Fix 'tools/statsnoop' from failing to attach kprobes
-
Teng Qin authored
-
- 05 Oct, 2017 1 commit
-
-
Teng Qin authored
-