- 23 May, 2018 2 commits
-
-
Paul Chaignon authored
-
Paul Chaignon authored
Currently, the bcc rewriter is unable to track external pointers if there is more than a single level of indirection (e.g., pointer to external pointer). For example, in the following, the rewriter is unable to detect that ptr2 doesn't need a call to bpf_probe_read, only *ptr2 do. int test(struct pt_regs *ctx, struct sock *sk) { struct sock *ptr1; struct sock **ptr2 = &ptr1; *ptr2 = sk; return ((struct sock *)(*ptr2))->sk_daddr; } This commit fixes this issue by tracking the levels of indirections in addition to the variable declarations (identifies each variable). When traversing dereferences, the level of indirections is used to decide whether the base expression is an external pointer. The level of indirections is inherited when a pointer is assigned to a new variable (assignments and function calls).
-
- 21 May, 2018 2 commits
-
-
Brendan Gregg authored
execsnoop: don't print newlines in argv
-
Javier Honduvilla Coto authored
by escaping newlines. Fixes #1037 * Before: ``` $ sudo /usr/share/bcc/tools/execsnoop PCOMM PID PPID RET ARGS awk 9910 7831 0 /usr/bin/awk BEGIN { print "hi" } ``` * With this patch: ``` $ sudo /usr/share/bcc/tools/execsnoop PCOMM PID PPID RET ARGS awk 10033 7831 0 /usr/bin/awk \nBEGIN { print "hi" } ```
-
- 20 May, 2018 2 commits
-
-
yonghong-song authored
Limit dereference rewriter to tracing contexts
-
Paul Chaignon authored
We should only track and rewrite external pointers from the context pointer for tracing programs. Other types of context pointers point to e.g. packets and do not require a rewrite to a bpf_probe_read call.
-
- 18 May, 2018 4 commits
-
-
Akilesh Kailash authored
* Add -d (duration) option to argdist, funclatency and syscount * Add -d option to man pages and _example.txt
-
yonghong-song authored
usdt: fail when binary doesn't exist. Fixes #1749
-
Javier Honduvilla Coto authored
And add error message to hint if the problem is that the passed binary path is not absolute or if the binary doesn't exist. In case the PID is correct: * but the binary couldn't be found, it will print: ``` HINT: Specified binary doesn't exist. [...] ``` * but the binary is not absolute: ``` HINT: Binary path should be absolute. [...] ``` Otherwise, it should keep behaving as before.
-
yonghong-song authored
xfsslower: Fix compilation error due to rewriter update
-
- 17 May, 2018 2 commits
-
-
Paul Chaignon authored
Since ad2d0d9f, the bcc rewriter is able to track more external pointers going through maps. xfsslower and zfsslower were relying on the rewriter not being able to replace some dereferences. This commit takes this into account and removes two unnecessary calls to bpf_probe_read.
-
yonghong-song authored
Add extra_flag option to bpf_attach_perf_event_raw
-
- 16 May, 2018 3 commits
-
-
Teng Qin authored
The bpf_attach_perf_event_raw API is designed to provide maximum flexibility for people to use advanced features of Kernel Perf Events with BPF. Some times specifying flags is neccesary, such as if we want to use `PERF_FLAG_PID_CGROUP` to profile a container. This commit adds `extra_flag` option to C and C++ interface
-
4ast authored
link with bpf-static library for bps
-
Teng Qin authored
* Add stream debug output for C++ USDT class This commit adds ability to output USDT class debug message to iostream * USDT::init() as public function It would be nice for users be able to call init() and see if the probe exists / well-formatted before sending them to BPF instance
-
- 15 May, 2018 2 commits
-
-
Yonghong Song authored
the issue is reported at #1759. bps does not need any C++ library functions in bcc. It only needs libbpf. So link it with bpf-static instead of bcc-static. This avoids pulling in any C++ module/symbolization/usdt functions and llvm libraries. On my local box, the binary size is reduced from ~60MB to 44KB. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Ivan Babrou authored
-
- 14 May, 2018 1 commit
-
-
Teng Qin authored
Currently do calculate the syscall prefix in BPF::init, which requires loading kallsyms etc. But a lot of times the functionality will not be used. This commit changes that we only calculate the syscall prefix the first time we call get_syscall_fnname Also change to use the KSym class directly for better destruct production
-
- 11 May, 2018 2 commits
-
-
Oriol Arcas authored
-
4ast authored
fix get_kprobe_functions
-
- 10 May, 2018 3 commits
-
-
Javier Honduvilla Coto authored
and add `from __future__ import print_function` where needed for Python3 print semantics in Python2
-
Yonghong Song authored
Fix issue #1747. In commit #1647, we excluded all symbols outside [_stext, _etext]. This is incorrect as it excluded module symbols as well. This patch changed the algorithm to only skip symbols in init sections [__init_begin, __init_end]. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Luca Rupp authored
- Fix a crash in the python binding when trying to open a perf buffer in python < 3.6 - See https://github.com/iovisor/bcc/issues/1744
-
- 09 May, 2018 3 commits
-
-
Javier Honduvilla Coto authored
This PR fixes the encoding issue in Python3 by converting the argument passed to `find` to a bytearray.
-
Ivan Babrou authored
Run queue latency does not make much sense for idle `swapper` threads. The same happens in `perf sched`: * https://github.com/torvalds/linux/blob/v4.14/tools/perf/builtin-sched.c ```c /* * Ignore idle threads: */ if (!strcmp(thread__comm_str(work_list->thread), "swapper")) return; ``` ```c static bool is_idle_sample(struct perf_sample *sample, struct perf_evsel *evsel) { /* pid 0 == swapper == idle task */ if (strcmp(perf_evsel__name(evsel), "sched:sched_switch") == 0) return perf_evsel__intval(evsel, sample, "prev_pid") == 0; return sample->pid == 0; } ```
-
Ivan Babrou authored
* Add runqslower tool * Remove mentions of obsolete enqueue_task_* in tools/runq* * Use u32 for pid field in runqslower
-
- 08 May, 2018 4 commits
-
-
Paul Chaignon authored
* Trace all external pointers going through a first map Currently, MapVisitor only detects maps with external pointers as values if the value was directly passed from a function's argument. For example, in the following, the rewriter is currently unable to detect currsock has an external pointer as value because an intermediate variable is used instead of passing directly sk as the map's value. int test(struct pt_regs *ctx, struct sock *sk) { u32 pid = bpf_get_current_pid_tgid(); struct sock **skp = &sk; currsock.update(&pid, skp); return 0; }; With this commit, MapVisitor is able to trace any external pointer derived from the function's argument and used as a map value. This commit breaks the ProbeVisitor traversal in two distinct traversals. The first rewrites dereferences of external pointers originating from function's arguments and helpers, while the second rewrites only dereferences of external pointers passed through maps. Maps with external pointers as values are identified between the two ProbeVisitor traversals. * New tests for external pointers passed through maps test_ext_ptr_maps_reverse ensures dereferences are correctly replaced even if the update happens after the lookup (in the order of MapVisitor traversal). test_ext_ptr_maps_indirect ensures the rewriter is able to trace external pointers used as map values even if using an intermediate variable.
-
Javier Honduvilla Coto authored
* Fix USDT probes arguments' encoding in Python3 Running `trace` on a binary's USDT while fetching some arguments ( `sudo python3 trace.py -p $(pidof ruby) 'u:ruby:array__create "%d", arg1'`) fails with `argument 2: <class 'TypeError'>: wrong type`. This PR fixes the encoding of the USDT probe name in udst.py `get_probe_arg_ctype` function. I've tested this works on Python 2 too.
-
yonghong-song authored
Link to article on how Circonus uses bcc
-
Paul Chaignon authored
-
- 06 May, 2018 6 commits
-
-
yonghong-song authored
old/tools: Diverse fixes
-
yonghong-song authored
Fix dereference replacements for structure members
-
Paul Chaignon authored
Dereferences of structure members pointing to external addresses are now correctly recognized and replaced by bpf_probe_read calls by the rewriter.
-
Paul Chaignon authored
-
Paul Chaignon authored
Currently, if a structure member is assigned an external pointer (pointer to kernel address), the pointer to the structure is marked as external instead of the structure member. This issue affects all uses of structures with pointers to external addresses. This commit fixes it by marking the structure member as external.
-
yonghong-song authored
Fix "'ArgString' object has no attribute 'rfind'" error
-
- 05 May, 2018 2 commits
-
-
Paul Chaignon authored
-
Paul Chaignon authored
-
- 04 May, 2018 1 commit
-
-
Paul Chaignon authored
os.path.dirname expects a string.
-
- 03 May, 2018 1 commit
-
-
yonghong-song authored
Fix bpf_trace_printk() for big-endian targets
-