- 22 Nov, 2017 7 commits
-
-
yonghong-song authored
libbpf: Enable the creation of unbound raw socket
-
4ast authored
force linking the whole api-static library into shared library
-
Yonghong Song authored
When a static library is linked to produce a shared library, only referenced symbols in the static library eventually gets linked. api-static library has entry points for C++ API. Many symbols in this library do not have references outside of this library and will get dropped during linking process. This patch forces the linking of the whole api-static library in order to procude bcc shared library. Reported-by: Mauricio Vasquez <mauricio.vasquez@polito.it> Signed-off-by: Yonghong Song <yhs@fb.com>
-
yonghong-song authored
funcslower: add a note about nested calls
-
Olivier Tilmans authored
Passing a NULL (or empty) char string to bpf_open_raw_sock() will skip the bind call on the newly created raw socket. This can create sniffers for all interfaces using a single socket filter. The dns_matching example has been updated to default to 'any' interface if noone is specified in the arguments.
-
yonghong-song authored
funcslower: fix missing tgid when filtering by pid
-
Ivan Babrou authored
-
- 21 Nov, 2017 5 commits
-
-
Ivan Babrou authored
-
Olivier Tilmans authored
* The name encoding function was not checking the constraints on domain names properly (<= 253 chars as one byte is needed for the name of the label and one for the terminating 0-len label; <= 63 chars per label). * The name encoding function was erroring when assigning a struct value in the byte array (Python 3.6.3). Refactored to join successive subarrays, and moved the null padding to make it explicit that it is needed by the bpf map key (and not the dns encoding). * Used builtin from argparse to have a list of domains in the command line arguments. * Reset the non-block flag through fcntl directly instead of reconstructing a socket object. * Exit gracefully when triggering SIGINT as hinted.
-
Lukasz Dorau authored
Update info about installing stable packages for Ubuntu Xenial in INSTALL.md Fixes:#1440
-
4ast authored
Update perf event type and config checks
-
Teng Qin authored
-
- 20 Nov, 2017 1 commit
-
-
yonghong-song authored
solisten.py maintenance
-
- 18 Nov, 2017 2 commits
-
-
Jean-Tiare Le Bigot authored
Signed-off-by: Jean-Tiare Le Bigot <jt@yadutaf.fr>
-
Jean-Tiare Le Bigot authored
Signed-off-by: Jean-Tiare Le Bigot <jt@yadutaf.fr>
-
- 17 Nov, 2017 6 commits
-
-
Brendan Gregg authored
Make 'tools/wakeuptime' use stack maps
-
Sandipan Das authored
This moves the original wakeuptime script that uses manual stack walking to the old tools directory. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
This updates the manpage and examples for 'tools/wakeuptime' so that they include descriptions of the new arguments. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
This fixes 'test_tools_smoke' from failing on systems running linux < 4.6 because of the wakeuptime script. This script uses the bpf stack maps feature which is available only for linux 4.6+. To avoid this, we skip running it if the minimum kernel version requirement is not met. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
yonghong-song authored
Fix 'test_tools_smoke' from failing due to timeout
-
Sandipan Das authored
This modifies 'tools/wakeuptime' to include a filter in offcpu() for capturing data only for a given pid or for user threads only. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
- 16 Nov, 2017 3 commits
-
-
Sandipan Das authored
This fixes 'test_tools_smoke' from failing if ucalls and vfscount need more time to terminate than the specified timeout duration when running on certain architectures such as powerpc. To avoid this, we increase the timeout duration. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
Sandipan Das authored
This modifies 'tools/wakeuptime' to use the stack maps feature. Rather than using manual, depth-limited stack walking with some architecture-specific code, using stack maps makes the script usable across different architectures. This also adds command line arguments to let the user to set the minimum and maximum amount of time in microseconds over which traces are stored. Signed-off-by: Sandipan Das <sandipan@linux.vnet.ibm.com>
-
4ast authored
use user-provided log_level in bpf_prog_load
-
- 14 Nov, 2017 1 commit
-
-
Yonghong Song authored
For the case where user provided a log buffer, the user provided log_level is already been used. For the case where user provided a log_level and bcc needs to allocate buffer, the log_level is fixed to 1. Use user provided log level instead. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 10 Nov, 2017 1 commit
-
-
4ast authored
Move BCC debug options to a installed header file
-
- 09 Nov, 2017 3 commits
-
-
Teng Qin authored
-
Yonghong Song authored
Kernel Commit 29e48ce87f1e ("task_struct: Allow randomized layout") (https://patchwork.kernel.org/patch/9797817/) permits to randomize a section of kernel task_struct data structure. This only takes effect when CONFIG_GCC_PLUGINS and CONFIG_GCC_PLUGIN_RANDSTRUCT are set. When randomization does not happen, an anonymous struct is introduced in task_struct data structure by gcc when compiling the kernel. To make field offset compatible, task_struct will have the same anonymous struct. The patch is at http://www.spinics.net/lists/kernel/msg2644958.html. Otherwise, bpf program may get wrong data from the kernel. Currently, bcc bpf_probe_read rewriter does not support anonymous struct/union. For example, with the above compiler-clang.h patch, examples/tracing/task_switch.py will have the following error: /virtual/main.c:16:18: error: internal error: opLoc is invalid while preparing probe rewrite key.prev_pid = prev->pid; ^ For anonymous structure, opcode source location ("->") is not available and hence the above failure. We could use memberLoc ("pid") which is available for anonymous struct/union. For example, for struct sock *skp; ...; u32 saddr = skp->__sk_common.skc_rcv_saddr; The old way for bpf_probe_read rewrite: bpf_probe_read(&_val, sizeof(_val), (u64)skp + offsetof(struct sock, __sk_common.skc_rcv_saddr)); The new way: bpf_probe_read(&_val, sizeof(_val), (u64)&skp->__sk_common.skc_rcv_saddr); The new way is similar to what typical bpf programs may do manually. Signed-off-by: Yonghong Song <yhs@fb.com>
-
Gary Lin authored
When BPFModule finalized the module, it set UseOrcMCJITReplacement to true to use OrcJIT for ExecutionEngine. However, this never worked. First, in clang_libs.cmake, mcjit is in the library list instead of orcjit, so ExecutionEngine always fell back to MCJIT. Second, even if OrcJIT was linked correctly, it actually broke bcc. For OrcJIT, finalizeObject() is just an empty function. The code generation is delayed till getPointerToFunction() or runFunction(), so the current implementation of BPFModule won't work for OrcJIT. This bug was covered when using the separate LLVM share libraries. If the system builds LLVM into an unified share library, then OrcJIT will be used and bcc would fail to generate BPF bytecodes without any warning. Signed-off-by: Gary Lin <glin@suse.com>
-
- 08 Nov, 2017 6 commits
- 06 Nov, 2017 1 commit
-
-
William Stewart authored
-
- 04 Nov, 2017 1 commit
-
-
Yonghong Song authored
In fc26, kernel config enables CONFIG_FORTIFY_SOURCE in 4.13 kernel. This is not available in fc25. This config is used to detect overflows of buffers in common string and memory functions where the compiler can determine and validate the buffer sizes. When enabled, this option provides an implementation (body) for certain string function. For example, in /lib/modules/4.13.10-200.fc26.x86_64/build/include/linux/string.h, you can find ... extern void * memcpy(void *,const void *,__kernel_size_t); ... __FORTIFY_INLINE void *memcpy(void *p, const void *q, __kernel_size_t size) { size_t p_size = __builtin_object_size(p, 0); size_t q_size = __builtin_object_size(q, 0); if (__builtin_constant_p(size)) { if (p_size < size) __write_overflow(); if (q_size < size) __read_overflow2(); } if (p_size < size || q_size < size) fortify_panic(__func__); return __builtin_memcpy(p, q, size); } In current clang frontend, we treat an external function with function body as a rewritable target. We also assume the declaration of this external function, if body is present, must have named arguments. This is largely true for functions in bpf program file/text itself as these external functions often do not have declarations. We should not try to rewrite string/memory functions exposed by CONFIG_FORTIFY_SOURCE. This patch adds restriction for rewritable function only if the corresponding file is the main file with bpf program itself. I discovered that it is possible file name is empty for tracepoint functions, e.g., TRACEPOINT_PROBE(irq, softirq_entry) The reason could be function name itself is derived from helpers.h while function declaration/body is in the main file after macro expansion. Note that function name is still correctly derived by the compiler. Signed-off-by: Yonghong Song <yhs@fb.com>
-
- 02 Nov, 2017 1 commit
-
-
yonghong-song authored
Fix Module display for unreadable Modules
-
- 01 Nov, 2017 2 commits