1. 24 Sep, 2017 1 commit
    • Kirill Smelkov's avatar
      execsnoop: Fix -x handling · ce36bb6b
      Kirill Smelkov authored
      Execsnoop's documentation says -x/--fails means "also include failed
      exec()s". However it was programmed to instead skip successful execs on
      -x and without -x show all - successful and unsuccessful ones.
      
      The logic was broken in 5b47e0f8 ("execsnoop: use BPF_PERF_OUTPUT
      instead of trace pipe").
      
      Fix it.
      
      P.S. current test_tools_smoke.py only provides basic infrastructure for
      testing whether tool's BPF program won't break, without anything related
      to options handling, so unfortunately the patch comes without
      corresponding test.
      ce36bb6b
  2. 21 Sep, 2017 3 commits
  3. 20 Sep, 2017 3 commits
  4. 15 Sep, 2017 2 commits
  5. 13 Sep, 2017 1 commit
  6. 12 Sep, 2017 2 commits
  7. 09 Sep, 2017 2 commits
  8. 08 Sep, 2017 4 commits
  9. 07 Sep, 2017 4 commits
    • 4ast's avatar
      Merge pull request #1336 from palmtenor/noinstance · 6aec3099
      4ast authored
      Do not create instance for kprobe
      6aec3099
    • Brendan Gregg's avatar
      Merge pull request #1333 from samuelnair/fix-py-tut · 08dbf13f
      Brendan Gregg authored
      Fix for bug in lesson 4 of the Python developer tutorial
      08dbf13f
    • Alexei Starovoitov's avatar
      annotate program tag · 4f47e3b5
      Alexei Starovoitov authored
      during debug of production systems it's difficult to trace back
      the kernel reported 'bpf_prog_4985bb0bd6c69631' symbols to the source code
      of the program, hence teach bcc to store the main function source
      in the /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/ directory.
      
      This program tag is stable. Every time the script is called the tag
      will be the same unless source code of the program changes.
      During active development of bcc scripts the /var/tmp/bcc/ dir can
      get a bunch of stale tags. The users have to trim that dir manually.
      
      Python scripts can be modified to use this feature too, but probably
      need to be gated by the flag. For c++ api I think it makes sense
      to store the source code always, since the cost is minimal and
      c++ api is used by long running services.
      
      Example:
      $ ./examples/cpp/LLCStat
      $ ls -l /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/
      total 16
      -rw-r--r--. 1 root root 226 Sep  1 17:30 on_cache_miss.c
      -rw-r--r--. 1 root root 487 Sep  1 17:30 on_cache_miss.rewritten.c
      -rw-r--r--. 1 root root 224 Sep  1 17:30 on_cache_ref.c
      -rw-r--r--. 1 root root 484 Sep  1 17:30 on_cache_ref.rewritten.c
      
      Note that there are two .c files there, since two different
      bpf programs have exactly the same bytecode hence same prog_tag.
      
      $ cat /var/tmp/bcc/bpf_prog_4985bb0bd6c69631/on_cache_miss.c
      int on_cache_miss(struct bpf_perf_event_data *ctx) {
          struct event_t key = {};
          get_key(&key);
      
          u64 zero = 0, *val;
          val = miss_count.lookup_or_init(&key, &zero);
      ...
      Signed-off-by: default avatarAlexei Starovoitov <ast@fb.com>
      4f47e3b5
    • Alexei Starovoitov's avatar
      add helpers to access program tag · b1df37c8
      Alexei Starovoitov authored
      bpf_obj_get_info() to retreive prog_tag from the kernel based on prog_fd (kernel 4.13+)
      bpf_prog_compute_tag() to compute prog_tag from a set of bpf_insns (kernel independent)
      bpf_prog_get_tag() to retrieve prog_tag from /proc/pid/fdinfo/fd (kernel 4.10+)
      Signed-off-by: default avatarAlexei Starovoitov <ast@fb.com>
      b1df37c8
  10. 05 Sep, 2017 4 commits
  11. 04 Sep, 2017 6 commits
  12. 03 Sep, 2017 1 commit
  13. 02 Sep, 2017 1 commit
  14. 30 Aug, 2017 1 commit
  15. 28 Aug, 2017 3 commits
  16. 26 Aug, 2017 1 commit
  17. 25 Aug, 2017 1 commit