1. 05 Jun, 2018 3 commits
  2. 02 May, 2018 2 commits
  3. 01 May, 2018 2 commits
    • Paul Chaignon's avatar
      Detect external pointers from context pointers · b66a9c9b
      Paul Chaignon authored
      The bcc rewriter is currently unable to detect external pointers
      (i.e., to a memory address that requires calls to bpf_probe_read) if
      they are not declared as arguments, e.g., if they are retrieved
      through the context argument.
      For example, although the two following examples translate to the
      same C code in the end (the bcc rewriter translates the first into
      the second), the sk pointer is recognized as an external pointer only
      in the first example.
      
      int test1(struct pt_regs *ctx, struct sock *sk) {
          // sk is correctly recognized as an external pointer.
      }
      int test2(struct pt_regs *ctx) {
          struct sock *sk = (struct sock *)ctx->di;
          // sk is not recognized as an external pointer.
      }
      
      This commit fixes that by detecting member dereferences of the
      context argument (i.e., the first argument of externally visible
      functions). It also works for the TRACEPOINT_PROBE macro.
      b66a9c9b
    • Paul Chaignon's avatar
  4. 30 Apr, 2018 7 commits
  5. 29 Apr, 2018 6 commits
  6. 28 Apr, 2018 1 commit
  7. 27 Apr, 2018 5 commits
  8. 26 Apr, 2018 9 commits
  9. 25 Apr, 2018 4 commits
  10. 24 Apr, 2018 1 commit
    • Yonghong Song's avatar
      introduce new BPF APIs to get kernel syscall entry func name/prefix · 83b49ad6
      Yonghong Song authored
      As described in issue #1695, on 4.17 for syscalls on x86,
      both sys_<fnname> and SyS_<fnname> are gone, the replacements
      are __ia32_sys_sync and __x64_sys_sync.
      The commit in Linus tree:
      https://github.com/torvalds/linux/commit/d5a00528b58cdb2c71206e18bd021e34c4eab878
      
      This patch introduced two APIs for python BPF object.
      The API get_syscall_prefix() returns the prefix "sys_"/"__x64_sys_".
      The API get_syscall_fnname(name) returns kernel function name for the syscall,
      e.g., on x64, get_syscall_fnname("clone") will return "sys_clone" if kernel
      has it, otherwise, "__x64_sys_clone".
      get_syscall_prefix() is mostly useful for the regex func specifier of
      attach_kprobe().
      
      This patch only fixed the code using python API on examples and tests directory.
      
      TOTO: python on tools directory, C++ and lua
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      83b49ad6