Support for uprobes

99d36e85 · Alastair Robertson · e5f2c42a · 99d36e85 · 99d36e85 · 99d36e85
Commit 99d36e85 authored Jul 01, 2017 by Alastair Robertson
Showing with 72 additions and 3 deletions

src/attached_probe.cpp src/attached_probe.cpp +57 -3

src/attached_probe.h src/attached_probe.h +3 -0

src/bpftrace.cpp src/bpftrace.cpp +5 -0

src/types.cpp src/types.cpp +4 -0

src/types.h src/types.h +3 -0

No files found.
--- a/src/attached_probe.cpp
+++ b/src/attached_probe.cpp
@@ -4,6 +4,7 @@
 #include <unistd.h>

 #include "attached_probe.h"
+#include "bcc_syms.h"
 #include "libbpf.h"
 #include "perf_reader.h"

@@ -19,6 +20,10 @@ AttachedProbe::AttachedProbe(Probe &probe, std::tuple<uint8_t *, uintptr_t> &fun
    case ProbeType::kretprobe:
      attach_kprobe();
      break;
+    case ProbeType::uprobe:
+    case ProbeType::uretprobe:
+      attach_uprobe();
+      break;
    default:
      abort();
  }
@@ -35,6 +40,10 @@ AttachedProbe::~AttachedProbe()
    case ProbeType::kretprobe:
      err = bpf_detach_kprobe(eventname());
      break;
+    case ProbeType::uprobe:
+    case ProbeType::uretprobe:
+      err = bpf_detach_uprobe(eventname());
+      break;
    default:
      abort();
  }
@@ -42,16 +51,33 @@ AttachedProbe::~AttachedProbe()
    std::cerr << "Error detaching probe: " << probe_.name << std::endl;
 }

+std::string AttachedProbe::eventprefix() const
+{
+  switch (attachtype(probe_.type))
+  {
+    case BPF_PROBE_ENTRY:
+      return "p_";
+    case BPF_PROBE_RETURN:
+      return "r_";
+    default:
+      abort();
+  }
+}
+
 const char *AttachedProbe::eventname() const
 {
  std::string event;
+  std::ostringstream offset_str;
  switch (probe_.type)
  {
    case ProbeType::kprobe:
-      event =  "p_" + probe_.attach_point;
-      break;
    case ProbeType::kretprobe:
-      event =  "r_" + probe_.attach_point;
+      event = eventprefix() + probe_.attach_point;
+      break;
+    case ProbeType::uprobe:
+    case ProbeType::uretprobe:
+      offset_str << std::hex << offset();
+      event = eventprefix() + probe_.path + "_" + offset_str.str();
      break;
    default:
      abort();
@@ -59,6 +85,18 @@ const char *AttachedProbe::eventname() const
  return event.c_str();
 }

+uint64_t AttachedProbe::offset() const
+{
+  bcc_symbol sym;
+  int err = bcc_resolve_symname(probe_.path.c_str(), probe_.attach_point.c_str(),
+      0, 0, nullptr, &sym);
+
+  if (err)
+    throw std::runtime_error("Could not resolve symbol: " + probe_.path + ":" + probe_.attach_point);
+
+  return sym.offset;
+}
+
 static unsigned kernel_version()
 {
  struct utsname utsname;
@@ -101,4 +139,20 @@ void AttachedProbe::attach_kprobe()
    throw std::runtime_error("Error attaching probe: " + probe_.name);
 }

+void AttachedProbe::attach_uprobe()
+{
+  int pid = -1;
+  int cpu = 0;
+  int group_fd = -1;
+  perf_reader_cb cb = nullptr;
+  void *cb_cookie = nullptr;
+
+  perf_reader_ = bpf_attach_uprobe(progfd_, attachtype(probe_.type),
+      eventname(), probe_.path.c_str(), offset(),
+      pid, cpu, group_fd, cb, cb_cookie);
+
+  if (perf_reader_ == nullptr)
+    throw std::runtime_error("Error attaching probe: " + probe_.name);
+}
+
 } // namespace bpftrace
--- a/src/attached_probe.h
+++ b/src/attached_probe.h
@@ -13,9 +13,12 @@ public:
  AttachedProbe& operator=(const AttachedProbe &) = delete;

 private:
+  std::string eventprefix() const;
  const char *eventname() const;
+  uint64_t offset() const;
  void load_prog();
  void attach_kprobe();
+  void attach_uprobe();

  Probe &probe_;
  std::tuple<uint8_t *, uintptr_t> &func_;

--- a/src/bpftrace.cpp
+++ b/src/bpftrace.cpp
@@ -13,12 +13,17 @@ namespace bpftrace {
 int BPFtrace::add_probe(ast::Probe &p)
 {
  Probe probe;
+  probe.path = p.path;
  probe.attach_point = p.attach_point;
  probe.name = p.name;
  if (p.type == "kprobe")
    probe.type = ProbeType::kprobe;
  else if (p.type == "kretprobe")
    probe.type = ProbeType::kretprobe;
+  else if (p.type == "uprobe")
+    probe.type = ProbeType::uprobe;
+  else if (p.type == "uretprobe")
+    probe.type = ProbeType::uretprobe;
  else
    return -1;
  probes_.push_back(probe);

--- a/src/types.cpp
+++ b/src/types.cpp
@@ -40,6 +40,8 @@ bpf_probe_attach_type attachtype(ProbeType t)
  {
    case ProbeType::kprobe:    return BPF_PROBE_ENTRY;  break;
    case ProbeType::kretprobe: return BPF_PROBE_RETURN; break;
+    case ProbeType::uprobe:    return BPF_PROBE_ENTRY;  break;
+    case ProbeType::uretprobe: return BPF_PROBE_RETURN; break;
    default: abort();
  }
 }
@@ -50,6 +52,8 @@ bpf_prog_type progtype(ProbeType t)
  {
    case ProbeType::kprobe:    return BPF_PROG_TYPE_KPROBE; break;
    case ProbeType::kretprobe: return BPF_PROG_TYPE_KPROBE; break;
+    case ProbeType::uprobe:    return BPF_PROG_TYPE_KPROBE; break;
+    case ProbeType::uretprobe: return BPF_PROG_TYPE_KPROBE; break;
    default: abort();
  }
 }

--- a/src/types.h
+++ b/src/types.h
@@ -38,6 +38,8 @@ enum class ProbeType
 {
  kprobe,
  kretprobe,
+  uprobe,
+  uretprobe,
 };

 std::string typestr(Type t);
@@ -48,6 +50,7 @@ class Probe
 {
 public:
  ProbeType type;
+  std::string path;
  std::string attach_point;
  std::string name;
 };