The existing tracing programs have been developed for a considerable
period of time and, as a result, do not properly incorporate the
features of the current libbpf, such as CO-RE. This is evident in
frequent usage of functions like PT_REGS* and the persistence of "hack"
methods using underscore-style bpf_probe_read_kernel from the past.
These programs are far behind the current level of libbpf and can
potentially confuse users. Therefore, this commit aims to convert the
outdated BPF programs to be more CO-RE centric.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Link: https://lore.kernel.org/r/20230818090119.477441-6-danieltimlee@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
#ifndef PERF_MAX_STACK_DEPTH
#define PERF_MAX_STACK_DEPTH 127
#endif
-#define _(P) \
- ({ \
- typeof(P) val; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
-
#define MINBLOCK_US 1
#define MAX_ENTRIES 10000
SEC("kprobe/try_to_wake_up")
int waker(struct pt_regs *ctx)
{
- struct task_struct *p = (void *) PT_REGS_PARM1(ctx);
+ struct task_struct *p = (void *)PT_REGS_PARM1_CORE(ctx);
+ u32 pid = BPF_CORE_READ(p, pid);
struct wokeby_t woke;
- u32 pid;
-
- pid = _(p->pid);
bpf_get_current_comm(&woke.name, sizeof(woke.name));
woke.ret = bpf_get_stackid(ctx, &stackmap, STACKID_FLAGS);
SEC("kprobe.multi/finish_task_switch*")
int oncpu(struct pt_regs *ctx)
{
- struct task_struct *p = (void *) PT_REGS_PARM1(ctx);
+ struct task_struct *p = (void *)PT_REGS_PARM1_CORE(ctx);
/* record previous thread sleep time */
- u32 pid = _(p->pid);
+ u32 pid = BPF_CORE_READ(p, pid);
#endif
u64 delta, ts, *tsp;
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
-
-#define _(P) \
- ({ \
- typeof(P) val = 0; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
+#include <bpf/bpf_core_read.h>
SEC("kprobe/__set_task_comm")
int prog(struct pt_regs *ctx)
u16 oom_score_adj;
u32 pid;
- tsk = (void *)PT_REGS_PARM1(ctx);
+ tsk = (void *)PT_REGS_PARM1_CORE(ctx);
- pid = _(tsk->pid);
- bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm);
- bpf_probe_read_kernel_str(newcomm, sizeof(newcomm),
+ pid = BPF_CORE_READ(tsk, pid);
+ bpf_core_read_str(oldcomm, sizeof(oldcomm), &tsk->comm);
+ bpf_core_read_str(newcomm, sizeof(newcomm),
(void *)PT_REGS_PARM2(ctx));
- signal = _(tsk->signal);
- oom_score_adj = _(signal->oom_score_adj);
+ signal = BPF_CORE_READ(tsk, signal);
+ oom_score_adj = BPF_CORE_READ(signal, oom_score_adj);
return 0;
}
#include "net_shared.h"
#include <linux/version.h>
#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_core_read.h>
#include <bpf/bpf_tracing.h>
-#define _(P) \
- ({ \
- typeof(P) val = 0; \
- bpf_probe_read_kernel(&val, sizeof(val), &(P)); \
- val; \
- })
-
/* kprobe is NOT a stable ABI
* kernel functions can be removed, renamed or completely change semantics.
* Number of arguments and their positions can change, etc.
struct sk_buff *skb;
int len;
- /* non-portable! works for the given kernel only */
- bpf_probe_read_kernel(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx));
- dev = _(skb->dev);
- len = _(skb->len);
+ bpf_core_read(&skb, sizeof(skb), (void *)PT_REGS_PARM1(ctx));
+ dev = BPF_CORE_READ(skb, dev);
+ len = BPF_CORE_READ(skb, len);
- bpf_probe_read_kernel(devname, sizeof(devname), dev->name);
+ BPF_CORE_READ_STR_INTO(&devname, dev, name);
if (devname[0] == 'l' && devname[1] == 'o') {
char fmt[] = "skb %p len %d\n";
#include <uapi/linux/unistd.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
#define __stringify(x) #x
#define PROG(F) SEC("kprobe/"__stringify(F)) int bpf_func_##F
{
struct seccomp_data sd;
- bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
+ bpf_core_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
if (sd.args[2] == 512) {
char fmt[] = "write(fd=%d, buf=%p, size=%d)\n";
bpf_trace_printk(fmt, sizeof(fmt),
{
struct seccomp_data sd;
- bpf_probe_read_kernel(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
+ bpf_core_read(&sd, sizeof(sd), (void *)PT_REGS_PARM2(ctx));
if (sd.args[2] > 128 && sd.args[2] <= 1024) {
char fmt[] = "read(fd=%d, buf=%p, size=%d)\n";
bpf_trace_printk(fmt, sizeof(fmt),