diff options
| author | Andrii Nakryiko <andrii@kernel.org> | 2022-02-09 06:42:42 +0100 |
|---|---|---|
| committer | Andrii Nakryiko <andrii@kernel.org> | 2022-02-09 06:45:06 +0100 |
| commit | 3caa7d2e2e9b69bf294b55c4a5a0b6673fdf5b00 (patch) | |
| tree | 67f2081ee7aa77a5add2eb541a8e87293b504f18 /tools/lib/bpf/bpf_tracing.h | |
| parent | Merge branch 'Fix accessing syscall arguments' (diff) | |
| parent | selftests/bpf: Test BPF_KPROBE_SYSCALL macro (diff) | |
| download | linux-3caa7d2e2e9b69bf294b55c4a5a0b6673fdf5b00.tar.xz linux-3caa7d2e2e9b69bf294b55c4a5a0b6673fdf5b00.zip | |
Merge branch 'libbpf: Add syscall-specific variant of BPF_KPROBE'
Hengqi Chen says:
====================
Add new macro BPF_KPROBE_SYSCALL, which provides easy access to syscall
input arguments. See [0] and [1] for background.
[0]: https://github.com/libbpf/libbpf-bootstrap/issues/57
[1]: https://github.com/libbpf/libbpf/issues/425
v2->v3:
- Use PT_REGS_SYSCALL_REGS
- Move selftest to progs/bpf_syscall_macro.c
v1->v2:
- Use PT_REGS_PARM2_CORE_SYSCALL instead
====================
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Diffstat (limited to 'tools/lib/bpf/bpf_tracing.h')
| -rw-r--r-- | tools/lib/bpf/bpf_tracing.h | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h index eb6eb3b28063..e3a8c947e89f 100644 --- a/tools/lib/bpf/bpf_tracing.h +++ b/tools/lib/bpf/bpf_tracing.h @@ -470,4 +470,39 @@ typeof(name(0)) name(struct pt_regs *ctx) \ } \ static __always_inline typeof(name(0)) ____##name(struct pt_regs *ctx, ##args) +#define ___bpf_syscall_args0() ctx +#define ___bpf_syscall_args1(x) ___bpf_syscall_args0(), (void *)PT_REGS_PARM1_CORE_SYSCALL(regs) +#define ___bpf_syscall_args2(x, args...) ___bpf_syscall_args1(args), (void *)PT_REGS_PARM2_CORE_SYSCALL(regs) +#define ___bpf_syscall_args3(x, args...) ___bpf_syscall_args2(args), (void *)PT_REGS_PARM3_CORE_SYSCALL(regs) +#define ___bpf_syscall_args4(x, args...) ___bpf_syscall_args3(args), (void *)PT_REGS_PARM4_CORE_SYSCALL(regs) +#define ___bpf_syscall_args5(x, args...) ___bpf_syscall_args4(args), (void *)PT_REGS_PARM5_CORE_SYSCALL(regs) +#define ___bpf_syscall_args(args...) ___bpf_apply(___bpf_syscall_args, ___bpf_narg(args))(args) + +/* + * BPF_KPROBE_SYSCALL is a variant of BPF_KPROBE, which is intended for + * tracing syscall functions, like __x64_sys_close. It hides the underlying + * platform-specific low-level way of getting syscall input arguments from + * struct pt_regs, and provides a familiar typed and named function arguments + * syntax and semantics of accessing syscall input parameters. + * + * Original struct pt_regs* context is preserved as 'ctx' argument. This might + * be necessary when using BPF helpers like bpf_perf_event_output(). + * + * This macro relies on BPF CO-RE support. + */ +#define BPF_KPROBE_SYSCALL(name, args...) \ +name(struct pt_regs *ctx); \ +static __attribute__((always_inline)) typeof(name(0)) \ +____##name(struct pt_regs *ctx, ##args); \ +typeof(name(0)) name(struct pt_regs *ctx) \ +{ \ + struct pt_regs *regs = PT_REGS_SYSCALL_REGS(ctx); \ + _Pragma("GCC diagnostic push") \ + _Pragma("GCC diagnostic ignored \"-Wint-conversion\"") \ + return ____##name(___bpf_syscall_args(args)); \ + _Pragma("GCC diagnostic pop") \ +} \ +static __attribute__((always_inline)) typeof(name(0)) \ +____##name(struct pt_regs *ctx, ##args) + #endif |