diff options
| author | Arnaldo Carvalho de Melo <acme@redhat.com> | 2019-07-16 15:59:19 +0200 |
|---|---|---|
| committer | Arnaldo Carvalho de Melo <acme@redhat.com> | 2019-07-29 23:34:41 +0200 |
| commit | 6ff8fff45611e0b5ff4c0979cd0470b5cbc0a031 (patch) | |
| tree | b0dab1d0be3f6c3e0e7834cb494a5aa8f6336d78 /tools/perf/examples | |
| parent | perf trace: Add BPF handler for unaugmented syscalls (diff) | |
| download | linux-6ff8fff45611e0b5ff4c0979cd0470b5cbc0a031.tar.xz linux-6ff8fff45611e0b5ff4c0979cd0470b5cbc0a031.zip | |
perf trace: Allow specifying the bpf prog to augment specific syscalls
This is a step in the direction of being able to use a
BPF_MAP_TYPE_PROG_ARRAY to handle syscalls that need to copy pointer
payloads in addition to the raw tracepoint syscall args.
There is a first example in
tools/perf/examples/bpf/augmented_raw_syscalls.c for the 'open' syscall.
Next step is to introduce the prog array map and use this 'open'
augmenter, then use that augmenter in other syscalls that also only copy
the first arg as a string, and then show how to use with a syscall that
reads more than one filename, like 'rename', etc.
Cc: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Luis Cláudio Gonçalves <lclaudio@redhat.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Link: https://lkml.kernel.org/n/tip-pys4v57x5qqrybb4cery2mc8@git.kernel.org
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Diffstat (limited to 'tools/perf/examples')
| -rw-r--r-- | tools/perf/examples/bpf/augmented_raw_syscalls.c | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c index 48a536b1be6d..66b33b299349 100644 --- a/tools/perf/examples/bpf/augmented_raw_syscalls.c +++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c @@ -94,6 +94,29 @@ int syscall_unaugmented(struct syscall_enter_args *args) return 1; } +/* + * This will be tail_called from SEC("raw_syscalls:sys_enter"), so will find in + * augmented_filename_map what was read by that raw_syscalls:sys_enter and go + * on from there, reading the first syscall arg as a string, i.e. open's + * filename. + */ +SEC("!syscalls:sys_enter_open") +int sys_enter_open(struct syscall_enter_args *args) +{ + int key = 0; + struct augmented_args_filename *augmented_args = bpf_map_lookup_elem(&augmented_filename_map, &key); + const void *filename_arg = (const void *)args->args[0]; + unsigned int len = sizeof(augmented_args->args); + + if (augmented_args == NULL) + return 1; /* Failure: don't filter */ + + len += augmented_filename__read(&augmented_args->filename, filename_arg, sizeof(augmented_args->filename.value)); + + /* If perf_event_output fails, return non-zero so that it gets recorded unaugmented */ + return perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, augmented_args, len); +} + SEC("raw_syscalls:sys_enter") int sys_enter(struct syscall_enter_args *args) { |