| Message ID | 20191123055151.9990-3-danieltimlee@gmail.com |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF Maintainers |
| Headers | show |
| Series | Fix broken samples due to symbol mismatch | expand |
On 11/23/19 6:51 AM, Daniel T. Lee wrote: > Currently, open() is called from the user program and it calls the syscall > 'sys_openat', not the 'sys_open'. This leads to an error of the program > of user side, due to the fact that the counter maps are zero since no > function such 'sys_open' is called. > > This commit adds the kernel bpf program which are attached to the > tracepoint 'sys_enter_openat' and 'sys_enter_openat'. > > Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> > --- > samples/bpf/syscall_tp_kern.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/samples/bpf/syscall_tp_kern.c b/samples/bpf/syscall_tp_kern.c > index 1d78819ffef1..4ea91b1d3e03 100644 > --- a/samples/bpf/syscall_tp_kern.c > +++ b/samples/bpf/syscall_tp_kern.c > @@ -51,9 +51,23 @@ int trace_enter_open(struct syscalls_enter_open_args *ctx) > return 0; > } > > +SEC("tracepoint/syscalls/sys_enter_openat") > +int trace_enter_open_at(struct syscalls_enter_open_args *ctx) > +{ > + count((void *)&enter_open_map); Nit: cast to void * not needed, same in below 3 locations. > + return 0; > +} > + > SEC("tracepoint/syscalls/sys_exit_open") > int trace_enter_exit(struct syscalls_exit_open_args *ctx) > { > count((void *)&exit_open_map); > return 0; > } > + > +SEC("tracepoint/syscalls/sys_exit_openat") > +int trace_enter_exit_at(struct syscalls_exit_open_args *ctx) > +{ > + count((void *)&exit_open_map); > + return 0; > +} >
diff --git a/samples/bpf/syscall_tp_kern.c b/samples/bpf/syscall_tp_kern.c index 1d78819ffef1..4ea91b1d3e03 100644 --- a/samples/bpf/syscall_tp_kern.c +++ b/samples/bpf/syscall_tp_kern.c @@ -51,9 +51,23 @@ int trace_enter_open(struct syscalls_enter_open_args *ctx) return 0; } +SEC("tracepoint/syscalls/sys_enter_openat") +int trace_enter_open_at(struct syscalls_enter_open_args *ctx) +{ + count((void *)&enter_open_map); + return 0; +} + SEC("tracepoint/syscalls/sys_exit_open") int trace_enter_exit(struct syscalls_exit_open_args *ctx) { count((void *)&exit_open_map); return 0; } + +SEC("tracepoint/syscalls/sys_exit_openat") +int trace_enter_exit_at(struct syscalls_exit_open_args *ctx) +{ + count((void *)&exit_open_map); + return 0; +}
Currently, open() is called from the user program and it calls the syscall 'sys_openat', not the 'sys_open'. This leads to an error of the program of user side, due to the fact that the counter maps are zero since no function such 'sys_open' is called. This commit adds the kernel bpf program which are attached to the tracepoint 'sys_enter_openat' and 'sys_enter_openat'. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> --- samples/bpf/syscall_tp_kern.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)