forked from iovisor/bcc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
generate indirect parameter assignment if arch uses syscall wrapper (i…
…ovisor#1816) Fix issue iovisor#1802. On x64, the following commit (in 4.17) changed the raw parameter passed to the syscall entry function from a list of parameters supplied in user space to a single `pt_regs *` parameter. Also in 4.17, x64 syscall entry function is changed from `sys_<name>` to `__x64_sys_<name>`. ``` commit fa697140f9a20119a9ec8fd7460cc4314fbdaff3 Author: Dominik Brodowski <[email protected]> Date: Thu Apr 5 11:53:02 2018 +0200 syscalls/x86: Use 'struct pt_regs' based syscall calling convention for 64-bit syscalls Let's make use of ARCH_HAS_SYSCALL_WRAPPER=y on pure 64-bit x86-64 systems: Each syscall defines a stub which takes struct pt_regs as its only argument. It decodes just those parameters it needs, e.g: asmlinkage long sys_xyzzy(const struct pt_regs *regs) { return SyS_xyzzy(regs->di, regs->si, regs->dx); } This approach avoids leaking random user-provided register content down the call chain. ... ``` In bcc, we support kprobe function signatures in the bpf program. The rewriter will automatically generate proper assignment to these parameters. With the above function signature change, the original method does not work any more. This patch enhanced rewriter to generate two version codes guarded with CONFIG_ARCH_HAS_SYSCALL_WRAPPER. But we need to identify whether a function will be attached to syscall entry function or not during prog load time at which time the program has not attached to any event. The prefix `kprobe__` is used for kprobe autoload, we can use `kprobe____x64_sys_` as the prefix to identify x64 syscall entry functions. To support other architecture or not-autoloading program, the prefix `syscall__` is introduced to signal it is a syscall entry function. trace.py and other tools which uses kprobe syscall entry functions are also modified with the new interface so that they can work properly with 4.17. Signed-off-by: Yonghong Song <[email protected]>
- Loading branch information
1 parent
eebd485
commit 2da3426
Showing
8 changed files
with
138 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters