forked from iovisor/bcc
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tools/opensnoop: Snoop all open related syscall stubs
kernel v5.6 introduces fddb5d430ad9 ("open: introduce openat2(2) syscall"). Even though do_sys_open still exists, it might be optimized off final binary depending on compilers. So we can't catch do_sys_open in some cases. This patch uses ksymname to try to get entries of open, openat and openat2, and changes the definitions of the trace functions to snoop them all. This works for both kprobe and kfunc. Credit to Yonghong Song for better code organization. Signed-off-by: He Zhe <[email protected]>
- Loading branch information
1 parent
ba0bacf
commit 6889afe
Showing
1 changed file
with
119 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters