bpf: use bpf_probe_read in implicitly generated kernel mem read

Currently, bcc rewriter uses bpf_probe_read_kernel() for implicitly specified kernel memory read. This is not totally correct. Some user memory in kernel data structure may be accessed. bpf_probe_read_kernel() may fail with later kernels. Let us revert back to old bpf_probe_read().
heatseekr · Jun 22, 2020 · f579bf8 · f579bf8
1 parent 4bf92d1
commit f579bf8
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/cc/frontends/clang/b_frontend_action.cc b/src/cc/frontends/clang/b_frontend_action.cc
@@ -488,7 +488,7 @@ bool ProbeVisitor::VisitUnaryOperator(UnaryOperator *E) {
  memb_visited_.insert(E);
  string pre, post;
  pre = "({ typeof(" + E->getType().getAsString() + ") _val; __builtin_memset(&_val, 0, sizeof(_val));";
- pre += " bpf_probe_read_kernel(&_val, sizeof(_val), (u64)";
+ pre += " bpf_probe_read(&_val, sizeof(_val), (u64)";
  post = "); _val; })";
  rewriter_.ReplaceText(expansionLoc(E->getOperatorLoc()), 1, pre);
  rewriter_.InsertTextAfterToken(expansionLoc(GET_ENDLOC(sub)), post);
@@ -549,7 +549,7 @@ bool ProbeVisitor::VisitMemberExpr(MemberExpr *E) {
  string base_type = base->getType()->getPointeeType().getAsString();
  string pre, post;
  pre = "({ typeof(" + E->getType().getAsString() + ") _val; __builtin_memset(&_val, 0, sizeof(_val));";
- pre += " bpf_probe_read_kernel(&_val, sizeof(_val), (u64)&";
+ pre += " bpf_probe_read(&_val, sizeof(_val), (u64)&";
  post = rhs + "); _val; })";
  rewriter_.InsertText(expansionLoc(GET_BEGINLOC(E)), pre);
  rewriter_.ReplaceText(expansionRange(SourceRange(member, GET_ENDLOC(E))), post);
@@ -600,7 +600,7 @@ bool ProbeVisitor::VisitArraySubscriptExpr(ArraySubscriptExpr *E) {
  return true;
 
  pre = "({ typeof(" + E->getType().getAsString() + ") _val; __builtin_memset(&_val, 0, sizeof(_val));";
- pre += " bpf_probe_read_kernel(&_val, sizeof(_val), (u64)((";
+ pre += " bpf_probe_read(&_val, sizeof(_val), (u64)((";
  if (isMemberDereference(base)) {
  pre += "&";
  // If the base of the array subscript is a member dereference, we'll rewrite
@@ -733,7 +733,7 @@ void BTypeVisitor::genParamIndirectAssign(FunctionDecl *D, string& preamble,
  size_t d = idx - 1;
  const char *reg = calling_conv_regs[d];
  preamble += "\n " + text + ";";
- preamble += " bpf_probe_read_kernel";
+ preamble += " bpf_probe_read";
  preamble += "(&" + arg->getName().str() + ", sizeof(" +
  arg->getName().str() + "), &" + new_ctx + "->" +
  string(reg) + ");";