introduce C++ get_syscall_fnname API

This fixed issue iovisor#1695 for C++. The example HelloWorld.cc and tests test_libbcc also got fixed. Signed-off-by: Yonghong Song <[email protected]>
linux-kern · Apr 27, 2018 · 28b7fff · 28b7fff
1 parent 8f1a22a
commit 28b7fff
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 7 deletions.
diff --git a/examples/cpp/HelloWorld.cc b/examples/cpp/HelloWorld.cc
@@ -27,8 +27,9 @@ int main() {
 
  std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe");
  std::string line;
+ std::string clone_fnname = bpf.get_syscall_fnname("clone");
 
- auto attach_res = bpf.attach_kprobe("sys_clone", "on_sys_clone");
+ auto attach_res = bpf.attach_kprobe(clone_fnname, "on_sys_clone");
  if (attach_res.code() != 0) {
  std::cerr << attach_res.msg() << std::endl;
  return 1;
@@ -38,7 +39,7 @@ int main() {
  if (std::getline(pipe, line)) {
  std::cout << line << std::endl;
  // Detach the probe if we got at least one line.
- auto detach_res = bpf.detach_kprobe("sys_clone");
+ auto detach_res = bpf.detach_kprobe(clone_fnname);
  if (detach_res.code() != 0) {
  std::cerr << detach_res.msg() << std::endl;
  return 1;

diff --git a/src/cc/api/BPF.cc b/src/cc/api/BPF.cc
@@ -39,6 +39,11 @@
 
 namespace ebpf {
 
+static const char *syscall_prefix[] = {
+ "sys_",
+ "__x64_sys_",
+};
+
 std::string uint_to_hex(uint64_t value) {
  std::stringstream ss;
  ss << std::hex << value;
@@ -57,6 +62,10 @@ StatusTuple BPF::init(const std::string& bpf_program,
  const std::vector<std::string>& cflags,
  const std::vector<USDT>& usdt) {
  std::string all_bpf_program;
+ bcc_symbol_option symbol_option = {};
+ void *ksym_cache;
+ uint64_t addr;
+ int ret;
 
  for (auto u : usdt) {
  if (!u.initialized_)
@@ -74,6 +83,16 @@ StatusTuple BPF::init(const std::string& bpf_program,
  if (bpf_module_->load_string(all_bpf_program, flags, flags_len) != 0)
  return StatusTuple(-1, "Unable to initialize BPF program");
 
+ ksym_cache = bcc_symcache_new(-1, &symbol_option);
+ ret = bcc_symcache_resolve_name(ksym_cache, NULL, "sys_bpf", &addr);
+ if (ret == 0) {
+ syscall_prefix_idx_ = 0;
+ } else {
+ ret = bcc_symcache_resolve_name(ksym_cache, NULL, "__x64_sys_bpf", &addr);
+ syscall_prefix_idx_ = (ret == 0) ? 1 : 0;
+ }
+ bcc_free_symcache(ksym_cache, -1);
+
  return StatusTuple(0);
 };
 
@@ -548,6 +567,11 @@ StatusTuple BPF::unload_func(const std::string& func_name) {
  return StatusTuple(0);
 }
 
+std::string BPF::get_syscall_fnname(const std::string &name) {
+ std::string fn_name = syscall_prefix[syscall_prefix_idx_] + name;
+ return std::move(fn_name);
+}
+
 StatusTuple BPF::check_binary_symbol(const std::string& binary_path,
  const std::string& symbol,
  uint64_t symbol_addr,

diff --git a/src/cc/api/BPF.h b/src/cc/api/BPF.h
@@ -47,7 +47,8 @@ class BPF {
 
  explicit BPF(unsigned int flag = 0, TableStorage* ts = nullptr,
  bool rw_engine_enabled = true)
- : flag_(flag), bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
+ : flag_(flag), syscall_prefix_idx_(0),
+ bpf_module_(new BPFModule(flag, ts, rw_engine_enabled)) {}
  StatusTuple init(const std::string& bpf_program,
  const std::vector<std::string>& cflags = {},
  const std::vector<USDT>& usdt = {});
@@ -90,6 +91,7 @@ class BPF {
  int group_fd = -1);
  StatusTuple detach_perf_event(uint32_t ev_type, uint32_t ev_config);
  StatusTuple detach_perf_event_raw(void* perf_event_attr);
+ std::string get_syscall_fnname(const std::string &name);
 
  BPFTable get_table(const std::string& name) {
  TableStorage::iterator it;
@@ -212,6 +214,8 @@ class BPF {
 
  int flag_;
 
+ int syscall_prefix_idx_;
+
  std::unique_ptr<BPFModule> bpf_module_;
 
  std::map<std::string, int> funcs_;

diff --git a/tests/cc/test_bpf_table.cc b/tests/cc/test_bpf_table.cc
@@ -178,10 +178,11 @@ TEST_CASE("test bpf stack table", "[bpf_stack_table]") {
  ebpf::StatusTuple res(0);
  res = bpf.init(BPF_PROGRAM);
  REQUIRE(res.code() == 0);
- res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
+ std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
+ res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
  REQUIRE(res.code() == 0);
  REQUIRE(getuid() >= 0);
- res = bpf.detach_kprobe("sys_getuid");
+ res = bpf.detach_kprobe(getuid_fnname);
  REQUIRE(res.code() == 0);
 
  auto id = bpf.get_hash_table<int, int>("id");

diff --git a/tests/cc/test_perf_event.cc b/tests/cc/test_perf_event.cc
@@ -62,10 +62,11 @@ TEST_CASE("test read perf event", "[bpf_perf_event]") {
  res =
  bpf.open_perf_event("cnt", PERF_TYPE_SOFTWARE, PERF_COUNT_SW_CPU_CLOCK);
  REQUIRE(res.code() == 0);
- res = bpf.attach_kprobe("sys_getuid", "on_sys_getuid");
+ std::string getuid_fnname = bpf.get_syscall_fnname("getuid");
+ res = bpf.attach_kprobe(getuid_fnname, "on_sys_getuid");
  REQUIRE(res.code() == 0);
  REQUIRE(getuid() >= 0);
- res = bpf.detach_kprobe("sys_getuid");
+ res = bpf.detach_kprobe(getuid_fnname);
  REQUIRE(res.code() == 0);
  res = bpf.close_perf_event("cnt");
  REQUIRE(res.code() == 0);