Add bpf_probe_read_str helper

Also use it in the RecordMySQLQuery example and updated documentation
linux-kern · May 9, 2017 · af6f512 · af6f512
1 parent 6cce73a
commit af6f512
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 11 deletions.
diff --git a/docs/reference_guide.md b/docs/reference_guide.md
@@ -16,11 +16,12 @@ This guide is incomplete. If something feels missing, check the bcc and kernel s
  - [6. USDT probes](#6-usdt-probes)
  - [Data](#data)
  - [1. bpf_probe_read()](#1-bpf_probe_read)
- - [2. bpf_ktime_get_ns()](#2-bpf_ktime_get_ns)
- - [3. bpf_get_current_pid_tgid()](#3-bpf_get_current_pid_tgid)
- - [4. bpf_get_current_uid_gid()](#4-bpf_get_current_uid_gid)
- - [5. bpf_get_current_comm()](#5-bpf_get_current_comm)
- - [6. bpf_log2l()](#6-bpflog2l)
+ - [2. bpf_probe_read_str()](#2-bpf_probe_read_str)
+ - [3. bpf_ktime_get_ns()](#3-bpf_ktime_get_ns)
+ - [4. bpf_get_current_pid_tgid()](#4-bpf_get_current_pid_tgid)
+ - [5. bpf_get_current_uid_gid()](#5-bpf_get_current_uid_gid)
+ - [6. bpf_get_current_comm()](#6-bpf_get_current_comm)
+ - [7. bpf_log2l()](#7-bpflog2l)
  - [Output](#output)
  - [1. bpf_trace_printk()](#1-bpf_trace_printk)
  - [2. BPF_PERF_OUTPUT](#2-bpf_perf_output)
@@ -239,7 +240,21 @@ Examples in situ:
 [search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read+path%3Aexamples&type=Code),
 [search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read+path%3Atools&type=Code)
 
-### 2. bpf_ktime_get_ns()
+### 2. bpf_probe_read_str()
+
+Syntax: ```int bpf_probe_read_str(void *dst, int size, void *src)```
+
+Return:
+ - \> 0 length of the string including the trailing NUL on success
+ - \< 0 error
+
+This copies a `NULL` terminated string from memory location to BPF stack, so that BPF can later operate on it. In case the string length is smaller than size, the target is not padded with further `NULL` bytes. In case the string length is larger than size, just `size - 1` bytes are copied and the last byte is set to `NULL`.
+
+Examples in situ:
+[search /examples](https://github.com/iovisor/bcc/search?q=bpf_probe_read_str+path%3Aexamples&type=Code),
+[search /tools](https://github.com/iovisor/bcc/search?q=bpf_probe_read_str+path%3Atools&type=Code)
+
+### 3. bpf_ktime_get_ns()
 
 Syntax: ```u64 bpf_ktime_get_ns(void)```
 
@@ -249,7 +264,7 @@ Examples in situ:
 [search /examples](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Aexamples&type=Code),
 [search /tools](https://github.com/iovisor/bcc/search?q=bpf_ktime_get_ns+path%3Atools&type=Code)
 
-### 3. bpf_get_current_pid_tgid()
+### 4. bpf_get_current_pid_tgid()
 
 Syntax: ```u64 bpf_get_current_pid_tgid(void)```
 
@@ -261,7 +276,7 @@ Examples in situ:
 [search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Aexamples&type=Code),
 [search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_pid_tgid+path%3Atools&type=Code)
 
-### 4. bpf_get_current_uid_gid()
+### 5. bpf_get_current_uid_gid()
 
 Syntax: ```u64 bpf_get_current_uid_gid(void)```
 
@@ -273,7 +288,7 @@ Examples in situ:
 [search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Aexamples&type=Code),
 [search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_uid_gid+path%3Atools&type=Code)
 
-### 5. bpf_get_current_comm()
+### 6. bpf_get_current_comm()
 
 Syntax: ```bpf_get_current_comm(char *buf, int size_of_buf)```
 
@@ -294,7 +309,7 @@ Examples in situ:
 [search /examples](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Aexamples&type=Code),
 [search /tools](https://github.com/iovisor/bcc/search?q=bpf_get_current_comm+path%3Atools&type=Code)
 
-### 6. bpf_log2l()
+### 7. bpf_log2l()
 
 Syntax: ```unsigned int bpf_log2l(unsigned long v)```
 

diff --git a/examples/cpp/RecordMySQLQuery.cc b/examples/cpp/RecordMySQLQuery.cc
@@ -34,7 +34,7 @@ int probe_mysql_query(struct pt_regs *ctx, void* thd, char* query, size_t len) {
  key.ts = bpf_ktime_get_ns();
  key.pid = bpf_get_current_pid_tgid();
 
- bpf_probe_read(&key.query, sizeof(key.query), query);
+ bpf_probe_read_str(&key.query, sizeof(key.query), query);
 
  int one = 1;
  queries.update(&key, &one);

diff --git a/src/cc/export/helpers.h b/src/cc/export/helpers.h
@@ -165,6 +165,8 @@ static u32 (*bpf_get_prandom_u32)(void) =
  (void *) BPF_FUNC_get_prandom_u32;
 static int (*bpf_trace_printk_)(const char *fmt, u64 fmt_size, ...) =
  (void *) BPF_FUNC_trace_printk;
+static int (*bpf_probe_read_str)(void *dst, u64 size, void *unsafe_ptr) =
+ (void *) BPF_FUNC_probe_read_str;
 int bpf_trace_printk(const char *fmt, ...) asm("llvm.bpf.extra");
 static inline __attribute__((always_inline))
 void bpf_tail_call_(u64 map_fd, void *ctx, int index) {