diff --git a/examples/cpp/RecordMySQLQuery.cc b/examples/cpp/RecordMySQLQuery.cc index 09233ac7c7f1..6d49eee9b6b6 100644 --- a/examples/cpp/RecordMySQLQuery.cc +++ b/examples/cpp/RecordMySQLQuery.cc @@ -34,7 +34,7 @@ int probe_mysql_query(struct pt_regs *ctx, void* thd, char* query, size_t len) { key.ts = bpf_ktime_get_ns(); key.pid = bpf_get_current_pid_tgid(); - bpf_probe_read_str(&key.query, sizeof(key.query), query); + bpf_probe_read_user_str(&key.query, sizeof(key.query), query); int one = 1; queries.update(&key, &one); diff --git a/examples/lua/bashreadline.c b/examples/lua/bashreadline.c index fad33d7dd7f6..917f944d867b 100644 --- a/examples/lua/bashreadline.c +++ b/examples/lua/bashreadline.c @@ -15,7 +15,8 @@ int printret(struct pt_regs *ctx) return 0; pid = bpf_get_current_pid_tgid(); data.pid = pid; - bpf_probe_read(&data.str, sizeof(data.str), (void *)PT_REGS_RC(ctx)); + bpf_probe_read_user(&data.str, sizeof(data.str), + (void *)PT_REGS_RC(ctx)); events.perf_submit(ctx, &data, sizeof(data)); return 0; }; diff --git a/examples/lua/strlen_count.lua b/examples/lua/strlen_count.lua index 553d043e7252..5a6b00091ffb 100755 --- a/examples/lua/strlen_count.lua +++ b/examples/lua/strlen_count.lua @@ -26,7 +26,7 @@ int printarg(struct pt_regs *ctx) { if (pid != PID) return 0; char str[128] = {}; - bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx)); + bpf_probe_read_user(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx)); bpf_trace_printk("strlen(\"%s\")\n", &str); return 0; }; diff --git a/examples/lua/usdt_ruby.lua b/examples/lua/usdt_ruby.lua index 5b5df2d0fb7a..94c059c28aa7 100755 --- a/examples/lua/usdt_ruby.lua +++ b/examples/lua/usdt_ruby.lua @@ -22,7 +22,7 @@ int trace_method(struct pt_regs *ctx) { bpf_usdt_readarg(2, ctx, &addr); char fn_name[128] = {}; - bpf_probe_read(&fn_name, sizeof(fn_name), (void *)addr); + bpf_probe_read_user(&fn_name, sizeof(fn_name), (void *)addr); bpf_trace_printk("%s(...)\n", fn_name); return 0; diff --git a/examples/tracing/mysqld_query.py b/examples/tracing/mysqld_query.py index ace07150da35..2f857277b269 100755 --- a/examples/tracing/mysqld_query.py +++ b/examples/tracing/mysqld_query.py @@ -34,7 +34,7 @@ * see: https://dev.mysql.com/doc/refman/5.7/en/dba-dtrace-ref-query.html */ bpf_usdt_readarg(1, ctx, &addr); - bpf_probe_read(&query, sizeof(query), (void *)addr); + bpf_probe_read_user(&query, sizeof(query), (void *)addr); bpf_trace_printk("%s\\n", query); return 0; }; diff --git a/examples/tracing/nodejs_http_server.py b/examples/tracing/nodejs_http_server.py index a86ca956cfa9..e32a26ea68a4 100755 --- a/examples/tracing/nodejs_http_server.py +++ b/examples/tracing/nodejs_http_server.py @@ -26,7 +26,7 @@ uint64_t addr; char path[128]={0}; bpf_usdt_readarg(6, ctx, &addr); - bpf_probe_read(&path, sizeof(path), (void *)addr); + bpf_probe_read_user(&path, sizeof(path), (void *)addr); bpf_trace_printk("path:%s\\n", path); return 0; }; diff --git a/examples/tracing/strlen_count.py b/examples/tracing/strlen_count.py index f1bb1b7ef769..8432f5935450 100755 --- a/examples/tracing/strlen_count.py +++ b/examples/tracing/strlen_count.py @@ -31,7 +31,7 @@ struct key_t key = {}; u64 zero = 0, *val; - bpf_probe_read(&key.c, sizeof(key.c), (void *)PT_REGS_PARM1(ctx)); + bpf_probe_read_user(&key.c, sizeof(key.c), (void *)PT_REGS_PARM1(ctx)); // could also use `counts.increment(key)` val = counts.lookup_or_try_init(&key, &zero); if (val) { diff --git a/examples/tracing/strlen_snoop.py b/examples/tracing/strlen_snoop.py index c3c7199ebe9e..5b70f66a3bcb 100755 --- a/examples/tracing/strlen_snoop.py +++ b/examples/tracing/strlen_snoop.py @@ -34,7 +34,7 @@ return 0; char str[80] = {}; - bpf_probe_read(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx)); + bpf_probe_read_user(&str, sizeof(str), (void *)PT_REGS_PARM1(ctx)); bpf_trace_printk("%s\\n", &str); return 0; diff --git a/tools/bashreadline.py b/tools/bashreadline.py index b7d98272f75d..ad9cfdc0a1df 100755 --- a/tools/bashreadline.py +++ b/tools/bashreadline.py @@ -52,7 +52,7 @@ return 0; pid = bpf_get_current_pid_tgid(); data.pid = pid; - bpf_probe_read(&data.str, sizeof(data.str), (void *)PT_REGS_RC(ctx)); + bpf_probe_read_user(&data.str, sizeof(data.str), (void *)PT_REGS_RC(ctx)); bpf_get_current_comm(&comm, sizeof(comm)); if (comm[0] == 'b' && comm[1] == 'a' && comm[2] == 's' && comm[3] == 'h' && comm[4] == 0 ) { diff --git a/tools/biosnoop.lua b/tools/biosnoop.lua index 705212ee7602..21261d0b3a57 100755 --- a/tools/biosnoop.lua +++ b/tools/biosnoop.lua @@ -84,7 +84,8 @@ int trace_req_completion(struct pt_regs *ctx, struct request *req) valp = infobyreq.lookup(&req); if (valp == 0) { data.len = req->__data_len; - strcpy(data.name,"?"); + data.name[0] = '?'; + data.name[1] = 0; } else { data.pid = valp->pid; data.len = req->__data_len; diff --git a/tools/biosnoop.py b/tools/biosnoop.py index e6f708fae1dc..b550281c8e4c 100755 --- a/tools/biosnoop.py +++ b/tools/biosnoop.py @@ -108,7 +108,8 @@ valp = infobyreq.lookup(&req); if (valp == 0) { data.len = req->__data_len; - strcpy(data.name, "?"); + data.name[0] = '?'; + data.name[1] = 0; } else { if (##QUEUE##) { data.qdelta = *tsp - valp->ts; diff --git a/tools/dbslower.py b/tools/dbslower.py index 2f1b6a8b83e0..ffbb5e1b6888 100755 --- a/tools/dbslower.py +++ b/tools/dbslower.py @@ -127,12 +127,12 @@ tmp.timestamp = bpf_ktime_get_ns(); #if defined(MYSQL56) - bpf_probe_read(&tmp.query, sizeof(tmp.query), (void*) PT_REGS_PARM3(ctx)); + bpf_probe_read_user(&tmp.query, sizeof(tmp.query), (void*) PT_REGS_PARM3(ctx)); #elif defined(MYSQL57) void* st = (void*) PT_REGS_PARM2(ctx); char* query; - bpf_probe_read(&query, sizeof(query), st); - bpf_probe_read(&tmp.query, sizeof(tmp.query), query); + bpf_probe_read_user(&query, sizeof(query), st); + bpf_probe_read_user(&tmp.query, sizeof(tmp.query), query); #else //USDT bpf_usdt_readarg(1, ctx, &tmp.query); #endif @@ -157,7 +157,13 @@ data.pid = pid >> 32; // only process id data.timestamp = tempp->timestamp; data.duration = delta; +#if defined(MYSQL56) || defined(MYSQL57) + // We already copied string to the bpf stack. Hence use bpf_probe_read() bpf_probe_read(&data.query, sizeof(data.query), tempp->query); +#else + // USDT - we didnt copy string to the bpf stack before. + bpf_probe_read_user(&data.query, sizeof(data.query), tempp->query); +#endif events.perf_submit(ctx, &data, sizeof(data)); #ifdef THRESHOLD } diff --git a/tools/execsnoop.py b/tools/execsnoop.py index 26cbce660479..9879d2c2fe96 100755 --- a/tools/execsnoop.py +++ b/tools/execsnoop.py @@ -120,7 +120,7 @@ def parse_uid(user): static int __submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { - bpf_probe_read(data->argv, sizeof(data->argv), ptr); + bpf_probe_read_user(data->argv, sizeof(data->argv), ptr); events.perf_submit(ctx, data, sizeof(struct data_t)); return 1; } @@ -128,7 +128,7 @@ def parse_uid(user): static int submit_arg(struct pt_regs *ctx, void *ptr, struct data_t *data) { const char *argp = NULL; - bpf_probe_read(&argp, sizeof(argp), ptr); + bpf_probe_read_user(&argp, sizeof(argp), ptr); if (argp) { return __submit_arg(ctx, (void *)(argp), data); } diff --git a/tools/funcslower.py b/tools/funcslower.py index bda6a844c032..9acd35d12a18 100755 --- a/tools/funcslower.py +++ b/tools/funcslower.py @@ -82,7 +82,11 @@ u64 id; u64 start_ns; #ifdef GRAB_ARGS +#ifndef __s390x__ u64 args[6]; +#else + u64 args[5]; +#endif #endif }; @@ -94,7 +98,11 @@ u64 retval; char comm[TASK_COMM_LEN]; #ifdef GRAB_ARGS +#ifndef __s390x__ u64 args[6]; +#else + u64 args[5]; +#endif #endif #ifdef USER_STACKS int user_stack_id; @@ -130,7 +138,9 @@ entry.args[2] = PT_REGS_PARM3(ctx); entry.args[3] = PT_REGS_PARM4(ctx); entry.args[4] = PT_REGS_PARM5(ctx); +#ifndef __s390x__ entry.args[5] = PT_REGS_PARM6(ctx); +#endif #endif entryinfo.update(&tgid_pid, &entry); diff --git a/tools/gethostlatency.py b/tools/gethostlatency.py index f7506a868392..a6b80801a391 100755 --- a/tools/gethostlatency.py +++ b/tools/gethostlatency.py @@ -64,7 +64,7 @@ u32 pid = bpf_get_current_pid_tgid(); if (bpf_get_current_comm(&val.comm, sizeof(val.comm)) == 0) { - bpf_probe_read(&val.host, sizeof(val.host), + bpf_probe_read_user(&val.host, sizeof(val.host), (void *)PT_REGS_PARM1(ctx)); val.pid = bpf_get_current_pid_tgid(); val.ts = bpf_ktime_get_ns(); diff --git a/tools/lib/ucalls.py b/tools/lib/ucalls.py index 307df252762d..396d56eb7a9b 100755 --- a/tools/lib/ucalls.py +++ b/tools/lib/ucalls.py @@ -158,9 +158,9 @@ #endif READ_CLASS READ_METHOD - bpf_probe_read(&data.method.clazz, sizeof(data.method.clazz), + bpf_probe_read_user(&data.method.clazz, sizeof(data.method.clazz), (void *)clazz); - bpf_probe_read(&data.method.method, sizeof(data.method.method), + bpf_probe_read_user(&data.method.method, sizeof(data.method.method), (void *)method); #ifndef LATENCY valp = counts.lookup_or_try_init(&data.method, &val); @@ -182,9 +182,9 @@ data.pid = bpf_get_current_pid_tgid(); READ_CLASS READ_METHOD - bpf_probe_read(&data.method.clazz, sizeof(data.method.clazz), + bpf_probe_read_user(&data.method.clazz, sizeof(data.method.clazz), (void *)clazz); - bpf_probe_read(&data.method.method, sizeof(data.method.method), + bpf_probe_read_user(&data.method.method, sizeof(data.method.method), (void *)method); entry_timestamp = entry.lookup(&data); if (!entry_timestamp) { diff --git a/tools/lib/uflow.py b/tools/lib/uflow.py index 4779ba2ccff2..de3d7e27cd39 100755 --- a/tools/lib/uflow.py +++ b/tools/lib/uflow.py @@ -81,8 +81,8 @@ READ_CLASS READ_METHOD - bpf_probe_read(&data.clazz, sizeof(data.clazz), (void *)clazz); - bpf_probe_read(&data.method, sizeof(data.method), (void *)method); + bpf_probe_read_user(&data.clazz, sizeof(data.clazz), (void *)clazz); + bpf_probe_read_user(&data.method, sizeof(data.method), (void *)method); FILTER_CLASS FILTER_METHOD diff --git a/tools/lib/ugc.py b/tools/lib/ugc.py index 8841d5faa2d7..8f4c8dee13d9 100755 --- a/tools/lib/ugc.py +++ b/tools/lib/ugc.py @@ -140,8 +140,8 @@ def format(self, data): u64 manager = 0, pool = 0; bpf_usdt_readarg(1, ctx, &manager); // ptr to manager name bpf_usdt_readarg(3, ctx, &pool); // ptr to pool name - bpf_probe_read(&event.string1, sizeof(event.string1), (void *)manager); - bpf_probe_read(&event.string2, sizeof(event.string2), (void *)pool); + bpf_probe_read_user(&event.string1, sizeof(event.string1), (void *)manager); + bpf_probe_read_user(&event.string2, sizeof(event.string2), (void *)pool); """ def formatter(e): diff --git a/tools/lib/uobjnew.py b/tools/lib/uobjnew.py index b8eed0f7457d..f75ba0483481 100755 --- a/tools/lib/uobjnew.py +++ b/tools/lib/uobjnew.py @@ -98,7 +98,7 @@ u64 classptr = 0, size = 0; bpf_usdt_readarg(2, ctx, &classptr); bpf_usdt_readarg(4, ctx, &size); - bpf_probe_read(&key.name, sizeof(key.name), (void *)classptr); + bpf_probe_read_user(&key.name, sizeof(key.name), (void *)classptr); valp = allocs.lookup_or_try_init(&key, &zero); if (valp) { valp->total_size += size; @@ -132,7 +132,7 @@ struct val_t *valp, zero = {}; u64 classptr = 0; bpf_usdt_readarg(1, ctx, &classptr); - bpf_probe_read(&key.name, sizeof(key.name), (void *)classptr); + bpf_probe_read_user(&key.name, sizeof(key.name), (void *)classptr); valp = allocs.lookup_or_try_init(&key, &zero); if (valp) { valp->num_allocs += 1; // We don't know the size, unfortunately diff --git a/tools/lib/uthreads.py b/tools/lib/uthreads.py index 90d0a745b7b5..9745b3d59b3b 100755 --- a/tools/lib/uthreads.py +++ b/tools/lib/uthreads.py @@ -80,7 +80,7 @@ bpf_usdt_readarg(1, ctx, &nameptr); bpf_usdt_readarg(3, ctx, &id); bpf_usdt_readarg(4, ctx, &native_id); - bpf_probe_read(&te.name, sizeof(te.name), (void *)nameptr); + bpf_probe_read_user(&te.name, sizeof(te.name), (void *)nameptr); te.runtime_id = id; te.native_id = native_id; __builtin_memcpy(&te.type, type, sizeof(te.type)); diff --git a/tools/mountsnoop.py b/tools/mountsnoop.py index 17a2edb6142b..667ea35cd9f1 100755 --- a/tools/mountsnoop.py +++ b/tools/mountsnoop.py @@ -109,22 +109,22 @@ event.type = EVENT_MOUNT_SOURCE; __builtin_memset(event.str, 0, sizeof(event.str)); - bpf_probe_read(event.str, sizeof(event.str), source); + bpf_probe_read_user(event.str, sizeof(event.str), source); events.perf_submit(ctx, &event, sizeof(event)); event.type = EVENT_MOUNT_TARGET; __builtin_memset(event.str, 0, sizeof(event.str)); - bpf_probe_read(event.str, sizeof(event.str), target); + bpf_probe_read_user(event.str, sizeof(event.str), target); events.perf_submit(ctx, &event, sizeof(event)); event.type = EVENT_MOUNT_TYPE; __builtin_memset(event.str, 0, sizeof(event.str)); - bpf_probe_read(event.str, sizeof(event.str), type); + bpf_probe_read_user(event.str, sizeof(event.str), type); events.perf_submit(ctx, &event, sizeof(event)); event.type = EVENT_MOUNT_DATA; __builtin_memset(event.str, 0, sizeof(event.str)); - bpf_probe_read(event.str, sizeof(event.str), data); + bpf_probe_read_user(event.str, sizeof(event.str), data); events.perf_submit(ctx, &event, sizeof(event)); return 0; @@ -164,7 +164,7 @@ event.type = EVENT_UMOUNT_TARGET; __builtin_memset(event.str, 0, sizeof(event.str)); - bpf_probe_read(event.str, sizeof(event.str), target); + bpf_probe_read_user(event.str, sizeof(event.str), target); events.perf_submit(ctx, &event, sizeof(event)); return 0; diff --git a/tools/mysqld_qslower.py b/tools/mysqld_qslower.py index d867d70fd527..33ea7ddd1f6e 100755 --- a/tools/mysqld_qslower.py +++ b/tools/mysqld_qslower.py @@ -81,7 +81,7 @@ def usage(): if (delta >= """ + str(min_ns) + """) { // populate and emit data struct struct data_t data = {.pid = pid, .ts = sp->ts, .delta = delta}; - bpf_probe_read(&data.query, sizeof(data.query), (void *)sp->query); + bpf_probe_read_user(&data.query, sizeof(data.query), (void *)sp->query); events.perf_submit(ctx, &data, sizeof(data)); } diff --git a/tools/opensnoop.py b/tools/opensnoop.py index b28d7d556a37..995443e3faf3 100755 --- a/tools/opensnoop.py +++ b/tools/opensnoop.py @@ -152,7 +152,7 @@ return 0; } bpf_probe_read(&data.comm, sizeof(data.comm), valp->comm); - bpf_probe_read(&data.fname, sizeof(data.fname), (void *)valp->fname); + bpf_probe_read_user(&data.fname, sizeof(data.fname), (void *)valp->fname); data.id = valp->id; data.ts = tsp / 1000; data.uid = bpf_get_current_uid_gid(); @@ -167,7 +167,7 @@ """ bpf_text_kfunc= """ -KRETFUNC_PROBE(do_sys_open, int dfd, const char *filename, int flags, int mode, int ret) +KRETFUNC_PROBE(do_sys_open, int dfd, const char __user *filename, int flags, int mode, int ret) { u64 id = bpf_get_current_pid_tgid(); u32 pid = id >> 32; // PID is higher part @@ -189,7 +189,7 @@ u64 tsp = bpf_ktime_get_ns(); - bpf_probe_read(&data.fname, sizeof(data.fname), (void *)filename); + bpf_probe_read_user(&data.fname, sizeof(data.fname), (void *)filename); data.id = id; data.ts = tsp / 1000; data.uid = bpf_get_current_uid_gid(); diff --git a/tools/sslsniff.py b/tools/sslsniff.py index e48fbb470e57..8c027fe34f66 100755 --- a/tools/sslsniff.py +++ b/tools/sslsniff.py @@ -72,7 +72,7 @@ bpf_get_current_comm(&__data.comm, sizeof(__data.comm)); if ( buf != 0) { - bpf_probe_read(&__data.v0, sizeof(__data.v0), buf); + bpf_probe_read_user(&__data.v0, sizeof(__data.v0), buf); } perf_SSL_write.perf_submit(ctx, &__data, sizeof(__data)); @@ -108,7 +108,7 @@ bpf_get_current_comm(&__data.comm, sizeof(__data.comm)); if (bufp != 0) { - bpf_probe_read(&__data.v0, sizeof(__data.v0), (char *)*bufp); + bpf_probe_read_user(&__data.v0, sizeof(__data.v0), (char *)*bufp); } bufs.delete(&pid); diff --git a/tools/statsnoop.py b/tools/statsnoop.py index 6cdff9459f62..9c7df0b3584c 100755 --- a/tools/statsnoop.py +++ b/tools/statsnoop.py @@ -84,7 +84,7 @@ } struct data_t data = {.pid = pid}; - bpf_probe_read(&data.fname, sizeof(data.fname), (void *)valp->fname); + bpf_probe_read_user(&data.fname, sizeof(data.fname), (void *)valp->fname); bpf_get_current_comm(&data.comm, sizeof(data.comm)); data.ts_ns = bpf_ktime_get_ns(); data.ret = PT_REGS_RC(ctx);