21 Commits

Author SHA1 Message Date
5c51173830 Implement decoding of BPF_OBJ_GET_INFO_BY_FD command of bpf syscall
* configure.ac (AC_CHECK_MEMBERS): Add union bpf_attr.info.info.
* bpf.c (decode_BPF_OBJ_GET_INFO_BY_FD): New function.
(SYS_FUNC(bpf)) <bpf_cmd_decoders>: Use it.
* NEWS: Mention this.
* tests/bpf.c: Add macro guard for BPF_OBJ_GET_INFO_BY_FD decoder test.
[HAVE_UNION_BPF_ATTR_INFO_INFO] (sample_BPF_OBJ_GET_INFO_BY_FD_attr):
New variable.
[HAVE_UNION_BPF_ATTR_INFO_INFO] (init_BPF_OBJ_GET_INFO_BY_FD_first,
print_BPF_OBJ_GET_INFO_BY_FD_first, init_BPF_OBJ_GET_INFO_BY_FD_attr,
print_BPF_OBJ_GET_INFO_BY_FD_attr): New functions.
(main) [HAVE_UNION_BPF_ATTR_INFO_INFO]: Use them.
2017-11-21 23:12:04 +00:00
3a43ce3c07 Implement decoding of BPF_*_GET_*_ID commands of bpf syscall
* configure.ac: Check for union bpf_attr.next_id.
* bpf.c (decode_BPF_PROG_GET_NEXT_ID, decode_BPF_PROG_GET_FD_BY_ID,
* decode_BPF_MAP_GET_FD_BY_ID): New functions.
(decode_BPF_MAP_GET_NEXT_ID): New macro.
(SYS_FUNC(bpf)) <bpf_cmd_decoders>: Use them.
* NEWS: Mention this.
* tests/bpf.c: Add macro guard for BPF_*_GET_*_ID decoder tests.
[HAVE_UNION_BPF_ATTR_NEXT_ID] (init_BPF_PROG_GET_NEXT_ID_first,
print_BPF_PROG_GET_NEXT_ID_first, init_BPF_PROG_GET_NEXT_ID_attr,
print_BPF_PROG_GET_NEXT_ID_attr, print_BPF_PROG_GET_FD_BY_ID_first,
print_BPF_PROG_GET_FD_BY_ID_attr, print_BPF_MAP_GET_NEXT_ID_first,
print_BPF_MAP_GET_NEXT_ID_attr): New functions.
(init_BPF_MAP_GET_NEXT_ID_first, print_BPF_MAP_GET_NEXT_ID_first,
init_BPF_MAP_GET_NEXT_ID_attr, print_BPF_MAP_GET_NEXT_ID_attr,
init_BPF_PROG_GET_FD_BY_ID_first, init_BPF_PROG_GET_FD_BY_ID_attr,
init_BPF_MAP_GET_FD_BY_ID_first, init_BPF_MAP_GET_FD_BY_ID_attr):
New macros.
(main) [HAVE_UNION_BPF_ATTR_NEXT_ID]: Use them.
2017-11-21 21:08:19 +00:00
875115da2d Implement decoding of BPF_PROG_TEST_RUN command of bpf syscall
* configure.ac: Check for union bpf_attr.test.duration.
* bpf.c (decode_BPF_PROG_TEST_RUN): New function.
(SYS_FUNC(bpf)) <bpf_cmd_decoders>: Use it.
* NEWS: Mention this.
* tests/bpf.c: Include "print_fields.h".
Add macro guard for BPF_PROG_TEST_RUN decoder test.
[HAVE_UNION_BPF_ATTR_TEST_DURATION] (sample_BPF_PROG_TEST_RUN_attr):
New variable.
[HAVE_UNION_BPF_ATTR_TEST_DURATION] (init_BPF_PROG_TEST_RUN_first,
print_BPF_PROG_TEST_RUN_first, init_BPF_PROG_TEST_RUN_attr,
print_BPF_PROG_TEST_RUN_attr): New functions.
(main) [HAVE_UNION_BPF_ATTR_TEST_DURATION]: Use them.
2017-11-20 21:39:59 +00:00
2d95b53db4 bpf: update BPF_MAP_CREATE decoding
Implement decoding of union bpf_attr.numa_node field for BPF_MAP_CREATE
command introduced by linux kernel commit v4.14-rc1~130^2~196^2~1.

* configure.ac: Check for numa_node member of union bpf_attr
instead of inner_map_fd.
(decode_BPF_MAP_CREATE): Add numa_node field to the structure, print it.
* NEWS: Mention this.
* tests/bpf.c: Update macro guards of BPF_MAP_CREATE decoder test.
(init_BPF_MAP_CREATE_first, print_BPF_MAP_CREATE_attr): Update expected
output.
(init_BPF_MAP_CREATE_attr): Initialize numa_node field, update offset.
2017-11-20 21:39:59 +00:00
805d6ea570 bpf: enhance decoding of BPF_MAP_LOOKUP_ELEM and BPF_MAP_GET_NEXT_KEY
Print union bpf_attr.value field of BPF_MAP_LOOKUP_ELEM command
and union bpf_attr.next_key field of BPF_MAP_GET_NEXT_KEY command
on entering syscall.  These fields are addresses specified to the
kernel from userspace.  The amount of data written by the kernel
to these addresses is specified at the map creation time
by BPF_MAP_CREATE command and is not available at this point.

* bpf.c (decode_BPF_MAP_LOOKUP_ELEM): Print union bpf_attr.value
on entering syscall.
(decode_BPF_MAP_GET_NEXT_KEY): Print union bpf_attr.next_key
on entering syscall.
(bpf_map_io): Remove.
* tests/bpf.c (print_BPF_MAP_DELETE_ELEM_first,
print_BPF_MAP_DELETE_ELEM_attr, print_BPF_MAP_GET_NEXT_KEY_first,
print_BPF_MAP_GET_NEXT_KEY_attr): Replace macro redirects with
new functions.
(print_BPF_MAP_LOOKUP_ELEM_first, print_BPF_MAP_LOOKUP_ELEM_attr,
2017-07-27 20:11:33 +00:00
269e7d2a2c bpf: update BPF_MAP_CREATE decoding
Implement decoding of map_flags and inner_map_fd fields of union bpf_attr
for BPF_MAP_CREATE command introduced by linux kernel commits
v4.6-rc1~91^2~108^2~6 and v4.12-rc1~64^3~373^2~2, respectively.

* configure.ac: Check for inner_map_fd member of union bpf_attr
instead of max_entries.
* xlat/bpf_map_flags.in: New file.
* bpf.c: Include "xlat/bpf_map_flags.h".
(decode_BPF_MAP_CREATE): Add map_flags and inner_map_fd fields
to the structure, print them.
* tests/bpf.c: Update macro guards of BPF_MAP_CREATE decoder test.
(init_BPF_MAP_CREATE_first, print_BPF_MAP_CREATE_attr): Update expected
output.
(init_BPF_MAP_CREATE_attr): Initialize map_flags and inner_map_fd
fields, update offset.
2017-07-27 00:44:31 +00:00
c024f1a60f bpf: update BPF_PROG_LOAD decoding
Implement decoding of union bpf_attr.prog_flags field for BPF_PROG_LOAD
command introduced by linux kernel commit v4.12-rc2~34^2~29^2~2.

* configure.ac: Check for prog_flags member of union bpf_attr
instead of kern_version.
* xlat/bpf_prog_flags.in: New file.
* bpf.c: Include "xlat/bpf_prog_flags.h".
(decode_BPF_PROG_LOAD): Add prog_flags field to the structure, print it.
* tests/bpf.c: Update macro guards of BPF_PROG_LOAD decoder test.
(init_BPF_PROG_LOAD_first, print_BPF_PROG_LOAD_attr): Update expected
output.
(init_BPF_PROG_LOAD_attr): Initialize prog_flags field, update offset.
2017-07-27 00:44:31 +00:00
78de224180 bpf: print unused fields of union bpf_attr if one of them is non-zero
When the size argument specifies more data than necessary for the given
command, kernel checks that all unused fields of union bpf_attr are
zero.  Print this extra data when it contains non-zero bytes to enhance
debugging experience.

* bpf.c (decode_attr_extra_data): New function.
(decode_BPF_MAP_CREATE, decode_BPF_MAP_UPDATE_ELEM,
decode_BPF_MAP_DELETE_ELEM, bpf_map_io, decode_BPF_PROG_LOAD,
decode_BPF_OBJ_PIN, decode_BPF_OBJ_GET, decode_BPF_PROG_ATTACH,
decode_BPF_PROG_DETACH): Use it to print extra data passed
via bpf_attr pointer.
(bpf_obj_manage, bpf_prog_attach_detach): Remove.
* tests/bpf.c (map_delete_elem): New function.
(main): Use it.
2017-07-26 10:28:25 +00:00
26b3867cef bpf: change handling of big and unaccessible data to match the kernel
When the size argument exceeds PAGE_SIZE, the kernel fails with E2BIG
without parsing union bpf_attr.
When the whole chunk of memory specified by addr and size arguments is
not readable, the kernel fails with EFAULT.

* bpf.c (DECL_BPF_CMD_DECODER) <bpf_cmd_decoder>: Add const qualifier
to size argument, add data argument.
(decode_BPF_MAP_CREATE, decode_BPF_MAP_UPDATE_ELEM,
decode_BPF_MAP_DELETE_ELEM, bpf_map_io, decode_BPF_PROG_LOAD,
bpf_obj_manage, bpf_prog_attach_detach): Move size argument check and
memory fetching ...
(SYS_FUNC(bpf)) ... here, add PAGE_SIZE check, pass fetched memory
to command-specific parsers.
2017-07-26 10:28:25 +00:00
055e9527bf bpf: replace big switch statement with a dispatch table
* bpf.c (DECL_BPF_CMD_DECODER, DEF_BPF_CMD_DECODER, BPF_CMD_ENTRY):
New macros.
(bpf_cmd_decoder_t): New typedef.
Rename static parser functions using DEF_BPF_CMD_DECODER.
(decode_BPF_MAP_LOOKUP_ELEM, decode_BPF_MAP_GET_NEXT_KEY): New proxy
functions.
(SYS_FUNC(bpf)): Replace big switch statement with a dispatch table.
2017-07-25 12:47:19 +00:00
63ea6d172d bpf: use PRINT_FIELD_* macros
* print_fields.h (PRINT_FIELD_STR, PRINT_FIELD_PATH): New macros.
* bpf.c: Include "print_fields.h".
(bpf_map_create): Use PRINT_FIELD_U and PRINT_FIELD_XVAL.
(bpf_map_update_elem): Use PRINT_FIELD_FD, PRINT_FIELD_X, and
PRINT_FIELD_XVAL.
(bpf_map_delete_elem, bpf_map_io): Use PRINT_FIELD_FD and PRINT_FIELD_X.
(bpf_prog_load): Use PRINT_FIELD_STR, PRINT_FIELD_U, PRINT_FIELD_X,
and PRINT_FIELD_XVAL.
(bpf_obj_manage): Use PRINT_FIELD_FD and PRINT_FIELD_PATH.
(bpf_prog_attach_detach): Use PRINT_FIELD_FD, PRINT_FIELD_FLAGS,
and PRINT_FIELD_XVAL.
2017-07-25 12:47:19 +00:00
184e94ba05 Fix a few spacing style issues
Reported by kernel's checkpatch.pl script.
2017-06-17 22:54:08 +00:00
55d126a8d7 Use tprints instead of tprintf in a few more places
* bpf.c (bpf_obj_manage, bpf_prog_attach_detach): Replace tprintf
with tprints for printing strings without format specifiers.
* dm.c (dm_decode_dm_target_spec): Likewise.
* mq.c (SYS_FUNC(mq_timedreceive)): Likewise.
* perf.c (print_perf_event_attr): Likewise.
* syscall.c (trace_syscall_exiting): Likewise.
2017-02-17 23:19:58 +00:00
5b2e59a413 bpf: update BPF_PROG_ATTACH decoding
Implement decoding of BPF_F_ALLOW_OVERRIDE flag of BPF_PROG_ATTACH
command introduced by linux kernel commit v4.10-rc7-174-g7f67763.

* configure.ac: Check for union bpf_attr.attach_flags
instead of union bpf_attr.attach_type.
* xlat/bpf_attach_flags.in: New file.
* bpf.c: Include "xlat/bpf_attach_flags.h".
(bpf_prog_attach_detach): Rename print_attach_bpf_fd argument
to print_attach.  Add attach_flags field to the structure,
print it in case of BPF_PROG_ATTACH.
* tests/bpf.c: Check for HAVE_UNION_BPF_ATTR_ATTACH_FLAGS
instead of HAVE_UNION_BPF_ATTR_ATTACH_TYPE.
(prog_cgroup): Initialize attach_flags field.
(main): Update expected output.
2017-02-17 00:05:00 +00:00
3c356c40e4 bpf: move common code to a separate function
* bpf.c (bpf_prog_attach_detach): New function.
(bpf_prog_attach, bpf_prog_detach): Use it.
2017-01-29 23:54:54 +00:00
Quentin Monnet
0a8dd6a68c Update bpf syscall decoding
Implement decoding of BPF_OBJ_PIN, BPF_OBJ_GET, BPF_PROG_ATTACH,
and BPF_PROG_DETACH commands.

* bpf.c: Include "xlat/bpf_attach_type.h".
(bpf_obj_manage, bpf_prog_attach, bpf_prog_detach): New functions.
(SYS_FUNC(bpf)): Use them.
* configure.ac: Check for union bpf_attr.bpf_fd and union
bpf_attr.attach_type.
* xlat/bpf_attach_type.in: New file.
* xlat/bpf_commands.in: Update list of BPF_* command constants.
* xlat/bpf_map_types.in: Update list of BPF_MAP_TYPE_* constants.
* xlat/bpf_prog_types.in: Update list of BPF_PROG_TYPE_* constants.
* tests/bpf.c [HAVE_UNION_BPF_ATTR_BPF_FD] (obj_manage): New function.
[HAVE_UNION_BPF_ATTR_ATTACH_TYPE] (prog_cgroup): Likewise.
(main): Use them.
2017-01-29 21:54:43 +00:00
7fa3d78319 Automatically replace kernel_(scno|ureg)_t with kernel_ulong_t
Remove temporary types created for transition from long
to kernel_ulong_t.

Automatically replace kernel_scno_t and kernel_ureg_t with
kernel_ulong_t using
$ git grep -El 'kernel_(scno|ureg)_t' |
  xargs sed -ri 's/kernel_(scno|ureg)_t/kernel_ulong_t/g'

* kernel_types.h (kernel_scno_t, kernel_ureg_t): Remove.
All users updated.
2016-12-26 10:43:34 +00:00
a940d1a60f printstr: rename to printstrn, add printstr as a thin wrapper
As about half of all printstr uses cases are invocations with the last
argument set to -1, create a dedicated function for this use case.

* defs.h (printstr): Rename to printstrn.  All callers updated.
(printstr): New static inline function.  All callers updated.
2016-12-25 11:32:45 +00:00
c96d9f17b1 bpf: change address argument type from long to kernel_ureg_t
* bpf.c (bpf_map_create, bpf_map_update_elem, bpf_map_delete_elem,
bpf_map_io, bpf_prog_load, SYS_FUNC(bpf)): Change address argument
type from long to kernel_ureg_t.
2016-12-25 11:32:44 +00:00
18d921da6d Fix decoding of BPF_MAP_UPDATE_ELEM flags
* bpf.c (bpf_map_update_elem): Print attr.flags using printxval64.
2016-05-16 21:47:09 +00:00
ddb53dd142 Implement bpf syscall decoding
* bpf.c: New file.
* Makefile.am (strace_SOURCES): Add it.
* configure.ac (AC_CHECK_HEADERS): Add linux/bpf.h.
* linux/dummy.h (sys_bpf): Remove.
* pathtrace.c (pathtrace_match): Add SEN_bpf.
* xlat/bpf_commands.in: New file.
* xlat/bpf_map_types.in: New file.
* xlat/bpf_map_update_elem_flags.in: New file.
* xlat/bpf_prog_types.in: New file.
* tests/bpf.c: New file.
* tests/bpf.test: New test.
* tests/Makefile.am (check_PROGRAMS): Add bpf.
(TESTS): Add bpf.test.
* tests/.gitignore: Add bpf.
2015-07-27 15:27:43 +00:00