File perf-augmented_raw_syscalls-support-copying-two-string-syscall-args.patch of Package perf
90
1
From: Arnaldo Carvalho de Melo <acme@redhat.com>2
Date: Tue, 16 Jul 2019 14:55:57 -03003
Subject: perf augmented_raw_syscalls: Support copying two string syscall args4
MIME-Version: 1.05
Content-Type: text/plain; charset=UTF-86
Content-Transfer-Encoding: 8bit7
Git-commit: 8d5da2649d8211e63c5f65ccf8945f2c46a9c0b88
Patch-mainline: v5.4-rc19
References: jsc#SLE-1366110
11
Starting with the renameat and renameat2 syscall, that both receive as12
second and fourth parameters a pathname:13
14
# perf trace -e rename* mv one ANOTHER15
LLVM: dumping /home/acme/git/perf/tools/perf/examples/bpf/augmented_raw_syscalls.o16
mv: cannot stat 'one': No such file or directory17
renameat2(AT_FDCWD, "one", AT_FDCWD, "ANOTHER", RENAME_NOREPLACE) = -1 ENOENT (No such file or directory)18
#19
20
Since the per CPU scratch buffer map has space for two maximum sized21
pathnames, the verifier is satisfied that there will be no overrun.22
23
Cc: Adrian Hunter <adrian.hunter@intel.com>24
Cc: Jiri Olsa <jolsa@kernel.org>25
Cc: Luis Cláudio Gonçalves <lclaudio@redhat.com>26
Cc: Namhyung Kim <namhyung@kernel.org>27
Link: https://lkml.kernel.org/n/tip-x2uboyg5kx2wqeru288209b6@git.kernel.org28
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>29
Signed-off-by: Tony Jones <tonyj@suse.de>30
---31
tools/perf/builtin-trace.c | 2 ++32
tools/perf/examples/bpf/augmented_raw_syscalls.c | 20 ++++++++++++++++++++33
2 files changed, 22 insertions(+)34
35
diff --git a/tools/perf/builtin-trace.c b/tools/perf/builtin-trace.c36
index a681b8c2ee4e..c64f7c99db15 10064437
--- a/tools/perf/builtin-trace.c38
+++ b/tools/perf/builtin-trace.c39
40
{ .name = "recvmsg",41
.arg = { [2] = { .scnprintf = SCA_MSG_FLAGS, /* flags */ }, }, },42
{ .name = "renameat",43
+ .bpf_prog_name = { .sys_enter = "!syscalls:sys_enter_renameat", },44
.arg = { [0] = { .scnprintf = SCA_FDAT, /* olddirfd */ },45
[2] = { .scnprintf = SCA_FDAT, /* newdirfd */ }, }, },46
{ .name = "renameat2",47
+ .bpf_prog_name = { .sys_enter = "!syscalls:sys_enter_renameat", },48
.arg = { [0] = { .scnprintf = SCA_FDAT, /* olddirfd */ },49
[2] = { .scnprintf = SCA_FDAT, /* newdirfd */ },50
[4] = { .scnprintf = SCA_RENAMEAT2_FLAGS, /* flags */ }, }, },51
diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c52
index ce308b9a317c..df52d92e1c69 10064453
--- a/tools/perf/examples/bpf/augmented_raw_syscalls.c54
+++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c55
56
struct augmented_args_filename {57
struct syscall_enter_args args;58
struct augmented_filename filename;59
+ struct augmented_filename filename2;60
};61
62
bpf_map(augmented_filename_map, PERCPU_ARRAY, int, struct augmented_args_filename, 1);63
64
return perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, augmented_args, len);65
}66
67
+SEC("!syscalls:sys_enter_renameat")68
+int sys_enter_renameat(struct syscall_enter_args *args)69
+{70
+ int key = 0;71
+ struct augmented_args_filename *augmented_args = bpf_map_lookup_elem(&augmented_filename_map, &key);72
+ const void *oldpath_arg = (const void *)args->args[1],73
+ *newpath_arg = (const void *)args->args[3];74
+ unsigned int len = sizeof(augmented_args->args), oldpath_len;75
+76
+ if (augmented_args == NULL)77
+ return 1; /* Failure: don't filter */78
+79
+ oldpath_len = augmented_filename__read(&augmented_args->filename, oldpath_arg, sizeof(augmented_args->filename.value));80
+ len += oldpath_len + augmented_filename__read((void *)(&augmented_args->filename) + oldpath_len, newpath_arg, sizeof(augmented_args->filename.value));81
+82
+ /* If perf_event_output fails, return non-zero so that it gets recorded unaugmented */83
+ return perf_event_output(args, &__augmented_syscalls__, BPF_F_CURRENT_CPU, augmented_args, len);84
+}85
+86
SEC("raw_syscalls:sys_enter")87
int sys_enter(struct syscall_enter_args *args)88
{89
90