forked from luck/tmp_suning_uos_patched
63841bc083
Currently, the kprobe BPF program attachment method for bpf_load is quite old. The implementation of bpf_load "directly" controls and manages(create, delete) the kprobe events of DEBUGFS. On the other hand, using using the libbpf automatically manages the kprobe event. (under bpf_link interface) By calling bpf_program__attach(_kprobe) in libbpf, the corresponding kprobe is created and the BPF program will be attached to this kprobe. To remove this, by simply invoking bpf_link__destroy will clean up the event. This commit refactors kprobe tracing programs (tracex{1~7}_user.c) with libbpf using bpf_link interface and bpf_program__attach. tracex2_kern.c, which tracks system calls (sys_*), has been modified to append prefix depending on architecture. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20200516040608.1377876-3-danieltimlee@gmail.com
52 lines
1.1 KiB
C
52 lines
1.1 KiB
C
#define _GNU_SOURCE
|
|
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <bpf/libbpf.h>
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
struct bpf_link *link = NULL;
|
|
struct bpf_program *prog;
|
|
struct bpf_object *obj;
|
|
char filename[256];
|
|
char command[256];
|
|
int ret = 0;
|
|
FILE *f;
|
|
|
|
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
|
obj = bpf_object__open_file(filename, NULL);
|
|
if (libbpf_get_error(obj)) {
|
|
fprintf(stderr, "ERROR: opening BPF object file failed\n");
|
|
return 0;
|
|
}
|
|
|
|
prog = bpf_object__find_program_by_name(obj, "bpf_prog1");
|
|
if (!prog) {
|
|
fprintf(stderr, "ERROR: finding a prog in obj file failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
/* load BPF program */
|
|
if (bpf_object__load(obj)) {
|
|
fprintf(stderr, "ERROR: loading BPF object file failed\n");
|
|
goto cleanup;
|
|
}
|
|
|
|
link = bpf_program__attach(prog);
|
|
if (libbpf_get_error(link)) {
|
|
fprintf(stderr, "ERROR: bpf_program__attach failed\n");
|
|
link = NULL;
|
|
goto cleanup;
|
|
}
|
|
|
|
snprintf(command, 256, "mount %s tmpmnt/", argv[1]);
|
|
f = popen(command, "r");
|
|
ret = pclose(f);
|
|
|
|
cleanup:
|
|
bpf_link__destroy(link);
|
|
bpf_object__close(obj);
|
|
return ret ? 0 : 1;
|
|
}
|