Currently, bpf programs cannot be attached to sys_enter_* and sys_exit_*
style tracepoints. The main reason is that syscalls/sys_enter_* and
syscalls/sys_exit_*
tracepoints are treated differently from other tracepoints and there
is no bpf hook to it.
This patch set adds bpf support for these syscalls tracepoints and also
adds a test case for it.
Changelogs:
v3 -> v4:
- Check the legality of ctx offset access for syscall tracepoint as well.
trace_event_get_offsets will return correct max offset for each
specific syscall tracepoint.
- Use variable length array to avoid hardcode 6 as the maximum
arguments beyond syscall_nr.
v2 -> v3:
- Fix a build issue
v1 -> v2:
- Do not use TRACE_EVENT_FL_CAP_ANY to identify syscall tracepoint.
Instead use trace_event_call->class.
Yonghong Song (2):
bpf: add support for sys_enter_* and sys_exit_* tracepoints
bpf: add a test case for syscalls/sys_{enter|exit}_* tracepoints
include/linux/syscalls.h | 12 ++++++++
kernel/events/core.c | 10 +++---
kernel/trace/trace_syscalls.c | 53 ++++++++++++++++++++++++++++++--
samples/bpf/Makefile | 4 +++
samples/bpf/syscall_tp_kern.c | 62 +++++++++++++++++++++++++++++++++++++
samples/bpf/syscall_tp_user.c | 71 +++++++++++++++++++++++++++++++++++++++++++
6 files changed, 206 insertions(+), 6 deletions(-)
create mode 100644 samples/bpf/syscall_tp_kern.c
create mode 100644 samples/bpf/syscall_tp_user.c
--
2.9.4
