forked from Minki/linux
63841bc083
Currently, the kprobe BPF program attachment method for bpf_load is quite old. The implementation of bpf_load "directly" controls and manages(create, delete) the kprobe events of DEBUGFS. On the other hand, using using the libbpf automatically manages the kprobe event. (under bpf_link interface) By calling bpf_program__attach(_kprobe) in libbpf, the corresponding kprobe is created and the BPF program will be attached to this kprobe. To remove this, by simply invoking bpf_link__destroy will clean up the event. This commit refactors kprobe tracing programs (tracex{1~7}_user.c) with libbpf using bpf_link interface and bpf_program__attach. tracex2_kern.c, which tracks system calls (sys_*), has been modified to append prefix depending on architecture. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Yonghong Song <yhs@fb.com> Link: https://lore.kernel.org/bpf/20200516040608.1377876-3-danieltimlee@gmail.com
14 lines
286 B
C
14 lines
286 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
#ifndef __TRACE_COMMON_H
|
|
#define __TRACE_COMMON_H
|
|
|
|
#ifdef __x86_64__
|
|
#define SYSCALL(SYS) "__x64_" __stringify(SYS)
|
|
#elif defined(__s390x__)
|
|
#define SYSCALL(SYS) "__s390x_" __stringify(SYS)
|
|
#else
|
|
#define SYSCALL(SYS) __stringify(SYS)
|
|
#endif
|
|
|
|
#endif
|