diff --git a/.bpftrace.metadata b/.bpftrace.metadata index fd41863..2952293 100644 --- a/.bpftrace.metadata +++ b/.bpftrace.metadata @@ -1,2 +1,2 @@ -90dc7733b42f9eca714d2d87a4577c9b0a232293 SOURCES/bpftrace-0.16.0.tar.gz +b17c71c9c5a78cbe152b1346e6d18f29eb6e4b9e SOURCES/bpftrace-0.19.1.tar.gz 974ee680e1eb103c415832d69742e194b661da5c SOURCES/cereal-1.3.2.tar.gz diff --git a/.gitignore b/.gitignore index 31f5590..7e70cee 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/bpftrace-0.16.0.tar.gz +SOURCES/bpftrace-0.19.1.tar.gz SOURCES/cereal-1.3.2.tar.gz diff --git a/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch b/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch deleted file mode 100644 index 8c4c547..0000000 --- a/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch +++ /dev/null @@ -1,457 +0,0 @@ -From 7afe3ced2b91d940a8d72755043ac2468687f1ee Mon Sep 17 00:00:00 2001 -From: Viktor Malik -Date: Mon, 10 Oct 2022 14:26:38 +0200 -Subject: [PATCH] IR builder: get rid of getPointerElementType calls - -Usage of Value::getPointerElementType is deprecated and will be dropped -in LLVM 16 [1]. - -There are several places where we use this method: -- function (value) calls - the called function type is usually - available, so just pass it to createCall, the only exception is - CreateProbeReadStr which must have been refactored -- getting the type of alloca instruction - there is a dedicated - AllocaInst::getAllocatedType method that can be used instead -- strncmp - pass sizes of the strings to CreateStrncmp to be able to get - the correct string type (which is array of uint8) - -[1] https://llvm.org/docs/OpaquePointers.html ---- - src/ast/irbuilderbpf.cpp | 143 ++++++++++++-------------------- - src/ast/irbuilderbpf.h | 23 +++-- - src/ast/passes/codegen_llvm.cpp | 30 +++++-- - 3 files changed, 86 insertions(+), 110 deletions(-) - -diff --git a/src/ast/irbuilderbpf.cpp b/src/ast/irbuilderbpf.cpp -index d49883f7..4036b2df 100644 ---- a/src/ast/irbuilderbpf.cpp -+++ b/src/ast/irbuilderbpf.cpp -@@ -288,17 +288,16 @@ CallInst *IRBuilderBPF::CreateHelperCall(libbpf::bpf_func_id func_id, - Constant *helper_func = ConstantExpr::getCast(Instruction::IntToPtr, - getInt64(func_id), - helper_ptr_type); -- return createCall(helper_func, args, Name); -+ return createCall(helper_type, helper_func, args, Name); - } - --CallInst *IRBuilderBPF::createCall(Value *callee, -+CallInst *IRBuilderBPF::createCall(FunctionType *callee_type, -+ Value *callee, - ArrayRef args, - const Twine &Name) - { - #if LLVM_VERSION_MAJOR >= 11 -- auto *calleePtrType = cast(callee->getType()); -- auto *calleeType = cast(calleePtrType->getPointerElementType()); -- return CreateCall(calleeType, callee, args, Name); -+ return CreateCall(callee_type, callee, args, Name); - #else - return CreateCall(callee, args, Name); - #endif -@@ -307,7 +306,7 @@ CallInst *IRBuilderBPF::createCall(Value *callee, - CallInst *IRBuilderBPF::CreateBpfPseudoCallId(int mapid) - { - Function *pseudo_func = module_.getFunction("llvm.bpf.pseudo"); -- return createCall(pseudo_func, -+ return CreateCall(pseudo_func, - { getInt64(BPF_PSEUDO_MAP_FD), getInt64(mapid) }, - "pseudo"); - } -@@ -346,7 +345,8 @@ CallInst *IRBuilderBPF::createMapLookup(int mapid, Value *key) - Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_map_lookup_elem), - lookup_func_ptr_type); -- return createCall(lookup_func, { map_ptr, key }, "lookup_elem"); -+ return createCall( -+ lookup_func_type, lookup_func, { map_ptr, key }, "lookup_elem"); - } - - CallInst *IRBuilderBPF::CreateGetJoinMap(Value *ctx, const location &loc) -@@ -397,8 +397,7 @@ Value *IRBuilderBPF::CreateMapLookupElem(Value *ctx, - CREATE_MEMCPY(value, call, type.GetSize(), 1); - else - { -- assert(value->getType()->isPointerTy() && -- (value->getType()->getPointerElementType() == getInt64Ty())); -+ assert(value->getAllocatedType() == getInt64Ty()); - // createMapLookup returns an u8* - auto *cast = CreatePointerCast(call, value->getType(), "cast"); - CreateStore(CreateLoad(getInt64Ty(), cast), value); -@@ -448,7 +447,8 @@ void IRBuilderBPF::CreateMapUpdateElem(Value *ctx, - Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_map_update_elem), - update_func_ptr_type); -- CallInst *call = createCall(update_func, -+ CallInst *call = createCall(update_func_type, -+ update_func, - { map_ptr, key, val, flags }, - "update_elem"); - CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_map_update_elem, loc); -@@ -472,7 +472,8 @@ void IRBuilderBPF::CreateMapDeleteElem(Value *ctx, - Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_map_delete_elem), - delete_func_ptr_type); -- CallInst *call = createCall(delete_func, { map_ptr, key }, "delete_elem"); -+ CallInst *call = createCall( -+ delete_func_type, delete_func, { map_ptr, key }, "delete_elem"); - CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_map_delete_elem, loc); - } - -@@ -508,72 +509,53 @@ void IRBuilderBPF::CreateProbeRead(Value *ctx, - Constant *proberead_func = ConstantExpr::getCast(Instruction::IntToPtr, - getInt64(read_fn), - proberead_func_ptr_type); -- CallInst *call = createCall(proberead_func, -+ CallInst *call = createCall(proberead_func_type, -+ proberead_func, - { dst, size, src }, - probeReadHelperName(read_fn)); - CreateHelperErrorCond(ctx, call, read_fn, loc); - } - --Constant *IRBuilderBPF::createProbeReadStrFn(llvm::Type *dst, -- llvm::Type *src, -- AddrSpace as) --{ -- assert(src && (src->isIntegerTy() || src->isPointerTy())); -- // int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr) -- FunctionType *probereadstr_func_type = FunctionType::get( -- getInt64Ty(), { dst, getInt32Ty(), src }, false); -- PointerType *probereadstr_func_ptr_type = PointerType::get( -- probereadstr_func_type, 0); -- return ConstantExpr::getCast(Instruction::IntToPtr, -- getInt64(selectProbeReadHelper(as, true)), -- probereadstr_func_ptr_type); --} -- - CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, -- AllocaInst *dst, -+ Value *dst, - size_t size, - Value *src, - AddrSpace as, - const location &loc) - { -- assert(ctx && ctx->getType() == getInt8PtrTy()); - return CreateProbeReadStr(ctx, dst, getInt32(size), src, as, loc); - } - - CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, - Value *dst, -- size_t size, -- Value *src, -- AddrSpace as, -- const location &loc) --{ -- assert(ctx && ctx->getType() == getInt8PtrTy()); -- Constant *fn = createProbeReadStrFn(dst->getType(), src->getType(), as); -- auto read_fn = selectProbeReadHelper(as, true); -- CallInst *call = createCall(fn, -- { dst, getInt32(size), src }, -- probeReadHelperName(read_fn)); -- CreateHelperErrorCond(ctx, call, read_fn, loc); -- return call; --} -- --CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, -- AllocaInst *dst, - llvm::Value *size, - Value *src, - AddrSpace as, - const location &loc) - { - assert(ctx && ctx->getType() == getInt8PtrTy()); -- assert(dst && dst->getAllocatedType()->isArrayTy() && -- dst->getAllocatedType()->getArrayElementType() == getInt8Ty()); - assert(size && size->getType()->isIntegerTy()); -+ if (auto *dst_alloca = dyn_cast(dst)) -+ { -+ assert(dst_alloca->getAllocatedType()->isArrayTy() && -+ dst_alloca->getAllocatedType()->getArrayElementType() == -+ getInt8Ty()); -+ } - -- auto *size_i32 = CreateIntCast(size, getInt32Ty(), false); -+ auto *size_i32 = size; -+ if (size_i32->getType()->getScalarSizeInBits() != 32) -+ size_i32 = CreateIntCast(size_i32, getInt32Ty(), false); - -- Constant *fn = createProbeReadStrFn(dst->getType(), src->getType(), as); - auto read_fn = selectProbeReadHelper(as, true); -- CallInst *call = createCall(fn, -+ // int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr) -+ FunctionType *probereadstr_func_type = FunctionType::get( -+ getInt64Ty(), { dst->getType(), getInt32Ty(), src->getType() }, false); -+ PointerType *probereadstr_func_ptr_type = PointerType::get( -+ probereadstr_func_type, 0); -+ Constant *probereadstr_callee = ConstantExpr::getCast( -+ Instruction::IntToPtr, getInt64(read_fn), probereadstr_func_ptr_type); -+ CallInst *call = createCall(probereadstr_func_type, -+ probereadstr_callee, - { dst, size_i32, src }, - probeReadHelperName(read_fn)); - CreateHelperErrorCond(ctx, call, read_fn, loc); -@@ -732,8 +714,10 @@ Value *IRBuilderBPF::CreateUSDTReadArgument(Value *ctx, - return result; - } - --Value *IRBuilderBPF::CreateStrncmp(Value *val1, -- Value *val2, -+Value *IRBuilderBPF::CreateStrncmp(Value *str1, -+ uint64_t str1_size, -+ Value *str2, -+ uint64_t str2_size, - uint64_t n, - bool inverse) - { -@@ -762,40 +746,21 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, - // Check if the compared strings are literals. - // If so, we can avoid storing the literal in memory. - std::optional literal1; -- if (auto constString1 = dyn_cast(val1)) -+ if (auto constString1 = dyn_cast(str1)) - literal1 = constString1->getAsString(); -- else if (isa(val1)) -+ else if (isa(str1)) - literal1 = ""; - else - literal1 = std::nullopt; - - std::optional literal2; -- if (auto constString2 = dyn_cast(val2)) -+ if (auto constString2 = dyn_cast(str2)) - literal2 = constString2->getAsString(); -- else if (isa(val2)) -+ else if (isa(str2)) - literal2 = ""; - else - literal2 = std::nullopt; - -- auto *val1p = dyn_cast(val1->getType()); -- auto *val2p = dyn_cast(val2->getType()); --#ifndef NDEBUG -- if (!literal1) -- { -- assert(val1p); -- assert(val1p->getPointerElementType()->isArrayTy() && -- val1p->getPointerElementType()->getArrayElementType() == -- getInt8Ty()); -- } -- if (!literal2) -- { -- assert(val2p); -- assert(val2p->getPointerElementType()->isArrayTy() && -- val2p->getPointerElementType()->getArrayElementType() == -- getInt8Ty()); -- } --#endif -- - Function *parent = GetInsertBlock()->getParent(); - AllocaInst *store = CreateAllocaBPF(getInt1Ty(), "strcmp.result"); - BasicBlock *str_ne = BasicBlock::Create(module_.getContext(), -@@ -822,8 +787,8 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, - l = getInt8(literal1->c_str()[i]); - else - { -- auto *ptr_l = CreateGEP(val1p->getPointerElementType(), -- val1, -+ auto *ptr_l = CreateGEP(ArrayType::get(getInt8Ty(), str1_size), -+ str1, - { getInt32(0), getInt32(i) }); - l = CreateLoad(getInt8Ty(), ptr_l); - } -@@ -833,8 +798,8 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, - r = getInt8(literal2->c_str()[i]); - else - { -- auto *ptr_r = CreateGEP(val2p->getPointerElementType(), -- val2, -+ auto *ptr_r = CreateGEP(ArrayType::get(getInt8Ty(), str2_size), -+ str2, - { getInt32(0), getInt32(i) }); - r = CreateLoad(getInt8Ty(), ptr_r); - } -@@ -994,11 +959,9 @@ void IRBuilderBPF::CreateGetCurrentComm(Value *ctx, - size_t size, - const location &loc) - { -- assert(buf->getType()->getPointerElementType()->isArrayTy() && -- buf->getType()->getPointerElementType()->getArrayNumElements() >= -- size && -- buf->getType()->getPointerElementType()->getArrayElementType() == -- getInt8Ty()); -+ assert(buf->getAllocatedType()->isArrayTy() && -+ buf->getAllocatedType()->getArrayNumElements() >= size && -+ buf->getAllocatedType()->getArrayElementType() == getInt8Ty()); - - // long bpf_get_current_comm(char *buf, int size_of_buf) - // Return: 0 on success or negative error -@@ -1077,7 +1040,7 @@ void IRBuilderBPF::CreateSignal(Value *ctx, Value *sig, const location &loc) - Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_send_signal), - signal_func_ptr_type); -- CallInst *call = createCall(signal_func, { sig }, "signal"); -+ CallInst *call = createCall(signal_func_type, signal_func, { sig }, "signal"); - CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_send_signal, loc); - } - -@@ -1091,7 +1054,7 @@ void IRBuilderBPF::CreateOverrideReturn(Value *ctx, Value *rc) - Constant *override_func = ConstantExpr::getCast(Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_override_return), - override_func_ptr_type); -- createCall(override_func, { ctx, rc }, "override"); -+ createCall(override_func_type, override_func, { ctx, rc }, "override"); - } - - CallInst *IRBuilderBPF::CreateSkbOutput(Value *skb, -@@ -1126,7 +1089,8 @@ CallInst *IRBuilderBPF::CreateSkbOutput(Value *skb, - Instruction::IntToPtr, - getInt64(libbpf::BPF_FUNC_skb_output), - skb_output_func_ptr_type); -- CallInst *call = createCall(skb_output_func, -+ CallInst *call = createCall(skb_output_func_type, -+ skb_output_func, - { skb, map_ptr, flags, data, size_val }, - "skb_output"); - return call; -@@ -1320,7 +1284,8 @@ void IRBuilderBPF::CreateSeqPrintf(Value *ctx, - CreateGEP(getInt64Ty(), meta, getInt64(0)), - "seq"); - -- CallInst *call = createCall(seq_printf_func, -+ CallInst *call = createCall(seq_printf_func_type, -+ seq_printf_func, - { seq, fmt, fmt_size, data, data_len }, - "seq_printf"); - CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_seq_printf, loc); -diff --git a/src/ast/irbuilderbpf.h b/src/ast/irbuilderbpf.h -index e124911b..c9ffb545 100644 ---- a/src/ast/irbuilderbpf.h -+++ b/src/ast/irbuilderbpf.h -@@ -90,17 +90,11 @@ public: - AddrSpace as, - const location &loc); - CallInst *CreateProbeReadStr(Value *ctx, -- AllocaInst *dst, -+ Value *dst, - llvm::Value *size, - Value *src, - AddrSpace as, - const location &loc); -- CallInst *CreateProbeReadStr(Value *ctx, -- AllocaInst *dst, -- size_t size, -- Value *src, -- AddrSpace as, -- const location &loc); - CallInst *CreateProbeReadStr(Value *ctx, - Value *dst, - size_t size, -@@ -115,7 +109,12 @@ public: - pid_t pid, - AddrSpace as, - const location &loc); -- Value *CreateStrncmp(Value *val1, Value *val2, uint64_t n, bool inverse); -+ Value *CreateStrncmp(Value *str1, -+ uint64_t str1_size, -+ Value *str2, -+ uint64_t str2_size, -+ uint64_t n, -+ bool inverse); - CallInst *CreateGetNs(bool boot_time, const location &loc); - CallInst *CreateGetPidTgid(const location &loc); - CallInst *CreateGetCurrentCgroupId(const location &loc); -@@ -131,7 +130,10 @@ public: - ArrayRef args, - const Twine &Name, - const location *loc = nullptr); -- CallInst *createCall(Value *callee, ArrayRef args, const Twine &Name); -+ CallInst *createCall(FunctionType *callee_type, -+ Value *callee, -+ ArrayRef args, -+ const Twine &Name); - void CreateGetCurrentComm(Value *ctx, AllocaInst *buf, size_t size, const location& loc); - void CreatePerfEventOutput(Value *ctx, - Value *data, -@@ -185,9 +187,6 @@ private: - AddrSpace as, - const location &loc); - CallInst *createMapLookup(int mapid, Value *key); -- Constant *createProbeReadStrFn(llvm::Type *dst, -- llvm::Type *src, -- AddrSpace as); - libbpf::bpf_func_id selectProbeReadHelper(AddrSpace as, bool str); - - std::map structs_; -diff --git a/src/ast/passes/codegen_llvm.cpp b/src/ast/passes/codegen_llvm.cpp -index a818ca0b..2b888087 100644 ---- a/src/ast/passes/codegen_llvm.cpp -+++ b/src/ast/passes/codegen_llvm.cpp -@@ -1133,8 +1133,12 @@ void CodegenLLVM::visit(Call &call) - auto left_string = getString(left_arg); - auto right_string = getString(right_arg); - -- expr_ = b_.CreateStrncmp( -- left_string.first, right_string.first, size, false); -+ expr_ = b_.CreateStrncmp(left_string.first, -+ left_string.second, -+ right_string.first, -+ right_string.second, -+ size, -+ false); - } - else if (call.func == "override") - { -@@ -1269,8 +1273,7 @@ void CodegenLLVM::visit(Variable &var) - else - { - auto *var_alloca = variables_[var.ident]; -- expr_ = b_.CreateLoad(var_alloca->getType()->getPointerElementType(), -- var_alloca); -+ expr_ = b_.CreateLoad(var_alloca->getAllocatedType(), var_alloca); - } - } - -@@ -1310,7 +1313,12 @@ void CodegenLLVM::binop_string(Binop &binop) - auto right_string = getString(binop.right); - - size_t len = std::min(left_string.second, right_string.second); -- expr_ = b_.CreateStrncmp(left_string.first, right_string.first, len, inverse); -+ expr_ = b_.CreateStrncmp(left_string.first, -+ left_string.second, -+ right_string.first, -+ right_string.second, -+ len, -+ inverse); - } - - void CodegenLLVM::binop_buf(Binop &binop) -@@ -1334,7 +1342,12 @@ void CodegenLLVM::binop_buf(Binop &binop) - - size_t len = std::min(binop.left->type.GetSize(), - binop.right->type.GetSize()); -- expr_ = b_.CreateStrncmp(left_string, right_string, len, inverse); -+ expr_ = b_.CreateStrncmp(left_string, -+ binop.left->type.GetSize(), -+ right_string, -+ binop.right->type.GetSize(), -+ len, -+ inverse); - } - - void CodegenLLVM::binop_int(Binop &binop) -@@ -3528,9 +3541,8 @@ void CodegenLLVM::createIncDec(Unop &unop) - else if (unop.expr->is_variable) - { - Variable &var = static_cast(*unop.expr); -- Value *oldval = b_.CreateLoad( -- variables_[var.ident]->getType()->getPointerElementType(), -- variables_[var.ident]); -+ Value *oldval = b_.CreateLoad(variables_[var.ident]->getAllocatedType(), -+ variables_[var.ident]); - Value *newval; - if (is_increment) - newval = b_.CreateAdd(oldval, b_.GetIntSameSize(step, oldval)); --- -2.38.1 - diff --git a/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch b/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch deleted file mode 100644 index 2e013e6..0000000 --- a/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 652562eef0d53649cf29c256bc20abdffdd195ab Mon Sep 17 00:00:00 2001 -From: Rong Tao -Date: Sat, 1 Oct 2022 16:15:27 +0800 -Subject: [PATCH 1/2] tcpdrop: Fix: ERROR: Error attaching probe: - 'kprobe:tcp_drop' - -kernel commit 8fbf195798b5('tcp_drop() is no longer needed.') remove -the kprobe:tcp_drop, bcc commit 16eab39171eb('Add -tracepoint:skb:kfree_skb if no tcp_drop() kprobe.') already fix this -problem. - -CI old kernel is too old and not support the 'reason' field, move the -old tools/tcpdrop.bt into tools/old/tcpdrop.bt and set the CI to use -it. - -Since 5.17 support trace_kfree_skb(skb, ..., reason) 'reason' field. -Since 5.19 remove tcp_drop() function. - -ERROR log: - - $ sudo ./tcpdrop.bt - ./tcpdrop.bt:49-51: WARNING: tcp_drop is not traceable (either non-existing, inlined, or marked as "notrace"); attaching to it will likely fail - Attaching 3 probes... - cannot attach kprobe, probe entry may not exist - ERROR: Error attaching probe: 'kprobe:tcp_drop' - -Link: https://github.com/iovisor/bpftrace/pull/2379 -Signed-off-by: Rong Tao ---- - tools/old/tcpdrop.bt | 85 ++++++++++++++++++++++++++++++++++++++++++++ - tools/tcpdrop.bt | 22 ++++++------ - 2 files changed, 97 insertions(+), 10 deletions(-) - create mode 100755 tools/old/tcpdrop.bt - -diff --git a/tools/old/tcpdrop.bt b/tools/old/tcpdrop.bt -new file mode 100755 -index 00000000..685a5f6a ---- /dev/null -+++ b/tools/old/tcpdrop.bt -@@ -0,0 +1,85 @@ -+#!/usr/bin/env bpftrace -+/* -+ * tcpdrop.bt Trace TCP kernel-dropped packets/segments. -+ * For Linux, uses bpftrace and eBPF. -+ * -+ * USAGE: tcpdrop.bt -+ * -+ * This is a bpftrace version of the bcc tool of the same name. -+ * It is limited to ipv4 addresses, and cannot show tcp flags. -+ * -+ * This provides information such as packet details, socket state, and kernel -+ * stack trace for packets/segments that were dropped via tcp_drop(). -+ -+ * WARNING: this script attaches to the tcp_drop kprobe which is likely inlined -+ * on newer kernels and not replaced by anything else, therefore -+ * the script will stop working -+ * -+ * For Linux <= 5.18. -+ * -+ * Copyright (c) 2018 Dale Hamel. -+ * Licensed under the Apache License, Version 2.0 (the "License") -+ * -+ * 23-Nov-2018 Dale Hamel created this. -+ */ -+ -+#ifndef BPFTRACE_HAVE_BTF -+#include -+#include -+#else -+#include -+#endif -+ -+BEGIN -+{ -+ printf("Tracing tcp drops. Hit Ctrl-C to end.\n"); -+ printf("%-8s %-8s %-16s %-21s %-21s %-8s\n", "TIME", "PID", "COMM", "SADDR:SPORT", "DADDR:DPORT", "STATE"); -+ -+ // See https://github.com/torvalds/linux/blob/master/include/net/tcp_states.h -+ @tcp_states[1] = "ESTABLISHED"; -+ @tcp_states[2] = "SYN_SENT"; -+ @tcp_states[3] = "SYN_RECV"; -+ @tcp_states[4] = "FIN_WAIT1"; -+ @tcp_states[5] = "FIN_WAIT2"; -+ @tcp_states[6] = "TIME_WAIT"; -+ @tcp_states[7] = "CLOSE"; -+ @tcp_states[8] = "CLOSE_WAIT"; -+ @tcp_states[9] = "LAST_ACK"; -+ @tcp_states[10] = "LISTEN"; -+ @tcp_states[11] = "CLOSING"; -+ @tcp_states[12] = "NEW_SYN_RECV"; -+} -+ -+kprobe:tcp_drop -+{ -+ $sk = ((struct sock *) arg0); -+ $inet_family = $sk->__sk_common.skc_family; -+ -+ if ($inet_family == AF_INET || $inet_family == AF_INET6) { -+ if ($inet_family == AF_INET) { -+ $daddr = ntop($sk->__sk_common.skc_daddr); -+ $saddr = ntop($sk->__sk_common.skc_rcv_saddr); -+ } else { -+ $daddr = ntop($sk->__sk_common.skc_v6_daddr.in6_u.u6_addr8); -+ $saddr = ntop($sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr8); -+ } -+ $lport = $sk->__sk_common.skc_num; -+ $dport = $sk->__sk_common.skc_dport; -+ -+ // Destination port is big endian, it must be flipped -+ $dport = bswap($dport); -+ -+ $state = $sk->__sk_common.skc_state; -+ $statestr = @tcp_states[$state]; -+ -+ time("%H:%M:%S "); -+ printf("%-8d %-16s ", pid, comm); -+ printf("%39s:%-6d %39s:%-6d %-10s\n", $saddr, $lport, $daddr, $dport, $statestr); -+ printf("%s\n", kstack); -+ } -+} -+ -+END -+{ -+ clear(@tcp_states); -+} -diff --git a/tools/tcpdrop.bt b/tools/tcpdrop.bt -index 3450a533..bb31107f 100755 ---- a/tools/tcpdrop.bt -+++ b/tools/tcpdrop.bt -@@ -9,16 +9,15 @@ - * It is limited to ipv4 addresses, and cannot show tcp flags. - * - * This provides information such as packet details, socket state, and kernel -- * stack trace for packets/segments that were dropped via tcp_drop(). -- -- * WARNING: this script attaches to the tcp_drop kprobe which is likely inlined -- * on newer kernels and not replaced by anything else, therefore -- * the script will stop working -- -+ * stack trace for packets/segments that were dropped via kfree_skb. -+ * -+ * For Linux 5.17+ (see tools/old for script for lower versions). -+ * - * Copyright (c) 2018 Dale Hamel. - * Licensed under the Apache License, Version 2.0 (the "License") -- -+ * - * 23-Nov-2018 Dale Hamel created this. -+ * 01-Oct-2022 Rong Tao use tracepoint:skb:kfree_skb - */ - - #ifndef BPFTRACE_HAVE_BTF -@@ -48,12 +47,15 @@ BEGIN - @tcp_states[12] = "NEW_SYN_RECV"; - } - --kprobe:tcp_drop -+tracepoint:skb:kfree_skb - { -- $sk = ((struct sock *) arg0); -+ $reason = args->reason; -+ $skb = (struct sk_buff *)args->skbaddr; -+ $sk = ((struct sock *) $skb->sk); - $inet_family = $sk->__sk_common.skc_family; - -- if ($inet_family == AF_INET || $inet_family == AF_INET6) { -+ if ($reason > SKB_DROP_REASON_NOT_SPECIFIED && -+ ($inet_family == AF_INET || $inet_family == AF_INET6)) { - if ($inet_family == AF_INET) { - $daddr = ntop($sk->__sk_common.skc_daddr); - $saddr = ntop($sk->__sk_common.skc_rcv_saddr); --- -2.38.1 - diff --git a/SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch b/SOURCES/bpftrace-0.19.1-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch similarity index 82% rename from SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch rename to SOURCES/bpftrace-0.19.1-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch index d5f8e7f..9425645 100644 --- a/SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch +++ b/SOURCES/bpftrace-0.19.1-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch @@ -1,7 +1,7 @@ -From b23980e4f6ed33d98f4f09ef25ae17baca215cce Mon Sep 17 00:00:00 2001 +From 8066a715dbd54e6cbfa66176544944a2df7952a6 Mon Sep 17 00:00:00 2001 From: Jerome Marchand Date: Thu, 11 Jun 2020 14:56:36 +0200 -Subject: [PATCH 6/6] RHEL: aarch64: fixes statsnoop and opensnoop +Subject: [PATCH] RHEL: aarch64: fixes statsnoop and opensnoop On aarch64 the open syscall has been dropped. Only openat remains, wich is called by libc open() function. @@ -20,7 +20,7 @@ Signed-off-by: Jerome Marchand 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/tools/opensnoop.bt b/tools/opensnoop.bt -index a7de8026..d99db93e 100755 +index bbb26419..95185e5f 100755 --- a/tools/opensnoop.bt +++ b/tools/opensnoop.bt @@ -21,13 +21,11 @@ BEGIN @@ -30,7 +30,7 @@ index a7de8026..d99db93e 100755 -tracepoint:syscalls:sys_enter_open, tracepoint:syscalls:sys_enter_openat { - @filename[tid] = args->filename; + @filename[tid] = args.filename; } -tracepoint:syscalls:sys_exit_open, @@ -38,11 +38,11 @@ index a7de8026..d99db93e 100755 /@filename[tid]/ { diff --git a/tools/statsnoop.bt b/tools/statsnoop.bt -index b2d529e2..f612ea94 100755 +index a76b2bcc..89c2c8ea 100755 --- a/tools/statsnoop.bt +++ b/tools/statsnoop.bt @@ -30,17 +30,13 @@ tracepoint:syscalls:sys_enter_statfs - @filename[tid] = args->pathname; + @filename[tid] = args.pathname; } -tracepoint:syscalls:sys_enter_statx, @@ -50,7 +50,7 @@ index b2d529e2..f612ea94 100755 -tracepoint:syscalls:sys_enter_newlstat +tracepoint:syscalls:sys_enter_statx { - @filename[tid] = args->filename; + @filename[tid] = args.filename; } tracepoint:syscalls:sys_exit_statfs, @@ -60,7 +60,7 @@ index b2d529e2..f612ea94 100755 +tracepoint:syscalls:sys_exit_statx /@filename[tid]/ { - $ret = args->ret; + $ret = args.ret; -- -2.35.3 +2.41.0 diff --git a/SPECS/bpftrace.spec b/SPECS/bpftrace.spec index bffdf5a..1915841 100644 --- a/SPECS/bpftrace.spec +++ b/SPECS/bpftrace.spec @@ -1,6 +1,6 @@ Name: bpftrace -Version: 0.16.0 -Release: 2%{?dist} +Version: 0.19.1 +Release: 1%{?dist} Summary: High-level tracing language for Linux eBPF License: ASL 2.0 @@ -13,9 +13,6 @@ Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz # for build. Source1: https://github.com/USCiLab/cereal/archive/v%{cereal_version}/cereal-%{cereal_version}.tar.gz -Patch0: %{name}-%{version}-IR-builder-get-rid-of-getPointerElementType-calls.patch -Patch1: %{name}-%{version}-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch - Patch10: %{name}-%{version}-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch # Arches will be included as upstream support is added and dependencies are @@ -60,6 +57,7 @@ CPATH=$PWD/cereal-%{cereal_version}/include:$CPATH export CPATH %cmake . \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DUSE_SYSTEM_BPF_BCC=ON \ -DBUILD_TESTING:BOOL=OFF \ -DBUILD_SHARED_LIBS:BOOL=OFF %cmake_build @@ -95,6 +93,18 @@ find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \ %exclude %{_datadir}/%{name}/tools/old %changelog +* Mon Nov 06 2023 Viktor Malik - 0.19.1-1 +- Rebase on bpftrace 0.19.1 (RHEL-10693) +- Rebuild for LLVM 17 (RHEL-10592) +- Enhancements and fixes for PowerPC (RHEL-3690, RHEL-11476) + +* Mon May 15 2023 Viktor Malik - 0.17.0-2 +- Rebuild for LLVM 16 (rhbz#2192953) + +* Tue Mar 14 2023 Viktor Malik - 0.17.0-1 +- Rebase on bpftrace 0.17.0 (RHEL-286) +- Fix runqlat.bt, tcpdrop.bt, and undump.bt on aarch64 (rhbz#2170838) + * Tue Jan 03 2023 Viktor Malik - 0.16.0-2 - Fix missing kprobe attachpoints for bio* tools (s390x, ppc64le) - Rebuild for libbpf 1.0.0