From 06835f4435a706d2495245116417a48178435c4c Mon Sep 17 00:00:00 2001
From: Serhei Makarov <smakarov@redhat.com>
Date: Wed, 24 Oct 2018 12:46:55 -0400
Subject: [PATCH 08/32] stapbpf assembler WIP #7 :: fixed kernel_string()
tapset and testcase
* tapset/bpf/conversions.stp (kernel_string_n): enable error path.
* tapset/logging.stp (abort): note future work.
* testsuite/systemtap.bpf/bpf_tests/context_vars3.stp: new testcase.
---
tapset/bpf/conversions.stp | 14 ++++++++------
tapset/logging.stp | 4 ++--
testsuite/systemtap.bpf/bpf_tests/context_vars3.stp | 15 +++++++++++++++
3 files changed, 25 insertions(+), 8 deletions(-)
create mode 100644 testsuite/systemtap.bpf/bpf_tests/context_vars3.stp
diff --git a/tapset/bpf/conversions.stp b/tapset/bpf/conversions.stp
index d741ec584..1140a6875 100644
--- a/tapset/bpf/conversions.stp
+++ b/tapset/bpf/conversions.stp
@@ -44,8 +44,10 @@ function kernel_string:string (addr:long, err_msg:string)
0xa5, rc, 0, _err, -; /* jlt $rc, 0, _err */
0xbf, $$, $buf, -, -; /* mov $$, $buf */
0x05, -, -, _done, -; /* ja _done; */
+
label, _err;
0xbf, $$, $err_msg, -, -; /* mov $$, $err_msg */
+
label, _done;
%}
function kernel_string2:string (addr:long, err_msg:string) {
@@ -67,21 +69,21 @@ function kernel_string_n:string (addr:long, n:long)
/* if (n > BPF_MAXSTRINGLEN) n = BPF_MAXSTRINGLEN; */
0xb5, $n, -, _skip, BPF_MAXSTRINGLEN; /* jle n, BPF_MAXSTRINGLEN, _skip */
0xb7, $n, -, -, BPF_MAXSTRINGLEN; /* mov $n, BPF_MAXSTRINGLEN */
- label, _skip;
+ label, _skip;
/* buf = bpf_stk_alloc(BPF_MAXSTRINGLEN);
buf[0] = 0x0; // guarantee NUL byte
rc = bpf_probe_read_str(buf, n, addr); */
alloc, $buf, BPF_MAXSTRINGLEN;
0x62, $buf, -, -, 0x0; /* stw [buf+0], 0 -- guarantee NUL byte */
- call, $rc, probe_read_str, $buf, $n, $addr; /* TODO: should work with bpf_probe_read_str too */
+ call, $rc, probe_read_str, $buf, $n, $addr; /* TODO: should work if the helper is named bpf_probe_read_str() too */
- /* TODO pending implementation of error */
/* if (rc < 0) error("...", addr); */
- /*0x35, $rc, 0, _done, -; /* jge rc, 0, _done */
- /*error, "kernel string copy fault at 0x%p [man error::fault]", $addr; /* TODO document bpf version of error::fault */
- /*label, _done;*/
+ 0x35, $rc, 0, _done, -; /* jge rc, 0, _done */
+ call, -, printf, "ERROR: kernel string copy fault at 0x%p [man error::fault]", $addr; /* TODO document stapbpf version of error::fault */
+ call, -, exit;
+ label, _done;
/* return buf; */
0xbf, $$, $buf, -, -; /* mov $$, buf */
%}
diff --git a/tapset/logging.stp b/tapset/logging.stp
index 839239b8f..441ad2c21 100644
--- a/tapset/logging.stp
+++ b/tapset/logging.stp
@@ -95,8 +95,8 @@ function abort ()
%:
{ /* unprivileged */ /* bpf */
_set_exit_status()
- printf("ERROR: abort() not supported yet\n")
- exit() /* TODO: need to abort the execution flow immediately */
+ printf("ERROR: abort() not supported in eBPF backend\n")
+ exit() /* TODO: need to abort the execution flow immediately -- could be handled with a special assembly operation */
}
%)
%)
diff --git a/testsuite/systemtap.bpf/bpf_tests/context_vars3.stp b/testsuite/systemtap.bpf/bpf_tests/context_vars3.stp
new file mode 100644
index 000000000..97cd338d6
--- /dev/null
+++ b/testsuite/systemtap.bpf/bpf_tests/context_vars3.stp
@@ -0,0 +1,15 @@
+probe begin {
+ printf("BEGIN\n")
+}
+
+probe kernel.function("vfs_read") {
+ if ($file != 0 && $file->f_cred->usage->counter > 0 && $buf != 0) {
+ filename = kernel_string($file->f_path->dentry->d_name->name)
+ printf("found %s\n", filename)
+ exit()
+ }
+}
+
+probe end {
+ printf("END PASS\n")
+}
--
2.14.5