19 May, 2020
1 commit
-
Currently, the kprobe BPF program attachment method for bpf_load is
quite old. The implementation of bpf_load "directly" controls and
manages(create, delete) the kprobe events of DEBUGFS. On the other hand,
using using the libbpf automatically manages the kprobe event.
(under bpf_link interface)By calling bpf_program__attach(_kprobe) in libbpf, the corresponding
kprobe is created and the BPF program will be attached to this kprobe.
To remove this, by simply invoking bpf_link__destroy will clean up the
event.This commit refactors kprobe tracing programs (tracex{1~7}_user.c) with
libbpf using bpf_link interface and bpf_program__attach.tracex2_kern.c, which tracks system calls (sys_*), has been modified to
append prefix depending on architecture.Signed-off-by: Daniel T. Lee
Signed-off-by: Daniel Borkmann
Acked-by: Yonghong Song
Link: https://lore.kernel.org/bpf/20200516040608.1377876-3-danieltimlee@gmail.com
15 May, 2018
1 commit
-
There are two files in the tree called libbpf.h which is becoming
problematic. Most samples don't actually need the local libbpf.h
they simply include it to get to bpf/bpf.h. Include bpf/bpf.h
directly instead.Signed-off-by: Jakub Kicinski
Acked-by: Jesper Dangaard Brouer
Signed-off-by: Alexei Starovoitov
13 Dec, 2017
1 commit
-
This adds a basic test for bpf_override_return to verify it works. We
override the main function for mounting a btrfs fs so it'll return
-ENOMEM and then make sure that trying to mount a btrfs fs will fail.Acked-by: Alexei Starovoitov
Acked-by: Ingo Molnar
Signed-off-by: Josef Bacik
Signed-off-by: Alexei Starovoitov