On 6/12/15 12:27 PM, Arnaldo Carvalho de Melo wrote:
Alexei, is this already possible with eBPF?
I want to decode that attr_uptr thing :-)
yes, it's already possible :)
Here is working example from our experimental c+python thingy:
#!/usr/bin/env python
from bpf import BPF
from subprocess import call
prog = """
#include <uapi/linux/ptrace.h>
#include <uapi/linux/perf_event.h>
int hello(struct pt_regs *ctx)
{
struct perf_event_attr attr = {};
bpf_probe_read(&attr, sizeof(attr), (void *) ctx->di);
char fmt[] = "type %x size %d config %d\\n";
bpf_trace_printk(fmt, sizeof(fmt), attr.type, attr.size, attr.config);
return 0;
}
"""
b = BPF(text=prog)
fn = b.load_func("hello", BPF.KPROBE)
BPF.attach_kprobe(fn, "SYSC_perf_event_open")
try:
call(["cat", "/sys/kernel/debug/tracing/trace_pipe"])
except KeyboardInterrupt:
pass
running above gives me output:
# ./example.py
perf_4.1.0-5544 [001] d.h3 3818.231428: : type 1 size 0 config 0
perf_4.1.0-5544 [001] d.h3 3818.231494: : type 0 size 112 config 0
perf_4.1.0-5544 [001] d.h3 3818.231530: : type 0 size 112 config 0
perf_4.1.0-5544 [001] d.h3 3818.231554: : type 0 size 112 config 0
perf_4.1.0-5544 [001] d.h3 3818.231564: : type 0 size 112 config 0
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
