• A
    bpf: add support for %s specifier to bpf_trace_printk() · 8d3b7dce
    Alexei Starovoitov 提交于
    %s specifier makes bpf program and kernel debugging easier.
    To make sure that trace_printk won't crash the unsafe string
    is copied into stack and unsafe pointer is substituted.
    
    The following C program:
     #include <linux/fs.h>
    int foo(struct pt_regs *ctx, struct filename *filename)
    {
      void *name = 0;
    
      bpf_probe_read(&name, sizeof(name), &filename->name);
      bpf_trace_printk("executed %s\n", name);
      return 0;
    }
    
    when attached to kprobe do_execve()
    will produce output in /sys/kernel/debug/tracing/trace_pipe :
        make-13492 [002] d..1  3250.997277: : executed /bin/sh
          sh-13493 [004] d..1  3250.998716: : executed /usr/bin/gcc
         gcc-13494 [002] d..1  3250.999822: : executed /usr/lib/gcc/x86_64-linux-gnu/4.7/cc1
         gcc-13495 [002] d..1  3251.006731: : executed /usr/bin/as
         gcc-13496 [002] d..1  3251.011831: : executed /usr/lib/gcc/x86_64-linux-gnu/4.7/collect2
    collect2-13497 [000] d..1  3251.012941: : executed /usr/bin/ld
    Suggested-by: NBrendan Gregg <brendan.d.gregg@gmail.com>
    Signed-off-by: NAlexei Starovoitov <ast@plumgrid.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    8d3b7dce
bpf_trace.c 6.8 KB