From: Daniel Borkmann Date: Mon, 23 Jan 2023 19:53:02 +0000 (+0100) Subject: Merge branch 'libbpf-extend-arguments-tracing' X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=ea403bb7b3151aed007220b9dd4acd1763c33dd4;p=linux.git Merge branch 'libbpf-extend-arguments-tracing' Andrii Nakryiko says: ==================== This patch set fixes and extends libbpf's bpf_tracing.h support for tracing arguments of kprobes/uprobes, and syscall as a special case. Depending on the architecture, anywhere between 3 and 8 arguments can be passed to a function in registers (so relevant to kprobes and uprobes), but before this patch set libbpf's macros in bpf_tracing.h only supported up to 5 arguments, which is limiting in practice. This patch set extends bpf_tracing.h to support up to 8 arguments, if architecture allows. This includes explicit PT_REGS_PARMx() macro family, as well as BPF_KPROBE() macro. Now, with tracing syscall arguments situation is sometimes quite different. For a lot of architectures syscall argument passing through registers differs from function call sequence at least a little. For i386 it differs *a lot*. This patch set addresses this issue across all currently supported architectures and hopefully fixes existing issues. syscall(2) manpage defines that either 6 or 7 arguments can be supported, depending on architecture, so libbpf defines 6 or 7 registers per architecture to be used to fetch syscall arguments. Also, BPF_UPROBE and BPF_URETPROBE are introduced as part of this patch set. They are aliases for BPF_KPROBE and BPF_KRETPROBE (as mechanics of argument fetching of kernel functions and user-space functions are identical), but it allows BPF users to have less confusing BPF-side code when working with uprobes. For both sets of changes selftests are extended to test these new register definitions to architecture-defined limits. Unfortunately I don't have ability to test it on all architectures, and BPF CI only tests 3 architecture (x86-64, arm64, and s390x), so it would be greatly appreciated if people with access to architectures other than above 3 helped review and test changes. ==================== Signed-off-by: Daniel Borkmann --- ea403bb7b3151aed007220b9dd4acd1763c33dd4