commit 668ea8fd9be5b3091a550545be37b7a0c7128d3e Author: MSVSphere Packaging Team Date: Thu Apr 13 21:38:04 2023 +0300 import bpftrace-0.16.0-2.el9 diff --git a/.bpftrace.metadata b/.bpftrace.metadata new file mode 100644 index 0000000..fd41863 --- /dev/null +++ b/.bpftrace.metadata @@ -0,0 +1,2 @@ +90dc7733b42f9eca714d2d87a4577c9b0a232293 SOURCES/bpftrace-0.16.0.tar.gz +974ee680e1eb103c415832d69742e194b661da5c SOURCES/cereal-1.3.2.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..31f5590 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/bpftrace-0.16.0.tar.gz +SOURCES/cereal-1.3.2.tar.gz diff --git a/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch b/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch new file mode 100644 index 0000000..8c4c547 --- /dev/null +++ b/SOURCES/bpftrace-0.16.0-IR-builder-get-rid-of-getPointerElementType-calls.patch @@ -0,0 +1,457 @@ +From 7afe3ced2b91d940a8d72755043ac2468687f1ee Mon Sep 17 00:00:00 2001 +From: Viktor Malik +Date: Mon, 10 Oct 2022 14:26:38 +0200 +Subject: [PATCH] IR builder: get rid of getPointerElementType calls + +Usage of Value::getPointerElementType is deprecated and will be dropped +in LLVM 16 [1]. + +There are several places where we use this method: +- function (value) calls - the called function type is usually + available, so just pass it to createCall, the only exception is + CreateProbeReadStr which must have been refactored +- getting the type of alloca instruction - there is a dedicated + AllocaInst::getAllocatedType method that can be used instead +- strncmp - pass sizes of the strings to CreateStrncmp to be able to get + the correct string type (which is array of uint8) + +[1] https://llvm.org/docs/OpaquePointers.html +--- + src/ast/irbuilderbpf.cpp | 143 ++++++++++++-------------------- + src/ast/irbuilderbpf.h | 23 +++-- + src/ast/passes/codegen_llvm.cpp | 30 +++++-- + 3 files changed, 86 insertions(+), 110 deletions(-) + +diff --git a/src/ast/irbuilderbpf.cpp b/src/ast/irbuilderbpf.cpp +index d49883f7..4036b2df 100644 +--- a/src/ast/irbuilderbpf.cpp ++++ b/src/ast/irbuilderbpf.cpp +@@ -288,17 +288,16 @@ CallInst *IRBuilderBPF::CreateHelperCall(libbpf::bpf_func_id func_id, + Constant *helper_func = ConstantExpr::getCast(Instruction::IntToPtr, + getInt64(func_id), + helper_ptr_type); +- return createCall(helper_func, args, Name); ++ return createCall(helper_type, helper_func, args, Name); + } + +-CallInst *IRBuilderBPF::createCall(Value *callee, ++CallInst *IRBuilderBPF::createCall(FunctionType *callee_type, ++ Value *callee, + ArrayRef args, + const Twine &Name) + { + #if LLVM_VERSION_MAJOR >= 11 +- auto *calleePtrType = cast(callee->getType()); +- auto *calleeType = cast(calleePtrType->getPointerElementType()); +- return CreateCall(calleeType, callee, args, Name); ++ return CreateCall(callee_type, callee, args, Name); + #else + return CreateCall(callee, args, Name); + #endif +@@ -307,7 +306,7 @@ CallInst *IRBuilderBPF::createCall(Value *callee, + CallInst *IRBuilderBPF::CreateBpfPseudoCallId(int mapid) + { + Function *pseudo_func = module_.getFunction("llvm.bpf.pseudo"); +- return createCall(pseudo_func, ++ return CreateCall(pseudo_func, + { getInt64(BPF_PSEUDO_MAP_FD), getInt64(mapid) }, + "pseudo"); + } +@@ -346,7 +345,8 @@ CallInst *IRBuilderBPF::createMapLookup(int mapid, Value *key) + Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_map_lookup_elem), + lookup_func_ptr_type); +- return createCall(lookup_func, { map_ptr, key }, "lookup_elem"); ++ return createCall( ++ lookup_func_type, lookup_func, { map_ptr, key }, "lookup_elem"); + } + + CallInst *IRBuilderBPF::CreateGetJoinMap(Value *ctx, const location &loc) +@@ -397,8 +397,7 @@ Value *IRBuilderBPF::CreateMapLookupElem(Value *ctx, + CREATE_MEMCPY(value, call, type.GetSize(), 1); + else + { +- assert(value->getType()->isPointerTy() && +- (value->getType()->getPointerElementType() == getInt64Ty())); ++ assert(value->getAllocatedType() == getInt64Ty()); + // createMapLookup returns an u8* + auto *cast = CreatePointerCast(call, value->getType(), "cast"); + CreateStore(CreateLoad(getInt64Ty(), cast), value); +@@ -448,7 +447,8 @@ void IRBuilderBPF::CreateMapUpdateElem(Value *ctx, + Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_map_update_elem), + update_func_ptr_type); +- CallInst *call = createCall(update_func, ++ CallInst *call = createCall(update_func_type, ++ update_func, + { map_ptr, key, val, flags }, + "update_elem"); + CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_map_update_elem, loc); +@@ -472,7 +472,8 @@ void IRBuilderBPF::CreateMapDeleteElem(Value *ctx, + Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_map_delete_elem), + delete_func_ptr_type); +- CallInst *call = createCall(delete_func, { map_ptr, key }, "delete_elem"); ++ CallInst *call = createCall( ++ delete_func_type, delete_func, { map_ptr, key }, "delete_elem"); + CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_map_delete_elem, loc); + } + +@@ -508,72 +509,53 @@ void IRBuilderBPF::CreateProbeRead(Value *ctx, + Constant *proberead_func = ConstantExpr::getCast(Instruction::IntToPtr, + getInt64(read_fn), + proberead_func_ptr_type); +- CallInst *call = createCall(proberead_func, ++ CallInst *call = createCall(proberead_func_type, ++ proberead_func, + { dst, size, src }, + probeReadHelperName(read_fn)); + CreateHelperErrorCond(ctx, call, read_fn, loc); + } + +-Constant *IRBuilderBPF::createProbeReadStrFn(llvm::Type *dst, +- llvm::Type *src, +- AddrSpace as) +-{ +- assert(src && (src->isIntegerTy() || src->isPointerTy())); +- // int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr) +- FunctionType *probereadstr_func_type = FunctionType::get( +- getInt64Ty(), { dst, getInt32Ty(), src }, false); +- PointerType *probereadstr_func_ptr_type = PointerType::get( +- probereadstr_func_type, 0); +- return ConstantExpr::getCast(Instruction::IntToPtr, +- getInt64(selectProbeReadHelper(as, true)), +- probereadstr_func_ptr_type); +-} +- + CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, +- AllocaInst *dst, ++ Value *dst, + size_t size, + Value *src, + AddrSpace as, + const location &loc) + { +- assert(ctx && ctx->getType() == getInt8PtrTy()); + return CreateProbeReadStr(ctx, dst, getInt32(size), src, as, loc); + } + + CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, + Value *dst, +- size_t size, +- Value *src, +- AddrSpace as, +- const location &loc) +-{ +- assert(ctx && ctx->getType() == getInt8PtrTy()); +- Constant *fn = createProbeReadStrFn(dst->getType(), src->getType(), as); +- auto read_fn = selectProbeReadHelper(as, true); +- CallInst *call = createCall(fn, +- { dst, getInt32(size), src }, +- probeReadHelperName(read_fn)); +- CreateHelperErrorCond(ctx, call, read_fn, loc); +- return call; +-} +- +-CallInst *IRBuilderBPF::CreateProbeReadStr(Value *ctx, +- AllocaInst *dst, + llvm::Value *size, + Value *src, + AddrSpace as, + const location &loc) + { + assert(ctx && ctx->getType() == getInt8PtrTy()); +- assert(dst && dst->getAllocatedType()->isArrayTy() && +- dst->getAllocatedType()->getArrayElementType() == getInt8Ty()); + assert(size && size->getType()->isIntegerTy()); ++ if (auto *dst_alloca = dyn_cast(dst)) ++ { ++ assert(dst_alloca->getAllocatedType()->isArrayTy() && ++ dst_alloca->getAllocatedType()->getArrayElementType() == ++ getInt8Ty()); ++ } + +- auto *size_i32 = CreateIntCast(size, getInt32Ty(), false); ++ auto *size_i32 = size; ++ if (size_i32->getType()->getScalarSizeInBits() != 32) ++ size_i32 = CreateIntCast(size_i32, getInt32Ty(), false); + +- Constant *fn = createProbeReadStrFn(dst->getType(), src->getType(), as); + auto read_fn = selectProbeReadHelper(as, true); +- CallInst *call = createCall(fn, ++ // int bpf_probe_read_str(void *dst, int size, const void *unsafe_ptr) ++ FunctionType *probereadstr_func_type = FunctionType::get( ++ getInt64Ty(), { dst->getType(), getInt32Ty(), src->getType() }, false); ++ PointerType *probereadstr_func_ptr_type = PointerType::get( ++ probereadstr_func_type, 0); ++ Constant *probereadstr_callee = ConstantExpr::getCast( ++ Instruction::IntToPtr, getInt64(read_fn), probereadstr_func_ptr_type); ++ CallInst *call = createCall(probereadstr_func_type, ++ probereadstr_callee, + { dst, size_i32, src }, + probeReadHelperName(read_fn)); + CreateHelperErrorCond(ctx, call, read_fn, loc); +@@ -732,8 +714,10 @@ Value *IRBuilderBPF::CreateUSDTReadArgument(Value *ctx, + return result; + } + +-Value *IRBuilderBPF::CreateStrncmp(Value *val1, +- Value *val2, ++Value *IRBuilderBPF::CreateStrncmp(Value *str1, ++ uint64_t str1_size, ++ Value *str2, ++ uint64_t str2_size, + uint64_t n, + bool inverse) + { +@@ -762,40 +746,21 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, + // Check if the compared strings are literals. + // If so, we can avoid storing the literal in memory. + std::optional literal1; +- if (auto constString1 = dyn_cast(val1)) ++ if (auto constString1 = dyn_cast(str1)) + literal1 = constString1->getAsString(); +- else if (isa(val1)) ++ else if (isa(str1)) + literal1 = ""; + else + literal1 = std::nullopt; + + std::optional literal2; +- if (auto constString2 = dyn_cast(val2)) ++ if (auto constString2 = dyn_cast(str2)) + literal2 = constString2->getAsString(); +- else if (isa(val2)) ++ else if (isa(str2)) + literal2 = ""; + else + literal2 = std::nullopt; + +- auto *val1p = dyn_cast(val1->getType()); +- auto *val2p = dyn_cast(val2->getType()); +-#ifndef NDEBUG +- if (!literal1) +- { +- assert(val1p); +- assert(val1p->getPointerElementType()->isArrayTy() && +- val1p->getPointerElementType()->getArrayElementType() == +- getInt8Ty()); +- } +- if (!literal2) +- { +- assert(val2p); +- assert(val2p->getPointerElementType()->isArrayTy() && +- val2p->getPointerElementType()->getArrayElementType() == +- getInt8Ty()); +- } +-#endif +- + Function *parent = GetInsertBlock()->getParent(); + AllocaInst *store = CreateAllocaBPF(getInt1Ty(), "strcmp.result"); + BasicBlock *str_ne = BasicBlock::Create(module_.getContext(), +@@ -822,8 +787,8 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, + l = getInt8(literal1->c_str()[i]); + else + { +- auto *ptr_l = CreateGEP(val1p->getPointerElementType(), +- val1, ++ auto *ptr_l = CreateGEP(ArrayType::get(getInt8Ty(), str1_size), ++ str1, + { getInt32(0), getInt32(i) }); + l = CreateLoad(getInt8Ty(), ptr_l); + } +@@ -833,8 +798,8 @@ Value *IRBuilderBPF::CreateStrncmp(Value *val1, + r = getInt8(literal2->c_str()[i]); + else + { +- auto *ptr_r = CreateGEP(val2p->getPointerElementType(), +- val2, ++ auto *ptr_r = CreateGEP(ArrayType::get(getInt8Ty(), str2_size), ++ str2, + { getInt32(0), getInt32(i) }); + r = CreateLoad(getInt8Ty(), ptr_r); + } +@@ -994,11 +959,9 @@ void IRBuilderBPF::CreateGetCurrentComm(Value *ctx, + size_t size, + const location &loc) + { +- assert(buf->getType()->getPointerElementType()->isArrayTy() && +- buf->getType()->getPointerElementType()->getArrayNumElements() >= +- size && +- buf->getType()->getPointerElementType()->getArrayElementType() == +- getInt8Ty()); ++ assert(buf->getAllocatedType()->isArrayTy() && ++ buf->getAllocatedType()->getArrayNumElements() >= size && ++ buf->getAllocatedType()->getArrayElementType() == getInt8Ty()); + + // long bpf_get_current_comm(char *buf, int size_of_buf) + // Return: 0 on success or negative error +@@ -1077,7 +1040,7 @@ void IRBuilderBPF::CreateSignal(Value *ctx, Value *sig, const location &loc) + Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_send_signal), + signal_func_ptr_type); +- CallInst *call = createCall(signal_func, { sig }, "signal"); ++ CallInst *call = createCall(signal_func_type, signal_func, { sig }, "signal"); + CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_send_signal, loc); + } + +@@ -1091,7 +1054,7 @@ void IRBuilderBPF::CreateOverrideReturn(Value *ctx, Value *rc) + Constant *override_func = ConstantExpr::getCast(Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_override_return), + override_func_ptr_type); +- createCall(override_func, { ctx, rc }, "override"); ++ createCall(override_func_type, override_func, { ctx, rc }, "override"); + } + + CallInst *IRBuilderBPF::CreateSkbOutput(Value *skb, +@@ -1126,7 +1089,8 @@ CallInst *IRBuilderBPF::CreateSkbOutput(Value *skb, + Instruction::IntToPtr, + getInt64(libbpf::BPF_FUNC_skb_output), + skb_output_func_ptr_type); +- CallInst *call = createCall(skb_output_func, ++ CallInst *call = createCall(skb_output_func_type, ++ skb_output_func, + { skb, map_ptr, flags, data, size_val }, + "skb_output"); + return call; +@@ -1320,7 +1284,8 @@ void IRBuilderBPF::CreateSeqPrintf(Value *ctx, + CreateGEP(getInt64Ty(), meta, getInt64(0)), + "seq"); + +- CallInst *call = createCall(seq_printf_func, ++ CallInst *call = createCall(seq_printf_func_type, ++ seq_printf_func, + { seq, fmt, fmt_size, data, data_len }, + "seq_printf"); + CreateHelperErrorCond(ctx, call, libbpf::BPF_FUNC_seq_printf, loc); +diff --git a/src/ast/irbuilderbpf.h b/src/ast/irbuilderbpf.h +index e124911b..c9ffb545 100644 +--- a/src/ast/irbuilderbpf.h ++++ b/src/ast/irbuilderbpf.h +@@ -90,17 +90,11 @@ public: + AddrSpace as, + const location &loc); + CallInst *CreateProbeReadStr(Value *ctx, +- AllocaInst *dst, ++ Value *dst, + llvm::Value *size, + Value *src, + AddrSpace as, + const location &loc); +- CallInst *CreateProbeReadStr(Value *ctx, +- AllocaInst *dst, +- size_t size, +- Value *src, +- AddrSpace as, +- const location &loc); + CallInst *CreateProbeReadStr(Value *ctx, + Value *dst, + size_t size, +@@ -115,7 +109,12 @@ public: + pid_t pid, + AddrSpace as, + const location &loc); +- Value *CreateStrncmp(Value *val1, Value *val2, uint64_t n, bool inverse); ++ Value *CreateStrncmp(Value *str1, ++ uint64_t str1_size, ++ Value *str2, ++ uint64_t str2_size, ++ uint64_t n, ++ bool inverse); + CallInst *CreateGetNs(bool boot_time, const location &loc); + CallInst *CreateGetPidTgid(const location &loc); + CallInst *CreateGetCurrentCgroupId(const location &loc); +@@ -131,7 +130,10 @@ public: + ArrayRef args, + const Twine &Name, + const location *loc = nullptr); +- CallInst *createCall(Value *callee, ArrayRef args, const Twine &Name); ++ CallInst *createCall(FunctionType *callee_type, ++ Value *callee, ++ ArrayRef args, ++ const Twine &Name); + void CreateGetCurrentComm(Value *ctx, AllocaInst *buf, size_t size, const location& loc); + void CreatePerfEventOutput(Value *ctx, + Value *data, +@@ -185,9 +187,6 @@ private: + AddrSpace as, + const location &loc); + CallInst *createMapLookup(int mapid, Value *key); +- Constant *createProbeReadStrFn(llvm::Type *dst, +- llvm::Type *src, +- AddrSpace as); + libbpf::bpf_func_id selectProbeReadHelper(AddrSpace as, bool str); + + std::map structs_; +diff --git a/src/ast/passes/codegen_llvm.cpp b/src/ast/passes/codegen_llvm.cpp +index a818ca0b..2b888087 100644 +--- a/src/ast/passes/codegen_llvm.cpp ++++ b/src/ast/passes/codegen_llvm.cpp +@@ -1133,8 +1133,12 @@ void CodegenLLVM::visit(Call &call) + auto left_string = getString(left_arg); + auto right_string = getString(right_arg); + +- expr_ = b_.CreateStrncmp( +- left_string.first, right_string.first, size, false); ++ expr_ = b_.CreateStrncmp(left_string.first, ++ left_string.second, ++ right_string.first, ++ right_string.second, ++ size, ++ false); + } + else if (call.func == "override") + { +@@ -1269,8 +1273,7 @@ void CodegenLLVM::visit(Variable &var) + else + { + auto *var_alloca = variables_[var.ident]; +- expr_ = b_.CreateLoad(var_alloca->getType()->getPointerElementType(), +- var_alloca); ++ expr_ = b_.CreateLoad(var_alloca->getAllocatedType(), var_alloca); + } + } + +@@ -1310,7 +1313,12 @@ void CodegenLLVM::binop_string(Binop &binop) + auto right_string = getString(binop.right); + + size_t len = std::min(left_string.second, right_string.second); +- expr_ = b_.CreateStrncmp(left_string.first, right_string.first, len, inverse); ++ expr_ = b_.CreateStrncmp(left_string.first, ++ left_string.second, ++ right_string.first, ++ right_string.second, ++ len, ++ inverse); + } + + void CodegenLLVM::binop_buf(Binop &binop) +@@ -1334,7 +1342,12 @@ void CodegenLLVM::binop_buf(Binop &binop) + + size_t len = std::min(binop.left->type.GetSize(), + binop.right->type.GetSize()); +- expr_ = b_.CreateStrncmp(left_string, right_string, len, inverse); ++ expr_ = b_.CreateStrncmp(left_string, ++ binop.left->type.GetSize(), ++ right_string, ++ binop.right->type.GetSize(), ++ len, ++ inverse); + } + + void CodegenLLVM::binop_int(Binop &binop) +@@ -3528,9 +3541,8 @@ void CodegenLLVM::createIncDec(Unop &unop) + else if (unop.expr->is_variable) + { + Variable &var = static_cast(*unop.expr); +- Value *oldval = b_.CreateLoad( +- variables_[var.ident]->getType()->getPointerElementType(), +- variables_[var.ident]); ++ Value *oldval = b_.CreateLoad(variables_[var.ident]->getAllocatedType(), ++ variables_[var.ident]); + Value *newval; + if (is_increment) + newval = b_.CreateAdd(oldval, b_.GetIntSameSize(step, oldval)); +-- +2.38.1 + diff --git a/SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch b/SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch new file mode 100644 index 0000000..d5f8e7f --- /dev/null +++ b/SOURCES/bpftrace-0.16.0-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch @@ -0,0 +1,66 @@ +From b23980e4f6ed33d98f4f09ef25ae17baca215cce Mon Sep 17 00:00:00 2001 +From: Jerome Marchand +Date: Thu, 11 Jun 2020 14:56:36 +0200 +Subject: [PATCH 6/6] RHEL: aarch64: fixes statsnoop and opensnoop + +On aarch64 the open syscall has been dropped. Only openat remains, +wich is called by libc open() function. + +The state of *stat* syscalls, is a mess. They are several generations +of the system calls, and not all arches provides all of them. For +instance, new(l)stat are missing from aarch64. + +The only way I can think of fixing thess is RHEL-8 only arch specific +patches. + +Signed-off-by: Jerome Marchand +--- + tools/opensnoop.bt | 2 -- + tools/statsnoop.bt | 8 ++------ + 2 files changed, 2 insertions(+), 8 deletions(-) + +diff --git a/tools/opensnoop.bt b/tools/opensnoop.bt +index a7de8026..d99db93e 100755 +--- a/tools/opensnoop.bt ++++ b/tools/opensnoop.bt +@@ -21,13 +21,11 @@ BEGIN + printf("%-6s %-16s %4s %3s %s\n", "PID", "COMM", "FD", "ERR", "PATH"); + } + +-tracepoint:syscalls:sys_enter_open, + tracepoint:syscalls:sys_enter_openat + { + @filename[tid] = args->filename; + } + +-tracepoint:syscalls:sys_exit_open, + tracepoint:syscalls:sys_exit_openat + /@filename[tid]/ + { +diff --git a/tools/statsnoop.bt b/tools/statsnoop.bt +index b2d529e2..f612ea94 100755 +--- a/tools/statsnoop.bt ++++ b/tools/statsnoop.bt +@@ -30,17 +30,13 @@ tracepoint:syscalls:sys_enter_statfs + @filename[tid] = args->pathname; + } + +-tracepoint:syscalls:sys_enter_statx, +-tracepoint:syscalls:sys_enter_newstat, +-tracepoint:syscalls:sys_enter_newlstat ++tracepoint:syscalls:sys_enter_statx + { + @filename[tid] = args->filename; + } + + tracepoint:syscalls:sys_exit_statfs, +-tracepoint:syscalls:sys_exit_statx, +-tracepoint:syscalls:sys_exit_newstat, +-tracepoint:syscalls:sys_exit_newlstat ++tracepoint:syscalls:sys_exit_statx + /@filename[tid]/ + { + $ret = args->ret; +-- +2.35.3 + diff --git a/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch b/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch new file mode 100644 index 0000000..2e013e6 --- /dev/null +++ b/SOURCES/bpftrace-0.16.0-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch @@ -0,0 +1,174 @@ +From 652562eef0d53649cf29c256bc20abdffdd195ab Mon Sep 17 00:00:00 2001 +From: Rong Tao +Date: Sat, 1 Oct 2022 16:15:27 +0800 +Subject: [PATCH 1/2] tcpdrop: Fix: ERROR: Error attaching probe: + 'kprobe:tcp_drop' + +kernel commit 8fbf195798b5('tcp_drop() is no longer needed.') remove +the kprobe:tcp_drop, bcc commit 16eab39171eb('Add +tracepoint:skb:kfree_skb if no tcp_drop() kprobe.') already fix this +problem. + +CI old kernel is too old and not support the 'reason' field, move the +old tools/tcpdrop.bt into tools/old/tcpdrop.bt and set the CI to use +it. + +Since 5.17 support trace_kfree_skb(skb, ..., reason) 'reason' field. +Since 5.19 remove tcp_drop() function. + +ERROR log: + + $ sudo ./tcpdrop.bt + ./tcpdrop.bt:49-51: WARNING: tcp_drop is not traceable (either non-existing, inlined, or marked as "notrace"); attaching to it will likely fail + Attaching 3 probes... + cannot attach kprobe, probe entry may not exist + ERROR: Error attaching probe: 'kprobe:tcp_drop' + +Link: https://github.com/iovisor/bpftrace/pull/2379 +Signed-off-by: Rong Tao +--- + tools/old/tcpdrop.bt | 85 ++++++++++++++++++++++++++++++++++++++++++++ + tools/tcpdrop.bt | 22 ++++++------ + 2 files changed, 97 insertions(+), 10 deletions(-) + create mode 100755 tools/old/tcpdrop.bt + +diff --git a/tools/old/tcpdrop.bt b/tools/old/tcpdrop.bt +new file mode 100755 +index 00000000..685a5f6a +--- /dev/null ++++ b/tools/old/tcpdrop.bt +@@ -0,0 +1,85 @@ ++#!/usr/bin/env bpftrace ++/* ++ * tcpdrop.bt Trace TCP kernel-dropped packets/segments. ++ * For Linux, uses bpftrace and eBPF. ++ * ++ * USAGE: tcpdrop.bt ++ * ++ * This is a bpftrace version of the bcc tool of the same name. ++ * It is limited to ipv4 addresses, and cannot show tcp flags. ++ * ++ * This provides information such as packet details, socket state, and kernel ++ * stack trace for packets/segments that were dropped via tcp_drop(). ++ ++ * WARNING: this script attaches to the tcp_drop kprobe which is likely inlined ++ * on newer kernels and not replaced by anything else, therefore ++ * the script will stop working ++ * ++ * For Linux <= 5.18. ++ * ++ * Copyright (c) 2018 Dale Hamel. ++ * Licensed under the Apache License, Version 2.0 (the "License") ++ * ++ * 23-Nov-2018 Dale Hamel created this. ++ */ ++ ++#ifndef BPFTRACE_HAVE_BTF ++#include ++#include ++#else ++#include ++#endif ++ ++BEGIN ++{ ++ printf("Tracing tcp drops. Hit Ctrl-C to end.\n"); ++ printf("%-8s %-8s %-16s %-21s %-21s %-8s\n", "TIME", "PID", "COMM", "SADDR:SPORT", "DADDR:DPORT", "STATE"); ++ ++ // See https://github.com/torvalds/linux/blob/master/include/net/tcp_states.h ++ @tcp_states[1] = "ESTABLISHED"; ++ @tcp_states[2] = "SYN_SENT"; ++ @tcp_states[3] = "SYN_RECV"; ++ @tcp_states[4] = "FIN_WAIT1"; ++ @tcp_states[5] = "FIN_WAIT2"; ++ @tcp_states[6] = "TIME_WAIT"; ++ @tcp_states[7] = "CLOSE"; ++ @tcp_states[8] = "CLOSE_WAIT"; ++ @tcp_states[9] = "LAST_ACK"; ++ @tcp_states[10] = "LISTEN"; ++ @tcp_states[11] = "CLOSING"; ++ @tcp_states[12] = "NEW_SYN_RECV"; ++} ++ ++kprobe:tcp_drop ++{ ++ $sk = ((struct sock *) arg0); ++ $inet_family = $sk->__sk_common.skc_family; ++ ++ if ($inet_family == AF_INET || $inet_family == AF_INET6) { ++ if ($inet_family == AF_INET) { ++ $daddr = ntop($sk->__sk_common.skc_daddr); ++ $saddr = ntop($sk->__sk_common.skc_rcv_saddr); ++ } else { ++ $daddr = ntop($sk->__sk_common.skc_v6_daddr.in6_u.u6_addr8); ++ $saddr = ntop($sk->__sk_common.skc_v6_rcv_saddr.in6_u.u6_addr8); ++ } ++ $lport = $sk->__sk_common.skc_num; ++ $dport = $sk->__sk_common.skc_dport; ++ ++ // Destination port is big endian, it must be flipped ++ $dport = bswap($dport); ++ ++ $state = $sk->__sk_common.skc_state; ++ $statestr = @tcp_states[$state]; ++ ++ time("%H:%M:%S "); ++ printf("%-8d %-16s ", pid, comm); ++ printf("%39s:%-6d %39s:%-6d %-10s\n", $saddr, $lport, $daddr, $dport, $statestr); ++ printf("%s\n", kstack); ++ } ++} ++ ++END ++{ ++ clear(@tcp_states); ++} +diff --git a/tools/tcpdrop.bt b/tools/tcpdrop.bt +index 3450a533..bb31107f 100755 +--- a/tools/tcpdrop.bt ++++ b/tools/tcpdrop.bt +@@ -9,16 +9,15 @@ + * It is limited to ipv4 addresses, and cannot show tcp flags. + * + * This provides information such as packet details, socket state, and kernel +- * stack trace for packets/segments that were dropped via tcp_drop(). +- +- * WARNING: this script attaches to the tcp_drop kprobe which is likely inlined +- * on newer kernels and not replaced by anything else, therefore +- * the script will stop working +- ++ * stack trace for packets/segments that were dropped via kfree_skb. ++ * ++ * For Linux 5.17+ (see tools/old for script for lower versions). ++ * + * Copyright (c) 2018 Dale Hamel. + * Licensed under the Apache License, Version 2.0 (the "License") +- ++ * + * 23-Nov-2018 Dale Hamel created this. ++ * 01-Oct-2022 Rong Tao use tracepoint:skb:kfree_skb + */ + + #ifndef BPFTRACE_HAVE_BTF +@@ -48,12 +47,15 @@ BEGIN + @tcp_states[12] = "NEW_SYN_RECV"; + } + +-kprobe:tcp_drop ++tracepoint:skb:kfree_skb + { +- $sk = ((struct sock *) arg0); ++ $reason = args->reason; ++ $skb = (struct sk_buff *)args->skbaddr; ++ $sk = ((struct sock *) $skb->sk); + $inet_family = $sk->__sk_common.skc_family; + +- if ($inet_family == AF_INET || $inet_family == AF_INET6) { ++ if ($reason > SKB_DROP_REASON_NOT_SPECIFIED && ++ ($inet_family == AF_INET || $inet_family == AF_INET6)) { + if ($inet_family == AF_INET) { + $daddr = ntop($sk->__sk_common.skc_daddr); + $saddr = ntop($sk->__sk_common.skc_rcv_saddr); +-- +2.38.1 + diff --git a/SPECS/bpftrace.spec b/SPECS/bpftrace.spec new file mode 100644 index 0000000..a9fd4f7 --- /dev/null +++ b/SPECS/bpftrace.spec @@ -0,0 +1,223 @@ +Name: bpftrace +Version: 0.16.0 +Release: 2%{?dist} +Summary: High-level tracing language for Linux eBPF +License: ASL 2.0 + +%define cereal_version 1.3.2 + +URL: https://github.com/iovisor/bpftrace +Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz +# Cereal is a header-only serialization library which is not packaged into +# RHEL9, so we download it manually. This is ok to do as it is only necessary +# for build. +Source1: https://github.com/USCiLab/cereal/archive/v%{cereal_version}/cereal-%{cereal_version}.tar.gz + +Patch0: %{name}-%{version}-IR-builder-get-rid-of-getPointerElementType-calls.patch +Patch1: %{name}-%{version}-tcpdrop-Fix-ERROR-Error-attaching-probe-kprobe-tcp_d.patch + +Patch10: %{name}-%{version}-RHEL-aarch64-fixes-statsnoop-and-opensnoop.patch + +# Arches will be included as upstream support is added and dependencies are +# satisfied in the respective arches +ExclusiveArch: x86_64 %{power64} aarch64 s390x + +BuildRequires: gcc-c++ +BuildRequires: bison +BuildRequires: flex +BuildRequires: cmake +BuildRequires: elfutils-libelf-devel +BuildRequires: zlib-devel +BuildRequires: llvm-devel +BuildRequires: clang-devel +BuildRequires: bcc-devel >= 0.19.0-8 +BuildRequires: libbpf-devel +BuildRequires: libbpf-static +BuildRequires: binutils-devel + + +%description +BPFtrace is a high-level tracing language for Linux enhanced Berkeley Packet +Filter (eBPF) available in recent Linux kernels (4.x). BPFtrace uses LLVM as a +backend to compile scripts to BPF-bytecode and makes use of BCC for +interacting with the Linux BPF system, as well as existing Linux tracing +capabilities: kernel dynamic tracing (kprobes), user-level dynamic tracing +(uprobes), and tracepoints. The BPFtrace language is inspired by awk and C, +and predecessor tracers such as DTrace and SystemTap + + +%prep +%autosetup -N -a 1 +%autopatch -p1 -M 9 + +%ifarch aarch64 +%patch10 -p1 +%endif + +%build +# Set CPATH so that CMake finds the cereal headers +CPATH=$PWD/cereal-%{cereal_version}/include:$CPATH +export CPATH +%cmake . \ + -DCMAKE_BUILD_TYPE=RelWithDebInfo \ + -DBUILD_TESTING:BOOL=OFF \ + -DBUILD_SHARED_LIBS:BOOL=OFF +%cmake_build + + +%install +# The post hooks strip the binary which removes +# the BEGIN_trigger and END_trigger functions +# which are needed for the BEGIN and END probes +%global __os_install_post %{nil} +%global _find_debuginfo_opts -g + +%cmake_install + +# Fix shebangs (https://fedoraproject.org/wiki/Packaging:Guidelines#Shebang_lines) +find %{buildroot}%{_datadir}/%{name}/tools -type f -exec \ + sed -i -e '1s=^#!/usr/bin/env %{name}\([0-9.]\+\)\?$=#!%{_bindir}/%{name}=' {} \; + + +%files +%doc README.md CONTRIBUTING-TOOLS.md +%doc docs/reference_guide.md docs/tutorial_one_liners.md +%license LICENSE +%dir %{_datadir}/%{name} +%dir %{_datadir}/%{name}/tools +%dir %{_datadir}/%{name}/tools/doc +%{_bindir}/%{name} +%{_bindir}/%{name}-aotrt +%{_mandir}/man8/* +%attr(0755,-,-) %{_datadir}/%{name}/tools/*.bt +%{_datadir}/%{name}/tools/doc/*.txt +# Do not include old versions of tools, they do not work on RHEL 9 +%exclude %{_datadir}/%{name}/tools/old + +%changelog +* Thu Apr 13 2023 MSVSphere Packaging Team - 0.16.0-2 +- Rebuilt for MSVSphere 9.2 beta + +* Tue Jan 03 2023 Viktor Malik - 0.16.0-2 +- Fix missing kprobe attachpoints for bio* tools (s390x, ppc64le) +- Rebuild for libbpf 1.0.0 +- Resolves: rhbz#2157829 +- Related: rhbz#2157592 + +* Fri Dec 16 2022 Viktor Malik - 0.16.0-1 +- Rebase on bpftrace 0.16.0 (rhbz#2121920) +- Rebuild for LLVM 15 (rhbz#2118995) +- Download the cereal library (not packaged into RHEL9) +- Fixed several tools (rhbz#1975148, rhbz#2088577, rhbz#2128208, rhbz#2073675, + rhbz#2073770) +- Resolve conflicts between bpftrace and bcc manpages (rhbz#2075076) + +* Mon May 16 2022 Jerome Marchand - 0.13.1-1 +- Rebase to bpftrace 0.13.1 +- Rebuild for LLVM14 + +* Mon Feb 21 2022 Viktor Malik - 0.12.1-8 +- Fix wildcard listing bug +- Fix bio* tools + +* Thu Dec 02 2021 Jerome Marchand - 0.12.1.7 +- Bump up required bcc version. + +* Thu Dec 02 2021 Jerome Marchand - 0.12.1.6 +- Rebuild on LLVM13 + +* Mon Oct 18 2021 Jerome Marchand - 0.12.1.5 +- threadsnoop: probe libpthread.so.0 +- Fix aarch64 failures + +* Mon Oct 18 2021 Jerome Marchand - 0.12.1.4 +- Fix gating + +* Fri Oct 15 2021 Jerome Marchand - 0.12.1-3 +- Fix mdflush (rhbz#1967567) + +* Mon Aug 09 2021 Mohan Boddu - 0.12.1-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu May 27 2021 Jerome Marchand - 0.12.0-1 +- Rebase to bpftrace 0.12.1 + +* Thu Apr 15 2021 Mohan Boddu - 0.11.0-10 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Fri Feb 12 2021 Jerome Marchand - 0.11.0-9 +- Last build failed: rebuild. + +* Tue Jan 26 2021 Fedora Release Engineering - 0.11.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 22 2021 Tom Stellard - 0.11.0-7 +- Rebuild for clang-11.1.0 + +* Fri Dec 04 2020 Jeff Law - 0.11.0-6 +- Fix missing #include for gcc-11 + +* Fri Nov 13 2020 Jerome Marchand - 0.11.0-5 +- Rebuilt for LLVM 11 + +* Tue Aug 04 2020 Augusto Caringi - 0.11.0-4 +- Fix FTBFS due to cmake wide changes #1863295 +- Fix 'bpftrace symbols are stripped' #1865787 + +* Sat Aug 01 2020 Fedora Release Engineering - 0.11.0-3 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 0.11.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 16 2020 Augusto Caringi - 0.11.0-1 +* Rebased to version 0.11.0 + +* Tue May 19 2020 Augusto Caringi - 0.10.0-2 +- Rebuilt for new bcc/libbpf versions + +* Tue Apr 14 2020 Augusto Caringi - 0.10.0-1 +- Rebased to version 0.10.0 +- Dropped support for s390x temporaly due to build error + +* Thu Feb 06 2020 Augusto Caringi - 0.9.4-1 +- Rebased to version 0.9.4 + +* Tue Jan 28 2020 Fedora Release Engineering - 0.9.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Nov 21 2019 Augusto Caringi - 0.9.3-1 +- Rebased to version 0.9.3 + +* Thu Aug 01 2019 Augusto Caringi - 0.9.2-1 +- Rebased to version 0.9.2 + +* Wed Jul 24 2019 Fedora Release Engineering - 0.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Wed Jun 26 2019 Augusto Caringi - 0.9.1-1 +- Rebased to version 0.9.1 + +* Thu Apr 25 2019 Augusto Caringi - 0.9-3 +- Rebuilt for bcc 0.9.0 + +* Mon Apr 22 2019 Neal Gompa - 0.9-2 +- Fix Source0 reference +- Use make_build macro for calling make + +* Mon Apr 1 2019 Peter Robinson 0.9-1 +- Build on aarch64 and s390x + +* Mon Mar 25 2019 Augusto Caringi - 0.9-0 +- Updated to version 0.9 + +* Thu Jan 31 2019 Fedora Release Engineering - 0.0-2.20181210gitc49b333 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Dec 10 2018 Augusto Caringi - 0.0-1.20181210gitc49b333 +- Updated to latest upstream (c49b333c034a6d29a7ce90f565e27da1061af971) + +* Wed Nov 07 2018 Augusto Caringi - 0.0-1.20181107git029717b +- Initial import