> The kernel will actually have 8 bytes of memory to store fd
> based on trace_event_raw_sys_enter.
> For little endian machine, the lower 4 bytes are read based on
> your sys_enter_newfstat_args, which is "accidentally" the lower
> 4 bytes in u64, so you get the correct answer.
> For big endian machine, the lower 4 bytes read based on
> your sys_enter_newfstat_args will be high 4 bytes in u64, which
> is incorrect.
Oh, get it. Thank you, I'll fix this in the next version.
Yonghong Song <yhs@xxxxxx> 于2019年12月17日周二 下午12:14写道:
>
>
>
> On 12/16/19 8:01 PM, Wenbo Zhang wrote:
> >> In non-bpf .c file, typically we do not add 'inline' attribute.
> >> It is up to compiler to decide whether it should be inlined.
> >
> > Thank you, I'll fix this.
> >
> >>> +struct sys_enter_newfstat_args {
> >>> + unsigned long long pad1;
> >>> + unsigned long long pad2;
> >>> + unsigned int fd;
> >>> +};
> >
> >> The BTF generated vmlinux.h has the following structure,
> >> struct trace_entry {
> >> short unsigned int type;
> >> unsigned char flags;
> >> unsigned char preempt_count;
> >> int pid;
> >> };
> >> struct trace_event_raw_sys_enter {
> >> struct trace_entry ent;
> >> long int id;
> >> long unsigned int args[6];
> >> char __data[0];
> >> };
> >
> >> The third parameter type should be long, otherwise,
> >> it may have issue on big endian machines?
> >
> > Sorry, I don't understand why there is a problem on big-endian machines.
> > Would you please explain that in more detail? Thank you.
>
> The kernel will actually have 8 bytes of memory to store fd
> based on trace_event_raw_sys_enter.
>
> For little endian machine, the lower 4 bytes are read based on
> your sys_enter_newfstat_args, which is "accidentally" the lower
> 4 bytes in u64, so you get the correct answer.
>
> For big endian machine, the lower 4 bytes read based on
> your sys_enter_newfstat_args will be high 4 bytes in u64, which
> is incorrect.
>
> >
> > Yonghong Song <yhs@xxxxxx> 于2019年12月16日周一 上午12:25写道:
> >>
> >>
> >>
> >> On 12/14/19 8:01 PM, Wenbo Zhang wrote:
> >>> trace fstat events by tracepoint syscalls/sys_enter_newfstat, and handle
> >>> events only produced by test_file_get_path, which call fstat on several
> >>> different types of files to test bpf_get_file_path's feature.
> >>>
> >>> v4->v5: addressed Andrii's feedback
> >>> - pass NULL for opts as bpf_object__open_file's PARAM2, as not really
> >>> using any
> >>> - modify patch subject to keep up with test code
> >>> - as this test is single-threaded, so use getpid instead of SYS_gettid
> >>> - remove unnecessary parens around check which after if (i < 3)
> >>> - in kern use bpf_get_current_pid_tgid() >> 32 to fit getpid() in
> >>> userspace part
> >>> - with the patch adding helper as one patch series
> >>>
> >>> v3->v4: addressed Andrii's feedback
> >>> - use a set of fd instead of fds array
> >>> - use global variables instead of maps (in v3, I mistakenly thought that
> >>> the bpf maps are global variables.)
> >>> - remove uncessary global variable path_info_index
> >>> - remove fd compare as the fstat's order is fixed
> >>>
> >>> v2->v3: addressed Andrii's feedback
> >>> - use global data instead of perf_buffer to simplified code
> >>>
> >>> v1->v2: addressed Daniel's feedback
> >>> - rename bpf_fd2path to bpf_get_file_path to be consistent with other
> >>> helper's names
> >>>
> >>> Signed-off-by: Wenbo Zhang <ethercflow@xxxxxxxxx>
> >>> ---
> >>> .../selftests/bpf/prog_tests/get_file_path.c | 171 ++++++++++++++++++
> >>> .../selftests/bpf/progs/test_get_file_path.c | 43 +++++
> >>> 2 files changed, 214 insertions(+)
> >>> create mode 100644 tools/testing/selftests/bpf/prog_tests/get_file_path.c
> >>> create mode 100644 tools/testing/selftests/bpf/progs/test_get_file_path.c
> >>>
> >>> diff --git a/tools/testing/selftests/bpf/prog_tests/get_file_path.c b/tools/testing/selftests/bpf/prog_tests/get_file_path.c
> >>> new file mode 100644
> >>> index 000000000000..7ec11e43e0fc
> >>> --- /dev/null
> >>> +++ b/tools/testing/selftests/bpf/prog_tests/get_file_path.c
> >>> @@ -0,0 +1,171 @@
> >>> +// SPDX-License-Identifier: GPL-2.0
> >>> +#define _GNU_SOURCE
> >>> +#include <test_progs.h>
> >>> +#include <sys/stat.h>
> >>> +#include <linux/sched.h>
> >>> +#include <sys/syscall.h>
> >>> +
> >>> +#define MAX_PATH_LEN 128
> >>> +#define MAX_FDS 7
> >>> +#define MAX_EVENT_NUM 16
> >>> +
> >>> +static struct file_path_test_data {
> >>> + pid_t pid;
> >>> + __u32 cnt;
> >>> + __u32 fds[MAX_EVENT_NUM];
> >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN];
> >>> +} src, dst;
> >>> +
> >>> +static inline int set_pathname(int fd)
> >>
> >> In non-bpf .c file, typically we do not add 'inline' attribute.
> >> It is up to compiler to decide whether it should be inlined.
> >>
> >>> +{
> >>> + char buf[MAX_PATH_LEN];
> >>> +
> >>> + snprintf(buf, MAX_PATH_LEN, "/proc/%d/fd/%d", src.pid, fd);
> >>> + src.fds[src.cnt] = fd;
> >>> + return readlink(buf, src.paths[src.cnt++], MAX_PATH_LEN);
> >>> +}
> >>> +
> >> [...]
> >>> diff --git a/tools/testing/selftests/bpf/progs/test_get_file_path.c b/tools/testing/selftests/bpf/progs/test_get_file_path.c
> >>> new file mode 100644
> >>> index 000000000000..eae663c1262a
> >>> --- /dev/null
> >>> +++ b/tools/testing/selftests/bpf/progs/test_get_file_path.c
> >>> @@ -0,0 +1,43 @@
> >>> +// SPDX-License-Identifier: GPL-2.0
> >>> +
> >>> +#include <linux/bpf.h>
> >>> +#include <linux/ptrace.h>
> >>> +#include <string.h>
> >>> +#include <unistd.h>
> >>> +#include "bpf_helpers.h"
> >>> +#include "bpf_tracing.h"
> >>> +
> >>> +#define MAX_PATH_LEN 128
> >>> +#define MAX_EVENT_NUM 16
> >>> +
> >>> +static struct file_path_test_data {
> >>> + pid_t pid;
> >>> + __u32 cnt;
> >>> + __u32 fds[MAX_EVENT_NUM];
> >>> + char paths[MAX_EVENT_NUM][MAX_PATH_LEN];
> >>> +} data;
> >>> +
> >>> +struct sys_enter_newfstat_args {
> >>> + unsigned long long pad1;
> >>> + unsigned long long pad2;
> >>> + unsigned int fd;
> >>> +};
> >>
> >> The BTF generated vmlinux.h has the following structure,
> >> struct trace_entry {
> >> short unsigned int type;
> >> unsigned char flags;
> >> unsigned char preempt_count;
> >> int pid;
> >> };
> >> struct trace_event_raw_sys_enter {
> >> struct trace_entry ent;
> >> long int id;
> >> long unsigned int args[6];
> >> char __data[0];
> >> };
> >>
> >> The third parameter type should be long, otherwise,
> >> it may have issue on big endian machines?
