On Thu, Feb 3, 2022 at 8:20 PM Ilya Leoshkevich <iii@xxxxxxxxxxxxx> wrote: > > Some architectures pass a pointer to struct pt_regs to syscall > handlers, others unpack it into individual function parameters. > Introduce a macro to describe what a particular arch does, using > `passing pt_regs *` as a default. > > Signed-off-by: Ilya Leoshkevich <iii@xxxxxxxxxxxxx> > --- > tools/lib/bpf/bpf_tracing.h | 9 +++++++++ > 1 file changed, 9 insertions(+) > > diff --git a/tools/lib/bpf/bpf_tracing.h b/tools/lib/bpf/bpf_tracing.h > index 30f0964f8c9e..400a4f002f77 100644 > --- a/tools/lib/bpf/bpf_tracing.h > +++ b/tools/lib/bpf/bpf_tracing.h > @@ -334,6 +334,15 @@ struct pt_regs; > > #endif /* defined(bpf_target_defined) */ > > +/* > + * When invoked from a syscall handler kprobe, returns a pointer to a > + * struct pt_regs containing syscall arguments and suitable for passing to > + * PT_REGS_PARMn_SYSCALL() and PT_REGS_PARMn_CORE_SYSCALL(). > + */ > +#ifndef PT_REGS_SYSCALL > +#define PT_REGS_SYSCALL(ctx) ((struct pt_regs *)PT_REGS_PARM1(ctx)) > +#endif maybe PT_REGS_SYSCALL_REGS? It returns regs, not the "syscall". PT_REGS prefix is for consistency with all other pt_regs macros, but "SYSCALL_REGS" is specifying what is actually returned by the macro > + > #ifndef ___bpf_concat > #define ___bpf_concat(a, b) a ## b > #endif > -- > 2.34.1 >
