-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
Copy pathbuiltin
236 lines (189 loc) · 7.32 KB
/
builtin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
NAME pid
PROG i:ms:1 { printf("SUCCESS %d\n", pid); exit(); }
EXPECT_REGEX SUCCESS [0-9][0-9]*
NAME tid
PROG i:ms:1 { printf("SUCCESS %d\n", tid); exit(); }
EXPECT_REGEX SUCCESS [0-9][0-9]*
NAME uid
PROG i:ms:1 { printf("SUCCESS %d\n", uid); exit(); }
EXPECT_REGEX SUCCESS [0-9][0-9]*
NAME gid
PROG i:ms:1 { printf("SUCCESS %d\n", gid); exit(); }
EXPECT_REGEX SUCCESS [0-9][0-9]*
NAME nsecs
PROG i:ms:1 { printf("SUCCESS %llu\n", nsecs); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME elapsed
PROG i:ms:1 { printf("SUCCESS %llu\n", elapsed); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME numaid
PROG i:ms:1 { printf("SUCCESS %lu\n", numaid); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME cpu
PROG i:ms:1 { printf("SUCCESS %lu\n", cpu); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME comm
PROG BEGIN { printf("SUCCESS %s\n", comm); exit(); }
EXPECT SUCCESS bpftrace
NAME kstack
PROG BEGIN { printf("%s\n", kstack); exit(); }
EXPECT Attaching 1 probe...
NAME ustack
PROG BEGIN { printf("%s\n", ustack); exit(); }
EXPECT Attaching 1 probe...
NAME arg
PROG k:vfs_read { printf("SUCCESS %p\n", arg0); exit(); }
EXPECT_REGEX ^SUCCESS 0x[0-9a-f]+$
AFTER ./testprogs/syscall read
NAME retval
PROG kretprobe:vfs_read { printf("SUCCESS %d\n", retval); exit(); }
EXPECT_REGEX SUCCESS .*
AFTER ./testprogs/syscall read
NAME func_kprobe
PROG k:vfs_read { printf("func: '%s'\n", func); exit(); }
EXPECT func: 'vfs_read'
AFTER ./testprogs/syscall read
NAME func_kretprobe
PROG kr:vfs_read { printf("func: '%s'\n", func); exit(); }
EXPECT func: 'vfs_read'
REQUIRES_FEATURE get_func_ip
AFTER ./testprogs/syscall read
NAME func_uprobe
PROG uprobe:./testprogs/uprobe_symres:test { printf("func: '%s'\n", func); exit(); }
EXPECT func: 'test'
AFTER ./testprogs/uprobe_symres
NAME func_uretprobe
PROG uretprobe:./testprogs/uprobe_symres:test { printf("func: '%s'\n", func); exit(); }
# Kernels from v5.15 to v6.5 include the get_func_ip helper, but it does not
# work for uretprobes: it will always return 0.
EXPECT_REGEX ^func: 'test'$|^func: '0'$
AFTER ./testprogs/uprobe_symres
REQUIRES_FEATURE get_func_ip
# Disabled, since BCC code it depends on is prone to race condition,
# (https://github.com/iovisor/bcc/pull/4319#issuecomment-1321731687)
NAME func_uprobe_symcache_preload
ENV BPFTRACE_CACHE_USER_SYMBOLS=PER_PID
PROG uprobe:./testprogs/uprobe_symres_exited_process:test { print(func); exit(); }
EXPECT test
BEFORE ./testprogs/uprobe_symres_exited_process
REQUIRES bash -c "exit 1"
NAME func_uprobe_elf_symtable
ENV BPFTRACE_CACHE_USER_SYMBOLS=PER_PROGRAM
PROG uprobe:./testprogs/uprobe_symres_exited_process:test { print(func); exit(); }
EXPECT test
AFTER ./testprogs/disable_aslr ./testprogs/uprobe_symres_exited_process
NAME username
PROG i:ms:1 { printf("SUCCESS %s\n", username); exit(); }
EXPECT_REGEX SUCCESS .*
NAME probe
PROG k:do_nanosleep { printf("SUCCESS %s\n", probe); exit(); }
EXPECT SUCCESS kprobe:do_nanosleep
AFTER ./testprogs/syscall nanosleep 1e8
NAME begin probe
PROG BEGIN { printf("%s", probe);exit(); } END{printf("-%s\n", probe); }
EXPECT_REGEX ^BEGIN-END$
AFTER ./testprogs/syscall nanosleep 1e8
NAME curtask
PROG i:ms:1 { printf("SUCCESS %p\n", curtask); exit(); }
EXPECT_REGEX SUCCESS 0x[0-9a-f]+
NAME curtask_field
PROG struct task_struct {int x;} i:ms:1 { printf("SUCCESS %d\n", curtask->x); exit(); }
EXPECT_REGEX SUCCESS -?[0-9][0-9]*
NAME rand
PROG i:ms:1 { printf("SUCCESS %lu\n", rand); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME cgroup
PROG i:ms:1 { printf("SUCCESS %llu\n", cgroup); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
MIN_KERNEL 4.18
NAME ctx
PROG struct x {unsigned long x}; i:ms:1 { printf("SUCCESS %lu\n", ((struct x*)ctx)->x); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
NAME cat
PROG i:ms:1 { cat("/proc/loadavg"); exit(); }
EXPECT_REGEX ^([0-9]+\.[0-9]+ ?)+.*$
NAME cat limited output
ENV BPFTRACE_MAX_CAT_BYTES=1
PROG i:ms:1 { cat("/proc/loadavg"); exit(); }
EXPECT_REGEX ^[0-9]$
NAME cat format str
PROG i:ms:1 { $s = "loadavg"; cat("/proc/%s", $s); exit(); }
EXPECT_REGEX ^([0-9]+\.[0-9]+ ?)+.*$
NAME log size too small
ENV BPFTRACE_LOG_SIZE=2
RUN {{BPFTRACE}} -v -e 'BEGIN { if (str($1) == str($2)) { printf("%s\n", str($1)); exit() } }' "hello" "hello"
EXPECT ERROR: Error loading BPF program for BEGIN_1.
EXPECT_REGEX ^WARNING: Kernel log seems to be trimmed.*
WILL_FAIL
NAME increase log size
ENV BPFTRACE_LOG_SIZE=10000000
RUN {{BPFTRACE}} -e 'BEGIN { if (str($1) == str($2)) { printf("%s\n", str($1)); exit() } }' "hello" "hello"
EXPECT hello
NAME cat "no such file"
PROG i:ms:1 { cat("/does/not/exist/file"); exit(); }
EXPECT ERROR: failed to open file '/does/not/exist/file': No such file or directory
NAME sizeof
PROG struct Foo { int x; char c; } BEGIN { $x = 1; printf("%d %d %d %d %d\n", sizeof(struct Foo), sizeof((*(struct Foo*)0).x), sizeof((*(struct Foo*)0).c), sizeof(1 == 1), sizeof($x)); exit(); }
EXPECT 8 4 1 8 8
NAME sizeof_ints
PROG BEGIN { printf("%d %d %d %d %d %d\n", sizeof(uint8), sizeof(int8), sizeof(uint16), sizeof(int16), sizeof(uint32), sizeof(int32)); exit(); }
EXPECT 1 1 2 2 4 4
# printf only takes 7 args
NAME sizeof_ints_pt2
PROG BEGIN { printf("%d %d\n", sizeof(uint64), sizeof(int64)); exit(); }
EXPECT 8 8
NAME sizeof_btf
PROG BEGIN { printf("size=%d\n", sizeof(struct task_struct)); exit(); }
EXPECT_REGEX ^size=
REQUIRES_FEATURE btf
NAME offsetof
PROG struct Foo { int x; struct Bar { int x; } bar; } BEGIN { printf("%ld %ld\n", offsetof(struct Foo, x), offsetof(struct Foo, bar.x)); exit(); }
EXPECT_REGEX ^0 4$
NAME print args in fentry
PROG fentry:vfs_open { print(args); exit(); }
EXPECT_REGEX { .path = 0x[0-9a-f]+, .file = 0x[0-9a-f]+ }
REQUIRES_FEATURE fentry
AFTER ./testprogs/syscall open
NAME args in fentry store in map
PROG fentry:vfs_open { @= args; exit(); }
EXPECT_REGEX @: { .path = 0x[0-9a-f]+, .file = 0x[0-9a-f]+ }
REQUIRES_FEATURE fentry
AFTER ./testprogs/syscall open
NAME args in fentry as a map key
PROG fentry:vfs_open { @[args] = 1; exit(); }
EXPECT_REGEX @[{ .path = 0x[0-9a-f]+, .file = 0x[0-9a-f]+ }]: 1
REQUIRES_FEATURE fentry
AFTER ./testprogs/syscall open
NAME args in uprobe print
PROG uprobe:./testprogs/uprobe_test:uprobeFunction1 { print(args); exit(); }
EXPECT_REGEX { .n = 0x[0-9a-f]+, .c = 120 }
REQUIRES_FEATURE dwarf
AFTER ./testprogs/uprobe_test
NAME args in uprobe store in map
PROG uprobe:./testprogs/uprobe_test:uprobeFunction1 { @ = args; exit(); }
EXPECT_REGEX @: { .n = 0x[0-9a-f]+, .c = 120 }
REQUIRES_FEATURE dwarf
AFTER ./testprogs/uprobe_test
NAME args in uprobe store in map and access field
PROG uprobe:./testprogs/uprobe_test:uprobeFunction1 { @ = args; print(@.c); exit(); }
EXPECT 120
REQUIRES_FEATURE dwarf
AFTER ./testprogs/uprobe_test
NAME args in uprobe as a map key
PROG uprobe:./testprogs/uprobe_test:uprobeFunction1 { @[args] = 1; exit(); }
EXPECT_REGEX @[{ .n = 0x[0-9a-f]+, .c = 120 }]: 1
REQUIRES_FEATURE dwarf
AFTER ./testprogs/uprobe_test
NAME jiffies
PROG i:ms:1 { printf("SUCCESS %llu\n", jiffies); exit(); }
EXPECT_REGEX SUCCESS [0-9]+
REQUIRES_FEATURE jiffies64
MIN_KERNEL 5.9
NAME ustack builtin with stack_mode config
RUN {{BPFTRACE}} -e 'config = { stack_mode=raw } uprobe:./testprogs/uprobe_test:uprobeFunction1 { @c[ustack] = 1; exit(); }'
EXPECT_REGEX ^@c\[\n[0-9a-f]+$
AFTER ./testprogs/uprobe_test
NAME kstack builtin with stack_mode config
RUN {{BPFTRACE}} -e 'config = { stack_mode=raw } k:do_nanosleep { @c[kstack] = 1; exit(); }'
EXPECT_REGEX ^@c\[\n[0-9a-f]+$
AFTER ./testprogs/syscall nanosleep 1e8