commit 023154c7708087ddf6c2031cef5d25c2445b70c4
author Sumanth Korikkar <sumanthk@linux.ibm.com> Mon Apr 20 05:54:57 2020 -0500
committer Sumanth Korikkar <sumanthk@linux.ibm.com> Thu Apr 23 01:36:18 2020 -0500
tree 6985039cb187a94895d43f0e46bcae87cf26aae0
parent ac157b474b2e2964ec2cba81574f2bddbd62b42b

bcc/tools: Introduce bpf_probe_read_user to the tools.

This is essential for architecture which do have overlapping address space.
- bpf_probe_read_kernel() shall be used for reading data from kernel space
to the bpf vm.
- bpf_probe_read_user() shall be used for reading data from user space
  to the bpf vm.

Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>

tools/opensnoop.py

diff --git a/tools/opensnoop.py b/tools/opensnoop.py
index b28d7d5..995443e 100755
--- a/tools/opensnoop.py
+++ b/tools/opensnoop.py
@@ -152,7 +152,7 @@
         return 0;
     }
     bpf_probe_read(&data.comm, sizeof(data.comm), valp->comm);
-    bpf_probe_read(&data.fname, sizeof(data.fname), (void *)valp->fname);
+    bpf_probe_read_user(&data.fname, sizeof(data.fname), (void *)valp->fname);
     data.id = valp->id;
     data.ts = tsp / 1000;
     data.uid = bpf_get_current_uid_gid();
@@ -167,7 +167,7 @@
 """
 
 bpf_text_kfunc= """
-KRETFUNC_PROBE(do_sys_open, int dfd, const char *filename, int flags, int mode, int ret)
+KRETFUNC_PROBE(do_sys_open, int dfd, const char __user *filename, int flags, int mode, int ret)
 {
     u64 id = bpf_get_current_pid_tgid();
     u32 pid = id >> 32; // PID is higher part
@@ -189,7 +189,7 @@
 
     u64 tsp = bpf_ktime_get_ns();
 
-    bpf_probe_read(&data.fname, sizeof(data.fname), (void *)filename);
+    bpf_probe_read_user(&data.fname, sizeof(data.fname), (void *)filename);
     data.id    = id;
     data.ts    = tsp / 1000;
     data.uid   = bpf_get_current_uid_gid();