- 01 May, 2017 3 commits
-
-
Teng Qin authored
Currently we check if `ProcSyms` needs refresh for every symboling call. However if the `ProcSyms` was loaded, but the Process terminated later, we will see it as a "need refresh" and effectively clear the symbol table and not able to resovle anything anymore. This commit changes so that we only refresh when the PID still exists (but differnt from what loaded).
-
Teng Qin authored
Currently we think the Module's symbol table is not loaed as long as its empty. But some times we were just not able to read the symbols from the binary / perf map, or didn't get symbol from the read. This commit makes so that we don't end up trying to do a read on each lookup.
-
Brenden Blanco authored
Install sudo inside the debian build container
-
- 30 Apr, 2017 1 commit
-
-
Sam Kottler authored
-
- 28 Apr, 2017 1 commit
-
-
4ast authored
frontend/b: fixes for LLVM 4.0 API change
-
- 27 Apr, 2017 5 commits
-
-
Brenden Blanco authored
Upstream LLVM added a new parameter to the AllocaInst constructor, which breaks compilation. Fix it by using the IRBuilder method. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Brenden Blanco authored
Add default -Wno-address-of-packed-membe to Clang loader
-
Teng Qin authored
-
4ast authored
Use uintptr_t for addresses in C++ API
-
Teng Qin authored
-
- 26 Apr, 2017 2 commits
-
-
Brenden Blanco authored
[RFC]: Extend table API with string support
-
Mauricio Vasquez B authored
This commit exposes functions to convert between key and value from/to strings, additionally it implements the BPFTable class that allows accessing tables using strings. Signed-off-by: Mauricio Vasquez B <mauricio.vasquez@polito.it>
-
- 21 Apr, 2017 3 commits
-
-
Brenden Blanco authored
With local LLVM (4.0ish), inline strings in this test case would segfault. Fix the crash by constructing explicitly on the stack. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Brenden Blanco authored
Possibly due to local LLVM differences, this change was needed for sslsniff code to pass the verifier. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Brenden Blanco authored
On my system, the manually unrolled stack walker fails the verifier, due to what seems to me like an incorrect return statement. Setting bp = 0 has no effect, seems that the intent was to return 0 instead. Not sure why others haven't hit this, but the fix contained here seems reasonable. Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
- 20 Apr, 2017 6 commits
-
-
4ast authored
Disable non-static function calls
-
Brenden Blanco authored
Compiled BPF programs must consist of a single contiguous code block, meaning trying to call other function entry points (besides the kernel-defined helpers) is not possible. The bcc frontend didn't explicitly prohibit this, even though the program would fail to compile/load. Add an explicit check and error message. Fixes: #653 Signed-off-by: Brenden Blanco <bblanco@gmail.com>
-
Colin Ian King authored
Minor sorting of the yaml tool list and sync it to the latest updates in tools Signed-off-by: Colin Ian King <colin.king@canonical.com>
-
Sasha Goldshtein authored
Printing the BPF program after loading it means that if there is a load error, the program isn't printed, which sort of defeats the purpose of the whole thing.
-
Sasha Goldshtein authored
-
Simon Liu authored
-
- 19 Apr, 2017 4 commits
-
-
Nikita V. Shirokov authored
* adding args matching option * fixing typos * fixing merge artefacts * [execsnoop]: adding documentation on -l in man * [execsnoop][man]: fixing typo in commands name
-
Tobias Klauser authored
Add a link to the proposed generic XDP feature to the list of XDP features.
-
4ast authored
Use normal inlining in clang loader
-
Huapeng Zhou authored
-
- 18 Apr, 2017 1 commit
-
-
Brendan Gregg authored
Display pid namespace in summary histogram using a new `--pidnss` option.
-
- 17 Apr, 2017 1 commit
-
-
Simon Liu authored
used the CheckCXXCompilerFlag module of Cmake to check the compiler whether or not supporting c++11. (#1116)
-
- 16 Apr, 2017 1 commit
-
-
4ast authored
bcc: add __attribute__((always_inline)) to helper functions
-
- 15 Apr, 2017 1 commit
-
-
Huapeng Zhou authored
-
- 14 Apr, 2017 2 commits
-
-
Simon Liu authored
When using Clang 3.9(compiled by GCC 6.x), bcc will used -isystem, because the GCC_VERSION(get the version of the Clang) is less 6.0. And then the compiler will compile failed.
-
Paul Chaignon authored
In bcc, ProgArray.__delitem__ defaults to ArrayBase.__delitem__ which uses the bpf_update_elem helper to clear the item (override with a null value). However, eBPF doesn't offer a bpf_update_elem helper for prog arrays. This pull request overrides __delitem__ in ProgArray to use the bpf_delete_item helper.
-
- 13 Apr, 2017 1 commit
-
-
Sasha Goldshtein authored
On some distributions, the debuglink section in the binary will not have a .debug file extension. As a result, we will try to look for the debuginfo file in the binary itself, immediately find it, and abort looking for any other alternatives. This is not good, because the binary might contain stripped or partial symbols, which precludes certain tools from realizing their full potential. Fix by checking that the debuginfo file we're trying to use is not the same as the binary file. In any case, if external debuginfo can't be found, we will fall back to the symbols in the original binary file, if present, so this should not regress any existing scenario.
-
- 12 Apr, 2017 3 commits
-
-
4ast authored
Fixed SEGFAULT due to perf buffer overflow if lost_cb unset
-
Jan authored
When setting a lost_cb, the reference to the ctypes function is not retained like the regular callback, this leads to a SEGFAULT if the gc kills the lost_fn if a lost event occurs afterwards
-
Jan authored
This fixes a SEGFAULT in the underlying libbcc when no lost_cb is set. This occurs when the perf buffer is full and the lost_cb is called. libbcc expects a NULL pointer as lost_cb to trigger its internal lost message. This fixes the bug by providing an appropriate NULL pointer when lost_cb is unset.
-
- 11 Apr, 2017 1 commit
-
-
Teng Qin authored
-
- 08 Apr, 2017 4 commits
-
-
Sasha Goldshtein authored
This commit migrates softirqs to use kernel tracepoints instead of kprobes. Because tracepoints only provide the vector number and not the function name, we use a conversion table, which is borrowed from kernel/softirq.c, to translate the vector number to a display name. This table is expected to be fairly stable. Notably, new names have not been added since approximately 2009, and the last rename (without adding or removing a name) was in 2014. Resolves #1031.
-
4ast authored
Fix compiler warning on redefined Macro
-
Teng Qin authored
-
Teng Qin authored
-