bcc
bcc copied to clipboard
iovisor
why my "sys_ioctl" of v4l2 is incorrect
I write a program to probe the "sys_ioctl" of v4l2, and my program is very simple, like this:
#include <unistd.h>
#include
#include <bcc_version.h> #include <BPF.h> #include <linux/videodev2.h>
const std::string BPF_PROGRAM = R"( #include <linux/ptrace.h> int on_sys_ioctl(struct pt_regs *regs, uint32_t fd, uint32_t req) { bpf_trace_printk("Hello, World! Here I did a sys_ioctl call, %u, %u!\n", fd, req); return 0; } )";
int main() { ebpf::BPF bpf; auto init_res = bpf.init(BPF_PROGRAM); if (!init_res.ok()) { std::cerr << init_res.msg() << std::endl; return 1; }
printf("VIDIOC_DQBUF: %lu, VIDIOC_QBUF: %lu, %lu\n", VIDIOC_DQBUF, VIDIOC_QBUF, sizeof(VIDIOC_QBUF));
std::ifstream pipe("/sys/kernel/debug/tracing/trace_pipe"); std::string line; std::string clone_fnname = bpf.get_syscall_fnname("ioctl");
printf("clone_fnname: %s\n", clone_fnname.c_str());
auto attach_res = bpf.attach_kprobe(clone_fnname, "on_sys_ioctl"); if (!attach_res.ok()) { std::cerr << attach_res.msg() << std::endl; return 1; }
std::cout << "Starting HelloWorld with BCC " << LIBBCC_VERSION << std::endl;
while (true) { if (std::getline(pipe, line)) { if(std::string("") != line){ std::cout << "cur_line: " << line << std::endl; } } else { std::cout << "Waiting for a sys_clone event" << std::endl; } }
return 0; }
it run normally,
my taget is filtering the "VIDIOC_DQBUF" and "VIDIOC_QBUF"
but, I found the "fd" and "req" is incorrect, like this:
cur_line: simple_test_isp-3102 [005] d...2.. 11705.850734: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.850776: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.850872: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.850905: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.850924: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.862863: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.862910: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.862988: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.863006: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
cur_line: simple_test_isp-3102 [005] d...2.. 11705.863019: bpf_trace_printk: Hello, World! Here I did a sys_ioctl call, 372686512, 271410580!
the "fd" and "req" cannot match the ground trueth value in my v4l2 program. for exmpale, the "fd" should be 9, instead of 372686512 from eBPF, the req should be 3227014673(VIDIOC_DQBUF) or 3227014671(VIDIOC_QBUF), instead of 271410580.
my platform is ubuntu 20.04, and aarch64.
I don't know why I cannot grab the correct "fd" and "req" for the sys_ioctl?
Is there anyone would like to teach me the secret?
