Thread (9 messages) 9 messages, 4 authors, 2025-07-31

Re: [PATCH] tracing/probes: Allow use of BTF names to dereference pointers

From: Steven Rostedt <rostedt@goodmis.org>
Date: 2025-07-29 15:40:21
Also in: bpf, lkml 

On Tue, 29 Jul 2025 11:33:35 -0400
Steven Rostedt [off-list ref] wrote:

Anonymous structures are also handled:

  # echo 'e:xmit net.net_dev_xmit +net_device.name(+sk_buff.dev($skbaddr)):string' >> dynamic_events

Where "+net_device.name(+sk_buff.dev($skbaddr))" is equivalent to:

  (*(struct net_device *)((*(struct sk_buff *)($skbaddr))->dev)->name)
The above in wrong. It is equivalent to:

  (*(struct net_device *)((*(struct sk_buff *)($skbaddr)).dev).name)

I purposely tried to not use "->" but then failed to do so :-p

And nested structures can be found by adding more members to the arg:

  # echo 'f:read filemap_readahead.isra.0 file=+0(+dentry.d_name.name(+file.f_path.dentry($arg2))):string' >> dynamic_events

The above is equivalent to:

  *((*(struct dentry *)(*(struct file *)$arg2)->f_path.dentry)->d_name.name)
And this is supposed to be:

   *((*(struct dentry *)(*(struct file *)$arg2).f_path.dentry).d_name.name)

-- Steve
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help