commit 023154c7708087ddf6c2031cef5d25c2445b70c4
author Sumanth Korikkar <sumanthk@linux.ibm.com> Mon Apr 20 05:54:57 2020 -0500
committer Sumanth Korikkar <sumanthk@linux.ibm.com> Thu Apr 23 01:36:18 2020 -0500
tree 6985039cb187a94895d43f0e46bcae87cf26aae0
parent ac157b474b2e2964ec2cba81574f2bddbd62b42b

bcc/tools: Introduce bpf_probe_read_user to the tools.

This is essential for architecture which do have overlapping address space.
- bpf_probe_read_kernel() shall be used for reading data from kernel space
to the bpf vm.
- bpf_probe_read_user() shall be used for reading data from user space
  to the bpf vm.

Signed-off-by: Sumanth Korikkar <sumanthk@linux.ibm.com>

tools/lib/uobjnew.py

diff --git a/tools/lib/uobjnew.py b/tools/lib/uobjnew.py
index b8eed0f..f75ba04 100755
--- a/tools/lib/uobjnew.py
+++ b/tools/lib/uobjnew.py
@@ -98,7 +98,7 @@
     u64 classptr = 0, size = 0;
     bpf_usdt_readarg(2, ctx, &classptr);
     bpf_usdt_readarg(4, ctx, &size);
-    bpf_probe_read(&key.name, sizeof(key.name), (void *)classptr);
+    bpf_probe_read_user(&key.name, sizeof(key.name), (void *)classptr);
     valp = allocs.lookup_or_try_init(&key, &zero);
     if (valp) {
         valp->total_size += size;
@@ -132,7 +132,7 @@
     struct val_t *valp, zero = {};
     u64 classptr = 0;
     bpf_usdt_readarg(1, ctx, &classptr);
-    bpf_probe_read(&key.name, sizeof(key.name), (void *)classptr);
+    bpf_probe_read_user(&key.name, sizeof(key.name), (void *)classptr);
     valp = allocs.lookup_or_try_init(&key, &zero);
     if (valp) {
         valp->num_allocs += 1;  // We don't know the size, unfortunately