scread.bt doesn't name files

brendangregg / bpf-perf-tools-book

Official repository for the BPF Performance Tools book

1.55k stars 274 forks source link

scread.bt doesn't name files #11

Open bradfair opened 4 years ago

bradfair commented 4 years ago

Having copied the source from this repo just to ensure I wasn't fat-fingering it, the output of scread appears as:

[root@aws-instance build]# scread.bt
Attaching 1 probe...
^C

@filename[]: 20

On bpftrace v0.9.2-247-g4fe9, built about 15 mins ago. Kernel 4.18.0-147.3.1.el8_1.x86_64 How might I approach troubleshooting this?

mmisono commented 4 years ago

The program should be

--- a/originals/Ch08_FileSystems/scread.bt
+++ b/originals/Ch08_FileSystems/scread.bt
@@ -20,6 +20,6 @@
 tracepoint:syscalls:sys_enter_read
 {
        $task = (struct task_struct *)curtask;
-       $file = (struct file *)*($task->files->fdt->fd + args->fd);
+       $file = (struct file *)*($task->files->fdt->fd + args->fd*8);
        @filename[str($file->f_path.dentry->d_name.name)] = count();
 }

(I'm not sure if bpftrace changed the behavior. )

thraxil commented 2 years ago

Just a quick note to mention that @mmisono's fix no longer works (as of bpftrace 0.9.4, kernel 5.4.0-77).