search

lizrice / learning-ebpf

Learning eBPF, published by O'Reilly - out now! Here's where you'll find a VM config for the examples, and more
https://www.amazon.com/Learning-eBPF-Programming-Observability-Networking/dp/1098135121
Apache License 2.0
1.19k stars 255 forks source link

Chapter 5 - No member named 'di' in 'struct pt_regs' #17

Closed sherwoodzern closed 1 year ago

sherwoodzern commented 1 year ago

I execute make and encounter the following error messages:

[opc@ebpf-testing chapter5]$ make clang \ -target bpf \ -D __TARGET_ARCH_x86 \ -Wall \ -O2 -g -o hello-buffer-config.bpf.o -c hello-buffer-config.bpf.c hello-buffer-config.bpf.c:27:5: error: no member named 'di' in 'struct pt_regs' int BPF_KPROBE_SYSCALL(hello, const char *pathname) ^~~~~~~~~~~ /usr/include/bpf/bpf_tracing.h:561:28: note: expanded from macro 'BPF_KPROBE_SYSCALL'

define BPF_KPROBE_SYSCALL BPF_KSYSCALL

                       ^

/usr/include/bpf/bpf_tracing.h:548:31: note: expanded from macro 'BPF_KSYSCALL' ? (struct pt_regs *)PT_REGS_PARM1(ctx) \ ^~~~~~ /usr/include/bpf/bpf_tracing.h:272:46: note: expanded from macro 'PT_REGS_PARM1'

define PT_REGS_PARM1(x) (PT_REGS_CAST(x)->PT_PARM1_REG)

                      ~~~~~~~~~~~~~~~~~  ^

/usr/include/bpf/bpf_tracing.h:77:24: note: expanded from macro '__PT_PARM1_REG'

define __PT_PARM1_REG di

                   ^

hello-buffer-config.bpf.c:27:5: error: no member named 'di' in 'struct pt_regs' int BPF_KPROBE_SYSCALL(hello, const char *pathname) ^~~~~~~~~~~ /usr/include/bpf/bpf_tracing.h:561:28: note: expanded from macro 'BPF_KPROBE_SYSCALL'

define BPF_KPROBE_SYSCALL BPF_KSYSCALL

                       ^

/usr/include/bpf/bpf_tracing.h:553:21: note: expanded from macro 'BPF_KSYSCALL' return _##name(bpf_syswrap_args(args)); \ ^~~~~~~~~ /usr/include/bpf/bpf_tracing.h:514:42: note: expanded from macro '___bpf_syswrap_args'

define _bpf_syswrapargs(args...) bpf_apply(_bpf_syswrapargs, bpf_narg(args))(args)

                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

note: (skipping 8 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) /usr/include/bpf/bpf_core_read.h:314:38: note: expanded from macro '___type'

define type(...) typeof(arrow(__VA_ARGS__))

                        ~~~~~~~~~^~~~~~~~~~~~

/usr/include/bpf/bpf_core_read.h:312:64: note: expanded from macro '___arrow'

define arrow(...) apply(arrow, narg(VA_ARGS))(VA_ARGS)

                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~

/usr/include/bpf/bpf_core_read.h:303:28: note: expanded from macro '___arrow2'

define ___arrow2(a, b) a->b

                    ~  ^

hello-buffer-config.bpf.c:27:5: error: no member named 'di' in 'struct pt_regs' int BPF_KPROBE_SYSCALL(hello, const char *pathname) ^~~~~~~~~~~ /usr/include/bpf/bpf_tracing.h:561:28: note: expanded from macro 'BPF_KPROBE_SYSCALL'

define BPF_KPROBE_SYSCALL BPF_KSYSCALL

                       ^

/usr/include/bpf/bpf_tracing.h:553:21: note: expanded from macro 'BPF_KSYSCALL' return _##name(bpf_syswrap_args(args)); \ ^~~~~~~~~ /usr/include/bpf/bpf_tracing.h:514:42: note: expanded from macro '___bpf_syswrap_args'

define _bpf_syswrapargs(args...) bpf_apply(_bpf_syswrapargs, bpf_narg(args))(args)

                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

note: (skipping 10 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) /usr/include/bpf/bpf_core_read.h:336:38: note: expanded from macro '_core_read0' __read(fn, dst, type(src), src, a);


/usr/include/bpf/bpf_core_read.h:317:61: note: expanded from macro '___read'
        read_fn((void *)(dst), sizeof(*(dst)), &((src_type)(src))->accessor)
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~
/usr/include/bpf/bpf_core_read.h:246:79: note: expanded from macro 'bpf_core_read'
        bpf_probe_read_kernel(dst, sz, (const void *)__builtin_preserve_access_index(src))
                                                                                     ^~~
hello-buffer-config.bpf.c:27:5: error: operand of type 'void' where arithmetic or pointer type is required
int BPF_KPROBE_SYSCALL(hello, const char *pathname)
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:561:28: note: expanded from macro 'BPF_KPROBE_SYSCALL'
#define BPF_KPROBE_SYSCALL BPF_KSYSCALL
                           ^
/usr/include/bpf/bpf_tracing.h:553:21: note: expanded from macro 'BPF_KSYSCALL'
                return ____##name(___bpf_syswrap_args(args));               \
                                  ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:514:42: note: expanded from macro '___bpf_syswrap_args'
#define ___bpf_syswrap_args(args...)     ___bpf_apply(___bpf_syswrap_args, ___bpf_narg(args))(args)
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
note: (skipping 4 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
/usr/include/bpf/bpf_tracing.h:324:39: note: expanded from macro 'PT_REGS_PARM1_CORE_SYSCALL'
#define PT_REGS_PARM1_CORE_SYSCALL(x) PT_REGS_PARM1_CORE(x)
                                      ^~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:283:31: note: expanded from macro 'PT_REGS_PARM1_CORE'
#define PT_REGS_PARM1_CORE(x) BPF_CORE_READ(__PT_REGS_CAST(x), __PT_PARM1_REG)
                              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_core_read.h:442:36: note: expanded from macro 'BPF_CORE_READ'
#define BPF_CORE_READ(src, a, ...) ({                                       \
                                   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hello-buffer-config.bpf.c:27:5: error: no member named 'di' in 'struct pt_regs'
int BPF_KPROBE_SYSCALL(hello, const char *pathname)
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:561:28: note: expanded from macro 'BPF_KPROBE_SYSCALL'
#define BPF_KPROBE_SYSCALL BPF_KSYSCALL
                           ^
/usr/include/bpf/bpf_tracing.h:555:21: note: expanded from macro 'BPF_KSYSCALL'
                return ____##name(___bpf_syscall_args(args));               \
                                  ^~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:505:42: note: expanded from macro '___bpf_syscall_args'
#define ___bpf_syscall_args(args...)     ___bpf_apply(___bpf_syscall_args, ___bpf_narg(args))(args)
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
note: (skipping 4 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all)
/usr/include/bpf/bpf_tracing.h:314:34: note: expanded from macro 'PT_REGS_PARM1_SYSCALL'
#define PT_REGS_PARM1_SYSCALL(x) PT_REGS_PARM1(x)
                                 ^~~~~~~~~~~~~~~~
/usr/include/bpf/bpf_tracing.h:272:46: note: expanded from macro 'PT_REGS_PARM1'
#define PT_REGS_PARM1(x) (__PT_REGS_CAST(x)->__PT_PARM1_REG)
                          ~~~~~~~~~~~~~~~~~  ^
/usr/include/bpf/bpf_tracing.h:77:24: note: expanded from macro '__PT_PARM1_REG'
#define __PT_PARM1_REG di

I can only assume that there are different versions being used. It is obviously related to the macro call. Any assistance is appreciated.
sherwoodzern commented 1 year ago

I recreated the vmlinux.h file and the issue is resolved.

thatsdone commented 1 month ago

Hello @lizrice I also got the same trouble.

I think it's better either of:

  1. Delete or rename vmlinux.h
  2. Make chapter5/Makefile clean target removing vmlinux.h