varun-r-mallya/python-bpf
1
0
Fork 0
mirror of https://github.com/varun-r-mallya/Python-BPF.git synced 2026-03-18 19:21:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

add bpf_passthrough generation

Browse Source
This commit is contained in:
varun-r-mallya
2025-10-21 07:01:37 +05:30
parent 4179fbfc88
commit d8729342dc
5 changed files with 47 additions and 150004 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
tests/c-form/struct_field_tests.bpf.c
View File

@ -4,9 +4,33 @@
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
/*
Information gained from reversing this (multiple kernel versions):
There is no point of
```llvm
tail call void @llvm.dbg.value(metadata ptr %0, metadata !60, metadata !DIExpression()), !dbg !70
```
and the first argument of passthrough is fucking useless. It just needs to be a distinct integer:
```llvm
%9 = tail call ptr @llvm.bpf.passthrough.p0.p0(i32 3, ptr %8)
```
*/
SEC("tp/syscalls/sys_enter_execve")
int handle_setuid_entry(struct trace_event_raw_sys_enter *ctx) {
bpf_printk("args: %u", (unsigned int)ctx->args[0]);
// Access each argument separately with clear variable assignments
unsigned long arg0 = ctx->args[0];
bpf_printk("args[0]: %u", arg0);
unsigned long arg1 = ctx->args[1];
bpf_printk("args[1]: %u", arg1);
// Remove the duplicate access to args[1]
unsigned long arg2 = ctx->args[2];
bpf_printk("args[3]: %u", arg2);
bpf_printk("args[4]: %u", ctx->args[2]);
return 0;
}