How to use structure in bpftracing scripting

Question

I have written a func.bt file to use a structure in my kprobe routine.

/* func.bt */

struct FUNC_PARAMS
{
    unsigned int client;
    void * params;
    unsigned int paramsSize;
    unsigned int status;
};

/* This script provides a reasonable estimate of the time spent
 * in processessing ioctls.
 */

BEGIN

But, when I run bpftrace func.bt, I get the following error:

func.bt:34:19-41: ERROR: Unknown struct/union: 'FUNC_PARAMS'

Complete script:

    struct FUNC_PARAMS
{
    unsigned int client;
    unsigned int paramsSize;
    void *data;
    unsigned int status;
};


kprobe:is_ioctl
{
    @start[comm] = nsecs;
    $temp = arg3;

    @call_count[comm,$temp] = count(); // per process, per ioctl number count of ioctl calls
    $client = ((FUNC_PARAMS *)arg2)->client;
    printf("client: %x \n", $client);  
}

kretprobe:is_ioctl /@start[comm]/
{
    $delta = nsecs - @start[comm];
    delete(@start[comm]);
}

Can someone please provide some pointers on how to use this structure correctly?

Answer 1

This is because just like in C, you cannot call a struct directly by the name you gave it: FUNC_PARAMS is unknown, you need the struct keyword with it. Replacing:

$client = ((FUNC_PARAMS *)arg2)->client;

with

$client = ((struct FUNC_PARAMS *)arg2)->client;

seems to solve the problem. In C people sometimes add a typedef struct FUNC_PARAMS FUNC_PARAMS to be able to use FUNC_PARAMS just like you attempted, but I am not sure bpftrace supports typedefs (nor would I recommend using it anyway).

With the above change, bpftrace goes one step further and complains with:

Attaching 2 probes...
cannot attach kprobe, Invalid argument
Error attaching probe: 'kretprobe:is_ioctl'

To me, it looks like it cannot find the is_ioctl function you want to attach to (and indeed, I see no such functions listed on my system in /proc/kallsyms, or in kernel sources for that matter).