我正在尝试在密件抄送程序中通过 pid 获取 task_struct,我使用find_task_by_vpid但它得到一个错误:
bpf: Failed to load program: Invalid argument
jump out of range from insn 17 to 19
processed 0 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0
Traceback (most recent call last):
File "./fork.py", line 39, in <module>
b.attach_uretprobe(name="c", sym="fork", fn_name="do_trace")
File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 1186, in attach_uretprobe
fn = self.load_func(fn_name, BPF.KPROBE)
File "/usr/lib/python3/dist-packages/bcc/__init__.py", line 412, in load_func
raise Exception("Failed to load BPF program %s: %s" %
这是我的代码:
bpf_text = """
# include <linux/sched.h>
# include <linux/pid.h>
struct data_t{
u32 pid;
u32 tgid;
u32 ret ;
u32 task_pid;
char comm[TASK_COMM_LEN] ;
};
BPF_PERF_OUTPUT(events) ;
int do_trace(struct pt_regs *ctx) {
struct data_t data={} ;
struct task_struct *task ;
pid_t nr;
nr = PT_REGS_RC(ctx) ;
data.ret = nr;
if(nr!=0){
task = find_task_by_vpid(nr);
//data.task_pid = task->pid;
}
bpf_get_current_comm(&data.comm,sizeof(data.comm));
events.perf_submit(ctx,&data,sizeof(data));
};
"""
谁能告诉我如何解决问题或找到另一种获取 task_struct 的方法?