On 11/22/2018 11:14 PM, Daniel T. Lee wrote:
> Currently, kprobe_events failure won't be handled properly.
> Due to calling system() indirectly to write to kprobe_events,
> it can't be identified whether an error is derived from kprobe or system.
>
> // buf = "echo '%c:%s %s' >> /s/k/d/t/kprobe_events"
> err = system(buf);
> if (err < 0) {
> printf("failed to create kprobe ..");
> return -1;
> }
>
> For example, running ./tracex7 sample in ext4 partition,
> "echo p:open_ctree open_ctree >> /s/k/d/t/kprobe_events"
> gets 256 error code system() failure.
> => The error comes from kprobe, but it's not handled correctly.
>
> According to man of system(3), it's return value
> just passes the termination status of the child shell
> rather than treating the error as -1. (don't care success)
>
> Which means, currently it's not working as desired.
> (According to the upper code snippet)
>
> ex) running ./tracex7 with ext4 env.
> # Current Output
> sh: echo: I/O error
> failed to open event open_ctree
>
> # Desired Output
> failed to create kprobe 'open_ctree' error 'No such file or directory'
>
> The problem is, error can't be verified whether from child ps or system.
>
> But using write() directly can verify the command failure,
> and it will treat all error as -1.
>
> So I suggest using write() directly to 'kprobe_events'
> rather than calling system().
>
> Signed-off-by: Daniel T. Lee <danieltim...@gmail.com>
Applied to bpf-next, thanks!
