retsnoop: allow injected probe context capture on all arches

While both function and injected probe context arguments capture are controlled with the same -A switch, context argument capture isn't architecture specific, so it's ok to enable it everywhere. Signed-off-by: Andrii Nakryiko <[email protected]>
anakryiko · Sep 2, 2024 · 1129d55 · 1129d55
1 parent 136d1a3
commit 1129d55
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/src/retsnoop.bpf.c b/src/retsnoop.bpf.c
@@ -106,7 +106,8 @@ const volatile bool emit_call_stack = true;
 const volatile bool emit_func_trace = true;
 const volatile bool emit_success_stacks = true;
 const volatile bool emit_interim_stacks = true;
-const volatile bool capture_args = true;
+const volatile bool capture_fn_args = true;
+const volatile bool capture_ctx_args = true;
 const volatile bool capture_raw_ptrs = true;
 const volatile bool use_lbr = true;
 const volatile bool use_kprobes = true;
@@ -662,7 +663,7 @@ static __noinline bool push_call_stack(void *ctx, u32 id, u64 ip)
 		tsk = (void *)bpf_get_current_task();
 		BPF_CORE_READ_INTO(&sess->proc_comm, tsk, group_leader, comm);
 
-		if (emit_func_trace || capture_args) {
+		if (emit_func_trace || capture_fn_args || capture_ctx_args) {
 			if (!emit_session_start(sess)) {
 				vlog("DEFUNCT SESSION %d TID/PID %d/%d: failed to send SESSION_START record!",
 				     sess->sess_id, sess->pid, sess->tgid);
@@ -734,7 +735,7 @@ static __noinline bool push_call_stack(void *ctx, u32 id, u64 ip)
 skip_ft_entry:;
 	}
 
-	if (capture_args)
+	if (capture_fn_args)
 		record_fnargs(ctx, sess, id, seq_id);
 
 	if (verbose) {
@@ -1259,7 +1260,7 @@ static void handle_inj_probe(void *ctx, u32 id)
 		bpf_ringbuf_submit(r, 0);
 	}
 
-	if (emit_func_trace && capture_args)
+	if (emit_func_trace && capture_ctx_args)
 		record_ctxargs(ctx, sess, id, seq_id);
 
 	/* for now, in --interim-stacks (-I) mode we'll emit interim stacks

diff --git a/src/retsnoop.c b/src/retsnoop.c
@@ -367,13 +367,6 @@ int main(int argc, char **argv, char **envp)
 		err = -EOPNOTSUPP;
 		goto cleanup_silent;
 	}
-#ifndef __x86_64__
-	if (env.capture_args) {
-		elog("Function arguments capture is only supported on x86-64 architecture!\n");
-		err = -EOPNOTSUPP;
-		goto cleanup_silent;
-	}
-#endif
 	if (!env.emit_func_trace)
 		env.emit_call_stack = true;
 	 /* default setting for success stacks, resolve based on call stack vs func trace modes */
@@ -418,7 +411,12 @@ int main(int argc, char **argv, char **envp)
 	skel->rodata->use_kprobes = env.attach_mode != ATTACH_FENTRY;
 	memset(skel->rodata->spaces, ' ', sizeof(skel->rodata->spaces) - 1);
 
-	skel->rodata->capture_args = env.capture_args;
+#ifdef __x86_64__
+	skel->rodata->capture_fn_args = env.capture_args;
+#else
+	skel->rodata->capture_fn_args = false;
+#endif
+	skel->rodata->capture_ctx_args = env.capture_args;
 	skel->rodata->capture_raw_ptrs = env.args_capture_raw_ptrs;
 	skel->rodata->args_max_total_args_sz = env.args_max_total_args_size;
 	skel->rodata->args_max_sized_arg_sz = env.args_max_sized_arg_size;
@@ -529,6 +527,7 @@ int main(int argc, char **argv, char **envp)
 	}
 
 	if (env.capture_args) {
+#ifdef __x86_64__
 		for (i = 0; i < func_cnt; i++) {
 			const struct mass_attacher_func_info *finfo;
 
@@ -539,6 +538,9 @@ int main(int argc, char **argv, char **envp)
 				goto cleanup_silent;
 			}
 		}
+#else
+		vlog("Function arguments capture is only supported on x86-64 architecture!\n");
+#endif
 	}
 
 	if (env.capture_args && env.inject_probe_cnt) {
@@ -641,13 +643,15 @@ int main(int argc, char **argv, char **envp)
 		fi->ip = finfo->addr;
 		fi->flags = flags;
 
+#ifdef __x86_64__
 		if (env.capture_args) {
 			const struct func_args_info *fn_args = func_args_info(i);
 
 			for (j = 0; j < fn_args->arg_spec_cnt; j++) {
 				fi->arg_specs[j] = fn_args->arg_specs[j].arg_flags;
 			}
 		}
+#endif /* __x86_64__ */
 	}
 
 	for (i = 0; i < env.entry_glob_cnt; i++) {