I am experimenting to print the value pid from the task_strcut using bpf inside the kernel with the following program.
from __future__ import print_function
from bcc import BPF
prog = """
#include <linux/sched.h>
int trace(void *ctx) {
int pid = current->pid;
bpf_trace_printk("val (%d)", pid);
return 0;
}
"""
b = BPF(text=prog)
b.attach_kprobe(event="<a kernel function>", fn_name="trace")
print("PID MESSAGE")
try:
b.trace_print(fmt="{1} {5}")
except KeyboardInterrupt:
exit()
Following is the error:
#define __HAVE_BUILTIN_BSWAP16__
^
<command line>:3:9: note: previous definition is here
#define __HAVE_BUILTIN_BSWAP16__ 1
^
3 warnings generated.
error: invalid operand in inline asm: 'movq %gs:${1:P}, $0' at line 2149017352
This error was fixed upstream in bcc with commit https://github.com/iovisor/bcc/commit/d089013e8c6ee0b82d012c1814f822b00695691f. You'll need bcc version v0.20.0 or newer to have this fix.
In short, the issue was in the order of definitions. bcc would have its fallback macro definition before the kernel's, hence compilation failed because the macro is already defined. Moving the bcc fallback definition last solves this.