tracing: bpf: use struct trace_entry in struct syscall_tp_t

bpf tracepoint program uses struct trace_event_raw_sys_enter as
argument where trace_entry is the first field. Use the same instead
of unsigned long long since if it's amended (for example by RT
patch) it accesses data with wrong offset.

Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/20230801075222.7717-1-ykaliuta@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

diff --git a/kernel/trace/trace_syscalls.c b/kernel/trace/trace_syscalls.c
index 942ddbd..de75340 100644 (file)
--- a/kernel/trace/trace_syscalls.c
+++ b/kernel/trace/trace_syscalls.c
@@ -555,12 +555,15 @@ static int perf_call_bpf_enter(struct trace_event_call *call, struct pt_regs *re
                               struct syscall_trace_enter *rec)
 {
        struct syscall_tp_t {
-               unsigned long long regs;
+               struct trace_entry ent;
                unsigned long syscall_nr;
                unsigned long args[SYSCALL_DEFINE_MAXARGS];
-       } param;
+       } __aligned(8) param;
        int i;
 
+       BUILD_BUG_ON(sizeof(param.ent) < sizeof(void *));
+
+       /* bpf prog requires 'regs' to be the first member in the ctx (a.k.a. &param) */
        *(struct pt_regs **)&param = regs;
        param.syscall_nr = rec->nr;
        for (i = 0; i < sys_data->nb_args; i++)
@@ -657,11 +660,12 @@ static int perf_call_bpf_exit(struct trace_event_call *call, struct pt_regs *reg
                              struct syscall_trace_exit *rec)
 {
        struct syscall_tp_t {
-               unsigned long long regs;
+               struct trace_entry ent;
                unsigned long syscall_nr;
                unsigned long ret;
-       } param;
+       } __aligned(8) param;
 
+       /* bpf prog requires 'regs' to be the first member in the ctx (a.k.a. &param) */
        *(struct pt_regs **)&param = regs;
        param.syscall_nr = rec->nr;
        param.ret = rec->ret;