libbpf-tools/opensnoop: support mount full-path#5333
Merged
yonghong-song merged 1 commit intoiovisor:masterfrom Jun 15, 2025
Merged
libbpf-tools/opensnoop: support mount full-path#5333yonghong-song merged 1 commit intoiovisor:masterfrom
yonghong-song merged 1 commit intoiovisor:masterfrom
Conversation
Rtoax
requested review from
4ast,
brendangregg,
davemarchevsky,
drzaeus77,
goldshtn and
yonghong-song
as code owners
| if (dentry != mnt_root) | ||
| break; | ||
| if (mnt != mnt_parent) { | ||
| dentry = BPF_CORE_READ(mnt, mnt_mountpoint); |
Collaborator
There was a problem hiding this comment.
IIUC, correctly, dentry here is a 'hidden' dentry to facilitate path traversal. So after this, we should do dentry = BPF_CORE_READ(dentry, d_parent);?
Please look at this upstream patch https://lore.kernel.org/bpf/20250611220220.3681382-2-song@kernel.org/ to double check.
Contributor
Author
There was a problem hiding this comment.
I tried, but tracking the wrong path
diff --git a/libbpf-tools/opensnoop.bpf.c b/libbpf-tools/opensnoop.bpf.c
index 64d931a8..08510e42 100644
--- a/libbpf-tools/opensnoop.bpf.c
+++ b/libbpf-tools/opensnoop.bpf.c
@@ -189,6 +189,7 @@ int trace_exit(struct syscall_trace_exit* ctx)
if (mnt != mnt_parent) {
dentry = BPF_CORE_READ(mnt, mnt_mountpoint);
+ dentry = BPF_CORE_READ(dentry, d_parent);
mnt = mnt_parent;
vfsmnt = &mnt->mnt;For example:
$ mount | grep sda
/dev/sda on /home/sda type xfs ...
/home/sda/rongtao/a.out
^^^
[1]
/* get 'rongtao' mount point 'sda' */
[1] dentry = BPF_CORE_READ(mnt, mnt_mountpoint);
[2] dentry = BPF_CORE_READ(dentry, d_parent);
so, i think there is no need [2] after [1], right?
Collaborator
There was a problem hiding this comment.
I tried a nested mount example. You are right, the [2] is not needed.
Like d_path()/prepend_path() [1] did, get mount parent full-path. Although
full-path support is added in [2], when there is a mount point in the path,
[2] does not display the true full-path, for example:
/dev/sda mount on /home/sda/:
$ mount | grep sda
/dev/sda on /home/sda type xfs ...
$ cd /home/sda/rongtao/
$ touch a.out
$ sudo ./opensnoop -F | grep touch -w
PID COMM FD ERR PATH
216942 touch 3 0 /rongtao/a.out
^^^^^^^^^^^^^^
This patch will handle the mount points, tracking the real full-path:
$ sudo ./opensnoop -F
PID COMM FD ERR PATH
216568 touch 3 0 /home/sda/rongtao/a.out
^^^^^^^^^
[1] https://github.com/torvalds/linux/blob/master/fs/d_path.c
[2] iovisor@b1c5548d4763
Signed-off-by: Rong Tao <rongtao@cestc.cn>
Rtoax
force-pushed
the
patch-97-libbpf-opensnoop-mnt
branch
from
35a178b to
788595b
Compare
Rtoax
added a commit
to Rtoax/bcc
that referenced
this pull request
Jun 22, 2025
Like libbpf-tools/opensnoop [1] did, get mount parent full-path. [1] iovisor#5333 iovisor@6291ff5241e7 Signed-off-by: Rong Tao <rongtao@cestc.cn>
yonghong-song
pushed a commit
that referenced
this pull request
Jun 24, 2025
Like libbpf-tools/opensnoop [1] did, get mount parent full-path. [1] #5333 6291ff5241e7 Signed-off-by: Rong Tao <rongtao@cestc.cn>
ekyooo
added a commit
to ekyooo/bcc
that referenced
this pull request
Jan 23, 2026
* Support for kernel up to 6.18
* New Tools
tools/softirqslower: New tool to trace slow software interrupt handlers (iovisor#5356)
* Enhanced Functionality
libbpf-tools/opensnoop: Added full-path support with `-F` option (iovisor#5323, iovisor#5333)
libbpf-tools/filelife: Added full-path support (iovisor#5347, ab8e061)
libbpf-tools: Introduced path helpers (ab8e061)
libbpf-tools/trace_helpers: Added str_loadavg() and str_timestamp() common functions (694de9f)
libbpf-tools/filetop: Added directory filter capability (iovisor#5300)
libbpf-tools/runqslower: Added `-c` option to filter by process name prefix (673911c)
libbpf-tools/runqlat: Dynamically size pid/pidns histogram map (iovisor#5342)
libbpf-tools/fsdist, fsslower: Added support for fuse filesystem (9691c56)
libbpf-tools/tcptop: Major refactoring using fentry/fexit for better performance (75bb73a, e2c7917, d786eaa, da3a474)
tools/opensnoop: Added full-path support with `-F` option (iovisor#5334, iovisor#5339)
tools/kvmexit: Added AMD processor support and parallel post-processing (13a4e5a, c2af2ee)
tools/offwaketime: Added raw tracepoint support to reduce overhead (380ee01)
Python uprobe API: Added functionality to detach all uprobes for a binary (iovisor#5325)
Python API: Added support for executing a program and tracing it (iovisor#5362)
* Bug Fixes
libbpf-tools/filelife: Fixed wrong full-path handling (iovisor#5347)
libbpf-tools/filelife: Fixed problem when using perf-buffer (ec8415b)
libbpf-tools/funclatency: Delete the element from the `starts` map after it has been used (06ce134)
libbpf-tools/offcputime: Fixed min/max_block_ns unit conversion error (iovisor#5327, d507a53)
libbpf-tools/syncsnoop: Added support for sync_file_range2 and arm_sync_file_range() (4287921)
libbpf-tools/ksnoop: Fixed two invalid access to map value (iovisor#5361)
libbpf-tools/klockstat: Allows kprobe fallback to work with lock debugging (iovisor#5359)
libbpf-tools/biotop: Fixed segmentation fault with musl libc build (52d2d09)
libbpf-tools/syscall_helpers, Python BCC: Updated syscall list (add file_getattr/file_setattr) (b63d7e3, a9c6650)
tools/tcpaccept: Fixed on recent kernels (c208d0e)
tools/tcpconnect: Fixed iov field for DNS with Linux>=6.4 (iovisor#5382)
tools/javaobjnew: Use MIN macro instead of min function (fb8910a)
tools/biolatency, biosnoop, biotop: Use TRACEPOINT_PROBE() for tracepoints (iovisor#5366)
Various tools: Don't use the old bpf_probe_read() helper (1cc15c3)
CC: Support versioned SONAME in shared library resolution (beb1fe4, c351210)
Python TCP: Added state2str() and applied to tools (bfa05d2)
s390 architecture: Prevent invalid mem access when reading PAGE_OFFSET (d8595ee)
* Build & Test Fixes
Fixed build failure with clang21 (iovisor#5369)
Fixed build for LLVM 23 by avoiding deprecated TargetRegistry overloads (iovisor#5401)
ci: Make version.cmake handle shallow clone (2232b7e)
ci: Various test fixes for proper CI operation (blk probes, rss_stat, kmalloc, btrfs/f2fs) (a499181, c338547, 6b7dd5d, ea5cf83)
tests: Added coverage for versioned SONAME resolution (c351210)
Removed luajit options to ensure no errors (26eaf13)
* Doc update, other bug fixes and tools improvement
ekyooo
added a commit
that referenced
this pull request
Jan 26, 2026
* Support for kernel up to 6.18
* New Tools
tools/softirqslower: New tool to trace slow software interrupt handlers (#5356)
* Enhanced Functionality
libbpf-tools/opensnoop: Added full-path support with `-F` option (#5323, #5333)
libbpf-tools/filelife: Added full-path support (#5347, ab8e061)
libbpf-tools: Introduced path helpers (ab8e061)
libbpf-tools/trace_helpers: Added str_loadavg() and str_timestamp() common functions (694de9f)
libbpf-tools/filetop: Added directory filter capability (#5300)
libbpf-tools/runqslower: Added `-c` option to filter by process name prefix (673911c)
libbpf-tools/runqlat: Dynamically size pid/pidns histogram map (#5342)
libbpf-tools/fsdist, fsslower: Added support for fuse filesystem (9691c56)
libbpf-tools/tcptop: Major refactoring using fentry/fexit for better performance (75bb73a, e2c7917, d786eaa, da3a474)
tools/opensnoop: Added full-path support with `-F` option (#5334, #5339)
tools/kvmexit: Added AMD processor support and parallel post-processing (13a4e5a, c2af2ee)
tools/offwaketime: Added raw tracepoint support to reduce overhead (380ee01)
Python uprobe API: Added functionality to detach all uprobes for a binary (#5325)
Python API: Added support for executing a program and tracing it (#5362)
* Bug Fixes
libbpf-tools/filelife: Fixed wrong full-path handling (#5347)
libbpf-tools/filelife: Fixed problem when using perf-buffer (ec8415b)
libbpf-tools/funclatency: Delete the element from the `starts` map after it has been used (06ce134)
libbpf-tools/offcputime: Fixed min/max_block_ns unit conversion error (#5327, d507a53)
libbpf-tools/syncsnoop: Added support for sync_file_range2 and arm_sync_file_range() (4287921)
libbpf-tools/ksnoop: Fixed two invalid access to map value (#5361)
libbpf-tools/klockstat: Allows kprobe fallback to work with lock debugging (#5359)
libbpf-tools/biotop: Fixed segmentation fault with musl libc build (52d2d09)
libbpf-tools/syscall_helpers, Python BCC: Updated syscall list (add file_getattr/file_setattr) (b63d7e3, a9c6650)
tools/tcpaccept: Fixed on recent kernels (c208d0e)
tools/tcpconnect: Fixed iov field for DNS with Linux>=6.4 (#5382)
tools/javaobjnew: Use MIN macro instead of min function (fb8910a)
tools/biolatency, biosnoop, biotop: Use TRACEPOINT_PROBE() for tracepoints (#5366)
Various tools: Don't use the old bpf_probe_read() helper (1cc15c3)
CC: Support versioned SONAME in shared library resolution (beb1fe4, c351210)
Python TCP: Added state2str() and applied to tools (bfa05d2)
s390 architecture: Prevent invalid mem access when reading PAGE_OFFSET (d8595ee)
* Build & Test Fixes
Fixed build failure with clang21 (#5369)
Fixed build for LLVM 23 by avoiding deprecated TargetRegistry overloads (#5401)
ci: Make version.cmake handle shallow clone (2232b7e)
ci: Various test fixes for proper CI operation (blk probes, rss_stat, kmalloc, btrfs/f2fs) (a499181, c338547, 6b7dd5d, ea5cf83)
tests: Added coverage for versioned SONAME resolution (c351210)
Removed luajit options to ensure no errors (26eaf13)
* Doc update, other bug fixes and tools improvement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Like d_path()/prepend_path() [1] did, get mount parent full-path. Although full-path support is added in [2], when there is a mount point in the path, [2] does not display the true full-path, for example:
/dev/sda mount on /home/sda/:
This patch will handle the mount points, tracking the real full-path:
[1] https://github.com/torvalds/linux/blob/master/fs/d_path.c
[2] b1c5548d4763