cilium · lmb · Jun 10, 2021 · May 14, 2021 · Jun 4, 2021 · Jun 9, 2021
diff --git a/examples/kprobe/bpf/kprobe_example.c b/examples/kprobe/bpf/kprobe_example.c
@@ -10,7 +10,7 @@ struct bpf_map_def SEC("maps") kprobe_map = {
     .max_entries = 1,
 };
 
-SEC("kprobe/__x64_sys_execve")
+SEC("kprobe/sys_execve")
 int kprobe_execve() {
     u32 key = 0;
     u64 initval = 1, *valp;

diff --git a/examples/kprobe/main.go b/examples/kprobe/main.go
@@ -1,7 +1,7 @@
 // +build linux
 
 // This program demonstrates attaching an eBPF program to a kernel symbol.
-// The eBPF program will be attached to the start of the __x64_sys_execve
+// The eBPF program will be attached to the start of the
 // kernel function and prints out the number of times it has been called
 // every second.
 package main
@@ -24,7 +24,7 @@ const mapKey uint32 = 0
 func main() {
 
 	// Name of the kernel function to trace.
-	fn := "__x64_sys_execve"
+	fn := "sys_execve"
 
 	// Subscribe to signals for terminating the program.
 	stopper := make(chan os.Signal, 1)

diff --git a/link/kprobe.go b/link/kprobe.go
@@ -131,7 +131,10 @@ func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) {
 	}
 
 	// Use kprobe PMU if the kernel has it available.
-	tp, err := pmuKprobe(symbol, ret)
+	tp, err := pmuKprobe(platformPrefix(symbol), ret)
+	if errors.Is(err, os.ErrNotExist) {
+		tp, err = pmuKprobe(symbol, ret)
+	}
 	if err == nil {
 		return tp, nil
 	}
@@ -140,7 +143,10 @@ func kprobe(symbol string, prog *ebpf.Program, ret bool) (*perfEvent, error) {
 	}
 
 	// Use tracefs if kprobe PMU is missing.
-	tp, err = tracefsKprobe(symbol, ret)
+	tp, err = tracefsKprobe(platformPrefix(symbol), ret)
+	if errors.Is(err, os.ErrNotExist) {
+		tp, err = tracefsKprobe(symbol, ret)
+	}
 	if err != nil {
 		return nil, fmt.Errorf("creating trace event '%s' in tracefs: %w", symbol, err)
 	}

diff --git a/link/kprobe_test.go b/link/kprobe_test.go
@@ -288,18 +288,9 @@ func TestDetermineRetprobeBit(t *testing.T) {
 func TestKprobeProgramCall(t *testing.T) {
 	m, p := newUpdaterMapProg(t, ebpf.Kprobe)
 
-	// Open Kprobe on `__x64_sys_getpid` and attach it
+	// Open Kprobe on `sys_getpid` and attach it
 	// to the ebpf program created above.
-	k, err := Kprobe("__x64_sys_getpid", p)
-	if errors.Is(err, os.ErrNotExist) {
-		// Use the correct symbol based on the kernel version.
-		// Since 4.17, syscalls symbols are generated with the `__x64_` prefix.
-		// https://github.com/torvalds/linux/commit/d5a00528b58cdb2c71206e18bd021e34c4eab878
-		k, err = Kprobe("sys_getpid", p)
-		if err != nil {
-			t.Fatal(err)
-		}
-	}
+	k, err := Kprobe("sys_getpid", p)
 	if err != nil {
 		t.Fatal(err)
 	}

diff --git a/link/perf_event_test.go b/link/perf_event_test.go
@@ -27,7 +27,7 @@ func TestTraceEventTypePMU(t *testing.T) {
 func TestTraceEventID(t *testing.T) {
 	c := qt.New(t)
 
-	eid, err := getTraceEventID("syscalls", "sys_enter_fork")
+	eid, err := getTraceEventID("syscalls", "sys_enter_execve")
 	c.Assert(err, qt.IsNil)
 	c.Assert(eid, qt.Not(qt.Equals), 0)
 }

diff --git a/link/platform.go b/link/platform.go
@@ -0,0 +1,25 @@
+package link
+
+import (
+	"fmt"
+	"runtime"
+)
+
+func platformPrefix(symbol string) string {
+
+	prefix := runtime.GOARCH
+
+	// per https://github.com/golang/go/blob/master/src/go/build/syslist.go
+	switch prefix {
+	case "386":
+		prefix = "ia32"
+	case "amd64", "amd64p32":
+		prefix = "x64"
+	case "arm64", "arm64be":
+		prefix = "arm64"
+	default:
+		return symbol
+	}
+
+	return fmt.Sprintf("__%s_%s", prefix, symbol)
+}
diff --git a/link/tracepoint_test.go b/link/tracepoint_test.go
@@ -79,7 +79,7 @@ func TestTracepointErrors(t *testing.T) {
 }
 
 func TestTraceGetEventID(t *testing.T) {
-	_, err := getTraceEventID("syscalls", "sys_enter_open")
+	_, err := getTraceEventID("syscalls", "sys_enter_openat")
 	if err != nil {
 		t.Fatal("Can't read trace event ID:", err)
 	}

diff --git a/testdata/docker/README.md b/testdata/docker/README.md
@@ -18,6 +18,13 @@ Building the image requires Docker. Run the build with:
 
 This updates the `VERSION` file. Commit it and submit a PR upstream.
 
+### Regeneration Testdata on non-x86 platforms
+
+Before running `make`, ensure [Docker buildx](https://docs.docker.com/buildx/working-with-buildx/)
+is enabled. Additionally `QEMU user` and `binfmt` should be installed. On a Debian based distribution
+the command to add them is `apt install qemu-user-static binfmt-support`.
+
+
 ## Pushing
 
 After building, push the image to the Docker registry specified in `IMAGE` with: