Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/samples/bpf/syscall_tp_kern.c
25924 views
1
// SPDX-License-Identifier: GPL-2.0-only

2
/* Copyright (c) 2017 Facebook

3
 */

4
#include <uapi/linux/bpf.h>

5
#include <bpf/bpf_helpers.h>

6


7
#if !defined(__aarch64__)

8
struct syscalls_enter_open_args {

9
	unsigned long long unused;

10
	long syscall_nr;

11
	long filename_ptr;

12
	long flags;

13
	long mode;

14
};

15
#endif

16


17
struct syscalls_exit_open_args {

18
	unsigned long long unused;

19
	long syscall_nr;

20
	long ret;

21
};

22


23
struct syscalls_enter_open_at_args {

24
	unsigned long long unused;

25
	long syscall_nr;

26
	long long dfd;

27
	long filename_ptr;

28
	long flags;

29
	long mode;

30
};

31


32
struct {

33
	__uint(type, BPF_MAP_TYPE_ARRAY);

34
	__type(key, u32);

35
	__type(value, u32);

36
	__uint(max_entries, 1);

37
} enter_open_map SEC(".maps");

38


39
struct {

40
	__uint(type, BPF_MAP_TYPE_ARRAY);

41
	__type(key, u32);

42
	__type(value, u32);

43
	__uint(max_entries, 1);

44
} exit_open_map SEC(".maps");

45


46
static __always_inline void count(void *map)

47
{

48
	u32 key = 0;

49
	u32 *value, init_val = 1;

50


51
	value = bpf_map_lookup_elem(map, &key);

52
	if (value)

53
		*value += 1;

54
	else

55
		bpf_map_update_elem(map, &key, &init_val, BPF_NOEXIST);

56
}

57


58
#if !defined(__aarch64__)

59
SEC("tracepoint/syscalls/sys_enter_open")

60
int trace_enter_open(struct syscalls_enter_open_args *ctx)

61
{

62
	count(&enter_open_map);

63
	return 0;

64
}

65
#endif

66


67
SEC("tracepoint/syscalls/sys_enter_openat")

68
int trace_enter_open_at(struct syscalls_enter_open_at_args *ctx)

69
{

70
	count(&enter_open_map);

71
	return 0;

72
}

73


74
SEC("tracepoint/syscalls/sys_enter_openat2")

75
int trace_enter_open_at2(struct syscalls_enter_open_at_args *ctx)

76
{

77
	count(&enter_open_map);

78
	return 0;

79
}

80


81
#if !defined(__aarch64__)

82
SEC("tracepoint/syscalls/sys_exit_open")

83
int trace_enter_exit(struct syscalls_exit_open_args *ctx)

84
{

85
	count(&exit_open_map);

86
	return 0;

87
}

88
#endif

89


90
SEC("tracepoint/syscalls/sys_exit_openat")

91
int trace_enter_exit_at(struct syscalls_exit_open_args *ctx)

92
{

93
	count(&exit_open_map);

94
	return 0;

95
}

96


97
SEC("tracepoint/syscalls/sys_exit_openat2")

98
int trace_enter_exit_at2(struct syscalls_exit_open_args *ctx)

99
{

100
	count(&exit_open_map);

101
	return 0;

102
}

103


104