diff options
Diffstat (limited to 'tools/perf/examples/bpf/augmented_raw_syscalls.c')
| -rw-r--r-- | tools/perf/examples/bpf/augmented_raw_syscalls.c | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c index 74ce7574073d..53c233370fae 100644 --- a/tools/perf/examples/bpf/augmented_raw_syscalls.c +++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c @@ -14,7 +14,6 @@ * code that will combine entry/exit in a strace like way. */ -#include <stdio.h> #include <unistd.h> #include <pid_filter.h> @@ -26,6 +25,17 @@ struct bpf_map SEC("maps") __augmented_syscalls__ = { .max_entries = __NR_CPUS__, }; +struct syscall { + bool enabled; +}; + +struct bpf_map SEC("maps") syscalls = { + .type = BPF_MAP_TYPE_ARRAY, + .key_size = sizeof(int), + .value_size = sizeof(struct syscall), + .max_entries = 512, +}; + struct syscall_enter_args { unsigned long long common_tp_fields; long syscall_nr; @@ -45,6 +55,7 @@ struct augmented_filename { }; #define SYS_OPEN 2 +#define SYS_ACCESS 21 #define SYS_OPENAT 257 pid_filter(pids_filtered); @@ -56,6 +67,7 @@ int sys_enter(struct syscall_enter_args *args) struct syscall_enter_args args; struct augmented_filename filename; } augmented_args; + struct syscall *syscall; unsigned int len = sizeof(augmented_args); const void *filename_arg = NULL; @@ -63,6 +75,10 @@ int sys_enter(struct syscall_enter_args *args) return 0; probe_read(&augmented_args.args, sizeof(augmented_args.args), args); + + syscall = bpf_map_lookup_elem(&syscalls, &augmented_args.args.syscall_nr); + if (syscall == NULL || !syscall->enabled) + return 0; /* * Yonghong and Edward Cree sayz: * @@ -104,6 +120,7 @@ int sys_enter(struct syscall_enter_args *args) * after the ctx memory access to prevent their down stream merging. */ switch (augmented_args.args.syscall_nr) { + case SYS_ACCESS: case SYS_OPEN: filename_arg = (const void *)args->args[0]; __asm__ __volatile__("": : :"memory"); break; @@ -131,7 +148,19 @@ int sys_enter(struct syscall_enter_args *args) SEC("raw_syscalls:sys_exit") int sys_exit(struct syscall_exit_args *args) { - return !pid_filter__has(&pids_filtered, getpid()); + struct syscall_exit_args exit_args; + struct syscall *syscall; + + if (pid_filter__has(&pids_filtered, getpid())) + return 0; + + probe_read(&exit_args, sizeof(exit_args), args); + + syscall = bpf_map_lookup_elem(&syscalls, &exit_args.syscall_nr); + if (syscall == NULL || !syscall->enabled) + return 0; + + return 1; } license(GPL); |