summaryrefslogtreecommitdiff
path: root/tools/perf/examples/bpf/augmented_raw_syscalls.c
diff options
context:
space:
mode:
Diffstat (limited to 'tools/perf/examples/bpf/augmented_raw_syscalls.c')
-rw-r--r--tools/perf/examples/bpf/augmented_raw_syscalls.c41
1 files changed, 38 insertions, 3 deletions
diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c
index 90a19336310b..53c233370fae 100644
--- a/tools/perf/examples/bpf/augmented_raw_syscalls.c
+++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c
@@ -14,8 +14,8 @@
* code that will combine entry/exit in a strace like way.
*/
-#include <stdio.h>
-#include <linux/socket.h>
+#include <unistd.h>
+#include <pid_filter.h>
/* bpf-output associated map */
struct bpf_map SEC("maps") __augmented_syscalls__ = {
@@ -25,6 +25,17 @@ struct bpf_map SEC("maps") __augmented_syscalls__ = {
.max_entries = __NR_CPUS__,
};
+struct syscall {
+ bool enabled;
+};
+
+struct bpf_map SEC("maps") syscalls = {
+ .type = BPF_MAP_TYPE_ARRAY,
+ .key_size = sizeof(int),
+ .value_size = sizeof(struct syscall),
+ .max_entries = 512,
+};
+
struct syscall_enter_args {
unsigned long long common_tp_fields;
long syscall_nr;
@@ -44,8 +55,11 @@ struct augmented_filename {
};
#define SYS_OPEN 2
+#define SYS_ACCESS 21
#define SYS_OPENAT 257
+pid_filter(pids_filtered);
+
SEC("raw_syscalls:sys_enter")
int sys_enter(struct syscall_enter_args *args)
{
@@ -53,10 +67,18 @@ int sys_enter(struct syscall_enter_args *args)
struct syscall_enter_args args;
struct augmented_filename filename;
} augmented_args;
+ struct syscall *syscall;
unsigned int len = sizeof(augmented_args);
const void *filename_arg = NULL;
+ if (pid_filter__has(&pids_filtered, getpid()))
+ return 0;
+
probe_read(&augmented_args.args, sizeof(augmented_args.args), args);
+
+ syscall = bpf_map_lookup_elem(&syscalls, &augmented_args.args.syscall_nr);
+ if (syscall == NULL || !syscall->enabled)
+ return 0;
/*
* Yonghong and Edward Cree sayz:
*
@@ -98,6 +120,7 @@ int sys_enter(struct syscall_enter_args *args)
* after the ctx memory access to prevent their down stream merging.
*/
switch (augmented_args.args.syscall_nr) {
+ case SYS_ACCESS:
case SYS_OPEN: filename_arg = (const void *)args->args[0];
__asm__ __volatile__("": : :"memory");
break;
@@ -125,7 +148,19 @@ int sys_enter(struct syscall_enter_args *args)
SEC("raw_syscalls:sys_exit")
int sys_exit(struct syscall_exit_args *args)
{
- return 1; /* 0 as soon as we start copying data returned by the kernel, e.g. 'read' */
+ struct syscall_exit_args exit_args;
+ struct syscall *syscall;
+
+ if (pid_filter__has(&pids_filtered, getpid()))
+ return 0;
+
+ probe_read(&exit_args, sizeof(exit_args), args);
+
+ syscall = bpf_map_lookup_elem(&syscalls, &exit_args.syscall_nr);
+ if (syscall == NULL || !syscall->enabled)
+ return 0;
+
+ return 1;
}
license(GPL);
generated by cgit v1.2.3 (git 2.39.0) at 2025-01-25 13:53:30 +0300