Linux Audio

Check our new training course

Linux BSP upgrade and security maintenance

Need help to get security updates for your Linux BSP?
Open Menu / samples / bpf / tracex2_kern.c
Loading...
v4.6
  1/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com
  2 *
  3 * This program is free software; you can redistribute it and/or
  4 * modify it under the terms of version 2 of the GNU General Public
  5 * License as published by the Free Software Foundation.
  6 */
  7#include <linux/skbuff.h>
  8#include <linux/netdevice.h>
  9#include <linux/version.h>
 10#include <uapi/linux/bpf.h>
 11#include "bpf_helpers.h"
 12
 13struct bpf_map_def SEC("maps") my_map = {
 14	.type = BPF_MAP_TYPE_HASH,
 15	.key_size = sizeof(long),
 16	.value_size = sizeof(long),
 17	.max_entries = 1024,
 18};
 
 
 19
 20/* kprobe is NOT a stable ABI. If kernel internals change this bpf+kprobe
 21 * example will no longer be meaningful
 22 */
 23SEC("kprobe/kfree_skb")
 24int bpf_prog2(struct pt_regs *ctx)
 25{
 26	long loc = 0;
 27	long init_val = 1;
 28	long *value;
 29
 30	/* read ip of kfree_skb caller.
 31	 * non-portable version of __builtin_return_address(0)
 32	 */
 33	BPF_KPROBE_READ_RET_IP(loc, ctx);
 34
 35	value = bpf_map_lookup_elem(&my_map, &loc);
 36	if (value)
 37		*value += 1;
 38	else
 39		bpf_map_update_elem(&my_map, &loc, &init_val, BPF_ANY);
 40	return 0;
 41}
 42
 43static unsigned int log2(unsigned int v)
 44{
 45	unsigned int r;
 46	unsigned int shift;
 47
 48	r = (v > 0xFFFF) << 4; v >>= r;
 49	shift = (v > 0xFF) << 3; v >>= shift; r |= shift;
 50	shift = (v > 0xF) << 2; v >>= shift; r |= shift;
 51	shift = (v > 0x3) << 1; v >>= shift; r |= shift;
 52	r |= (v >> 1);
 53	return r;
 54}
 55
 56static unsigned int log2l(unsigned long v)
 57{
 58	unsigned int hi = v >> 32;
 59	if (hi)
 60		return log2(hi) + 32;
 61	else
 62		return log2(v);
 63}
 64
 65struct hist_key {
 66	char comm[16];
 67	u64 pid_tgid;
 68	u64 uid_gid;
 69	u32 index;
 70};
 71
 72struct bpf_map_def SEC("maps") my_hist_map = {
 73	.type = BPF_MAP_TYPE_PERCPU_HASH,
 74	.key_size = sizeof(struct hist_key),
 75	.value_size = sizeof(long),
 76	.max_entries = 1024,
 77};
 78
 79SEC("kprobe/sys_write")
 80int bpf_prog3(struct pt_regs *ctx)
 81{
 82	long write_size = PT_REGS_PARM3(ctx);
 83	long init_val = 1;
 84	long *value;
 85	struct hist_key key = {};
 86
 87	key.index = log2l(write_size);
 88	key.pid_tgid = bpf_get_current_pid_tgid();
 89	key.uid_gid = bpf_get_current_uid_gid();
 90	bpf_get_current_comm(&key.comm, sizeof(key.comm));
 91
 92	value = bpf_map_lookup_elem(&my_hist_map, &key);
 93	if (value)
 94		__sync_fetch_and_add(value, 1);
 95	else
 96		bpf_map_update_elem(&my_hist_map, &key, &init_val, BPF_ANY);
 97	return 0;
 98}
 99char _license[] SEC("license") = "GPL";
100u32 _version SEC("version") = LINUX_VERSION_CODE;
v5.9
  1/* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com
  2 *
  3 * This program is free software; you can redistribute it and/or
  4 * modify it under the terms of version 2 of the GNU General Public
  5 * License as published by the Free Software Foundation.
  6 */
  7#include <linux/skbuff.h>
  8#include <linux/netdevice.h>
  9#include <linux/version.h>
 10#include <uapi/linux/bpf.h>
 11#include <bpf/bpf_helpers.h>
 12#include <bpf/bpf_tracing.h>
 13#include "trace_common.h"
 14
 15struct {
 16	__uint(type, BPF_MAP_TYPE_HASH);
 17	__type(key, long);
 18	__type(value, long);
 19	__uint(max_entries, 1024);
 20} my_map SEC(".maps");
 21
 22/* kprobe is NOT a stable ABI. If kernel internals change this bpf+kprobe
 23 * example will no longer be meaningful
 24 */
 25SEC("kprobe/kfree_skb")
 26int bpf_prog2(struct pt_regs *ctx)
 27{
 28	long loc = 0;
 29	long init_val = 1;
 30	long *value;
 31
 32	/* read ip of kfree_skb caller.
 33	 * non-portable version of __builtin_return_address(0)
 34	 */
 35	BPF_KPROBE_READ_RET_IP(loc, ctx);
 36
 37	value = bpf_map_lookup_elem(&my_map, &loc);
 38	if (value)
 39		*value += 1;
 40	else
 41		bpf_map_update_elem(&my_map, &loc, &init_val, BPF_ANY);
 42	return 0;
 43}
 44
 45static unsigned int log2(unsigned int v)
 46{
 47	unsigned int r;
 48	unsigned int shift;
 49
 50	r = (v > 0xFFFF) << 4; v >>= r;
 51	shift = (v > 0xFF) << 3; v >>= shift; r |= shift;
 52	shift = (v > 0xF) << 2; v >>= shift; r |= shift;
 53	shift = (v > 0x3) << 1; v >>= shift; r |= shift;
 54	r |= (v >> 1);
 55	return r;
 56}
 57
 58static unsigned int log2l(unsigned long v)
 59{
 60	unsigned int hi = v >> 32;
 61	if (hi)
 62		return log2(hi) + 32;
 63	else
 64		return log2(v);
 65}
 66
 67struct hist_key {
 68	char comm[16];
 69	u64 pid_tgid;
 70	u64 uid_gid;
 71	u64 index;
 72};
 73
 74struct {
 75	__uint(type, BPF_MAP_TYPE_PERCPU_HASH);
 76	__uint(key_size, sizeof(struct hist_key));
 77	__uint(value_size, sizeof(long));
 78	__uint(max_entries, 1024);
 79} my_hist_map SEC(".maps");
 80
 81SEC("kprobe/" SYSCALL(sys_write))
 82int bpf_prog3(struct pt_regs *ctx)
 83{
 84	long write_size = PT_REGS_PARM3(ctx);
 85	long init_val = 1;
 86	long *value;
 87	struct hist_key key;
 88
 89	key.index = log2l(write_size);
 90	key.pid_tgid = bpf_get_current_pid_tgid();
 91	key.uid_gid = bpf_get_current_uid_gid();
 92	bpf_get_current_comm(&key.comm, sizeof(key.comm));
 93
 94	value = bpf_map_lookup_elem(&my_hist_map, &key);
 95	if (value)
 96		__sync_fetch_and_add(value, 1);
 97	else
 98		bpf_map_update_elem(&my_hist_map, &key, &init_val, BPF_ANY);
 99	return 0;
100}
101char _license[] SEC("license") = "GPL";
102u32 _version SEC("version") = LINUX_VERSION_CODE;