Lines Matching +full:sig +full:- +full:dir
1 // SPDX-License-Identifier: GPL-2.0
37 #define IS_ERR_VALUE(x) (unsigned long)(void*)(x) >= (unsigned long)-MAX_ERRNO
174 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) in get_var_spid_index()
175 if (arr_struct->array[i].meta.pid == spid) in get_var_spid_index()
177 return -1; in get_var_spid_index()
186 ancestors_data->num_ancestors = 0; in populate_ancestors()
197 ancestors_data->ancestor_pids[num_ancestors] = ppid; in populate_ancestors()
198 ancestors_data->ancestor_exec_ids[num_ancestors] = in populate_ancestors()
200 ancestors_data->ancestor_start_times[num_ancestors] = in populate_ancestors()
202 ancestors_data->num_ancestors = num_ancestors; in populate_ancestors()
223 *root_pos = payload - payload_start; in read_full_cgroup_path()
237 if (bpf_core_field_exists(node52->id.ino)) { in get_inode_from_kernfs()
281 cgroup_data->cgroup_root_inode = get_inode_from_kernfs(root_kernfs); in populate_cgroup_info()
282 cgroup_data->cgroup_proc_inode = get_inode_from_kernfs(proc_kernfs); in populate_cgroup_info()
284 if (bpf_core_field_exists(root_kernfs->iattr->ia_mtime)) { in populate_cgroup_info()
285 cgroup_data->cgroup_root_mtime = in populate_cgroup_info()
287 cgroup_data->cgroup_proc_mtime = in populate_cgroup_info()
292 cgroup_data->cgroup_root_mtime = in populate_cgroup_info()
297 cgroup_data->cgroup_proc_mtime = in populate_cgroup_info()
301 cgroup_data->cgroup_root_length = 0; in populate_cgroup_info()
302 cgroup_data->cgroup_proc_length = 0; in populate_cgroup_info()
303 cgroup_data->cgroup_full_length = 0; in populate_cgroup_info()
310 cgroup_data->cgroup_root_length = cgroup_root_length; in populate_cgroup_info()
319 cgroup_data->cgroup_proc_length = cgroup_proc_length; in populate_cgroup_info()
324 cgroup_data->cgroup_full_path_root_pos = -1; in populate_cgroup_info()
326 &cgroup_data->cgroup_full_path_root_pos); in populate_cgroup_info()
327 cgroup_data->cgroup_full_length = payload_end_pos - payload; in populate_cgroup_info()
340 metadata->uid = (u32)uid_gid; in populate_var_metadata()
341 metadata->gid = uid_gid >> 32; in populate_var_metadata()
342 metadata->pid = pid; in populate_var_metadata()
343 metadata->exec_id = BPF_CORE_READ(task, self_exec_id); in populate_var_metadata()
344 metadata->start_time = BPF_CORE_READ(task, start_time); in populate_var_metadata()
345 metadata->comm_length = 0; in populate_var_metadata()
347 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm); in populate_var_metadata()
351 metadata->comm_length = comm_length; in populate_var_metadata()
359 get_var_kill_data(struct pt_regs* ctx, int spid, int tpid, int sig) in get_var_kill_data() argument
368 void* payload = populate_var_metadata(&kill_data->meta, task, spid, kill_data->payload); in get_var_kill_data()
369 payload = populate_cgroup_info(&kill_data->cgroup_data, task, payload); in get_var_kill_data()
370 size_t payload_length = payload - (void*)kill_data->payload; in get_var_kill_data()
371 kill_data->payload_length = payload_length; in get_var_kill_data()
372 populate_ancestors(task, &kill_data->ancestors_info); in get_var_kill_data()
373 kill_data->meta.type = KILL_EVENT; in get_var_kill_data()
374 kill_data->kill_target_pid = tpid; in get_var_kill_data()
375 kill_data->kill_sig = sig; in get_var_kill_data()
376 kill_data->kill_count = 1; in get_var_kill_data()
377 kill_data->last_kill_time = bpf_ktime_get_ns(); in get_var_kill_data()
381 static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig) in trace_var_sys_kill() argument
383 if ((KILL_SIGNALS & (1ULL << sig)) == 0) in trace_var_sys_kill()
390 struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
398 bpf_probe_read(&arr_struct->array[0], sizeof(arr_struct->array[0]), kill_data); in trace_var_sys_kill()
402 if (index == -1) { in trace_var_sys_kill()
404 get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
410 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) in trace_var_sys_kill()
411 if (arr_struct->array[i].meta.pid == 0) { in trace_var_sys_kill()
412 bpf_probe_read(&arr_struct->array[i], in trace_var_sys_kill()
413 sizeof(arr_struct->array[i]), kill_data); in trace_var_sys_kill()
422 struct var_kill_data_t* kill_data = &arr_struct->array[index]; in trace_var_sys_kill()
425 (bpf_ktime_get_ns() - kill_data->last_kill_time) / 1000000000; in trace_var_sys_kill()
428 kill_data->kill_count++; in trace_var_sys_kill()
429 kill_data->last_kill_time = bpf_ktime_get_ns(); in trace_var_sys_kill()
430 bpf_probe_read(&arr_struct->array[index], in trace_var_sys_kill()
431 sizeof(arr_struct->array[index]), in trace_var_sys_kill()
435 get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
438 bpf_probe_read(&arr_struct->array[index], in trace_var_sys_kill()
439 sizeof(arr_struct->array[index]), in trace_var_sys_kill()
452 bpf_stat_ctx->start_time_ns = bpf_ktime_get_ns(); in bpf_stats_enter()
453 bpf_stat_ctx->bpf_func_stats_data_val = in bpf_stats_enter()
455 if (bpf_stat_ctx->bpf_func_stats_data_val) in bpf_stats_enter()
456 bpf_stat_ctx->bpf_func_stats_data_val->num_executions++; in bpf_stats_enter()
461 if (bpf_stat_ctx->bpf_func_stats_data_val) in bpf_stats_exit()
462 bpf_stat_ctx->bpf_func_stats_data_val->time_elapsed_ns += in bpf_stats_exit()
463 bpf_ktime_get_ns() - bpf_stat_ctx->start_time_ns; in bpf_stats_exit()
470 if (bpf_stat_ctx->bpf_func_stats_data_val) { in bpf_stats_pre_submit_var_perf_event()
471 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events++; in bpf_stats_pre_submit_var_perf_event()
472 meta->bpf_stats_num_perf_events = in bpf_stats_pre_submit_var_perf_event()
473 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events; in bpf_stats_pre_submit_var_perf_event()
475 meta->bpf_stats_start_ktime_ns = bpf_stat_ctx->start_time_ns; in bpf_stats_pre_submit_var_perf_event()
476 meta->cpu_id = bpf_get_smp_processor_id(); in bpf_stats_pre_submit_var_perf_event()
566 sysctl_data->meta.type = SYSCTL_EVENT; in BPF_KPROBE()
567 void* payload = populate_var_metadata(&sysctl_data->meta, task, pid, sysctl_data->payload); in BPF_KPROBE()
568 payload = populate_cgroup_info(&sysctl_data->cgroup_data, task, payload); in BPF_KPROBE()
570 populate_ancestors(task, &sysctl_data->ancestors_info); in BPF_KPROBE()
572 sysctl_data->sysctl_val_length = 0; in BPF_KPROBE()
573 sysctl_data->sysctl_path_length = 0; in BPF_KPROBE()
579 sysctl_data->sysctl_val_length = sysctl_val_length; in BPF_KPROBE()
588 sysctl_data->sysctl_path_length = sysctl_path_length; in BPF_KPROBE()
592 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &sysctl_data->meta); in BPF_KPROBE()
593 unsigned long data_len = payload - (void*)sysctl_data; in BPF_KPROBE()
609 int pid = ctx->args[0]; in tracepoint__syscalls__sys_enter_kill()
610 int sig = ctx->args[1]; in tracepoint__syscalls__sys_enter_kill() local
611 int ret = trace_var_sys_kill(ctx, pid, sig); in tracepoint__syscalls__sys_enter_kill()
637 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) { in raw_tracepoint__sched_process_exit()
638 struct var_kill_data_t* past_kill_data = &arr_struct->array[i]; in raw_tracepoint__sched_process_exit()
640 if (past_kill_data != NULL && past_kill_data->kill_target_pid == tpid) { in raw_tracepoint__sched_process_exit()
642 void* payload = kill_data->payload; in raw_tracepoint__sched_process_exit()
643 size_t offset = kill_data->payload_length; in raw_tracepoint__sched_process_exit()
648 kill_data->kill_target_name_length = 0; in raw_tracepoint__sched_process_exit()
649 kill_data->kill_target_cgroup_proc_length = 0; in raw_tracepoint__sched_process_exit()
651 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm); in raw_tracepoint__sched_process_exit()
655 kill_data->kill_target_name_length = comm_length; in raw_tracepoint__sched_process_exit()
664 kill_data->kill_target_cgroup_proc_length = cgroup_proc_length; in raw_tracepoint__sched_process_exit()
668 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &kill_data->meta); in raw_tracepoint__sched_process_exit()
669 unsigned long data_len = (void*)payload - (void*)kill_data; in raw_tracepoint__sched_process_exit()
688 struct linux_binprm* bprm = (struct linux_binprm*)ctx->args[2]; in raw_tracepoint__sched_process_exec()
706 proc_exec_data->meta.type = EXEC_EVENT; in raw_tracepoint__sched_process_exec()
707 proc_exec_data->bin_path_length = 0; in raw_tracepoint__sched_process_exec()
708 proc_exec_data->cmdline_length = 0; in raw_tracepoint__sched_process_exec()
709 proc_exec_data->environment_length = 0; in raw_tracepoint__sched_process_exec()
710 void* payload = populate_var_metadata(&proc_exec_data->meta, task, pid, in raw_tracepoint__sched_process_exec()
711 proc_exec_data->payload); in raw_tracepoint__sched_process_exec()
712 payload = populate_cgroup_info(&proc_exec_data->cgroup_data, task, payload); in raw_tracepoint__sched_process_exec()
715 proc_exec_data->parent_pid = BPF_CORE_READ(parent_task, tgid); in raw_tracepoint__sched_process_exec()
716 proc_exec_data->parent_uid = BPF_CORE_READ(parent_task, real_cred, uid.val); in raw_tracepoint__sched_process_exec()
717 proc_exec_data->parent_exec_id = BPF_CORE_READ(parent_task, self_exec_id); in raw_tracepoint__sched_process_exec()
718 proc_exec_data->parent_start_time = BPF_CORE_READ(parent_task, start_time); in raw_tracepoint__sched_process_exec()
725 proc_exec_data->bin_path_length = bin_path_length; in raw_tracepoint__sched_process_exec()
732 arg_end - arg_start, MAX_ARGS_LEN); in raw_tracepoint__sched_process_exec()
736 proc_exec_data->cmdline_length = cmdline_length; in raw_tracepoint__sched_process_exec()
744 env_end - env_start, MAX_ENVIRON_LEN); in raw_tracepoint__sched_process_exec()
746 proc_exec_data->environment_length = env_len; in raw_tracepoint__sched_process_exec()
751 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &proc_exec_data->meta); in raw_tracepoint__sched_process_exec()
752 unsigned long data_len = payload - (void*)proc_exec_data; in raw_tracepoint__sched_process_exec()
797 filemod_data->meta.type = FILEMOD_EVENT; in kprobe_ret__do_filp_open()
798 filemod_data->fmod_type = FMOD_OPEN; in kprobe_ret__do_filp_open()
799 filemod_data->dst_flags = flags; in kprobe_ret__do_filp_open()
800 filemod_data->src_inode = 0; in kprobe_ret__do_filp_open()
801 filemod_data->dst_inode = file_ino; in kprobe_ret__do_filp_open()
802 filemod_data->src_device_id = 0; in kprobe_ret__do_filp_open()
803 filemod_data->dst_device_id = device_id; in kprobe_ret__do_filp_open()
804 filemod_data->src_filepath_length = 0; in kprobe_ret__do_filp_open()
805 filemod_data->dst_filepath_length = 0; in kprobe_ret__do_filp_open()
807 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in kprobe_ret__do_filp_open()
808 filemod_data->payload); in kprobe_ret__do_filp_open()
809 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in kprobe_ret__do_filp_open()
816 filemod_data->dst_filepath_length = len; in kprobe_ret__do_filp_open()
818 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in kprobe_ret__do_filp_open()
819 unsigned long data_len = payload - (void*)filemod_data; in kprobe_ret__do_filp_open()
829 struct dentry* old_dentry, struct inode* dir, in BPF_KPROBE() argument
851 filemod_data->meta.type = FILEMOD_EVENT; in BPF_KPROBE()
852 filemod_data->fmod_type = FMOD_LINK; in BPF_KPROBE()
853 filemod_data->dst_flags = 0; in BPF_KPROBE()
854 filemod_data->src_inode = src_file_ino; in BPF_KPROBE()
855 filemod_data->dst_inode = dst_file_ino; in BPF_KPROBE()
856 filemod_data->src_device_id = src_device_id; in BPF_KPROBE()
857 filemod_data->dst_device_id = dst_device_id; in BPF_KPROBE()
858 filemod_data->src_filepath_length = 0; in BPF_KPROBE()
859 filemod_data->dst_filepath_length = 0; in BPF_KPROBE()
861 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in BPF_KPROBE()
862 filemod_data->payload); in BPF_KPROBE()
863 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in BPF_KPROBE()
870 filemod_data->src_filepath_length = len; in BPF_KPROBE()
878 filemod_data->dst_filepath_length = len; in BPF_KPROBE()
881 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in BPF_KPROBE()
882 unsigned long data_len = payload - (void*)filemod_data; in BPF_KPROBE()
891 int BPF_KPROBE(kprobe__vfs_symlink, struct inode* dir, struct dentry* dentry, in BPF_KPROBE() argument
910 filemod_data->meta.type = FILEMOD_EVENT; in BPF_KPROBE()
911 filemod_data->fmod_type = FMOD_SYMLINK; in BPF_KPROBE()
912 filemod_data->dst_flags = 0; in BPF_KPROBE()
913 filemod_data->src_inode = 0; in BPF_KPROBE()
914 filemod_data->dst_inode = dst_file_ino; in BPF_KPROBE()
915 filemod_data->src_device_id = 0; in BPF_KPROBE()
916 filemod_data->dst_device_id = dst_device_id; in BPF_KPROBE()
917 filemod_data->src_filepath_length = 0; in BPF_KPROBE()
918 filemod_data->dst_filepath_length = 0; in BPF_KPROBE()
920 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in BPF_KPROBE()
921 filemod_data->payload); in BPF_KPROBE()
922 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in BPF_KPROBE()
929 filemod_data->src_filepath_length = len; in BPF_KPROBE()
936 filemod_data->dst_filepath_length = len; in BPF_KPROBE()
938 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in BPF_KPROBE()
939 unsigned long data_len = payload - (void*)filemod_data; in BPF_KPROBE()
958 struct task_struct* parent = (struct task_struct*)ctx->args[0]; in raw_tracepoint__sched_process_fork()
959 struct task_struct* child = (struct task_struct*)ctx->args[1]; in raw_tracepoint__sched_process_fork()
960 fork_data->meta.type = FORK_EVENT; in raw_tracepoint__sched_process_fork()
962 void* payload = populate_var_metadata(&fork_data->meta, child, in raw_tracepoint__sched_process_fork()
963 BPF_CORE_READ(child, pid), fork_data->payload); in raw_tracepoint__sched_process_fork()
964 fork_data->parent_pid = BPF_CORE_READ(parent, pid); in raw_tracepoint__sched_process_fork()
965 fork_data->parent_exec_id = BPF_CORE_READ(parent, self_exec_id); in raw_tracepoint__sched_process_fork()
966 fork_data->parent_start_time = BPF_CORE_READ(parent, start_time); in raw_tracepoint__sched_process_fork()
967 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &fork_data->meta); in raw_tracepoint__sched_process_fork()
969 unsigned long data_len = payload - (void*)fork_data; in raw_tracepoint__sched_process_fork()