1 /* Copyright (c) 2016 Facebook
2  *
3  * This program is free software; you can redistribute it and/or
4  * modify it under the terms of version 2 of the GNU General Public
5  * License as published by the Free Software Foundation.
6  */
7 #include <linux/version.h>
8 #include <linux/ptrace.h>
9 #include <uapi/linux/bpf.h>
10 #include <bpf/bpf_helpers.h>
11 #include <bpf/bpf_tracing.h>
12 
13 #define _(P)                                                                   \
14 	({                                                                     \
15 		typeof(P) val = 0;                                             \
16 		bpf_probe_read_kernel(&val, sizeof(val), &(P));                \
17 		val;                                                           \
18 	})
19 
20 SEC("kprobe/__set_task_comm")
prog(struct pt_regs * ctx)21 int prog(struct pt_regs *ctx)
22 {
23 	struct signal_struct *signal;
24 	struct task_struct *tsk;
25 	char oldcomm[16] = {};
26 	char newcomm[16] = {};
27 	u16 oom_score_adj;
28 	u32 pid;
29 
30 	tsk = (void *)PT_REGS_PARM1(ctx);
31 
32 	pid = _(tsk->pid);
33 	bpf_probe_read_kernel(oldcomm, sizeof(oldcomm), &tsk->comm);
34 	bpf_probe_read_kernel(newcomm, sizeof(newcomm),
35 			      (void *)PT_REGS_PARM2(ctx));
36 	signal = _(tsk->signal);
37 	oom_score_adj = _(signal->oom_score_adj);
38 	return 0;
39 }
40 
41 SEC("kprobe/urandom_read")
prog2(struct pt_regs * ctx)42 int prog2(struct pt_regs *ctx)
43 {
44 	return 0;
45 }
46 
47 char _license[] SEC("license") = "GPL";
48 u32 _version SEC("version") = LINUX_VERSION_CODE;
49