Lines Matching +full:sig +full:- +full:dir
1 // SPDX-License-Identifier: GPL-2.0
172 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) in get_var_spid_index()
173 if (arr_struct->array[i].meta.pid == spid) in get_var_spid_index()
175 return -1; in get_var_spid_index()
184 ancestors_data->num_ancestors = 0; in populate_ancestors()
195 ancestors_data->ancestor_pids[num_ancestors] = ppid; in populate_ancestors()
196 ancestors_data->ancestor_exec_ids[num_ancestors] = in populate_ancestors()
198 ancestors_data->ancestor_start_times[num_ancestors] = in populate_ancestors()
200 ancestors_data->num_ancestors = num_ancestors; in populate_ancestors()
222 *root_pos = payload - payload_start; in read_full_cgroup_path()
235 if (bpf_core_field_exists(node52->id.ino)) { in get_inode_from_kernfs()
279 cgroup_data->cgroup_root_inode = get_inode_from_kernfs(root_kernfs); in populate_cgroup_info()
280 cgroup_data->cgroup_proc_inode = get_inode_from_kernfs(proc_kernfs); in populate_cgroup_info()
282 if (bpf_core_field_exists(root_kernfs->iattr->ia_mtime)) { in populate_cgroup_info()
283 cgroup_data->cgroup_root_mtime = in populate_cgroup_info()
285 cgroup_data->cgroup_proc_mtime = in populate_cgroup_info()
290 cgroup_data->cgroup_root_mtime = in populate_cgroup_info()
295 cgroup_data->cgroup_proc_mtime = in populate_cgroup_info()
299 cgroup_data->cgroup_root_length = 0; in populate_cgroup_info()
300 cgroup_data->cgroup_proc_length = 0; in populate_cgroup_info()
301 cgroup_data->cgroup_full_length = 0; in populate_cgroup_info()
307 cgroup_data->cgroup_root_length = cgroup_root_length; in populate_cgroup_info()
315 cgroup_data->cgroup_proc_length = cgroup_proc_length; in populate_cgroup_info()
320 cgroup_data->cgroup_full_path_root_pos = -1; in populate_cgroup_info()
322 &cgroup_data->cgroup_full_path_root_pos); in populate_cgroup_info()
323 cgroup_data->cgroup_full_length = payload_end_pos - payload; in populate_cgroup_info()
336 metadata->uid = (u32)uid_gid; in populate_var_metadata()
337 metadata->gid = uid_gid >> 32; in populate_var_metadata()
338 metadata->pid = pid; in populate_var_metadata()
339 metadata->exec_id = BPF_CORE_READ(task, self_exec_id); in populate_var_metadata()
340 metadata->start_time = BPF_CORE_READ(task, start_time); in populate_var_metadata()
341 metadata->comm_length = 0; in populate_var_metadata()
343 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm); in populate_var_metadata()
345 metadata->comm_length = comm_length; in populate_var_metadata()
353 get_var_kill_data(struct pt_regs* ctx, int spid, int tpid, int sig) in get_var_kill_data() argument
362 void* payload = populate_var_metadata(&kill_data->meta, task, spid, kill_data->payload); in get_var_kill_data()
363 payload = populate_cgroup_info(&kill_data->cgroup_data, task, payload); in get_var_kill_data()
364 size_t payload_length = payload - (void*)kill_data->payload; in get_var_kill_data()
365 kill_data->payload_length = payload_length; in get_var_kill_data()
366 populate_ancestors(task, &kill_data->ancestors_info); in get_var_kill_data()
367 kill_data->meta.type = KILL_EVENT; in get_var_kill_data()
368 kill_data->kill_target_pid = tpid; in get_var_kill_data()
369 kill_data->kill_sig = sig; in get_var_kill_data()
370 kill_data->kill_count = 1; in get_var_kill_data()
371 kill_data->last_kill_time = bpf_ktime_get_ns(); in get_var_kill_data()
375 static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig) in trace_var_sys_kill() argument
377 if ((KILL_SIGNALS & (1ULL << sig)) == 0) in trace_var_sys_kill()
384 struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
392 bpf_probe_read_kernel(&arr_struct->array[0], in trace_var_sys_kill()
393 sizeof(arr_struct->array[0]), kill_data); in trace_var_sys_kill()
397 if (index == -1) { in trace_var_sys_kill()
399 get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
405 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) in trace_var_sys_kill()
406 if (arr_struct->array[i].meta.pid == 0) { in trace_var_sys_kill()
407 bpf_probe_read_kernel(&arr_struct->array[i], in trace_var_sys_kill()
408 sizeof(arr_struct->array[i]), in trace_var_sys_kill()
418 struct var_kill_data_t* kill_data = &arr_struct->array[index]; in trace_var_sys_kill()
421 (bpf_ktime_get_ns() - kill_data->last_kill_time) / 1000000000; in trace_var_sys_kill()
424 kill_data->kill_count++; in trace_var_sys_kill()
425 kill_data->last_kill_time = bpf_ktime_get_ns(); in trace_var_sys_kill()
426 bpf_probe_read_kernel(&arr_struct->array[index], in trace_var_sys_kill()
427 sizeof(arr_struct->array[index]), in trace_var_sys_kill()
431 get_var_kill_data(ctx, spid, tpid, sig); in trace_var_sys_kill()
434 bpf_probe_read_kernel(&arr_struct->array[index], in trace_var_sys_kill()
435 sizeof(arr_struct->array[index]), in trace_var_sys_kill()
448 bpf_stat_ctx->start_time_ns = bpf_ktime_get_ns(); in bpf_stats_enter()
449 bpf_stat_ctx->bpf_func_stats_data_val = in bpf_stats_enter()
451 if (bpf_stat_ctx->bpf_func_stats_data_val) in bpf_stats_enter()
452 bpf_stat_ctx->bpf_func_stats_data_val->num_executions++; in bpf_stats_enter()
457 if (bpf_stat_ctx->bpf_func_stats_data_val) in bpf_stats_exit()
458 bpf_stat_ctx->bpf_func_stats_data_val->time_elapsed_ns += in bpf_stats_exit()
459 bpf_ktime_get_ns() - bpf_stat_ctx->start_time_ns; in bpf_stats_exit()
466 if (bpf_stat_ctx->bpf_func_stats_data_val) { in bpf_stats_pre_submit_var_perf_event()
467 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events++; in bpf_stats_pre_submit_var_perf_event()
468 meta->bpf_stats_num_perf_events = in bpf_stats_pre_submit_var_perf_event()
469 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events; in bpf_stats_pre_submit_var_perf_event()
471 meta->bpf_stats_start_ktime_ns = bpf_stat_ctx->start_time_ns; in bpf_stats_pre_submit_var_perf_event()
472 meta->cpu_id = bpf_get_smp_processor_id(); in bpf_stats_pre_submit_var_perf_event()
562 sysctl_data->meta.type = SYSCTL_EVENT; in BPF_KPROBE()
563 void* payload = populate_var_metadata(&sysctl_data->meta, task, pid, sysctl_data->payload); in BPF_KPROBE()
564 payload = populate_cgroup_info(&sysctl_data->cgroup_data, task, payload); in BPF_KPROBE()
566 populate_ancestors(task, &sysctl_data->ancestors_info); in BPF_KPROBE()
568 sysctl_data->sysctl_val_length = 0; in BPF_KPROBE()
569 sysctl_data->sysctl_path_length = 0; in BPF_KPROBE()
574 sysctl_data->sysctl_val_length = sysctl_val_length; in BPF_KPROBE()
583 sysctl_data->sysctl_path_length = sysctl_path_length; in BPF_KPROBE()
587 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &sysctl_data->meta); in BPF_KPROBE()
588 unsigned long data_len = payload - (void*)sysctl_data; in BPF_KPROBE()
604 int pid = ctx->args[0]; in tracepoint__syscalls__sys_enter_kill()
605 int sig = ctx->args[1]; in tracepoint__syscalls__sys_enter_kill() local
606 int ret = trace_var_sys_kill(ctx, pid, sig); in tracepoint__syscalls__sys_enter_kill()
632 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) { in raw_tracepoint__sched_process_exit()
633 struct var_kill_data_t* past_kill_data = &arr_struct->array[i]; in raw_tracepoint__sched_process_exit()
635 if (past_kill_data != NULL && past_kill_data->kill_target_pid == (pid_t)tpid) { in raw_tracepoint__sched_process_exit()
638 void* payload = kill_data->payload; in raw_tracepoint__sched_process_exit()
639 size_t offset = kill_data->payload_length; in raw_tracepoint__sched_process_exit()
644 kill_data->kill_target_name_length = 0; in raw_tracepoint__sched_process_exit()
645 kill_data->kill_target_cgroup_proc_length = 0; in raw_tracepoint__sched_process_exit()
647 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm); in raw_tracepoint__sched_process_exit()
649 kill_data->kill_target_name_length = comm_length; in raw_tracepoint__sched_process_exit()
658 kill_data->kill_target_cgroup_proc_length = cgroup_proc_length; in raw_tracepoint__sched_process_exit()
662 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &kill_data->meta); in raw_tracepoint__sched_process_exit()
663 unsigned long data_len = (void*)payload - (void*)kill_data; in raw_tracepoint__sched_process_exit()
682 struct linux_binprm* bprm = (struct linux_binprm*)ctx->args[2]; in raw_tracepoint__sched_process_exec()
700 proc_exec_data->meta.type = EXEC_EVENT; in raw_tracepoint__sched_process_exec()
701 proc_exec_data->bin_path_length = 0; in raw_tracepoint__sched_process_exec()
702 proc_exec_data->cmdline_length = 0; in raw_tracepoint__sched_process_exec()
703 proc_exec_data->environment_length = 0; in raw_tracepoint__sched_process_exec()
704 void* payload = populate_var_metadata(&proc_exec_data->meta, task, pid, in raw_tracepoint__sched_process_exec()
705 proc_exec_data->payload); in raw_tracepoint__sched_process_exec()
706 payload = populate_cgroup_info(&proc_exec_data->cgroup_data, task, payload); in raw_tracepoint__sched_process_exec()
709 proc_exec_data->parent_pid = BPF_CORE_READ(parent_task, tgid); in raw_tracepoint__sched_process_exec()
710 proc_exec_data->parent_uid = BPF_CORE_READ(parent_task, real_cred, uid.val); in raw_tracepoint__sched_process_exec()
711 proc_exec_data->parent_exec_id = BPF_CORE_READ(parent_task, self_exec_id); in raw_tracepoint__sched_process_exec()
712 proc_exec_data->parent_start_time = BPF_CORE_READ(parent_task, start_time); in raw_tracepoint__sched_process_exec()
718 proc_exec_data->bin_path_length = bin_path_length; in raw_tracepoint__sched_process_exec()
725 arg_end - arg_start, MAX_ARGS_LEN); in raw_tracepoint__sched_process_exec()
728 proc_exec_data->cmdline_length = cmdline_length; in raw_tracepoint__sched_process_exec()
736 env_end - env_start, MAX_ENVIRON_LEN); in raw_tracepoint__sched_process_exec()
738 proc_exec_data->environment_length = env_len; in raw_tracepoint__sched_process_exec()
743 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &proc_exec_data->meta); in raw_tracepoint__sched_process_exec()
744 unsigned long data_len = payload - (void*)proc_exec_data; in raw_tracepoint__sched_process_exec()
789 filemod_data->meta.type = FILEMOD_EVENT; in kprobe_ret__do_filp_open()
790 filemod_data->fmod_type = FMOD_OPEN; in kprobe_ret__do_filp_open()
791 filemod_data->dst_flags = flags; in kprobe_ret__do_filp_open()
792 filemod_data->src_inode = 0; in kprobe_ret__do_filp_open()
793 filemod_data->dst_inode = file_ino; in kprobe_ret__do_filp_open()
794 filemod_data->src_device_id = 0; in kprobe_ret__do_filp_open()
795 filemod_data->dst_device_id = device_id; in kprobe_ret__do_filp_open()
796 filemod_data->src_filepath_length = 0; in kprobe_ret__do_filp_open()
797 filemod_data->dst_filepath_length = 0; in kprobe_ret__do_filp_open()
799 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in kprobe_ret__do_filp_open()
800 filemod_data->payload); in kprobe_ret__do_filp_open()
801 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in kprobe_ret__do_filp_open()
806 filemod_data->dst_filepath_length = len; in kprobe_ret__do_filp_open()
808 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in kprobe_ret__do_filp_open()
809 unsigned long data_len = payload - (void*)filemod_data; in kprobe_ret__do_filp_open()
820 struct inode* dir, struct dentry* new_dentry, in BPF_KPROBE() argument
842 filemod_data->meta.type = FILEMOD_EVENT; in BPF_KPROBE()
843 filemod_data->fmod_type = FMOD_LINK; in BPF_KPROBE()
844 filemod_data->dst_flags = 0; in BPF_KPROBE()
845 filemod_data->src_inode = src_file_ino; in BPF_KPROBE()
846 filemod_data->dst_inode = dst_file_ino; in BPF_KPROBE()
847 filemod_data->src_device_id = src_device_id; in BPF_KPROBE()
848 filemod_data->dst_device_id = dst_device_id; in BPF_KPROBE()
849 filemod_data->src_filepath_length = 0; in BPF_KPROBE()
850 filemod_data->dst_filepath_length = 0; in BPF_KPROBE()
852 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in BPF_KPROBE()
853 filemod_data->payload); in BPF_KPROBE()
854 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in BPF_KPROBE()
859 filemod_data->src_filepath_length = len; in BPF_KPROBE()
865 filemod_data->dst_filepath_length = len; in BPF_KPROBE()
868 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in BPF_KPROBE()
869 unsigned long data_len = payload - (void*)filemod_data; in BPF_KPROBE()
878 int BPF_KPROBE(kprobe__vfs_symlink, struct inode* dir, struct dentry* dentry, in BPF_KPROBE() argument
897 filemod_data->meta.type = FILEMOD_EVENT; in BPF_KPROBE()
898 filemod_data->fmod_type = FMOD_SYMLINK; in BPF_KPROBE()
899 filemod_data->dst_flags = 0; in BPF_KPROBE()
900 filemod_data->src_inode = 0; in BPF_KPROBE()
901 filemod_data->dst_inode = dst_file_ino; in BPF_KPROBE()
902 filemod_data->src_device_id = 0; in BPF_KPROBE()
903 filemod_data->dst_device_id = dst_device_id; in BPF_KPROBE()
904 filemod_data->src_filepath_length = 0; in BPF_KPROBE()
905 filemod_data->dst_filepath_length = 0; in BPF_KPROBE()
907 void* payload = populate_var_metadata(&filemod_data->meta, task, pid, in BPF_KPROBE()
908 filemod_data->payload); in BPF_KPROBE()
909 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload); in BPF_KPROBE()
915 filemod_data->src_filepath_length = len; in BPF_KPROBE()
920 filemod_data->dst_filepath_length = len; in BPF_KPROBE()
922 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta); in BPF_KPROBE()
923 unsigned long data_len = payload - (void*)filemod_data; in BPF_KPROBE()
942 struct task_struct* parent = (struct task_struct*)ctx->args[0]; in raw_tracepoint__sched_process_fork()
943 struct task_struct* child = (struct task_struct*)ctx->args[1]; in raw_tracepoint__sched_process_fork()
944 fork_data->meta.type = FORK_EVENT; in raw_tracepoint__sched_process_fork()
946 void* payload = populate_var_metadata(&fork_data->meta, child, in raw_tracepoint__sched_process_fork()
947 BPF_CORE_READ(child, pid), fork_data->payload); in raw_tracepoint__sched_process_fork()
948 fork_data->parent_pid = BPF_CORE_READ(parent, pid); in raw_tracepoint__sched_process_fork()
949 fork_data->parent_exec_id = BPF_CORE_READ(parent, self_exec_id); in raw_tracepoint__sched_process_fork()
950 fork_data->parent_start_time = BPF_CORE_READ(parent, start_time); in raw_tracepoint__sched_process_fork()
951 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &fork_data->meta); in raw_tracepoint__sched_process_fork()
953 unsigned long data_len = payload - (void*)fork_data; in raw_tracepoint__sched_process_fork()