xref: /aosp_15_r20/external/bcc/libbpf-tools/sigsnoop.bpf.c (revision 387f9dfdfa2baef462e92476d413c7bc2470293e) 
1*387f9dfdSAndroid Build Coastguard Worker // SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause)
2*387f9dfdSAndroid Build Coastguard Worker /* Copyright (c) 2021~2022 Hengqi Chen */
3*387f9dfdSAndroid Build Coastguard Worker #include <vmlinux.h>
4*387f9dfdSAndroid Build Coastguard Worker #include <bpf/bpf_helpers.h>
5*387f9dfdSAndroid Build Coastguard Worker #include "sigsnoop.h"
6*387f9dfdSAndroid Build Coastguard Worker 
7*387f9dfdSAndroid Build Coastguard Worker #define MAX_ENTRIES	10240
8*387f9dfdSAndroid Build Coastguard Worker 
9*387f9dfdSAndroid Build Coastguard Worker const volatile pid_t filtered_pid = 0;
10*387f9dfdSAndroid Build Coastguard Worker const volatile int target_signal = 0;
11*387f9dfdSAndroid Build Coastguard Worker const volatile bool failed_only = false;
12*387f9dfdSAndroid Build Coastguard Worker 
13*387f9dfdSAndroid Build Coastguard Worker struct {
14*387f9dfdSAndroid Build Coastguard Worker 	__uint(type, BPF_MAP_TYPE_HASH);
15*387f9dfdSAndroid Build Coastguard Worker 	__uint(max_entries, MAX_ENTRIES);
16*387f9dfdSAndroid Build Coastguard Worker 	__type(key, __u32);
17*387f9dfdSAndroid Build Coastguard Worker 	__type(value, struct event);
18*387f9dfdSAndroid Build Coastguard Worker } values SEC(".maps");
19*387f9dfdSAndroid Build Coastguard Worker 
20*387f9dfdSAndroid Build Coastguard Worker struct {
21*387f9dfdSAndroid Build Coastguard Worker 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
22*387f9dfdSAndroid Build Coastguard Worker 	__uint(key_size, sizeof(__u32));
23*387f9dfdSAndroid Build Coastguard Worker 	__uint(value_size, sizeof(__u32));
24*387f9dfdSAndroid Build Coastguard Worker } events SEC(".maps");
25*387f9dfdSAndroid Build Coastguard Worker 
probe_entry(pid_t tpid,int sig)26*387f9dfdSAndroid Build Coastguard Worker static int probe_entry(pid_t tpid, int sig)
27*387f9dfdSAndroid Build Coastguard Worker {
28*387f9dfdSAndroid Build Coastguard Worker 	struct event event = {};
29*387f9dfdSAndroid Build Coastguard Worker 	__u64 pid_tgid;
30*387f9dfdSAndroid Build Coastguard Worker 	__u32 pid, tid;
31*387f9dfdSAndroid Build Coastguard Worker 
32*387f9dfdSAndroid Build Coastguard Worker 	if (target_signal && sig != target_signal)
33*387f9dfdSAndroid Build Coastguard Worker 		return 0;
34*387f9dfdSAndroid Build Coastguard Worker 
35*387f9dfdSAndroid Build Coastguard Worker 	pid_tgid = bpf_get_current_pid_tgid();
36*387f9dfdSAndroid Build Coastguard Worker 	pid = pid_tgid >> 32;
37*387f9dfdSAndroid Build Coastguard Worker 	tid = (__u32)pid_tgid;
38*387f9dfdSAndroid Build Coastguard Worker 	if (filtered_pid && pid != filtered_pid)
39*387f9dfdSAndroid Build Coastguard Worker 		return 0;
40*387f9dfdSAndroid Build Coastguard Worker 
41*387f9dfdSAndroid Build Coastguard Worker 	event.pid = pid;
42*387f9dfdSAndroid Build Coastguard Worker 	event.tpid = tpid;
43*387f9dfdSAndroid Build Coastguard Worker 	event.sig = sig;
44*387f9dfdSAndroid Build Coastguard Worker 	bpf_get_current_comm(event.comm, sizeof(event.comm));
45*387f9dfdSAndroid Build Coastguard Worker 	bpf_map_update_elem(&values, &tid, &event, BPF_ANY);
46*387f9dfdSAndroid Build Coastguard Worker 	return 0;
47*387f9dfdSAndroid Build Coastguard Worker }
48*387f9dfdSAndroid Build Coastguard Worker 
probe_exit(void * ctx,int ret)49*387f9dfdSAndroid Build Coastguard Worker static int probe_exit(void *ctx, int ret)
50*387f9dfdSAndroid Build Coastguard Worker {
51*387f9dfdSAndroid Build Coastguard Worker 	__u64 pid_tgid = bpf_get_current_pid_tgid();
52*387f9dfdSAndroid Build Coastguard Worker 	__u32 tid = (__u32)pid_tgid;
53*387f9dfdSAndroid Build Coastguard Worker 	struct event *eventp;
54*387f9dfdSAndroid Build Coastguard Worker 
55*387f9dfdSAndroid Build Coastguard Worker 	eventp = bpf_map_lookup_elem(&values, &tid);
56*387f9dfdSAndroid Build Coastguard Worker 	if (!eventp)
57*387f9dfdSAndroid Build Coastguard Worker 		return 0;
58*387f9dfdSAndroid Build Coastguard Worker 
59*387f9dfdSAndroid Build Coastguard Worker 	if (failed_only && ret >= 0)
60*387f9dfdSAndroid Build Coastguard Worker 		goto cleanup;
61*387f9dfdSAndroid Build Coastguard Worker 
62*387f9dfdSAndroid Build Coastguard Worker 	eventp->ret = ret;
63*387f9dfdSAndroid Build Coastguard Worker 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, eventp, sizeof(*eventp));
64*387f9dfdSAndroid Build Coastguard Worker 
65*387f9dfdSAndroid Build Coastguard Worker cleanup:
66*387f9dfdSAndroid Build Coastguard Worker 	bpf_map_delete_elem(&values, &tid);
67*387f9dfdSAndroid Build Coastguard Worker 	return 0;
68*387f9dfdSAndroid Build Coastguard Worker }
69*387f9dfdSAndroid Build Coastguard Worker 
70*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_enter_kill")
kill_entry(struct trace_event_raw_sys_enter * ctx)71*387f9dfdSAndroid Build Coastguard Worker int kill_entry(struct trace_event_raw_sys_enter *ctx)
72*387f9dfdSAndroid Build Coastguard Worker {
73*387f9dfdSAndroid Build Coastguard Worker 	pid_t tpid = (pid_t)ctx->args[0];
74*387f9dfdSAndroid Build Coastguard Worker 	int sig = (int)ctx->args[1];
75*387f9dfdSAndroid Build Coastguard Worker 
76*387f9dfdSAndroid Build Coastguard Worker 	return probe_entry(tpid, sig);
77*387f9dfdSAndroid Build Coastguard Worker }
78*387f9dfdSAndroid Build Coastguard Worker 
79*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_exit_kill")
kill_exit(struct trace_event_raw_sys_exit * ctx)80*387f9dfdSAndroid Build Coastguard Worker int kill_exit(struct trace_event_raw_sys_exit *ctx)
81*387f9dfdSAndroid Build Coastguard Worker {
82*387f9dfdSAndroid Build Coastguard Worker 	return probe_exit(ctx, ctx->ret);
83*387f9dfdSAndroid Build Coastguard Worker }
84*387f9dfdSAndroid Build Coastguard Worker 
85*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_enter_tkill")
tkill_entry(struct trace_event_raw_sys_enter * ctx)86*387f9dfdSAndroid Build Coastguard Worker int tkill_entry(struct trace_event_raw_sys_enter *ctx)
87*387f9dfdSAndroid Build Coastguard Worker {
88*387f9dfdSAndroid Build Coastguard Worker 	pid_t tpid = (pid_t)ctx->args[0];
89*387f9dfdSAndroid Build Coastguard Worker 	int sig = (int)ctx->args[1];
90*387f9dfdSAndroid Build Coastguard Worker 
91*387f9dfdSAndroid Build Coastguard Worker 	return probe_entry(tpid, sig);
92*387f9dfdSAndroid Build Coastguard Worker }
93*387f9dfdSAndroid Build Coastguard Worker 
94*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_exit_tkill")
tkill_exit(struct trace_event_raw_sys_exit * ctx)95*387f9dfdSAndroid Build Coastguard Worker int tkill_exit(struct trace_event_raw_sys_exit *ctx)
96*387f9dfdSAndroid Build Coastguard Worker {
97*387f9dfdSAndroid Build Coastguard Worker 	return probe_exit(ctx, ctx->ret);
98*387f9dfdSAndroid Build Coastguard Worker }
99*387f9dfdSAndroid Build Coastguard Worker 
100*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_enter_tgkill")
tgkill_entry(struct trace_event_raw_sys_enter * ctx)101*387f9dfdSAndroid Build Coastguard Worker int tgkill_entry(struct trace_event_raw_sys_enter *ctx)
102*387f9dfdSAndroid Build Coastguard Worker {
103*387f9dfdSAndroid Build Coastguard Worker 	pid_t tpid = (pid_t)ctx->args[1];
104*387f9dfdSAndroid Build Coastguard Worker 	int sig = (int)ctx->args[2];
105*387f9dfdSAndroid Build Coastguard Worker 
106*387f9dfdSAndroid Build Coastguard Worker 	return probe_entry(tpid, sig);
107*387f9dfdSAndroid Build Coastguard Worker }
108*387f9dfdSAndroid Build Coastguard Worker 
109*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/syscalls/sys_exit_tgkill")
tgkill_exit(struct trace_event_raw_sys_exit * ctx)110*387f9dfdSAndroid Build Coastguard Worker int tgkill_exit(struct trace_event_raw_sys_exit *ctx)
111*387f9dfdSAndroid Build Coastguard Worker {
112*387f9dfdSAndroid Build Coastguard Worker 	return probe_exit(ctx, ctx->ret);
113*387f9dfdSAndroid Build Coastguard Worker }
114*387f9dfdSAndroid Build Coastguard Worker 
115*387f9dfdSAndroid Build Coastguard Worker SEC("tracepoint/signal/signal_generate")
sig_trace(struct trace_event_raw_signal_generate * ctx)116*387f9dfdSAndroid Build Coastguard Worker int sig_trace(struct trace_event_raw_signal_generate *ctx)
117*387f9dfdSAndroid Build Coastguard Worker {
118*387f9dfdSAndroid Build Coastguard Worker 	struct event event = {};
119*387f9dfdSAndroid Build Coastguard Worker 	pid_t tpid = ctx->pid;
120*387f9dfdSAndroid Build Coastguard Worker 	int ret = ctx->errno;
121*387f9dfdSAndroid Build Coastguard Worker 	int sig = ctx->sig;
122*387f9dfdSAndroid Build Coastguard Worker 	__u64 pid_tgid;
123*387f9dfdSAndroid Build Coastguard Worker 	__u32 pid;
124*387f9dfdSAndroid Build Coastguard Worker 
125*387f9dfdSAndroid Build Coastguard Worker 	if (failed_only && ret == 0)
126*387f9dfdSAndroid Build Coastguard Worker 		return 0;
127*387f9dfdSAndroid Build Coastguard Worker 
128*387f9dfdSAndroid Build Coastguard Worker 	if (target_signal && sig != target_signal)
129*387f9dfdSAndroid Build Coastguard Worker 		return 0;
130*387f9dfdSAndroid Build Coastguard Worker 
131*387f9dfdSAndroid Build Coastguard Worker 	pid_tgid = bpf_get_current_pid_tgid();
132*387f9dfdSAndroid Build Coastguard Worker 	pid = pid_tgid >> 32;
133*387f9dfdSAndroid Build Coastguard Worker 	if (filtered_pid && pid != filtered_pid)
134*387f9dfdSAndroid Build Coastguard Worker 		return 0;
135*387f9dfdSAndroid Build Coastguard Worker 
136*387f9dfdSAndroid Build Coastguard Worker 	event.pid = pid;
137*387f9dfdSAndroid Build Coastguard Worker 	event.tpid = tpid;
138*387f9dfdSAndroid Build Coastguard Worker 	event.sig = sig;
139*387f9dfdSAndroid Build Coastguard Worker 	event.ret = ret;
140*387f9dfdSAndroid Build Coastguard Worker 	bpf_get_current_comm(event.comm, sizeof(event.comm));
141*387f9dfdSAndroid Build Coastguard Worker 	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event, sizeof(event));
142*387f9dfdSAndroid Build Coastguard Worker 	return 0;
143*387f9dfdSAndroid Build Coastguard Worker }
144*387f9dfdSAndroid Build Coastguard Worker 
145*387f9dfdSAndroid Build Coastguard Worker char LICENSE[] SEC("license") = "Dual BSD/GPL";
146