Lines Matching +full:sig +full:- +full:dir
1 // SPDX-License-Identifier: GPL-2.0
172 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++)
173 if (arr_struct->array[i].meta.pid == spid)
175 return -1;
184 ancestors_data->num_ancestors = 0;
195 ancestors_data->ancestor_pids[num_ancestors] = ppid;
196 ancestors_data->ancestor_exec_ids[num_ancestors] =
198 ancestors_data->ancestor_start_times[num_ancestors] =
200 ancestors_data->num_ancestors = num_ancestors;
222 *root_pos = payload - payload_start;
235 if (bpf_core_field_exists(node52->id.ino)) {
279 cgroup_data->cgroup_root_inode = get_inode_from_kernfs(root_kernfs);
280 cgroup_data->cgroup_proc_inode = get_inode_from_kernfs(proc_kernfs);
282 if (bpf_core_field_exists(root_kernfs->iattr->ia_mtime)) {
283 cgroup_data->cgroup_root_mtime =
285 cgroup_data->cgroup_proc_mtime =
290 cgroup_data->cgroup_root_mtime =
295 cgroup_data->cgroup_proc_mtime =
299 cgroup_data->cgroup_root_length = 0;
300 cgroup_data->cgroup_proc_length = 0;
301 cgroup_data->cgroup_full_length = 0;
307 cgroup_data->cgroup_root_length = cgroup_root_length;
315 cgroup_data->cgroup_proc_length = cgroup_proc_length;
320 cgroup_data->cgroup_full_path_root_pos = -1;
322 &cgroup_data->cgroup_full_path_root_pos);
323 cgroup_data->cgroup_full_length = payload_end_pos - payload;
336 metadata->uid = (u32)uid_gid;
337 metadata->gid = uid_gid >> 32;
338 metadata->pid = pid;
339 metadata->exec_id = BPF_CORE_READ(task, self_exec_id);
340 metadata->start_time = BPF_CORE_READ(task, start_time);
341 metadata->comm_length = 0;
343 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm);
345 metadata->comm_length = comm_length;
353 get_var_kill_data(struct pt_regs* ctx, int spid, int tpid, int sig)
362 void* payload = populate_var_metadata(&kill_data->meta, task, spid, kill_data->payload);
363 payload = populate_cgroup_info(&kill_data->cgroup_data, task, payload);
364 size_t payload_length = payload - (void*)kill_data->payload;
365 kill_data->payload_length = payload_length;
366 populate_ancestors(task, &kill_data->ancestors_info);
367 kill_data->meta.type = KILL_EVENT;
368 kill_data->kill_target_pid = tpid;
369 kill_data->kill_sig = sig;
370 kill_data->kill_count = 1;
371 kill_data->last_kill_time = bpf_ktime_get_ns();
375 static INLINE int trace_var_sys_kill(void* ctx, int tpid, int sig)
377 if ((KILL_SIGNALS & (1ULL << sig)) == 0)
384 struct var_kill_data_t* kill_data = get_var_kill_data(ctx, spid, tpid, sig);
392 bpf_probe_read_kernel(&arr_struct->array[0],
393 sizeof(arr_struct->array[0]), kill_data);
397 if (index == -1) {
399 get_var_kill_data(ctx, spid, tpid, sig);
405 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++)
406 if (arr_struct->array[i].meta.pid == 0) {
407 bpf_probe_read_kernel(&arr_struct->array[i],
408 sizeof(arr_struct->array[i]),
418 struct var_kill_data_t* kill_data = &arr_struct->array[index];
421 (bpf_ktime_get_ns() - kill_data->last_kill_time) / 1000000000;
424 kill_data->kill_count++;
425 kill_data->last_kill_time = bpf_ktime_get_ns();
426 bpf_probe_read_kernel(&arr_struct->array[index],
427 sizeof(arr_struct->array[index]),
431 get_var_kill_data(ctx, spid, tpid, sig);
434 bpf_probe_read_kernel(&arr_struct->array[index],
435 sizeof(arr_struct->array[index]),
448 bpf_stat_ctx->start_time_ns = bpf_ktime_get_ns();
449 bpf_stat_ctx->bpf_func_stats_data_val =
451 if (bpf_stat_ctx->bpf_func_stats_data_val)
452 bpf_stat_ctx->bpf_func_stats_data_val->num_executions++;
457 if (bpf_stat_ctx->bpf_func_stats_data_val)
458 bpf_stat_ctx->bpf_func_stats_data_val->time_elapsed_ns +=
459 bpf_ktime_get_ns() - bpf_stat_ctx->start_time_ns;
466 if (bpf_stat_ctx->bpf_func_stats_data_val) {
467 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events++;
468 meta->bpf_stats_num_perf_events =
469 bpf_stat_ctx->bpf_func_stats_data_val->num_perf_events;
471 meta->bpf_stats_start_ktime_ns = bpf_stat_ctx->start_time_ns;
472 meta->cpu_id = bpf_get_smp_processor_id();
562 sysctl_data->meta.type = SYSCTL_EVENT;
563 void* payload = populate_var_metadata(&sysctl_data->meta, task, pid, sysctl_data->payload);
564 payload = populate_cgroup_info(&sysctl_data->cgroup_data, task, payload);
566 populate_ancestors(task, &sysctl_data->ancestors_info);
568 sysctl_data->sysctl_val_length = 0;
569 sysctl_data->sysctl_path_length = 0;
574 sysctl_data->sysctl_val_length = sysctl_val_length;
583 sysctl_data->sysctl_path_length = sysctl_path_length;
587 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &sysctl_data->meta);
588 unsigned long data_len = payload - (void*)sysctl_data;
604 int pid = ctx->args[0];
605 int sig = ctx->args[1];
606 int ret = trace_var_sys_kill(ctx, pid, sig);
632 for (int i = 0; i < ARRAY_SIZE(arr_struct->array); i++) {
633 struct var_kill_data_t* past_kill_data = &arr_struct->array[i];
635 if (past_kill_data != NULL && past_kill_data->kill_target_pid == (pid_t)tpid) {
638 void* payload = kill_data->payload;
639 size_t offset = kill_data->payload_length;
644 kill_data->kill_target_name_length = 0;
645 kill_data->kill_target_cgroup_proc_length = 0;
647 size_t comm_length = bpf_core_read_str(payload, TASK_COMM_LEN, &task->comm);
649 kill_data->kill_target_name_length = comm_length;
658 kill_data->kill_target_cgroup_proc_length = cgroup_proc_length;
662 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &kill_data->meta);
663 unsigned long data_len = (void*)payload - (void*)kill_data;
682 struct linux_binprm* bprm = (struct linux_binprm*)ctx->args[2];
700 proc_exec_data->meta.type = EXEC_EVENT;
701 proc_exec_data->bin_path_length = 0;
702 proc_exec_data->cmdline_length = 0;
703 proc_exec_data->environment_length = 0;
704 void* payload = populate_var_metadata(&proc_exec_data->meta, task, pid,
705 proc_exec_data->payload);
706 payload = populate_cgroup_info(&proc_exec_data->cgroup_data, task, payload);
709 proc_exec_data->parent_pid = BPF_CORE_READ(parent_task, tgid);
710 proc_exec_data->parent_uid = BPF_CORE_READ(parent_task, real_cred, uid.val);
711 proc_exec_data->parent_exec_id = BPF_CORE_READ(parent_task, self_exec_id);
712 proc_exec_data->parent_start_time = BPF_CORE_READ(parent_task, start_time);
718 proc_exec_data->bin_path_length = bin_path_length;
725 arg_end - arg_start, MAX_ARGS_LEN);
728 proc_exec_data->cmdline_length = cmdline_length;
736 env_end - env_start, MAX_ENVIRON_LEN);
738 proc_exec_data->environment_length = env_len;
743 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &proc_exec_data->meta);
744 unsigned long data_len = payload - (void*)proc_exec_data;
789 filemod_data->meta.type = FILEMOD_EVENT;
790 filemod_data->fmod_type = FMOD_OPEN;
791 filemod_data->dst_flags = flags;
792 filemod_data->src_inode = 0;
793 filemod_data->dst_inode = file_ino;
794 filemod_data->src_device_id = 0;
795 filemod_data->dst_device_id = device_id;
796 filemod_data->src_filepath_length = 0;
797 filemod_data->dst_filepath_length = 0;
799 void* payload = populate_var_metadata(&filemod_data->meta, task, pid,
800 filemod_data->payload);
801 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload);
806 filemod_data->dst_filepath_length = len;
808 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta);
809 unsigned long data_len = payload - (void*)filemod_data;
820 struct inode* dir, struct dentry* new_dentry,
842 filemod_data->meta.type = FILEMOD_EVENT;
843 filemod_data->fmod_type = FMOD_LINK;
844 filemod_data->dst_flags = 0;
845 filemod_data->src_inode = src_file_ino;
846 filemod_data->dst_inode = dst_file_ino;
847 filemod_data->src_device_id = src_device_id;
848 filemod_data->dst_device_id = dst_device_id;
849 filemod_data->src_filepath_length = 0;
850 filemod_data->dst_filepath_length = 0;
852 void* payload = populate_var_metadata(&filemod_data->meta, task, pid,
853 filemod_data->payload);
854 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload);
859 filemod_data->src_filepath_length = len;
865 filemod_data->dst_filepath_length = len;
868 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta);
869 unsigned long data_len = payload - (void*)filemod_data;
878 int BPF_KPROBE(kprobe__vfs_symlink, struct inode* dir, struct dentry* dentry,
897 filemod_data->meta.type = FILEMOD_EVENT;
898 filemod_data->fmod_type = FMOD_SYMLINK;
899 filemod_data->dst_flags = 0;
900 filemod_data->src_inode = 0;
901 filemod_data->dst_inode = dst_file_ino;
902 filemod_data->src_device_id = 0;
903 filemod_data->dst_device_id = dst_device_id;
904 filemod_data->src_filepath_length = 0;
905 filemod_data->dst_filepath_length = 0;
907 void* payload = populate_var_metadata(&filemod_data->meta, task, pid,
908 filemod_data->payload);
909 payload = populate_cgroup_info(&filemod_data->cgroup_data, task, payload);
915 filemod_data->src_filepath_length = len;
920 filemod_data->dst_filepath_length = len;
922 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &filemod_data->meta);
923 unsigned long data_len = payload - (void*)filemod_data;
942 struct task_struct* parent = (struct task_struct*)ctx->args[0];
943 struct task_struct* child = (struct task_struct*)ctx->args[1];
944 fork_data->meta.type = FORK_EVENT;
946 void* payload = populate_var_metadata(&fork_data->meta, child,
947 BPF_CORE_READ(child, pid), fork_data->payload);
948 fork_data->parent_pid = BPF_CORE_READ(parent, pid);
949 fork_data->parent_exec_id = BPF_CORE_READ(parent, self_exec_id);
950 fork_data->parent_start_time = BPF_CORE_READ(parent, start_time);
951 bpf_stats_pre_submit_var_perf_event(&stats_ctx, &fork_data->meta);
953 unsigned long data_len = payload - (void*)fork_data;