mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-04 20:19:47 +08:00 
			
		
		
		
	 1da236b6be
			
		
	
	
		1da236b6be
		
	
	
	
	
		
			
			Signed-off-by: Yonghong Song <yhs@fb.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
		
			
				
	
	
		
			63 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			63 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /* Copyright (c) 2017 Facebook
 | |
|  *
 | |
|  * This program is free software; you can redistribute it and/or
 | |
|  * modify it under the terms of version 2 of the GNU General Public
 | |
|  * License as published by the Free Software Foundation.
 | |
|  */
 | |
| #include <uapi/linux/bpf.h>
 | |
| #include "bpf_helpers.h"
 | |
| 
 | |
| struct syscalls_enter_open_args {
 | |
| 	unsigned long long unused;
 | |
| 	long syscall_nr;
 | |
| 	long filename_ptr;
 | |
| 	long flags;
 | |
| 	long mode;
 | |
| };
 | |
| 
 | |
| struct syscalls_exit_open_args {
 | |
| 	unsigned long long unused;
 | |
| 	long syscall_nr;
 | |
| 	long ret;
 | |
| };
 | |
| 
 | |
| struct bpf_map_def SEC("maps") enter_open_map = {
 | |
| 	.type = BPF_MAP_TYPE_ARRAY,
 | |
| 	.key_size = sizeof(u32),
 | |
| 	.value_size = sizeof(u32),
 | |
| 	.max_entries = 1,
 | |
| };
 | |
| 
 | |
| struct bpf_map_def SEC("maps") exit_open_map = {
 | |
| 	.type = BPF_MAP_TYPE_ARRAY,
 | |
| 	.key_size = sizeof(u32),
 | |
| 	.value_size = sizeof(u32),
 | |
| 	.max_entries = 1,
 | |
| };
 | |
| 
 | |
| static __always_inline void count(void *map)
 | |
| {
 | |
| 	u32 key = 0;
 | |
| 	u32 *value, init_val = 1;
 | |
| 
 | |
| 	value = bpf_map_lookup_elem(map, &key);
 | |
| 	if (value)
 | |
| 		*value += 1;
 | |
| 	else
 | |
| 		bpf_map_update_elem(map, &key, &init_val, BPF_NOEXIST);
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_enter_open")
 | |
| int trace_enter_open(struct syscalls_enter_open_args *ctx)
 | |
| {
 | |
| 	count((void *)&enter_open_map);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_exit_open")
 | |
| int trace_enter_exit(struct syscalls_exit_open_args *ctx)
 | |
| {
 | |
| 	count((void *)&exit_open_map);
 | |
| 	return 0;
 | |
| }
 |