tracex4_kern.c (1274B)
1/* Copyright (c) 2015 PLUMgrid, http://plumgrid.com 2 * 3 * This program is free software; you can redistribute it and/or 4 * modify it under the terms of version 2 of the GNU General Public 5 * License as published by the Free Software Foundation. 6 */ 7#include <linux/ptrace.h> 8#include <linux/version.h> 9#include <uapi/linux/bpf.h> 10#include <bpf/bpf_helpers.h> 11#include <bpf/bpf_tracing.h> 12 13struct pair { 14 u64 val; 15 u64 ip; 16}; 17 18struct { 19 __uint(type, BPF_MAP_TYPE_HASH); 20 __type(key, long); 21 __type(value, struct pair); 22 __uint(max_entries, 1000000); 23} my_map SEC(".maps"); 24 25/* kprobe is NOT a stable ABI. If kernel internals change this bpf+kprobe 26 * example will no longer be meaningful 27 */ 28SEC("kprobe/kmem_cache_free") 29int bpf_prog1(struct pt_regs *ctx) 30{ 31 long ptr = PT_REGS_PARM2(ctx); 32 33 bpf_map_delete_elem(&my_map, &ptr); 34 return 0; 35} 36 37SEC("kretprobe/kmem_cache_alloc_node") 38int bpf_prog2(struct pt_regs *ctx) 39{ 40 long ptr = PT_REGS_RC(ctx); 41 long ip = 0; 42 43 /* get ip address of kmem_cache_alloc_node() caller */ 44 BPF_KRETPROBE_READ_RET_IP(ip, ctx); 45 46 struct pair v = { 47 .val = bpf_ktime_get_ns(), 48 .ip = ip, 49 }; 50 51 bpf_map_update_elem(&my_map, &ptr, &v, BPF_ANY); 52 return 0; 53} 54char _license[] SEC("license") = "GPL"; 55u32 _version SEC("version") = LINUX_VERSION_CODE;