test_d_path.c (1270B)
1// SPDX-License-Identifier: GPL-2.0 2 3#include "vmlinux.h" 4#include <bpf/bpf_helpers.h> 5#include <bpf/bpf_tracing.h> 6 7#define MAX_PATH_LEN 128 8#define MAX_FILES 7 9 10pid_t my_pid = 0; 11__u32 cnt_stat = 0; 12__u32 cnt_close = 0; 13char paths_stat[MAX_FILES][MAX_PATH_LEN] = {}; 14char paths_close[MAX_FILES][MAX_PATH_LEN] = {}; 15int rets_stat[MAX_FILES] = {}; 16int rets_close[MAX_FILES] = {}; 17 18int called_stat = 0; 19int called_close = 0; 20 21SEC("fentry/security_inode_getattr") 22int BPF_PROG(prog_stat, struct path *path, struct kstat *stat, 23 __u32 request_mask, unsigned int query_flags) 24{ 25 pid_t pid = bpf_get_current_pid_tgid() >> 32; 26 __u32 cnt = cnt_stat; 27 int ret; 28 29 called_stat = 1; 30 31 if (pid != my_pid) 32 return 0; 33 34 if (cnt >= MAX_FILES) 35 return 0; 36 ret = bpf_d_path(path, paths_stat[cnt], MAX_PATH_LEN); 37 38 rets_stat[cnt] = ret; 39 cnt_stat++; 40 return 0; 41} 42 43SEC("fentry/filp_close") 44int BPF_PROG(prog_close, struct file *file, void *id) 45{ 46 pid_t pid = bpf_get_current_pid_tgid() >> 32; 47 __u32 cnt = cnt_close; 48 int ret; 49 50 called_close = 1; 51 52 if (pid != my_pid) 53 return 0; 54 55 if (cnt >= MAX_FILES) 56 return 0; 57 ret = bpf_d_path(&file->f_path, 58 paths_close[cnt], MAX_PATH_LEN); 59 60 rets_close[cnt] = ret; 61 cnt_close++; 62 return 0; 63} 64 65char _license[] SEC("license") = "GPL";