1 | // SPDX-License-Identifier: GPL-2.0 |
2 | // Copyright (c) 2019 Facebook |
3 | |
4 | #include <linux/ptrace.h> |
5 | #include <linux/bpf.h> |
6 | #include <bpf/bpf_helpers.h> |
7 | #include <bpf/bpf_tracing.h> |
8 | |
9 | struct { |
10 | __uint(type, BPF_MAP_TYPE_ARRAY); |
11 | __type(key, int); |
12 | __type(value, int); |
13 | __uint(max_entries, 1); |
14 | } my_pid_map SEC(".maps" ); |
15 | |
16 | struct { |
17 | __uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY); |
18 | __type(key, int); |
19 | __type(value, int); |
20 | } perf_buf_map SEC(".maps" ); |
21 | |
22 | SEC("tp/raw_syscalls/sys_enter" ) |
23 | int handle_sys_enter(void *ctx) |
24 | { |
25 | int zero = 0, *my_pid, cur_pid; |
26 | int cpu = bpf_get_smp_processor_id(); |
27 | |
28 | my_pid = bpf_map_lookup_elem(&my_pid_map, &zero); |
29 | if (!my_pid) |
30 | return 1; |
31 | |
32 | cur_pid = bpf_get_current_pid_tgid() >> 32; |
33 | if (cur_pid != *my_pid) |
34 | return 1; |
35 | |
36 | bpf_perf_event_output(ctx, &perf_buf_map, BPF_F_CURRENT_CPU, |
37 | &cpu, sizeof(cpu)); |
38 | return 1; |
39 | } |
40 | |
41 | char _license[] SEC("license" ) = "GPL" ; |
42 | |