For the problem of increasing fragmentation of the bpf loader programs,
instead of using bpf_loader.o, which is used in samples/bpf, this
commit refactors the existing tracepoint tracing programs with libbbpf
bpf loader.
    - Adding a tracepoint event and attaching a bpf program to it was done
    through bpf_program_attach().
    - Instead of using the existing BPF MAP definition, MAP definition
    has been refactored with the new BTF-defined MAP format.
Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20200823085334.9413-4-danieltimlee@gmail.com
		
	
		
			
				
	
	
		
			74 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			74 lines
		
	
	
		
			1.4 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| // SPDX-License-Identifier: GPL-2.0-only
 | |
| /* Copyright (c) 2017 Facebook
 | |
|  */
 | |
| #include <uapi/linux/bpf.h>
 | |
| #include <bpf/bpf_helpers.h>
 | |
| 
 | |
| struct syscalls_enter_open_args {
 | |
| 	unsigned long long unused;
 | |
| 	long syscall_nr;
 | |
| 	long filename_ptr;
 | |
| 	long flags;
 | |
| 	long mode;
 | |
| };
 | |
| 
 | |
| struct syscalls_exit_open_args {
 | |
| 	unsigned long long unused;
 | |
| 	long syscall_nr;
 | |
| 	long ret;
 | |
| };
 | |
| 
 | |
| struct {
 | |
| 	__uint(type, BPF_MAP_TYPE_ARRAY);
 | |
| 	__type(key, u32);
 | |
| 	__type(value, u32);
 | |
| 	__uint(max_entries, 1);
 | |
| } enter_open_map SEC(".maps");
 | |
| 
 | |
| struct {
 | |
| 	__uint(type, BPF_MAP_TYPE_ARRAY);
 | |
| 	__type(key, u32);
 | |
| 	__type(value, u32);
 | |
| 	__uint(max_entries, 1);
 | |
| } exit_open_map SEC(".maps");
 | |
| 
 | |
| static __always_inline void count(void *map)
 | |
| {
 | |
| 	u32 key = 0;
 | |
| 	u32 *value, init_val = 1;
 | |
| 
 | |
| 	value = bpf_map_lookup_elem(map, &key);
 | |
| 	if (value)
 | |
| 		*value += 1;
 | |
| 	else
 | |
| 		bpf_map_update_elem(map, &key, &init_val, BPF_NOEXIST);
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_enter_open")
 | |
| int trace_enter_open(struct syscalls_enter_open_args *ctx)
 | |
| {
 | |
| 	count(&enter_open_map);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_enter_openat")
 | |
| int trace_enter_open_at(struct syscalls_enter_open_args *ctx)
 | |
| {
 | |
| 	count(&enter_open_map);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_exit_open")
 | |
| int trace_enter_exit(struct syscalls_exit_open_args *ctx)
 | |
| {
 | |
| 	count(&exit_open_map);
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| SEC("tracepoint/syscalls/sys_exit_openat")
 | |
| int trace_enter_exit_at(struct syscalls_exit_open_args *ctx)
 | |
| {
 | |
| 	count(&exit_open_map);
 | |
| 	return 0;
 | |
| }
 |