11430421b4
The existing tracing programs have been developed for a considerable period of time and, as a result, do not properly incorporate the features of the current libbpf, such as CO-RE. This is evident in frequent usage of functions like PT_REGS* and the persistence of "hack" methods using underscore-style bpf_probe_read_kernel from the past. These programs are far behind the current level of libbpf and can potentially confuse users. Therefore, this commit aims to convert the outdated BPF programs to be more CO-RE centric. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230818090119.477441-6-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
42 lines
1.0 KiB
C
42 lines
1.0 KiB
C
/* Copyright (c) 2016 Facebook
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of version 2 of the GNU General Public
|
|
* License as published by the Free Software Foundation.
|
|
*/
|
|
#include "vmlinux.h"
|
|
#include <linux/version.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_tracing.h>
|
|
#include <bpf/bpf_core_read.h>
|
|
|
|
SEC("kprobe/__set_task_comm")
|
|
int prog(struct pt_regs *ctx)
|
|
{
|
|
struct signal_struct *signal;
|
|
struct task_struct *tsk;
|
|
char oldcomm[TASK_COMM_LEN] = {};
|
|
char newcomm[TASK_COMM_LEN] = {};
|
|
u16 oom_score_adj;
|
|
u32 pid;
|
|
|
|
tsk = (void *)PT_REGS_PARM1_CORE(ctx);
|
|
|
|
pid = BPF_CORE_READ(tsk, pid);
|
|
bpf_core_read_str(oldcomm, sizeof(oldcomm), &tsk->comm);
|
|
bpf_core_read_str(newcomm, sizeof(newcomm),
|
|
(void *)PT_REGS_PARM2(ctx));
|
|
signal = BPF_CORE_READ(tsk, signal);
|
|
oom_score_adj = BPF_CORE_READ(signal, oom_score_adj);
|
|
return 0;
|
|
}
|
|
|
|
SEC("kprobe/fib_table_lookup")
|
|
int prog2(struct pt_regs *ctx)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
char _license[] SEC("license") = "GPL";
|
|
u32 _version SEC("version") = LINUX_VERSION_CODE;
|