xref: /OK3568_Linux_fs/kernel/samples/bpf/tracex2_kern.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* Copyright (c) 2013-2015 PLUMgrid, http://plumgrid.com
2*4882a593Smuzhiyun  *
3*4882a593Smuzhiyun  * This program is free software; you can redistribute it and/or
4*4882a593Smuzhiyun  * modify it under the terms of version 2 of the GNU General Public
5*4882a593Smuzhiyun  * License as published by the Free Software Foundation.
6*4882a593Smuzhiyun  */
7*4882a593Smuzhiyun #include <linux/skbuff.h>
8*4882a593Smuzhiyun #include <linux/netdevice.h>
9*4882a593Smuzhiyun #include <linux/version.h>
10*4882a593Smuzhiyun #include <uapi/linux/bpf.h>
11*4882a593Smuzhiyun #include <bpf/bpf_helpers.h>
12*4882a593Smuzhiyun #include <bpf/bpf_tracing.h>
13*4882a593Smuzhiyun #include "trace_common.h"
14*4882a593Smuzhiyun 
15*4882a593Smuzhiyun struct {
16*4882a593Smuzhiyun 	__uint(type, BPF_MAP_TYPE_HASH);
17*4882a593Smuzhiyun 	__type(key, long);
18*4882a593Smuzhiyun 	__type(value, long);
19*4882a593Smuzhiyun 	__uint(max_entries, 1024);
20*4882a593Smuzhiyun } my_map SEC(".maps");
21*4882a593Smuzhiyun 
22*4882a593Smuzhiyun /* kprobe is NOT a stable ABI. If kernel internals change this bpf+kprobe
23*4882a593Smuzhiyun  * example will no longer be meaningful
24*4882a593Smuzhiyun  */
25*4882a593Smuzhiyun SEC("kprobe/kfree_skb")
bpf_prog2(struct pt_regs * ctx)26*4882a593Smuzhiyun int bpf_prog2(struct pt_regs *ctx)
27*4882a593Smuzhiyun {
28*4882a593Smuzhiyun 	long loc = 0;
29*4882a593Smuzhiyun 	long init_val = 1;
30*4882a593Smuzhiyun 	long *value;
31*4882a593Smuzhiyun 
32*4882a593Smuzhiyun 	/* read ip of kfree_skb caller.
33*4882a593Smuzhiyun 	 * non-portable version of __builtin_return_address(0)
34*4882a593Smuzhiyun 	 */
35*4882a593Smuzhiyun 	BPF_KPROBE_READ_RET_IP(loc, ctx);
36*4882a593Smuzhiyun 
37*4882a593Smuzhiyun 	value = bpf_map_lookup_elem(&my_map, &loc);
38*4882a593Smuzhiyun 	if (value)
39*4882a593Smuzhiyun 		*value += 1;
40*4882a593Smuzhiyun 	else
41*4882a593Smuzhiyun 		bpf_map_update_elem(&my_map, &loc, &init_val, BPF_ANY);
42*4882a593Smuzhiyun 	return 0;
43*4882a593Smuzhiyun }
44*4882a593Smuzhiyun 
log2(unsigned int v)45*4882a593Smuzhiyun static unsigned int log2(unsigned int v)
46*4882a593Smuzhiyun {
47*4882a593Smuzhiyun 	unsigned int r;
48*4882a593Smuzhiyun 	unsigned int shift;
49*4882a593Smuzhiyun 
50*4882a593Smuzhiyun 	r = (v > 0xFFFF) << 4; v >>= r;
51*4882a593Smuzhiyun 	shift = (v > 0xFF) << 3; v >>= shift; r |= shift;
52*4882a593Smuzhiyun 	shift = (v > 0xF) << 2; v >>= shift; r |= shift;
53*4882a593Smuzhiyun 	shift = (v > 0x3) << 1; v >>= shift; r |= shift;
54*4882a593Smuzhiyun 	r |= (v >> 1);
55*4882a593Smuzhiyun 	return r;
56*4882a593Smuzhiyun }
57*4882a593Smuzhiyun 
log2l(unsigned long v)58*4882a593Smuzhiyun static unsigned int log2l(unsigned long v)
59*4882a593Smuzhiyun {
60*4882a593Smuzhiyun 	unsigned int hi = v >> 32;
61*4882a593Smuzhiyun 	if (hi)
62*4882a593Smuzhiyun 		return log2(hi) + 32;
63*4882a593Smuzhiyun 	else
64*4882a593Smuzhiyun 		return log2(v);
65*4882a593Smuzhiyun }
66*4882a593Smuzhiyun 
67*4882a593Smuzhiyun struct hist_key {
68*4882a593Smuzhiyun 	char comm[16];
69*4882a593Smuzhiyun 	u64 pid_tgid;
70*4882a593Smuzhiyun 	u64 uid_gid;
71*4882a593Smuzhiyun 	u64 index;
72*4882a593Smuzhiyun };
73*4882a593Smuzhiyun 
74*4882a593Smuzhiyun struct {
75*4882a593Smuzhiyun 	__uint(type, BPF_MAP_TYPE_PERCPU_HASH);
76*4882a593Smuzhiyun 	__uint(key_size, sizeof(struct hist_key));
77*4882a593Smuzhiyun 	__uint(value_size, sizeof(long));
78*4882a593Smuzhiyun 	__uint(max_entries, 1024);
79*4882a593Smuzhiyun } my_hist_map SEC(".maps");
80*4882a593Smuzhiyun 
SYSCALL(sys_write)81*4882a593Smuzhiyun SEC("kprobe/" SYSCALL(sys_write))
82*4882a593Smuzhiyun int bpf_prog3(struct pt_regs *ctx)
83*4882a593Smuzhiyun {
84*4882a593Smuzhiyun 	long write_size = PT_REGS_PARM3(ctx);
85*4882a593Smuzhiyun 	long init_val = 1;
86*4882a593Smuzhiyun 	long *value;
87*4882a593Smuzhiyun 	struct hist_key key;
88*4882a593Smuzhiyun 
89*4882a593Smuzhiyun 	key.index = log2l(write_size);
90*4882a593Smuzhiyun 	key.pid_tgid = bpf_get_current_pid_tgid();
91*4882a593Smuzhiyun 	key.uid_gid = bpf_get_current_uid_gid();
92*4882a593Smuzhiyun 	bpf_get_current_comm(&key.comm, sizeof(key.comm));
93*4882a593Smuzhiyun 
94*4882a593Smuzhiyun 	value = bpf_map_lookup_elem(&my_hist_map, &key);
95*4882a593Smuzhiyun 	if (value)
96*4882a593Smuzhiyun 		__sync_fetch_and_add(value, 1);
97*4882a593Smuzhiyun 	else
98*4882a593Smuzhiyun 		bpf_map_update_elem(&my_hist_map, &key, &init_val, BPF_ANY);
99*4882a593Smuzhiyun 	return 0;
100*4882a593Smuzhiyun }
101*4882a593Smuzhiyun char _license[] SEC("license") = "GPL";
102*4882a593Smuzhiyun u32 _version SEC("version") = LINUX_VERSION_CODE;
103