xref: /OK3568_Linux_fs/kernel/tools/perf/examples/bpf/sys_enter_openat.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * Hook into 'openat' syscall entry tracepoint
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Test it with:
6*4882a593Smuzhiyun  *
7*4882a593Smuzhiyun  * perf trace -e tools/perf/examples/bpf/sys_enter_openat.c cat /etc/passwd > /dev/null
8*4882a593Smuzhiyun  *
9*4882a593Smuzhiyun  * It'll catch some openat syscalls related to the dynamic linked and
10*4882a593Smuzhiyun  * the last one should be the one for '/etc/passwd'.
11*4882a593Smuzhiyun  *
12*4882a593Smuzhiyun  * The syscall_enter_openat_args can be used to get the syscall fields
13*4882a593Smuzhiyun  * and use them for filtering calls, i.e. use in expressions for
14*4882a593Smuzhiyun  * the return value.
15*4882a593Smuzhiyun  */
16*4882a593Smuzhiyun 
17*4882a593Smuzhiyun #include <bpf/bpf.h>
18*4882a593Smuzhiyun 
19*4882a593Smuzhiyun struct syscall_enter_openat_args {
20*4882a593Smuzhiyun 	unsigned long long unused;
21*4882a593Smuzhiyun 	long		   syscall_nr;
22*4882a593Smuzhiyun 	long		   dfd;
23*4882a593Smuzhiyun 	char		   *filename_ptr;
24*4882a593Smuzhiyun 	long		   flags;
25*4882a593Smuzhiyun 	long		   mode;
26*4882a593Smuzhiyun };
27*4882a593Smuzhiyun 
syscall_enter(openat)28*4882a593Smuzhiyun int syscall_enter(openat)(struct syscall_enter_openat_args *args)
29*4882a593Smuzhiyun {
30*4882a593Smuzhiyun 	return 1;
31*4882a593Smuzhiyun }
32*4882a593Smuzhiyun 
33*4882a593Smuzhiyun license(GPL);
34