xref: /openbmc/linux/samples/bpf/syscall_tp_kern.c (revision 812f77b749a8ae11f58dacf0d3ed65e7ede47458)
1 /* Copyright (c) 2017 Facebook
2  *
3  * This program is free software; you can redistribute it and/or
4  * modify it under the terms of version 2 of the GNU General Public
5  * License as published by the Free Software Foundation.
6  */
7 #include <uapi/linux/bpf.h>
8 #include "bpf_helpers.h"
9 
10 struct syscalls_enter_open_args {
11 	unsigned long long unused;
12 	long syscall_nr;
13 	long filename_ptr;
14 	long flags;
15 	long mode;
16 };
17 
18 struct syscalls_exit_open_args {
19 	unsigned long long unused;
20 	long syscall_nr;
21 	long ret;
22 };
23 
24 struct bpf_map_def SEC("maps") enter_open_map = {
25 	.type = BPF_MAP_TYPE_ARRAY,
26 	.key_size = sizeof(u32),
27 	.value_size = sizeof(u32),
28 	.max_entries = 1,
29 };
30 
31 struct bpf_map_def SEC("maps") exit_open_map = {
32 	.type = BPF_MAP_TYPE_ARRAY,
33 	.key_size = sizeof(u32),
34 	.value_size = sizeof(u32),
35 	.max_entries = 1,
36 };
37 
38 static __always_inline void count(void *map)
39 {
40 	u32 key = 0;
41 	u32 *value, init_val = 1;
42 
43 	value = bpf_map_lookup_elem(map, &key);
44 	if (value)
45 		*value += 1;
46 	else
47 		bpf_map_update_elem(map, &key, &init_val, BPF_NOEXIST);
48 }
49 
50 SEC("tracepoint/syscalls/sys_enter_open")
51 int trace_enter_open(struct syscalls_enter_open_args *ctx)
52 {
53 	count((void *)&enter_open_map);
54 	return 0;
55 }
56 
57 SEC("tracepoint/syscalls/sys_exit_open")
58 int trace_enter_exit(struct syscalls_exit_open_args *ctx)
59 {
60 	count((void *)&exit_open_map);
61 	return 0;
62 }
63