]>
Commit | Line | Data |
---|---|---|
e3edfdec AS |
1 | /* Copyright (c) 2016 Facebook |
2 | * | |
3 | * This program is free software; you can redistribute it and/or | |
4 | * modify it under the terms of version 2 of the GNU General Public | |
5 | * License as published by the Free Software Foundation. | |
6 | */ | |
7 | #include <linux/version.h> | |
8 | #include <linux/ptrace.h> | |
9 | #include <uapi/linux/bpf.h> | |
7cf245a3 THJ |
10 | #include <bpf/bpf_helpers.h> |
11 | #include <bpf/bpf_tracing.h> | |
e3edfdec | 12 | |
e4d9c232 IL |
13 | #define _(P) \ |
14 | ({ \ | |
15 | typeof(P) val = 0; \ | |
16 | bpf_probe_read_kernel(&val, sizeof(val), &(P)); \ | |
17 | val; \ | |
18 | }) | |
e3edfdec AS |
19 | |
20 | SEC("kprobe/__set_task_comm") | |
21 | int prog(struct pt_regs *ctx) | |
22 | { | |
23 | struct signal_struct *signal; | |
24 | struct task_struct *tsk; | |
25 | char oldcomm[16] = {}; | |
26 | char newcomm[16] = {}; | |
27 | u16 oom_score_adj; | |
28 | u32 pid; | |
29 | ||
30 | tsk = (void *)PT_REGS_PARM1(ctx); | |
31 | ||
32 | pid = _(tsk->pid); | |
e4d9c232 IL |
33 | bpf_probe_read_kernel(oldcomm, sizeof(oldcomm), &tsk->comm); |
34 | bpf_probe_read_kernel(newcomm, sizeof(newcomm), | |
35 | (void *)PT_REGS_PARM2(ctx)); | |
e3edfdec AS |
36 | signal = _(tsk->signal); |
37 | oom_score_adj = _(signal->oom_score_adj); | |
38 | return 0; | |
39 | } | |
40 | ||
41 | SEC("kprobe/urandom_read") | |
42 | int prog2(struct pt_regs *ctx) | |
43 | { | |
44 | return 0; | |
45 | } | |
46 | ||
47 | char _license[] SEC("license") = "GPL"; | |
48 | u32 _version SEC("version") = LINUX_VERSION_CODE; |