Loading...
/* Copyright (c) 2016 Facebook * * This program is free software; you can redistribute it and/or * modify it under the terms of version 2 of the GNU General Public * License as published by the Free Software Foundation. */ #include <linux/version.h> #include <linux/ptrace.h> #include <linux/sched.h> #include <uapi/linux/bpf.h> #include <bpf/bpf_helpers.h> #include <bpf/bpf_tracing.h> #define _(P) \ ({ \ typeof(P) val = 0; \ bpf_probe_read_kernel(&val, sizeof(val), &(P)); \ val; \ }) SEC("kprobe/__set_task_comm") int prog(struct pt_regs *ctx) { struct signal_struct *signal; struct task_struct *tsk; char oldcomm[TASK_COMM_LEN] = {}; char newcomm[TASK_COMM_LEN] = {}; u16 oom_score_adj; u32 pid; tsk = (void *)PT_REGS_PARM1(ctx); pid = _(tsk->pid); bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm); bpf_probe_read_kernel_str(newcomm, sizeof(newcomm), (void *)PT_REGS_PARM2(ctx)); signal = _(tsk->signal); oom_score_adj = _(signal->oom_score_adj); return 0; } SEC("kprobe/urandom_read") int prog2(struct pt_regs *ctx) { return 0; } char _license[] SEC("license") = "GPL"; u32 _version SEC("version") = LINUX_VERSION_CODE; |