4
#include <bpf/bpf_helpers.h>
5
#include <bpf/bpf_core_read.h>
6
#include <bpf/bpf_tracing.h>
8
#include <gadget/mntns_filter.h>
10
#define MAX_ENTRIES 8192
12
const volatile pid_t target_pid = 0;
13
const volatile __u64 min_lat_ns = 0;
16
const struct event *unusedevent __attribute__((unused));
33
struct dentry *dentry;
37
__uint(type, BPF_MAP_TYPE_HASH);
38
__uint(max_entries, MAX_ENTRIES);
39
__type(key, struct data_key);
40
__type(value, struct data);
44
__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
45
__uint(key_size, sizeof(__u32));
46
__uint(value_size, sizeof(__u32));
49
static int probe_entry(struct dentry *dentry, enum fs_file_op op, loff_t start,
52
__u64 pid_tgid = bpf_get_current_pid_tgid();
53
__u32 pid = pid_tgid >> 32;
54
__u32 tid = (__u32)pid_tgid;
56
struct data_key key = { .tid = tid, .op = op };
67
mntns_id = gadget_get_mntns_id();
69
if (gadget_should_discard_mntns_id(mntns_id))
72
data.ts = bpf_ktime_get_ns();
76
bpf_map_update_elem(&starts, &key, &data, BPF_ANY);
80
static int probe_exit(void *ctx, enum fs_file_op op, ssize_t size)
82
__u64 pid_tgid = bpf_get_current_pid_tgid();
83
__u32 pid = pid_tgid >> 32;
84
__u32 tid = (__u32)pid_tgid;
85
__u64 end_ns, delta_ns;
86
const __u8 *file_name;
88
struct event event = {};
89
struct data_key key = { .tid = tid, .op = op };
90
struct dentry *dentry;
96
datap = bpf_map_lookup_elem(&starts, &key);
100
bpf_map_delete_elem(&starts, &key);
102
end_ns = bpf_ktime_get_ns();
103
delta_ns = end_ns - datap->ts;
104
if (delta_ns <= min_lat_ns)
107
event.delta_us = delta_ns / 1000;
108
event.end_ns = end_ns;
109
event.offset = datap->start;
113
event.size = datap->end - datap->start;
116
event.mntns_id = gadget_get_mntns_id();
117
event.timestamp = bpf_ktime_get_boot_ns();
118
dentry = datap->dentry;
119
file_name = BPF_CORE_READ(dentry, d_name.name);
120
bpf_probe_read_kernel_str(&event.file, sizeof(event.file), file_name);
121
bpf_get_current_comm(&event.task, sizeof(event.task));
122
bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &event,
127
SEC("kprobe/dummy_file_read")
128
int BPF_KPROBE(ig_fssl_read_e, struct kiocb *iocb)
130
struct dentry *dentry = BPF_CORE_READ(iocb, ki_filp, f_path.dentry);
131
loff_t start = BPF_CORE_READ(iocb, ki_pos);
133
return probe_entry(dentry, F_READ, start, 0);
136
SEC("kretprobe/dummy_file_read")
137
int BPF_KRETPROBE(ig_fssl_read_x, ssize_t ret)
139
return probe_exit(ctx, F_READ, ret);
142
SEC("kprobe/dummy_file_write")
143
int BPF_KPROBE(ig_fssl_wr_e, struct kiocb *iocb)
145
struct dentry *dentry = BPF_CORE_READ(iocb, ki_filp, f_path.dentry);
146
loff_t start = BPF_CORE_READ(iocb, ki_pos);
148
return probe_entry(dentry, F_WRITE, start, 0);
151
SEC("kretprobe/dummy_file_write")
152
int BPF_KRETPROBE(ig_fssl_wr_x, ssize_t ret)
154
return probe_exit(ctx, F_WRITE, ret);
157
SEC("kprobe/dummy_file_open")
158
int BPF_KPROBE(ig_fssl_open_e, struct inode *inode, struct file *file)
160
struct dentry *dentry = BPF_CORE_READ(file, f_path.dentry);
161
return probe_entry(dentry, F_OPEN, 0, 0);
164
SEC("kretprobe/dummy_file_open")
165
int BPF_KRETPROBE(ig_fssl_open_x)
167
return probe_exit(ctx, F_OPEN, 0);
170
SEC("kprobe/dummy_file_sync")
171
int BPF_KPROBE(ig_fssl_sync_e, struct file *file, loff_t start, loff_t end)
173
struct dentry *dentry = BPF_CORE_READ(file, f_path.dentry);
174
return probe_entry(dentry, F_FSYNC, start, end);
177
SEC("kretprobe/dummy_file_sync")
178
int BPF_KRETPROBE(ig_fssl_sync_x)
180
return probe_exit(ctx, F_FSYNC, 0);
183
SEC("kprobe/dummy_file_statfs")
184
int BPF_KPROBE(ig_fssl_statfs_e, struct dentry *dentry, struct kstatfs *buf)
186
return probe_entry(dentry, F_STATFS, 0, 0);
189
SEC("kretprobe/dummy_file_statfs")
190
int BPF_KRETPROBE(ig_fssl_statfs_x)
192
return probe_exit(ctx, F_STATFS, 0);
250
char LICENSE[] SEC("license") = "GPL";