inspektor-gadget

1
// SPDX-License-Identifier: GPL-2.0
2
// Copyright (c) 2022 Jingxiang Zeng
3
// Copyright (c) 2022 Francis Laniel <flaniel@linux.microsoft.com>
4
#include <vmlinux.h>
5
#include <bpf/bpf_helpers.h>
6
#include <bpf/bpf_core_read.h>
7
#include <bpf/bpf_tracing.h>
8

9
#include "oomkill.h"
10
#include <gadget/mntns_filter.h>
11

12
// we need this to make sure the compiler doesn't remove our struct
13
const struct data_t *unuseddata __attribute__((unused));
14

15
struct {
16
	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
17
	__uint(key_size, sizeof(u32));
18
	__uint(value_size, sizeof(u32));
19
} events SEC(".maps");
20

21
SEC("kprobe/oom_kill_process")
22
int BPF_KPROBE(ig_oom_kill, struct oom_control *oc, const char *message)
23
{
24
	struct data_t data;
25
	u64 mntns_id;
26
	u64 uid_gid = bpf_get_current_uid_gid();
27

28
	mntns_id = (u64)BPF_CORE_READ(oc, chosen, nsproxy, mnt_ns, ns.inum);
29

30
	if (gadget_should_discard_mntns_id(mntns_id))
31
		return 0;
32

33
	data.fpid = bpf_get_current_pid_tgid() >> 32;
34
	data.fuid = (u32)uid_gid;
35
	data.fgid = (u32)(uid_gid >> 32);
36
	data.tpid = BPF_CORE_READ(oc, chosen, tgid);
37
	data.pages = BPF_CORE_READ(oc, totalpages);
38
	bpf_get_current_comm(&data.fcomm, sizeof(data.fcomm));
39
	bpf_probe_read_kernel(&data.tcomm, sizeof(data.tcomm),
40
			      BPF_CORE_READ(oc, chosen, comm));
41
	data.mount_ns_id = mntns_id;
42
	data.timestamp = bpf_ktime_get_boot_ns();
43
	bpf_perf_event_output(ctx, &events, BPF_F_CURRENT_CPU, &data,
44
			      sizeof(data));
45
	return 0;
46
}
47

48
char LICENSE[] SEC("license") = "GPL";
49