1 /* Copyright (c) 2016 Facebook 2 * 3 * This program is free software; you can redistribute it and/or 4 * modify it under the terms of version 2 of the GNU General Public 5 * License as published by the Free Software Foundation. 6 */ 7 #include <linux/version.h> 8 #include <linux/ptrace.h> 9 #include <linux/sched.h> 10 #include <uapi/linux/bpf.h> 11 #include <bpf/bpf_helpers.h> 12 #include <bpf/bpf_tracing.h> 13 14 #define _(P) \ 15 ({ \ 16 typeof(P) val = 0; \ 17 bpf_probe_read_kernel(&val, sizeof(val), &(P)); \ 18 val; \ 19 }) 20 21 SEC("kprobe/__set_task_comm") prog(struct pt_regs * ctx)22int prog(struct pt_regs *ctx) 23 { 24 struct signal_struct *signal; 25 struct task_struct *tsk; 26 char oldcomm[TASK_COMM_LEN] = {}; 27 char newcomm[TASK_COMM_LEN] = {}; 28 u16 oom_score_adj; 29 u32 pid; 30 31 tsk = (void *)PT_REGS_PARM1(ctx); 32 33 pid = _(tsk->pid); 34 bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm); 35 bpf_probe_read_kernel_str(newcomm, sizeof(newcomm), 36 (void *)PT_REGS_PARM2(ctx)); 37 signal = _(tsk->signal); 38 oom_score_adj = _(signal->oom_score_adj); 39 return 0; 40 } 41 42 SEC("kprobe/urandom_read") prog2(struct pt_regs * ctx)43int prog2(struct pt_regs *ctx) 44 { 45 return 0; 46 } 47 48 char _license[] SEC("license") = "GPL"; 49 u32 _version SEC("version") = LINUX_VERSION_CODE; 50