• Arnaldo Carvalho de Melo's avatar
    perf trace: Implement syscall filtering in augmented_syscalls · b27b38ed
    Arnaldo Carvalho de Melo authored
    Just another map, this time an BPF_MAP_TYPE_ARRAY, stating with
    one bool per syscall, stating if it should be filtered or not.
    
    So, with a pre-built augmented_raw_syscalls.o file, we use:
    
      # perf trace -e open*,augmented_raw_syscalls.o
         0.000 ( 0.016 ms): DNS Res~er #37/29652 openat(dfd: CWD, filename: /etc/hosts, flags: CLOEXEC                 ) = 138
       187.039 ( 0.048 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /etc/fstab, flags: CLOEXEC                 ) = 11
       187.348 ( 0.041 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC       ) = 11
       188.793 ( 0.036 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC       ) = 11
       189.803 ( 0.029 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC       ) = 11
       190.774 ( 0.027 ms): gsd-housekeepi/2436 openat(dfd: CWD, filename: /proc/self/mountinfo, flags: CLOEXEC       ) = 11
       284.620 ( 0.149 ms): DataStorage/3076 openat(dfd: CWD, filename: /home/acme/.mozilla/firefox/ina67tev.default/SiteSecurityServiceState.txt, flags: CREAT|TRUNC|WRONLY, mode: IRUGO|IWUSR|IWGRP) = 167
      ^C#
    
    What is it that this gsd-housekeeping thingy needs to open
    /proc/self/mountinfo four times periodically? :-)
    
    This map will be extended to tell per-syscall parameters, i.e. how many
    bytes to copy per arg, using the function signature to get the types and
    then the size of those types, via BTF.
    
    Cc: Adrian Hunter <adrian.hunter@intel.com>
    Cc: Jiri Olsa <jolsa@kernel.org>
    Cc: Namhyung Kim <namhyung@kernel.org>
    Cc: Wang Nan <wangnan0@huawei.com>
    Link: https://lkml.kernel.org/n/tip-cy222g9ucvnym3raqvxp0hpg@git.kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
    b27b38ed
Name
Last commit
Last update
..
5sec.c Loading commit data...
augmented_raw_syscalls.c Loading commit data...
augmented_syscalls.c Loading commit data...
empty.c Loading commit data...
etcsnoop.c Loading commit data...
hello.c Loading commit data...
sys_enter_openat.c Loading commit data...