Created
February 24, 2017 18:19
-
-
Save vitalyvch/a5f57af87a4de0ac572b79f190b27ccb to your computer and use it in GitHub Desktop.
ErrLog-4.8-1.txt
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
INFO:check_bpf_jit_status: ENABLED. | |
>>>>> Generated eBPF code <<<<< | |
/* | |
* Copyright 2016-2017, Intel Corporation | |
* | |
* Redistribution and use in source and binary forms, with or without | |
* modification, are permitted provided that the following conditions | |
* are met: | |
* | |
* * Redistributions of source code must retain the above copyright | |
* notice, this list of conditions and the following disclaimer. | |
* | |
* * Redistributions in binary form must reproduce the above copyright | |
* notice, this list of conditions and the following disclaimer in | |
* the documentation and/or other materials provided with the | |
* distribution. | |
* | |
* * Neither the name of the copyright holder nor the names of its | |
* contributors may be used to endorse or promote products derived | |
* from this software without specific prior written permission. | |
* | |
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | |
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | |
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | |
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
*/ | |
/* | |
* trace_head.c -- The head for generated eBPF code. Uses BCC, eBPF. | |
*/ | |
#include <uapi/linux/ptrace.h> | |
#include <uapi/linux/limits.h> | |
#include <linux/sched.h> | |
/* | |
* trace.h -- Data exchange packet between packet filter and reader callback | |
*/ | |
#ifndef TRACE_H | |
#define TRACE_H | |
/* | |
* The longest syscall's name is equal to 26 characters: | |
* 'SyS_sched_get_priority_max'. | |
* Let's to add a space for '\0' and few extra bytes. | |
*/ | |
enum { E_SC_NAME_SIZE = 32 }; | |
struct ev_dt_t { | |
/* | |
* This fild is set for glibc-defined syscalls and describe | |
* a series of packets for every syscall. | |
* | |
* It is needed because we are limited with stack size of | |
* 512 bytes and used part of stack is initilaized with zeros | |
* on every call of syscall handlers. | |
* | |
* the value equals to 0 means that this is "single-packet" syscall | |
* and there will be no additional packets sent. | |
* the value bigger than 0 means that this is a first packet and there | |
* will be sent 'packet_type' more additional packets. | |
* the value less than 0 means that this is additional packet with | |
* serial number 'packet_type'. | |
* | |
* Content of additional packets is defined by syscall number in | |
* first packet. There are no additional packets for "sc_id == -2" | |
*/ | |
s64 packet_type; | |
/* | |
* Syscall's signature. All packets with same signature belongs to same | |
* call of same syscall. We need two timestamps here, because we | |
* can get nesting of syscalls from same pid_tid by calling syscall | |
* from signal handler, before syscall called from main context has | |
* returned. | |
* | |
* XXX By the fact sc_id is not neaded here, but its presence simplifies | |
* a lot of processing, so let's keep it here. | |
*/ | |
struct { | |
u64 pid_tid; | |
/* Timestamps */ | |
u64 start_ts_nsec; | |
u64 finish_ts_nsec; | |
/* | |
* the value equals to -1 means "header" | |
* | |
* the value equals to -2 means that syscall's num is | |
* unknown for glibc and the field sc_name should be | |
* used to figuring out syscall. | |
*/ | |
s64 sc_id; | |
}; | |
union { | |
/* Body of first packet */ | |
struct { | |
s64 ret; | |
s64 arg_1; | |
s64 arg_2; | |
s64 arg_3; | |
s64 arg_4; | |
s64 arg_5; | |
s64 arg_6; | |
union { | |
/* should be last in this structure */ | |
char sc_name[E_SC_NAME_SIZE]; | |
/* | |
* Body of string argument. The content and | |
* meaning of argument is defined by | |
* syscall's number in the sc_id field. | |
*/ | |
char aux_str[1]; /* NAME_MAX */ | |
}; | |
}; | |
/* Body of header */ | |
struct { | |
s64 argc; | |
char argv[]; | |
} header; | |
/* | |
* Body of string argument. The content and meaning of argument | |
* is defined by syscall's number (in the first packet) in | |
* the sc_id field. | |
*/ | |
char str[1]; /* NAME_MAX */ | |
}; | |
}; | |
#endif /* TRACE_H */ | |
struct first_step_t { | |
s64 arg_1; | |
s64 arg_2; | |
s64 arg_3; | |
s64 arg_4; | |
s64 arg_5; | |
s64 arg_6; | |
u64 start_ts_nsec; | |
}; | |
/* The set of our children_pid */ | |
BPF_HASH(children_map, u64, u64); | |
BPF_HASH(tmp_i, u64, struct first_step_t); | |
BPF_PERF_OUTPUT(events); | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_read -- SyS_read() entry handler | |
*/ | |
int | |
kprobe__SyS_read(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_read -- SyS_read() exit handler | |
*/ | |
int | |
kretprobe__SyS_read(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_read; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_write -- SyS_write() entry handler | |
*/ | |
int | |
kprobe__SyS_write(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_write -- SyS_write() exit handler | |
*/ | |
int | |
kretprobe__SyS_write(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_write; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_open -- SyS_open() entry handler | |
*/ | |
int | |
kprobe__SyS_open(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_open -- SyS_open() exit handler | |
*/ | |
int | |
kretprobe__SyS_open(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_open; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_close -- SyS_close() entry handler | |
*/ | |
int | |
kprobe__SyS_close(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_close -- SyS_close() exit handler | |
*/ | |
int | |
kretprobe__SyS_close(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_close; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_newstat -- SyS_newstat() entry handler | |
*/ | |
int | |
kprobe__SyS_newstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_newstat -- SyS_newstat() exit handler | |
*/ | |
int | |
kretprobe__SyS_newstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_stat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_newfstat -- SyS_newfstat() entry handler | |
*/ | |
int | |
kprobe__SyS_newfstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_newfstat -- SyS_newfstat() exit handler | |
*/ | |
int | |
kretprobe__SyS_newfstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fstat; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_newlstat -- SyS_newlstat() entry handler | |
*/ | |
int | |
kprobe__SyS_newlstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_newlstat -- SyS_newlstat() exit handler | |
*/ | |
int | |
kretprobe__SyS_newlstat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_lstat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_poll -- SyS_poll() entry handler | |
*/ | |
int | |
kprobe__SyS_poll(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_poll -- SyS_poll() exit handler | |
*/ | |
int | |
kretprobe__SyS_poll(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_poll; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lseek -- SyS_lseek() entry handler | |
*/ | |
int | |
kprobe__SyS_lseek(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lseek -- SyS_lseek() exit handler | |
*/ | |
int | |
kretprobe__SyS_lseek(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_lseek; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mmap -- SyS_mmap() entry handler | |
*/ | |
int | |
kprobe__SyS_mmap(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mmap -- SyS_mmap() exit handler | |
*/ | |
int | |
kretprobe__SyS_mmap(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mmap; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mprotect -- SyS_mprotect() entry handler | |
*/ | |
int | |
kprobe__SyS_mprotect(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mprotect -- SyS_mprotect() exit handler | |
*/ | |
int | |
kretprobe__SyS_mprotect(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mprotect; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_munmap -- SyS_munmap() entry handler | |
*/ | |
int | |
kprobe__SyS_munmap(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_munmap -- SyS_munmap() exit handler | |
*/ | |
int | |
kretprobe__SyS_munmap(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_munmap; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_brk -- SyS_brk() entry handler | |
*/ | |
int | |
kprobe__SyS_brk(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_brk -- SyS_brk() exit handler | |
*/ | |
int | |
kretprobe__SyS_brk(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_brk; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigaction -- SyS_rt_sigaction() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigaction(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigaction -- SyS_rt_sigaction() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigaction(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigaction; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigprocmask -- SyS_rt_sigprocmask() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigprocmask(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigprocmask -- SyS_rt_sigprocmask() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigprocmask(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigprocmask; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_rt_sigreturn -- sys_rt_sigreturn() entry handler | |
*/ | |
int | |
kprobe__sys_rt_sigreturn(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_rt_sigreturn -- sys_rt_sigreturn() exit handler | |
*/ | |
int | |
kretprobe__sys_rt_sigreturn(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigreturn; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ioctl -- SyS_ioctl() entry handler | |
*/ | |
int | |
kprobe__SyS_ioctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ioctl -- SyS_ioctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_ioctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ioctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pread64 -- SyS_pread64() entry handler | |
*/ | |
int | |
kprobe__SyS_pread64(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pread64 -- SyS_pread64() exit handler | |
*/ | |
int | |
kretprobe__SyS_pread64(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pread64; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pwrite64 -- SyS_pwrite64() entry handler | |
*/ | |
int | |
kprobe__SyS_pwrite64(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pwrite64 -- SyS_pwrite64() exit handler | |
*/ | |
int | |
kretprobe__SyS_pwrite64(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pwrite64; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_readv -- SyS_readv() entry handler | |
*/ | |
int | |
kprobe__SyS_readv(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_readv -- SyS_readv() exit handler | |
*/ | |
int | |
kretprobe__SyS_readv(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_readv; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_writev -- SyS_writev() entry handler | |
*/ | |
int | |
kprobe__SyS_writev(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_writev -- SyS_writev() exit handler | |
*/ | |
int | |
kretprobe__SyS_writev(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_writev; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_access -- SyS_access() entry handler | |
*/ | |
int | |
kprobe__SyS_access(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_access -- SyS_access() exit handler | |
*/ | |
int | |
kretprobe__SyS_access(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_access; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pipe -- SyS_pipe() entry handler | |
*/ | |
int | |
kprobe__SyS_pipe(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pipe -- SyS_pipe() exit handler | |
*/ | |
int | |
kretprobe__SyS_pipe(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pipe; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_select -- SyS_select() entry handler | |
*/ | |
int | |
kprobe__SyS_select(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_select -- SyS_select() exit handler | |
*/ | |
int | |
kretprobe__SyS_select(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_select; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_sched_yield -- sys_sched_yield() entry handler | |
*/ | |
int | |
kprobe__sys_sched_yield(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_sched_yield -- sys_sched_yield() exit handler | |
*/ | |
int | |
kretprobe__sys_sched_yield(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_yield; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mremap -- SyS_mremap() entry handler | |
*/ | |
int | |
kprobe__SyS_mremap(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mremap -- SyS_mremap() exit handler | |
*/ | |
int | |
kretprobe__SyS_mremap(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mremap; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_msync -- SyS_msync() entry handler | |
*/ | |
int | |
kprobe__SyS_msync(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_msync -- SyS_msync() exit handler | |
*/ | |
int | |
kretprobe__SyS_msync(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_msync; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mincore -- SyS_mincore() entry handler | |
*/ | |
int | |
kprobe__SyS_mincore(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mincore -- SyS_mincore() exit handler | |
*/ | |
int | |
kretprobe__SyS_mincore(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mincore; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_madvise -- SyS_madvise() entry handler | |
*/ | |
int | |
kprobe__SyS_madvise(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_madvise -- SyS_madvise() exit handler | |
*/ | |
int | |
kretprobe__SyS_madvise(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_madvise; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_shmget -- SyS_shmget() entry handler | |
*/ | |
int | |
kprobe__SyS_shmget(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_shmget -- SyS_shmget() exit handler | |
*/ | |
int | |
kretprobe__SyS_shmget(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_shmget; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_shmat -- SyS_shmat() entry handler | |
*/ | |
int | |
kprobe__SyS_shmat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_shmat -- SyS_shmat() exit handler | |
*/ | |
int | |
kretprobe__SyS_shmat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_shmat; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_shmctl -- SyS_shmctl() entry handler | |
*/ | |
int | |
kprobe__SyS_shmctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_shmctl -- SyS_shmctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_shmctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_shmctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_dup -- SyS_dup() entry handler | |
*/ | |
int | |
kprobe__SyS_dup(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_dup -- SyS_dup() exit handler | |
*/ | |
int | |
kretprobe__SyS_dup(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_dup; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_dup2 -- SyS_dup2() entry handler | |
*/ | |
int | |
kprobe__SyS_dup2(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_dup2 -- SyS_dup2() exit handler | |
*/ | |
int | |
kretprobe__SyS_dup2(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_dup2; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_pause -- sys_pause() entry handler | |
*/ | |
int | |
kprobe__sys_pause(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_pause -- sys_pause() exit handler | |
*/ | |
int | |
kretprobe__sys_pause(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pause; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_nanosleep -- SyS_nanosleep() entry handler | |
*/ | |
int | |
kprobe__SyS_nanosleep(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_nanosleep -- SyS_nanosleep() exit handler | |
*/ | |
int | |
kretprobe__SyS_nanosleep(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_nanosleep; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getitimer -- SyS_getitimer() entry handler | |
*/ | |
int | |
kprobe__SyS_getitimer(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getitimer -- SyS_getitimer() exit handler | |
*/ | |
int | |
kretprobe__SyS_getitimer(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getitimer; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_alarm -- SyS_alarm() entry handler | |
*/ | |
int | |
kprobe__SyS_alarm(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_alarm -- SyS_alarm() exit handler | |
*/ | |
int | |
kretprobe__SyS_alarm(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_alarm; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setitimer -- SyS_setitimer() entry handler | |
*/ | |
int | |
kprobe__SyS_setitimer(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setitimer -- SyS_setitimer() exit handler | |
*/ | |
int | |
kretprobe__SyS_setitimer(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setitimer; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getpid -- sys_getpid() entry handler | |
*/ | |
int | |
kprobe__sys_getpid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getpid -- sys_getpid() exit handler | |
*/ | |
int | |
kretprobe__sys_getpid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getpid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sendfile -- SyS_sendfile() entry handler | |
*/ | |
int | |
kprobe__SyS_sendfile(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sendfile -- SyS_sendfile() exit handler | |
*/ | |
int | |
kretprobe__SyS_sendfile(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sendfile; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_socket -- SyS_socket() entry handler | |
*/ | |
int | |
kprobe__SyS_socket(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_socket -- SyS_socket() exit handler | |
*/ | |
int | |
kretprobe__SyS_socket(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_socket; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_connect -- SyS_connect() entry handler | |
*/ | |
int | |
kprobe__SyS_connect(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_connect -- SyS_connect() exit handler | |
*/ | |
int | |
kretprobe__SyS_connect(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_connect; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_accept -- SyS_accept() entry handler | |
*/ | |
int | |
kprobe__SyS_accept(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_accept -- SyS_accept() exit handler | |
*/ | |
int | |
kretprobe__SyS_accept(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_accept; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sendto -- SyS_sendto() entry handler | |
*/ | |
int | |
kprobe__SyS_sendto(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sendto -- SyS_sendto() exit handler | |
*/ | |
int | |
kretprobe__SyS_sendto(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sendto; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_recvfrom -- SyS_recvfrom() entry handler | |
*/ | |
int | |
kprobe__SyS_recvfrom(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_recvfrom -- SyS_recvfrom() exit handler | |
*/ | |
int | |
kretprobe__SyS_recvfrom(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_recvfrom; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sendmsg -- SyS_sendmsg() entry handler | |
*/ | |
int | |
kprobe__SyS_sendmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sendmsg -- SyS_sendmsg() exit handler | |
*/ | |
int | |
kretprobe__SyS_sendmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sendmsg; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_recvmsg -- SyS_recvmsg() entry handler | |
*/ | |
int | |
kprobe__SyS_recvmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_recvmsg -- SyS_recvmsg() exit handler | |
*/ | |
int | |
kretprobe__SyS_recvmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_recvmsg; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_shutdown -- SyS_shutdown() entry handler | |
*/ | |
int | |
kprobe__SyS_shutdown(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_shutdown -- SyS_shutdown() exit handler | |
*/ | |
int | |
kretprobe__SyS_shutdown(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_shutdown; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_bind -- SyS_bind() entry handler | |
*/ | |
int | |
kprobe__SyS_bind(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_bind -- SyS_bind() exit handler | |
*/ | |
int | |
kretprobe__SyS_bind(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_bind; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_listen -- SyS_listen() entry handler | |
*/ | |
int | |
kprobe__SyS_listen(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_listen -- SyS_listen() exit handler | |
*/ | |
int | |
kretprobe__SyS_listen(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_listen; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getsockname -- SyS_getsockname() entry handler | |
*/ | |
int | |
kprobe__SyS_getsockname(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getsockname -- SyS_getsockname() exit handler | |
*/ | |
int | |
kretprobe__SyS_getsockname(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getsockname; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getpeername -- SyS_getpeername() entry handler | |
*/ | |
int | |
kprobe__SyS_getpeername(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getpeername -- SyS_getpeername() exit handler | |
*/ | |
int | |
kretprobe__SyS_getpeername(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getpeername; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_socketpair -- SyS_socketpair() entry handler | |
*/ | |
int | |
kprobe__SyS_socketpair(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_socketpair -- SyS_socketpair() exit handler | |
*/ | |
int | |
kretprobe__SyS_socketpair(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_socketpair; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setsockopt -- SyS_setsockopt() entry handler | |
*/ | |
int | |
kprobe__SyS_setsockopt(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setsockopt -- SyS_setsockopt() exit handler | |
*/ | |
int | |
kretprobe__SyS_setsockopt(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setsockopt; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getsockopt -- SyS_getsockopt() entry handler | |
*/ | |
int | |
kprobe__SyS_getsockopt(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getsockopt -- SyS_getsockopt() exit handler | |
*/ | |
int | |
kretprobe__SyS_getsockopt(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getsockopt; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clone -- SyS_clone() entry handler | |
*/ | |
int | |
kprobe__SyS_clone(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clone -- SyS_clone() exit handler | |
*/ | |
int | |
kretprobe__SyS_clone(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clone; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_fork -- sys_fork() entry handler | |
*/ | |
int | |
kprobe__sys_fork(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_fork -- sys_fork() exit handler | |
*/ | |
int | |
kretprobe__sys_fork(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fork; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_vfork -- sys_vfork() entry handler | |
*/ | |
int | |
kprobe__sys_vfork(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_vfork -- sys_vfork() exit handler | |
*/ | |
int | |
kretprobe__sys_vfork(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_vfork; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_execve -- SyS_execve() entry handler | |
*/ | |
int | |
kprobe__SyS_execve(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_execve -- SyS_execve() exit handler | |
*/ | |
int | |
kretprobe__SyS_execve(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_execve; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_exit -- SyS_exit() entry handler | |
*/ | |
int | |
kprobe__SyS_exit(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_exit -- SyS_exit() exit handler | |
*/ | |
int | |
kretprobe__SyS_exit(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_exit; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_wait4 -- SyS_wait4() entry handler | |
*/ | |
int | |
kprobe__SyS_wait4(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_wait4 -- SyS_wait4() exit handler | |
*/ | |
int | |
kretprobe__SyS_wait4(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_wait4; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_kill -- SyS_kill() entry handler | |
*/ | |
int | |
kprobe__SyS_kill(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_kill -- SyS_kill() exit handler | |
*/ | |
int | |
kretprobe__SyS_kill(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_kill; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_uname -- SyS_uname() entry handler | |
*/ | |
int | |
kprobe__SyS_uname(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_uname -- SyS_uname() exit handler | |
*/ | |
int | |
kretprobe__SyS_uname(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_uname; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_semget -- SyS_semget() entry handler | |
*/ | |
int | |
kprobe__SyS_semget(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_semget -- SyS_semget() exit handler | |
*/ | |
int | |
kretprobe__SyS_semget(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_semget; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_semop -- SyS_semop() entry handler | |
*/ | |
int | |
kprobe__SyS_semop(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_semop -- SyS_semop() exit handler | |
*/ | |
int | |
kretprobe__SyS_semop(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_semop; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_semctl -- SyS_semctl() entry handler | |
*/ | |
int | |
kprobe__SyS_semctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_semctl -- SyS_semctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_semctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_semctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_shmdt -- SyS_shmdt() entry handler | |
*/ | |
int | |
kprobe__SyS_shmdt(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_shmdt -- SyS_shmdt() exit handler | |
*/ | |
int | |
kretprobe__SyS_shmdt(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_shmdt; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_msgget -- SyS_msgget() entry handler | |
*/ | |
int | |
kprobe__SyS_msgget(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_msgget -- SyS_msgget() exit handler | |
*/ | |
int | |
kretprobe__SyS_msgget(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_msgget; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_msgsnd -- SyS_msgsnd() entry handler | |
*/ | |
int | |
kprobe__SyS_msgsnd(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_msgsnd -- SyS_msgsnd() exit handler | |
*/ | |
int | |
kretprobe__SyS_msgsnd(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_msgsnd; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_msgrcv -- SyS_msgrcv() entry handler | |
*/ | |
int | |
kprobe__SyS_msgrcv(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_msgrcv -- SyS_msgrcv() exit handler | |
*/ | |
int | |
kretprobe__SyS_msgrcv(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_msgrcv; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_msgctl -- SyS_msgctl() entry handler | |
*/ | |
int | |
kprobe__SyS_msgctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_msgctl -- SyS_msgctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_msgctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_msgctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fcntl -- SyS_fcntl() entry handler | |
*/ | |
int | |
kprobe__SyS_fcntl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fcntl -- SyS_fcntl() exit handler | |
*/ | |
int | |
kretprobe__SyS_fcntl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fcntl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_flock -- SyS_flock() entry handler | |
*/ | |
int | |
kprobe__SyS_flock(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_flock -- SyS_flock() exit handler | |
*/ | |
int | |
kretprobe__SyS_flock(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_flock; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fsync -- SyS_fsync() entry handler | |
*/ | |
int | |
kprobe__SyS_fsync(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fsync -- SyS_fsync() exit handler | |
*/ | |
int | |
kretprobe__SyS_fsync(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fsync; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fdatasync -- SyS_fdatasync() entry handler | |
*/ | |
int | |
kprobe__SyS_fdatasync(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fdatasync -- SyS_fdatasync() exit handler | |
*/ | |
int | |
kretprobe__SyS_fdatasync(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fdatasync; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_truncate -- SyS_truncate() entry handler | |
*/ | |
int | |
kprobe__SyS_truncate(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_truncate -- SyS_truncate() exit handler | |
*/ | |
int | |
kretprobe__SyS_truncate(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_truncate; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ftruncate -- SyS_ftruncate() entry handler | |
*/ | |
int | |
kprobe__SyS_ftruncate(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ftruncate -- SyS_ftruncate() exit handler | |
*/ | |
int | |
kretprobe__SyS_ftruncate(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ftruncate; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getdents -- SyS_getdents() entry handler | |
*/ | |
int | |
kprobe__SyS_getdents(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getdents -- SyS_getdents() exit handler | |
*/ | |
int | |
kretprobe__SyS_getdents(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getdents; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getcwd -- SyS_getcwd() entry handler | |
*/ | |
int | |
kprobe__SyS_getcwd(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getcwd -- SyS_getcwd() exit handler | |
*/ | |
int | |
kretprobe__SyS_getcwd(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getcwd; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_chdir -- SyS_chdir() entry handler | |
*/ | |
int | |
kprobe__SyS_chdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_chdir -- SyS_chdir() exit handler | |
*/ | |
int | |
kretprobe__SyS_chdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_chdir; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fchdir -- SyS_fchdir() entry handler | |
*/ | |
int | |
kprobe__SyS_fchdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fchdir -- SyS_fchdir() exit handler | |
*/ | |
int | |
kretprobe__SyS_fchdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fchdir; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_2_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rename -- SyS_rename() entry handler | |
*/ | |
int | |
kprobe__SyS_rename(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rename -- SyS_rename() exit handler | |
*/ | |
int | |
kretprobe__SyS_rename(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_rename; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mkdir -- SyS_mkdir() entry handler | |
*/ | |
int | |
kprobe__SyS_mkdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mkdir -- SyS_mkdir() exit handler | |
*/ | |
int | |
kretprobe__SyS_mkdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mkdir; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rmdir -- SyS_rmdir() entry handler | |
*/ | |
int | |
kprobe__SyS_rmdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rmdir -- SyS_rmdir() exit handler | |
*/ | |
int | |
kretprobe__SyS_rmdir(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_rmdir; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_creat -- SyS_creat() entry handler | |
*/ | |
int | |
kprobe__SyS_creat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_creat -- SyS_creat() exit handler | |
*/ | |
int | |
kretprobe__SyS_creat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_creat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_2_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_link -- SyS_link() entry handler | |
*/ | |
int | |
kprobe__SyS_link(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_link -- SyS_link() exit handler | |
*/ | |
int | |
kretprobe__SyS_link(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_link; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_unlink -- SyS_unlink() entry handler | |
*/ | |
int | |
kprobe__SyS_unlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_unlink -- SyS_unlink() exit handler | |
*/ | |
int | |
kretprobe__SyS_unlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_unlink; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_2_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_symlink -- SyS_symlink() entry handler | |
*/ | |
int | |
kprobe__SyS_symlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_symlink -- SyS_symlink() exit handler | |
*/ | |
int | |
kretprobe__SyS_symlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_symlink; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_readlink -- SyS_readlink() entry handler | |
*/ | |
int | |
kprobe__SyS_readlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_readlink -- SyS_readlink() exit handler | |
*/ | |
int | |
kretprobe__SyS_readlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_readlink; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_chmod -- SyS_chmod() entry handler | |
*/ | |
int | |
kprobe__SyS_chmod(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_chmod -- SyS_chmod() exit handler | |
*/ | |
int | |
kretprobe__SyS_chmod(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_chmod; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fchmod -- SyS_fchmod() entry handler | |
*/ | |
int | |
kprobe__SyS_fchmod(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fchmod -- SyS_fchmod() exit handler | |
*/ | |
int | |
kretprobe__SyS_fchmod(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fchmod; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_chown -- SyS_chown() entry handler | |
*/ | |
int | |
kprobe__SyS_chown(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_chown -- SyS_chown() exit handler | |
*/ | |
int | |
kretprobe__SyS_chown(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_chown; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fchown -- SyS_fchown() entry handler | |
*/ | |
int | |
kprobe__SyS_fchown(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fchown -- SyS_fchown() exit handler | |
*/ | |
int | |
kretprobe__SyS_fchown(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fchown; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lchown -- SyS_lchown() entry handler | |
*/ | |
int | |
kprobe__SyS_lchown(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lchown -- SyS_lchown() exit handler | |
*/ | |
int | |
kretprobe__SyS_lchown(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_lchown; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_umask -- SyS_umask() entry handler | |
*/ | |
int | |
kprobe__SyS_umask(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_umask -- SyS_umask() exit handler | |
*/ | |
int | |
kretprobe__SyS_umask(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_umask; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_gettimeofday -- SyS_gettimeofday() entry handler | |
*/ | |
int | |
kprobe__SyS_gettimeofday(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_gettimeofday -- SyS_gettimeofday() exit handler | |
*/ | |
int | |
kretprobe__SyS_gettimeofday(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_gettimeofday; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getrlimit -- SyS_getrlimit() entry handler | |
*/ | |
int | |
kprobe__SyS_getrlimit(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getrlimit -- SyS_getrlimit() exit handler | |
*/ | |
int | |
kretprobe__SyS_getrlimit(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getrlimit; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getrusage -- SyS_getrusage() entry handler | |
*/ | |
int | |
kprobe__SyS_getrusage(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getrusage -- SyS_getrusage() exit handler | |
*/ | |
int | |
kretprobe__SyS_getrusage(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getrusage; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sysinfo -- SyS_sysinfo() entry handler | |
*/ | |
int | |
kprobe__SyS_sysinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sysinfo -- SyS_sysinfo() exit handler | |
*/ | |
int | |
kretprobe__SyS_sysinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sysinfo; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_times -- SyS_times() entry handler | |
*/ | |
int | |
kprobe__SyS_times(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_times -- SyS_times() exit handler | |
*/ | |
int | |
kretprobe__SyS_times(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_times; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ptrace -- SyS_ptrace() entry handler | |
*/ | |
int | |
kprobe__SyS_ptrace(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ptrace -- SyS_ptrace() exit handler | |
*/ | |
int | |
kretprobe__SyS_ptrace(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ptrace; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getuid -- sys_getuid() entry handler | |
*/ | |
int | |
kprobe__sys_getuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getuid -- sys_getuid() exit handler | |
*/ | |
int | |
kretprobe__sys_getuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_syslog -- SyS_syslog() entry handler | |
*/ | |
int | |
kprobe__SyS_syslog(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_syslog -- SyS_syslog() exit handler | |
*/ | |
int | |
kretprobe__SyS_syslog(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_syslog; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getgid -- sys_getgid() entry handler | |
*/ | |
int | |
kprobe__sys_getgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getgid -- sys_getgid() exit handler | |
*/ | |
int | |
kretprobe__sys_getgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setuid -- SyS_setuid() entry handler | |
*/ | |
int | |
kprobe__SyS_setuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setuid -- SyS_setuid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setgid -- SyS_setgid() entry handler | |
*/ | |
int | |
kprobe__SyS_setgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setgid -- SyS_setgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_geteuid -- sys_geteuid() entry handler | |
*/ | |
int | |
kprobe__sys_geteuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_geteuid -- sys_geteuid() exit handler | |
*/ | |
int | |
kretprobe__sys_geteuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_geteuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getegid -- sys_getegid() entry handler | |
*/ | |
int | |
kprobe__sys_getegid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getegid -- sys_getegid() exit handler | |
*/ | |
int | |
kretprobe__sys_getegid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getegid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setpgid -- SyS_setpgid() entry handler | |
*/ | |
int | |
kprobe__SyS_setpgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setpgid -- SyS_setpgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setpgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setpgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getppid -- sys_getppid() entry handler | |
*/ | |
int | |
kprobe__sys_getppid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getppid -- sys_getppid() exit handler | |
*/ | |
int | |
kretprobe__sys_getppid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getppid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_getpgrp -- sys_getpgrp() entry handler | |
*/ | |
int | |
kprobe__sys_getpgrp(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_getpgrp -- sys_getpgrp() exit handler | |
*/ | |
int | |
kretprobe__sys_getpgrp(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getpgrp; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_setsid -- sys_setsid() entry handler | |
*/ | |
int | |
kprobe__sys_setsid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_setsid -- sys_setsid() exit handler | |
*/ | |
int | |
kretprobe__sys_setsid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setsid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setreuid -- SyS_setreuid() entry handler | |
*/ | |
int | |
kprobe__SyS_setreuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setreuid -- SyS_setreuid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setreuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setreuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setregid -- SyS_setregid() entry handler | |
*/ | |
int | |
kprobe__SyS_setregid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setregid -- SyS_setregid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setregid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setregid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getgroups -- SyS_getgroups() entry handler | |
*/ | |
int | |
kprobe__SyS_getgroups(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getgroups -- SyS_getgroups() exit handler | |
*/ | |
int | |
kretprobe__SyS_getgroups(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getgroups; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setgroups -- SyS_setgroups() entry handler | |
*/ | |
int | |
kprobe__SyS_setgroups(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setgroups -- SyS_setgroups() exit handler | |
*/ | |
int | |
kretprobe__SyS_setgroups(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setgroups; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setresuid -- SyS_setresuid() entry handler | |
*/ | |
int | |
kprobe__SyS_setresuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setresuid -- SyS_setresuid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setresuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setresuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getresuid -- SyS_getresuid() entry handler | |
*/ | |
int | |
kprobe__SyS_getresuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getresuid -- SyS_getresuid() exit handler | |
*/ | |
int | |
kretprobe__SyS_getresuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getresuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setresgid -- SyS_setresgid() entry handler | |
*/ | |
int | |
kprobe__SyS_setresgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setresgid -- SyS_setresgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setresgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setresgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getresgid -- SyS_getresgid() entry handler | |
*/ | |
int | |
kprobe__SyS_getresgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getresgid -- SyS_getresgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_getresgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getresgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getpgid -- SyS_getpgid() entry handler | |
*/ | |
int | |
kprobe__SyS_getpgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getpgid -- SyS_getpgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_getpgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getpgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setfsuid -- SyS_setfsuid() entry handler | |
*/ | |
int | |
kprobe__SyS_setfsuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setfsuid -- SyS_setfsuid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setfsuid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setfsuid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setfsgid -- SyS_setfsgid() entry handler | |
*/ | |
int | |
kprobe__SyS_setfsgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setfsgid -- SyS_setfsgid() exit handler | |
*/ | |
int | |
kretprobe__SyS_setfsgid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setfsgid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getsid -- SyS_getsid() entry handler | |
*/ | |
int | |
kprobe__SyS_getsid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getsid -- SyS_getsid() exit handler | |
*/ | |
int | |
kretprobe__SyS_getsid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getsid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_capget -- SyS_capget() entry handler | |
*/ | |
int | |
kprobe__SyS_capget(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_capget -- SyS_capget() exit handler | |
*/ | |
int | |
kretprobe__SyS_capget(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_capget; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_capset -- SyS_capset() entry handler | |
*/ | |
int | |
kprobe__SyS_capset(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_capset -- SyS_capset() exit handler | |
*/ | |
int | |
kretprobe__SyS_capset(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_capset; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigpending -- SyS_rt_sigpending() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigpending(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigpending -- SyS_rt_sigpending() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigpending(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigpending; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigtimedwait -- SyS_rt_sigtimedwait() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigtimedwait(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigtimedwait -- SyS_rt_sigtimedwait() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigtimedwait(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigtimedwait; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigqueueinfo -- SyS_rt_sigqueueinfo() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigqueueinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigqueueinfo -- SyS_rt_sigqueueinfo() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigqueueinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigqueueinfo; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_sigsuspend -- SyS_rt_sigsuspend() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_sigsuspend(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_sigsuspend -- SyS_rt_sigsuspend() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_sigsuspend(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_sigsuspend; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sigaltstack -- SyS_sigaltstack() entry handler | |
*/ | |
int | |
kprobe__SyS_sigaltstack(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sigaltstack -- SyS_sigaltstack() exit handler | |
*/ | |
int | |
kretprobe__SyS_sigaltstack(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sigaltstack; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_utime -- SyS_utime() entry handler | |
*/ | |
int | |
kprobe__SyS_utime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_utime -- SyS_utime() exit handler | |
*/ | |
int | |
kretprobe__SyS_utime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_utime; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mknod -- SyS_mknod() entry handler | |
*/ | |
int | |
kprobe__SyS_mknod(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mknod -- SyS_mknod() exit handler | |
*/ | |
int | |
kretprobe__SyS_mknod(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mknod; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_uselib -- SyS_uselib() entry handler | |
*/ | |
int | |
kprobe__SyS_uselib(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_uselib -- SyS_uselib() exit handler | |
*/ | |
int | |
kretprobe__SyS_uselib(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_uselib; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_personality -- SyS_personality() entry handler | |
*/ | |
int | |
kprobe__SyS_personality(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_personality -- SyS_personality() exit handler | |
*/ | |
int | |
kretprobe__SyS_personality(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_personality; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ustat -- SyS_ustat() entry handler | |
*/ | |
int | |
kprobe__SyS_ustat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ustat -- SyS_ustat() exit handler | |
*/ | |
int | |
kretprobe__SyS_ustat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ustat; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_statfs -- SyS_statfs() entry handler | |
*/ | |
int | |
kprobe__SyS_statfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_statfs -- SyS_statfs() exit handler | |
*/ | |
int | |
kretprobe__SyS_statfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_statfs; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fstatfs -- SyS_fstatfs() entry handler | |
*/ | |
int | |
kprobe__SyS_fstatfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fstatfs -- SyS_fstatfs() exit handler | |
*/ | |
int | |
kretprobe__SyS_fstatfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fstatfs; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sysfs -- SyS_sysfs() entry handler | |
*/ | |
int | |
kprobe__SyS_sysfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sysfs -- SyS_sysfs() exit handler | |
*/ | |
int | |
kretprobe__SyS_sysfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sysfs; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getpriority -- SyS_getpriority() entry handler | |
*/ | |
int | |
kprobe__SyS_getpriority(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getpriority -- SyS_getpriority() exit handler | |
*/ | |
int | |
kretprobe__SyS_getpriority(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getpriority; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setpriority -- SyS_setpriority() entry handler | |
*/ | |
int | |
kprobe__SyS_setpriority(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setpriority -- SyS_setpriority() exit handler | |
*/ | |
int | |
kretprobe__SyS_setpriority(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setpriority; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_setparam -- SyS_sched_setparam() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_setparam(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_setparam -- SyS_sched_setparam() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_setparam(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_setparam; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_getparam -- SyS_sched_getparam() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_getparam(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_getparam -- SyS_sched_getparam() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_getparam(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_getparam; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_setscheduler -- SyS_sched_setscheduler() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_setscheduler(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_setscheduler -- SyS_sched_setscheduler() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_setscheduler(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_setscheduler; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_getscheduler -- SyS_sched_getscheduler() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_getscheduler(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_getscheduler -- SyS_sched_getscheduler() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_getscheduler(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_getscheduler; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_get_priority_max -- SyS_sched_get_priority_max() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_get_priority_max(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_get_priority_max -- SyS_sched_get_priority_max() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_get_priority_max(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_get_priority_max; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_get_priority_min -- SyS_sched_get_priority_min() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_get_priority_min(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_get_priority_min -- SyS_sched_get_priority_min() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_get_priority_min(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_get_priority_min; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_rr_get_interval -- SyS_sched_rr_get_interval() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_rr_get_interval(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_rr_get_interval -- SyS_sched_rr_get_interval() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_rr_get_interval(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_rr_get_interval; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mlock -- SyS_mlock() entry handler | |
*/ | |
int | |
kprobe__SyS_mlock(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mlock -- SyS_mlock() exit handler | |
*/ | |
int | |
kretprobe__SyS_mlock(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mlock; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_munlock -- SyS_munlock() entry handler | |
*/ | |
int | |
kprobe__SyS_munlock(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_munlock -- SyS_munlock() exit handler | |
*/ | |
int | |
kretprobe__SyS_munlock(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_munlock; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mlockall -- SyS_mlockall() entry handler | |
*/ | |
int | |
kprobe__SyS_mlockall(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mlockall -- SyS_mlockall() exit handler | |
*/ | |
int | |
kretprobe__SyS_mlockall(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mlockall; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_munlockall -- sys_munlockall() entry handler | |
*/ | |
int | |
kprobe__sys_munlockall(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_munlockall -- sys_munlockall() exit handler | |
*/ | |
int | |
kretprobe__sys_munlockall(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_munlockall; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_vhangup -- sys_vhangup() entry handler | |
*/ | |
int | |
kprobe__sys_vhangup(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_vhangup -- sys_vhangup() exit handler | |
*/ | |
int | |
kretprobe__sys_vhangup(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_vhangup; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_modify_ldt -- sys_modify_ldt() entry handler | |
*/ | |
int | |
kprobe__sys_modify_ldt(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_modify_ldt -- sys_modify_ldt() exit handler | |
*/ | |
int | |
kretprobe__sys_modify_ldt(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_modify_ldt; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_2_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pivot_root -- SyS_pivot_root() entry handler | |
*/ | |
int | |
kprobe__SyS_pivot_root(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pivot_root -- SyS_pivot_root() exit handler | |
*/ | |
int | |
kretprobe__SyS_pivot_root(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_pivot_root; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sysctl -- SyS_sysctl() entry handler | |
*/ | |
int | |
kprobe__SyS_sysctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sysctl -- SyS_sysctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_sysctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR__sysctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_prctl -- SyS_prctl() entry handler | |
*/ | |
int | |
kprobe__SyS_prctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_prctl -- SyS_prctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_prctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_prctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_arch_prctl -- sys_arch_prctl() entry handler | |
*/ | |
int | |
kprobe__sys_arch_prctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_arch_prctl -- sys_arch_prctl() exit handler | |
*/ | |
int | |
kretprobe__sys_arch_prctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_arch_prctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_adjtimex -- SyS_adjtimex() entry handler | |
*/ | |
int | |
kprobe__SyS_adjtimex(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_adjtimex -- SyS_adjtimex() exit handler | |
*/ | |
int | |
kretprobe__SyS_adjtimex(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_adjtimex; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setrlimit -- SyS_setrlimit() entry handler | |
*/ | |
int | |
kprobe__SyS_setrlimit(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setrlimit -- SyS_setrlimit() exit handler | |
*/ | |
int | |
kretprobe__SyS_setrlimit(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setrlimit; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_chroot -- SyS_chroot() entry handler | |
*/ | |
int | |
kprobe__SyS_chroot(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_chroot -- SyS_chroot() exit handler | |
*/ | |
int | |
kretprobe__SyS_chroot(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_chroot; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_sync -- sys_sync() entry handler | |
*/ | |
int | |
kprobe__sys_sync(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_sync -- sys_sync() exit handler | |
*/ | |
int | |
kretprobe__sys_sync(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sync; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_acct -- SyS_acct() entry handler | |
*/ | |
int | |
kprobe__SyS_acct(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_acct -- SyS_acct() exit handler | |
*/ | |
int | |
kretprobe__SyS_acct(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_acct; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_settimeofday -- SyS_settimeofday() entry handler | |
*/ | |
int | |
kprobe__SyS_settimeofday(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_settimeofday -- SyS_settimeofday() exit handler | |
*/ | |
int | |
kretprobe__SyS_settimeofday(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_settimeofday; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_2_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mount -- SyS_mount() entry handler | |
*/ | |
int | |
kprobe__SyS_mount(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mount -- SyS_mount() exit handler | |
*/ | |
int | |
kretprobe__SyS_mount(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mount; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_swapon -- SyS_swapon() entry handler | |
*/ | |
int | |
kprobe__SyS_swapon(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_swapon -- SyS_swapon() exit handler | |
*/ | |
int | |
kretprobe__SyS_swapon(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_swapon; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_swapoff -- SyS_swapoff() entry handler | |
*/ | |
int | |
kprobe__SyS_swapoff(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_swapoff -- SyS_swapoff() exit handler | |
*/ | |
int | |
kretprobe__SyS_swapoff(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_swapoff; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_reboot -- SyS_reboot() entry handler | |
*/ | |
int | |
kprobe__SyS_reboot(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_reboot -- SyS_reboot() exit handler | |
*/ | |
int | |
kretprobe__SyS_reboot(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_reboot; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sethostname -- SyS_sethostname() entry handler | |
*/ | |
int | |
kprobe__SyS_sethostname(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sethostname -- SyS_sethostname() exit handler | |
*/ | |
int | |
kretprobe__SyS_sethostname(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sethostname; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setdomainname -- SyS_setdomainname() entry handler | |
*/ | |
int | |
kprobe__SyS_setdomainname(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setdomainname -- SyS_setdomainname() exit handler | |
*/ | |
int | |
kretprobe__SyS_setdomainname(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setdomainname; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_iopl -- SyS_iopl() entry handler | |
*/ | |
int | |
kprobe__SyS_iopl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_iopl -- SyS_iopl() exit handler | |
*/ | |
int | |
kretprobe__SyS_iopl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_iopl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_ioperm -- sys_ioperm() entry handler | |
*/ | |
int | |
kprobe__sys_ioperm(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_ioperm -- sys_ioperm() exit handler | |
*/ | |
int | |
kretprobe__sys_ioperm(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ioperm; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_init_module -- SyS_init_module() entry handler | |
*/ | |
int | |
kprobe__SyS_init_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_init_module -- SyS_init_module() exit handler | |
*/ | |
int | |
kretprobe__SyS_init_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_init_module; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_delete_module -- SyS_delete_module() entry handler | |
*/ | |
int | |
kprobe__SyS_delete_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_delete_module -- SyS_delete_module() exit handler | |
*/ | |
int | |
kretprobe__SyS_delete_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_delete_module; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_quotactl -- SyS_quotactl() entry handler | |
*/ | |
int | |
kprobe__SyS_quotactl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_quotactl -- SyS_quotactl() exit handler | |
*/ | |
int | |
kretprobe__SyS_quotactl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_quotactl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_gettid -- sys_gettid() entry handler | |
*/ | |
int | |
kprobe__sys_gettid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_gettid -- sys_gettid() exit handler | |
*/ | |
int | |
kretprobe__sys_gettid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_gettid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_readahead -- SyS_readahead() entry handler | |
*/ | |
int | |
kprobe__SyS_readahead(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_readahead -- SyS_readahead() exit handler | |
*/ | |
int | |
kretprobe__SyS_readahead(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_readahead; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setxattr -- SyS_setxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_setxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setxattr -- SyS_setxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_setxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_setxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lsetxattr -- SyS_lsetxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_lsetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lsetxattr -- SyS_lsetxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_lsetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_lsetxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fsetxattr -- SyS_fsetxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_fsetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fsetxattr -- SyS_fsetxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_fsetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fsetxattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getxattr -- SyS_getxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_getxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getxattr -- SyS_getxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_getxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_getxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lgetxattr -- SyS_lgetxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_lgetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lgetxattr -- SyS_lgetxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_lgetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_lgetxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fgetxattr -- SyS_fgetxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_fgetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fgetxattr -- SyS_fgetxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_fgetxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fgetxattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_listxattr -- SyS_listxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_listxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_listxattr -- SyS_listxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_listxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_listxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_llistxattr -- SyS_llistxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_llistxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_llistxattr -- SyS_llistxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_llistxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_llistxattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_flistxattr -- SyS_flistxattr() entry handler | |
*/ | |
int | |
kprobe__SyS_flistxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_flistxattr -- SyS_flistxattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_flistxattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_flistxattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_removexattr -- SyS_removexattr() entry handler | |
*/ | |
int | |
kprobe__SyS_removexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_removexattr -- SyS_removexattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_removexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_removexattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lremovexattr -- SyS_lremovexattr() entry handler | |
*/ | |
int | |
kprobe__SyS_lremovexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lremovexattr -- SyS_lremovexattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_lremovexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_lremovexattr; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fremovexattr -- SyS_fremovexattr() entry handler | |
*/ | |
int | |
kprobe__SyS_fremovexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fremovexattr -- SyS_fremovexattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_fremovexattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fremovexattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_tkill -- SyS_tkill() entry handler | |
*/ | |
int | |
kprobe__SyS_tkill(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_tkill -- SyS_tkill() exit handler | |
*/ | |
int | |
kretprobe__SyS_tkill(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_tkill; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_time -- SyS_time() entry handler | |
*/ | |
int | |
kprobe__SyS_time(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_time -- SyS_time() exit handler | |
*/ | |
int | |
kretprobe__SyS_time(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_time; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_futex -- SyS_futex() entry handler | |
*/ | |
int | |
kprobe__SyS_futex(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_futex -- SyS_futex() exit handler | |
*/ | |
int | |
kretprobe__SyS_futex(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_futex; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_setaffinity -- SyS_sched_setaffinity() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_setaffinity(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_setaffinity -- SyS_sched_setaffinity() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_setaffinity(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_setaffinity; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_getaffinity -- SyS_sched_getaffinity() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_getaffinity(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_getaffinity -- SyS_sched_getaffinity() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_getaffinity(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_getaffinity; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_set_thread_area -- SyS_set_thread_area() entry handler | |
*/ | |
int | |
kprobe__SyS_set_thread_area(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_set_thread_area -- SyS_set_thread_area() exit handler | |
*/ | |
int | |
kretprobe__SyS_set_thread_area(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_set_thread_area; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_io_setup -- SyS_io_setup() entry handler | |
*/ | |
int | |
kprobe__SyS_io_setup(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_io_setup -- SyS_io_setup() exit handler | |
*/ | |
int | |
kretprobe__SyS_io_setup(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_io_setup; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_io_destroy -- SyS_io_destroy() entry handler | |
*/ | |
int | |
kprobe__SyS_io_destroy(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_io_destroy -- SyS_io_destroy() exit handler | |
*/ | |
int | |
kretprobe__SyS_io_destroy(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_io_destroy; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_io_getevents -- SyS_io_getevents() entry handler | |
*/ | |
int | |
kprobe__SyS_io_getevents(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_io_getevents -- SyS_io_getevents() exit handler | |
*/ | |
int | |
kretprobe__SyS_io_getevents(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_io_getevents; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_io_submit -- SyS_io_submit() entry handler | |
*/ | |
int | |
kprobe__SyS_io_submit(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_io_submit -- SyS_io_submit() exit handler | |
*/ | |
int | |
kretprobe__SyS_io_submit(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_io_submit; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_io_cancel -- SyS_io_cancel() entry handler | |
*/ | |
int | |
kprobe__SyS_io_cancel(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_io_cancel -- SyS_io_cancel() exit handler | |
*/ | |
int | |
kretprobe__SyS_io_cancel(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_io_cancel; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_get_thread_area -- SyS_get_thread_area() entry handler | |
*/ | |
int | |
kprobe__SyS_get_thread_area(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_get_thread_area -- SyS_get_thread_area() exit handler | |
*/ | |
int | |
kretprobe__SyS_get_thread_area(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_get_thread_area; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_lookup_dcookie -- SyS_lookup_dcookie() entry handler | |
*/ | |
int | |
kprobe__SyS_lookup_dcookie(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_lookup_dcookie -- SyS_lookup_dcookie() exit handler | |
*/ | |
int | |
kretprobe__SyS_lookup_dcookie(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_lookup_dcookie; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_epoll_create -- SyS_epoll_create() entry handler | |
*/ | |
int | |
kprobe__SyS_epoll_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_epoll_create -- SyS_epoll_create() exit handler | |
*/ | |
int | |
kretprobe__SyS_epoll_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_epoll_create; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_remap_file_pages -- SyS_remap_file_pages() entry handler | |
*/ | |
int | |
kprobe__SyS_remap_file_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_remap_file_pages -- SyS_remap_file_pages() exit handler | |
*/ | |
int | |
kretprobe__SyS_remap_file_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_remap_file_pages; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getdents64 -- SyS_getdents64() entry handler | |
*/ | |
int | |
kprobe__SyS_getdents64(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getdents64 -- SyS_getdents64() exit handler | |
*/ | |
int | |
kretprobe__SyS_getdents64(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getdents64; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_set_tid_address -- SyS_set_tid_address() entry handler | |
*/ | |
int | |
kprobe__SyS_set_tid_address(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_set_tid_address -- SyS_set_tid_address() exit handler | |
*/ | |
int | |
kretprobe__SyS_set_tid_address(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_set_tid_address; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_restart_syscall -- sys_restart_syscall() entry handler | |
*/ | |
int | |
kprobe__sys_restart_syscall(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_restart_syscall -- sys_restart_syscall() exit handler | |
*/ | |
int | |
kretprobe__sys_restart_syscall(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_restart_syscall; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_semtimedop -- SyS_semtimedop() entry handler | |
*/ | |
int | |
kprobe__SyS_semtimedop(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_semtimedop -- SyS_semtimedop() exit handler | |
*/ | |
int | |
kretprobe__SyS_semtimedop(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_semtimedop; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fadvise64 -- SyS_fadvise64() entry handler | |
*/ | |
int | |
kprobe__SyS_fadvise64(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fadvise64 -- SyS_fadvise64() exit handler | |
*/ | |
int | |
kretprobe__SyS_fadvise64(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fadvise64; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timer_create -- SyS_timer_create() entry handler | |
*/ | |
int | |
kprobe__SyS_timer_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timer_create -- SyS_timer_create() exit handler | |
*/ | |
int | |
kretprobe__SyS_timer_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timer_create; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timer_settime -- SyS_timer_settime() entry handler | |
*/ | |
int | |
kprobe__SyS_timer_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timer_settime -- SyS_timer_settime() exit handler | |
*/ | |
int | |
kretprobe__SyS_timer_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timer_settime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timer_gettime -- SyS_timer_gettime() entry handler | |
*/ | |
int | |
kprobe__SyS_timer_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timer_gettime -- SyS_timer_gettime() exit handler | |
*/ | |
int | |
kretprobe__SyS_timer_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timer_gettime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timer_getoverrun -- SyS_timer_getoverrun() entry handler | |
*/ | |
int | |
kprobe__SyS_timer_getoverrun(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timer_getoverrun -- SyS_timer_getoverrun() exit handler | |
*/ | |
int | |
kretprobe__SyS_timer_getoverrun(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timer_getoverrun; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timer_delete -- SyS_timer_delete() entry handler | |
*/ | |
int | |
kprobe__SyS_timer_delete(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timer_delete -- SyS_timer_delete() exit handler | |
*/ | |
int | |
kretprobe__SyS_timer_delete(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timer_delete; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clock_settime -- SyS_clock_settime() entry handler | |
*/ | |
int | |
kprobe__SyS_clock_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clock_settime -- SyS_clock_settime() exit handler | |
*/ | |
int | |
kretprobe__SyS_clock_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clock_settime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clock_gettime -- SyS_clock_gettime() entry handler | |
*/ | |
int | |
kprobe__SyS_clock_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clock_gettime -- SyS_clock_gettime() exit handler | |
*/ | |
int | |
kretprobe__SyS_clock_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clock_gettime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clock_getres -- SyS_clock_getres() entry handler | |
*/ | |
int | |
kprobe__SyS_clock_getres(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clock_getres -- SyS_clock_getres() exit handler | |
*/ | |
int | |
kretprobe__SyS_clock_getres(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clock_getres; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clock_nanosleep -- SyS_clock_nanosleep() entry handler | |
*/ | |
int | |
kprobe__SyS_clock_nanosleep(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clock_nanosleep -- SyS_clock_nanosleep() exit handler | |
*/ | |
int | |
kretprobe__SyS_clock_nanosleep(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clock_nanosleep; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_exit_group -- SyS_exit_group() entry handler | |
*/ | |
int | |
kprobe__SyS_exit_group(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_exit_group -- SyS_exit_group() exit handler | |
*/ | |
int | |
kretprobe__SyS_exit_group(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_exit_group; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_epoll_wait -- SyS_epoll_wait() entry handler | |
*/ | |
int | |
kprobe__SyS_epoll_wait(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_epoll_wait -- SyS_epoll_wait() exit handler | |
*/ | |
int | |
kretprobe__SyS_epoll_wait(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_epoll_wait; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_epoll_ctl -- SyS_epoll_ctl() entry handler | |
*/ | |
int | |
kprobe__SyS_epoll_ctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_epoll_ctl -- SyS_epoll_ctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_epoll_ctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_epoll_ctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_tgkill -- SyS_tgkill() entry handler | |
*/ | |
int | |
kprobe__SyS_tgkill(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_tgkill -- SyS_tgkill() exit handler | |
*/ | |
int | |
kretprobe__SyS_tgkill(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_tgkill; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_utimes -- SyS_utimes() entry handler | |
*/ | |
int | |
kprobe__SyS_utimes(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_utimes -- SyS_utimes() exit handler | |
*/ | |
int | |
kretprobe__SyS_utimes(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_utimes; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mbind -- SyS_mbind() entry handler | |
*/ | |
int | |
kprobe__SyS_mbind(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mbind -- SyS_mbind() exit handler | |
*/ | |
int | |
kretprobe__SyS_mbind(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mbind; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_set_mempolicy -- SyS_set_mempolicy() entry handler | |
*/ | |
int | |
kprobe__SyS_set_mempolicy(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_set_mempolicy -- SyS_set_mempolicy() exit handler | |
*/ | |
int | |
kretprobe__SyS_set_mempolicy(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_set_mempolicy; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_get_mempolicy -- SyS_get_mempolicy() entry handler | |
*/ | |
int | |
kprobe__SyS_get_mempolicy(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_get_mempolicy -- SyS_get_mempolicy() exit handler | |
*/ | |
int | |
kretprobe__SyS_get_mempolicy(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_get_mempolicy; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_open -- SyS_mq_open() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_open(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_open -- SyS_mq_open() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_open(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mq_open; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_unlink -- SyS_mq_unlink() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_unlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_unlink -- SyS_mq_unlink() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_unlink(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mq_unlink; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_timedsend -- SyS_mq_timedsend() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_timedsend(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_timedsend -- SyS_mq_timedsend() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_timedsend(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mq_timedsend; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_timedreceive -- SyS_mq_timedreceive() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_timedreceive(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_timedreceive -- SyS_mq_timedreceive() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_timedreceive(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mq_timedreceive; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_notify -- SyS_mq_notify() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_notify(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_notify -- SyS_mq_notify() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_notify(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mq_notify; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mq_getsetattr -- SyS_mq_getsetattr() entry handler | |
*/ | |
int | |
kprobe__SyS_mq_getsetattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mq_getsetattr -- SyS_mq_getsetattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_mq_getsetattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mq_getsetattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_kexec_load -- SyS_kexec_load() entry handler | |
*/ | |
int | |
kprobe__SyS_kexec_load(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_kexec_load -- SyS_kexec_load() exit handler | |
*/ | |
int | |
kretprobe__SyS_kexec_load(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_kexec_load; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_waitid -- SyS_waitid() entry handler | |
*/ | |
int | |
kprobe__SyS_waitid(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_waitid -- SyS_waitid() exit handler | |
*/ | |
int | |
kretprobe__SyS_waitid(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_waitid; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_add_key -- SyS_add_key() entry handler | |
*/ | |
int | |
kprobe__SyS_add_key(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_add_key -- SyS_add_key() exit handler | |
*/ | |
int | |
kretprobe__SyS_add_key(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_add_key; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_request_key -- SyS_request_key() entry handler | |
*/ | |
int | |
kprobe__SyS_request_key(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_request_key -- SyS_request_key() exit handler | |
*/ | |
int | |
kretprobe__SyS_request_key(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_request_key; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_keyctl -- SyS_keyctl() entry handler | |
*/ | |
int | |
kprobe__SyS_keyctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_keyctl -- SyS_keyctl() exit handler | |
*/ | |
int | |
kretprobe__SyS_keyctl(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_keyctl; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ioprio_set -- SyS_ioprio_set() entry handler | |
*/ | |
int | |
kprobe__SyS_ioprio_set(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ioprio_set -- SyS_ioprio_set() exit handler | |
*/ | |
int | |
kretprobe__SyS_ioprio_set(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ioprio_set; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ioprio_get -- SyS_ioprio_get() entry handler | |
*/ | |
int | |
kprobe__SyS_ioprio_get(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ioprio_get -- SyS_ioprio_get() exit handler | |
*/ | |
int | |
kretprobe__SyS_ioprio_get(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ioprio_get; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__sys_inotify_init -- sys_inotify_init() entry handler | |
*/ | |
int | |
kprobe__sys_inotify_init(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__sys_inotify_init -- sys_inotify_init() exit handler | |
*/ | |
int | |
kretprobe__sys_inotify_init(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_inotify_init; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_inotify_add_watch -- SyS_inotify_add_watch() entry handler | |
*/ | |
int | |
kprobe__SyS_inotify_add_watch(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_inotify_add_watch -- SyS_inotify_add_watch() exit handler | |
*/ | |
int | |
kretprobe__SyS_inotify_add_watch(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_inotify_add_watch; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_inotify_rm_watch -- SyS_inotify_rm_watch() entry handler | |
*/ | |
int | |
kprobe__SyS_inotify_rm_watch(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_inotify_rm_watch -- SyS_inotify_rm_watch() exit handler | |
*/ | |
int | |
kretprobe__SyS_inotify_rm_watch(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_inotify_rm_watch; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_migrate_pages -- SyS_migrate_pages() entry handler | |
*/ | |
int | |
kprobe__SyS_migrate_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_migrate_pages -- SyS_migrate_pages() exit handler | |
*/ | |
int | |
kretprobe__SyS_migrate_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_migrate_pages; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_openat -- SyS_openat() entry handler | |
*/ | |
int | |
kprobe__SyS_openat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_openat -- SyS_openat() exit handler | |
*/ | |
int | |
kretprobe__SyS_openat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_openat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mkdirat -- SyS_mkdirat() entry handler | |
*/ | |
int | |
kprobe__SyS_mkdirat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mkdirat -- SyS_mkdirat() exit handler | |
*/ | |
int | |
kretprobe__SyS_mkdirat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mkdirat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mknodat -- SyS_mknodat() entry handler | |
*/ | |
int | |
kprobe__SyS_mknodat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mknodat -- SyS_mknodat() exit handler | |
*/ | |
int | |
kretprobe__SyS_mknodat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_mknodat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fchownat -- SyS_fchownat() entry handler | |
*/ | |
int | |
kprobe__SyS_fchownat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fchownat -- SyS_fchownat() exit handler | |
*/ | |
int | |
kretprobe__SyS_fchownat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_fchownat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_futimesat -- SyS_futimesat() entry handler | |
*/ | |
int | |
kprobe__SyS_futimesat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_futimesat -- SyS_futimesat() exit handler | |
*/ | |
int | |
kretprobe__SyS_futimesat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_futimesat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_newfstatat -- SyS_newfstatat() entry handler | |
*/ | |
int | |
kprobe__SyS_newfstatat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_newfstatat -- SyS_newfstatat() exit handler | |
*/ | |
int | |
kretprobe__SyS_newfstatat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_newfstatat; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_unlinkat -- SyS_unlinkat() entry handler | |
*/ | |
int | |
kprobe__SyS_unlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_unlinkat -- SyS_unlinkat() exit handler | |
*/ | |
int | |
kretprobe__SyS_unlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_unlinkat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_2_4_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_renameat -- SyS_renameat() entry handler | |
*/ | |
int | |
kprobe__SyS_renameat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_renameat -- SyS_renameat() exit handler | |
*/ | |
int | |
kretprobe__SyS_renameat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_renameat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_2); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_4); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_2_4_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_linkat -- SyS_linkat() entry handler | |
*/ | |
int | |
kprobe__SyS_linkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_linkat -- SyS_linkat() exit handler | |
*/ | |
int | |
kretprobe__SyS_linkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_linkat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_2); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_4); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_1_3_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_symlinkat -- SyS_symlinkat() entry handler | |
*/ | |
int | |
kprobe__SyS_symlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_symlinkat -- SyS_symlinkat() exit handler | |
*/ | |
int | |
kretprobe__SyS_symlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_symlinkat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_1); | |
bpf_probe_read((&u.ev.aux_str) + NAME_MAX / 2, | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_3); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_readlinkat -- SyS_readlinkat() entry handler | |
*/ | |
int | |
kprobe__SyS_readlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_readlinkat -- SyS_readlinkat() exit handler | |
*/ | |
int | |
kretprobe__SyS_readlinkat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_readlinkat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fchmodat -- SyS_fchmodat() entry handler | |
*/ | |
int | |
kprobe__SyS_fchmodat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fchmodat -- SyS_fchmodat() exit handler | |
*/ | |
int | |
kretprobe__SyS_fchmodat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_fchmodat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_faccessat -- SyS_faccessat() entry handler | |
*/ | |
int | |
kprobe__SyS_faccessat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_faccessat -- SyS_faccessat() exit handler | |
*/ | |
int | |
kretprobe__SyS_faccessat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_faccessat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pselect6 -- SyS_pselect6() entry handler | |
*/ | |
int | |
kprobe__SyS_pselect6(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pselect6 -- SyS_pselect6() exit handler | |
*/ | |
int | |
kretprobe__SyS_pselect6(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pselect6; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_ppoll -- SyS_ppoll() entry handler | |
*/ | |
int | |
kprobe__SyS_ppoll(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_ppoll -- SyS_ppoll() exit handler | |
*/ | |
int | |
kretprobe__SyS_ppoll(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_ppoll; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_unshare -- SyS_unshare() entry handler | |
*/ | |
int | |
kprobe__SyS_unshare(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_unshare -- SyS_unshare() exit handler | |
*/ | |
int | |
kretprobe__SyS_unshare(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_unshare; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_set_robust_list -- SyS_set_robust_list() entry handler | |
*/ | |
int | |
kprobe__SyS_set_robust_list(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_set_robust_list -- SyS_set_robust_list() exit handler | |
*/ | |
int | |
kretprobe__SyS_set_robust_list(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_set_robust_list; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_get_robust_list -- SyS_get_robust_list() entry handler | |
*/ | |
int | |
kprobe__SyS_get_robust_list(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_get_robust_list -- SyS_get_robust_list() exit handler | |
*/ | |
int | |
kretprobe__SyS_get_robust_list(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_get_robust_list; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_splice -- SyS_splice() entry handler | |
*/ | |
int | |
kprobe__SyS_splice(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_splice -- SyS_splice() exit handler | |
*/ | |
int | |
kretprobe__SyS_splice(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_splice; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_tee -- SyS_tee() entry handler | |
*/ | |
int | |
kprobe__SyS_tee(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_tee -- SyS_tee() exit handler | |
*/ | |
int | |
kretprobe__SyS_tee(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_tee; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sync_file_range -- SyS_sync_file_range() entry handler | |
*/ | |
int | |
kprobe__SyS_sync_file_range(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sync_file_range -- SyS_sync_file_range() exit handler | |
*/ | |
int | |
kretprobe__SyS_sync_file_range(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sync_file_range; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_vmsplice -- SyS_vmsplice() entry handler | |
*/ | |
int | |
kprobe__SyS_vmsplice(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_vmsplice -- SyS_vmsplice() exit handler | |
*/ | |
int | |
kretprobe__SyS_vmsplice(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_vmsplice; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_move_pages -- SyS_move_pages() entry handler | |
*/ | |
int | |
kprobe__SyS_move_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_move_pages -- SyS_move_pages() exit handler | |
*/ | |
int | |
kretprobe__SyS_move_pages(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_move_pages; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_utimensat -- SyS_utimensat() entry handler | |
*/ | |
int | |
kprobe__SyS_utimensat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_utimensat -- SyS_utimensat() exit handler | |
*/ | |
int | |
kretprobe__SyS_utimensat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_utimensat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_epoll_pwait -- SyS_epoll_pwait() entry handler | |
*/ | |
int | |
kprobe__SyS_epoll_pwait(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_epoll_pwait -- SyS_epoll_pwait() exit handler | |
*/ | |
int | |
kretprobe__SyS_epoll_pwait(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_epoll_pwait; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_signalfd -- SyS_signalfd() entry handler | |
*/ | |
int | |
kprobe__SyS_signalfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_signalfd -- SyS_signalfd() exit handler | |
*/ | |
int | |
kretprobe__SyS_signalfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_signalfd; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timerfd_create -- SyS_timerfd_create() entry handler | |
*/ | |
int | |
kprobe__SyS_timerfd_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timerfd_create -- SyS_timerfd_create() exit handler | |
*/ | |
int | |
kretprobe__SyS_timerfd_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timerfd_create; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_eventfd -- SyS_eventfd() entry handler | |
*/ | |
int | |
kprobe__SyS_eventfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_eventfd -- SyS_eventfd() exit handler | |
*/ | |
int | |
kretprobe__SyS_eventfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_eventfd; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fallocate -- SyS_fallocate() entry handler | |
*/ | |
int | |
kprobe__SyS_fallocate(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fallocate -- SyS_fallocate() exit handler | |
*/ | |
int | |
kretprobe__SyS_fallocate(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fallocate; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timerfd_settime -- SyS_timerfd_settime() entry handler | |
*/ | |
int | |
kprobe__SyS_timerfd_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timerfd_settime -- SyS_timerfd_settime() exit handler | |
*/ | |
int | |
kretprobe__SyS_timerfd_settime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timerfd_settime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_timerfd_gettime -- SyS_timerfd_gettime() entry handler | |
*/ | |
int | |
kprobe__SyS_timerfd_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_timerfd_gettime -- SyS_timerfd_gettime() exit handler | |
*/ | |
int | |
kretprobe__SyS_timerfd_gettime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_timerfd_gettime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_accept4 -- SyS_accept4() entry handler | |
*/ | |
int | |
kprobe__SyS_accept4(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_accept4 -- SyS_accept4() exit handler | |
*/ | |
int | |
kretprobe__SyS_accept4(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_accept4; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_signalfd4 -- SyS_signalfd4() entry handler | |
*/ | |
int | |
kprobe__SyS_signalfd4(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_signalfd4 -- SyS_signalfd4() exit handler | |
*/ | |
int | |
kretprobe__SyS_signalfd4(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_signalfd4; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_eventfd2 -- SyS_eventfd2() entry handler | |
*/ | |
int | |
kprobe__SyS_eventfd2(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_eventfd2 -- SyS_eventfd2() exit handler | |
*/ | |
int | |
kretprobe__SyS_eventfd2(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_eventfd2; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_epoll_create1 -- SyS_epoll_create1() entry handler | |
*/ | |
int | |
kprobe__SyS_epoll_create1(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_epoll_create1 -- SyS_epoll_create1() exit handler | |
*/ | |
int | |
kretprobe__SyS_epoll_create1(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_epoll_create1; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_dup3 -- SyS_dup3() entry handler | |
*/ | |
int | |
kprobe__SyS_dup3(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_dup3 -- SyS_dup3() exit handler | |
*/ | |
int | |
kretprobe__SyS_dup3(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_dup3; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pipe2 -- SyS_pipe2() entry handler | |
*/ | |
int | |
kprobe__SyS_pipe2(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pipe2 -- SyS_pipe2() exit handler | |
*/ | |
int | |
kretprobe__SyS_pipe2(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pipe2; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_inotify_init1 -- SyS_inotify_init1() entry handler | |
*/ | |
int | |
kprobe__SyS_inotify_init1(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_inotify_init1 -- SyS_inotify_init1() exit handler | |
*/ | |
int | |
kretprobe__SyS_inotify_init1(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_inotify_init1; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_preadv -- SyS_preadv() entry handler | |
*/ | |
int | |
kprobe__SyS_preadv(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_preadv -- SyS_preadv() exit handler | |
*/ | |
int | |
kretprobe__SyS_preadv(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_preadv; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_pwritev -- SyS_pwritev() entry handler | |
*/ | |
int | |
kprobe__SyS_pwritev(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_pwritev -- SyS_pwritev() exit handler | |
*/ | |
int | |
kretprobe__SyS_pwritev(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_pwritev; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_rt_tgsigqueueinfo -- SyS_rt_tgsigqueueinfo() entry handler | |
*/ | |
int | |
kprobe__SyS_rt_tgsigqueueinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_rt_tgsigqueueinfo -- SyS_rt_tgsigqueueinfo() exit handler | |
*/ | |
int | |
kretprobe__SyS_rt_tgsigqueueinfo(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_rt_tgsigqueueinfo; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_recvmmsg -- SyS_recvmmsg() entry handler | |
*/ | |
int | |
kprobe__SyS_recvmmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_recvmmsg -- SyS_recvmmsg() exit handler | |
*/ | |
int | |
kretprobe__SyS_recvmmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_recvmmsg; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fanotify_init -- SyS_fanotify_init() entry handler | |
*/ | |
int | |
kprobe__SyS_fanotify_init(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fanotify_init -- SyS_fanotify_init() exit handler | |
*/ | |
int | |
kretprobe__SyS_fanotify_init(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fanotify_init; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_fanotify_mark -- SyS_fanotify_mark() entry handler | |
*/ | |
int | |
kprobe__SyS_fanotify_mark(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_fanotify_mark -- SyS_fanotify_mark() exit handler | |
*/ | |
int | |
kretprobe__SyS_fanotify_mark(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_fanotify_mark; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_prlimit64 -- SyS_prlimit64() entry handler | |
*/ | |
int | |
kprobe__SyS_prlimit64(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_prlimit64 -- SyS_prlimit64() exit handler | |
*/ | |
int | |
kretprobe__SyS_prlimit64(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_prlimit64; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_name_to_handle_at -- SyS_name_to_handle_at() entry handler | |
*/ | |
int | |
kprobe__SyS_name_to_handle_at(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_name_to_handle_at -- SyS_name_to_handle_at() exit handler | |
*/ | |
int | |
kretprobe__SyS_name_to_handle_at(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_name_to_handle_at; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_open_by_handle_at -- SyS_open_by_handle_at() entry handler | |
*/ | |
int | |
kprobe__SyS_open_by_handle_at(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_open_by_handle_at -- SyS_open_by_handle_at() exit handler | |
*/ | |
int | |
kretprobe__SyS_open_by_handle_at(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_open_by_handle_at; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_clock_adjtime -- SyS_clock_adjtime() entry handler | |
*/ | |
int | |
kprobe__SyS_clock_adjtime(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_clock_adjtime -- SyS_clock_adjtime() exit handler | |
*/ | |
int | |
kretprobe__SyS_clock_adjtime(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_clock_adjtime; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_syncfs -- SyS_syncfs() entry handler | |
*/ | |
int | |
kprobe__SyS_syncfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_syncfs -- SyS_syncfs() exit handler | |
*/ | |
int | |
kretprobe__SyS_syncfs(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_syncfs; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sendmmsg -- SyS_sendmmsg() entry handler | |
*/ | |
int | |
kprobe__SyS_sendmmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sendmmsg -- SyS_sendmmsg() exit handler | |
*/ | |
int | |
kretprobe__SyS_sendmmsg(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sendmmsg; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_setns -- SyS_setns() entry handler | |
*/ | |
int | |
kprobe__SyS_setns(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_setns -- SyS_setns() exit handler | |
*/ | |
int | |
kretprobe__SyS_setns(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_setns; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getcpu -- SyS_getcpu() entry handler | |
*/ | |
int | |
kprobe__SyS_getcpu(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getcpu -- SyS_getcpu() exit handler | |
*/ | |
int | |
kretprobe__SyS_getcpu(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getcpu; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_process_vm_readv -- SyS_process_vm_readv() entry handler | |
*/ | |
int | |
kprobe__SyS_process_vm_readv(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_process_vm_readv -- SyS_process_vm_readv() exit handler | |
*/ | |
int | |
kretprobe__SyS_process_vm_readv(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_process_vm_readv; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_process_vm_writev -- SyS_process_vm_writev() entry handler | |
*/ | |
int | |
kprobe__SyS_process_vm_writev(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_process_vm_writev -- SyS_process_vm_writev() exit handler | |
*/ | |
int | |
kretprobe__SyS_process_vm_writev(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_process_vm_writev; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_kcmp -- SyS_kcmp() entry handler | |
*/ | |
int | |
kprobe__SyS_kcmp(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_kcmp -- SyS_kcmp() exit handler | |
*/ | |
int | |
kretprobe__SyS_kcmp(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_kcmp; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_finit_module -- SyS_finit_module() entry handler | |
*/ | |
int | |
kprobe__SyS_finit_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_finit_module -- SyS_finit_module() exit handler | |
*/ | |
int | |
kretprobe__SyS_finit_module(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_finit_module; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_setattr -- SyS_sched_setattr() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_setattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_setattr -- SyS_sched_setattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_setattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_setattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_sched_getattr -- SyS_sched_getattr() entry handler | |
*/ | |
int | |
kprobe__SyS_sched_getattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_sched_getattr -- SyS_sched_getattr() exit handler | |
*/ | |
int | |
kretprobe__SyS_sched_getattr(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_sched_getattr; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fs_path_2_4_arg_tmpl-sl.c -- Trace syscalls with numbers known from | |
* libc and filename as first argument. Single-packet version. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_renameat2 -- SyS_renameat2() entry handler | |
*/ | |
int | |
kprobe__SyS_renameat2(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_renameat2 -- SyS_renameat2() exit handler | |
*/ | |
int | |
kretprobe__SyS_renameat2(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_renameat2; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX / 2, (void *)fsp->arg_2); | |
bpf_probe_read((&u.ev.aux_str) + (NAME_MAX / 2), | |
NAME_MAX - (NAME_MAX / 2), | |
(void *)fsp->arg_4); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_seccomp -- SyS_seccomp() entry handler | |
*/ | |
int | |
kprobe__SyS_seccomp(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_seccomp -- SyS_seccomp() exit handler | |
*/ | |
int | |
kretprobe__SyS_seccomp(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_seccomp; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_getrandom -- SyS_getrandom() entry handler | |
*/ | |
int | |
kprobe__SyS_getrandom(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_getrandom -- SyS_getrandom() exit handler | |
*/ | |
int | |
kretprobe__SyS_getrandom(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_getrandom; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_file_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* filename as first argument. Single-packet version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_memfd_create -- SyS_memfd_create() entry handler | |
*/ | |
int | |
kprobe__SyS_memfd_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_memfd_create -- SyS_memfd_create() exit handler | |
*/ | |
int | |
kretprobe__SyS_memfd_create(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_memfd_create; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_1); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_kexec_file_load -- SyS_kexec_file_load() entry handler | |
*/ | |
int | |
kprobe__SyS_kexec_file_load(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_kexec_file_load -- SyS_kexec_file_load() exit handler | |
*/ | |
int | |
kretprobe__SyS_kexec_file_load(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_kexec_file_load; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_bpf -- SyS_bpf() entry handler | |
*/ | |
int | |
kprobe__SyS_bpf(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_bpf -- SyS_bpf() exit handler | |
*/ | |
int | |
kretprobe__SyS_bpf(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_bpf; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_fileat_tmpl-sl.c -- Trace syscalls with numbers known from libc and | |
* a fd as first arg and a filename as second argument. Single-packet | |
* version. Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_execveat -- SyS_execveat() entry handler | |
*/ | |
int | |
kprobe__SyS_execveat(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_execveat -- SyS_execveat() exit handler | |
*/ | |
int | |
kretprobe__SyS_execveat(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
enum { _pad_size = offsetof(struct ev_dt_t, aux_str) + NAME_MAX }; | |
union { | |
struct ev_dt_t ev; | |
char _pad[_pad_size]; | |
} u; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
u.ev.packet_type = 0; /* No additional packets */ | |
u.ev.sc_id = __NR_execveat; /* SysCall ID */ | |
u.ev.arg_1 = fsp->arg_1; | |
u.ev.arg_2 = fsp->arg_2; | |
u.ev.arg_3 = fsp->arg_3; | |
u.ev.arg_4 = fsp->arg_4; | |
u.ev.arg_5 = fsp->arg_5; | |
u.ev.arg_6 = fsp->arg_6; | |
u.ev.pid_tid = pid_tid; | |
u.ev.start_ts_nsec = fsp->start_ts_nsec; | |
u.ev.finish_ts_nsec = cur_nsec; | |
u.ev.ret = PT_REGS_RC(ctx); | |
bpf_probe_read(&u.ev.aux_str, NAME_MAX, (void *)fsp->arg_2); | |
events.perf_submit(ctx, &u.ev, _pad_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_userfaultfd -- SyS_userfaultfd() entry handler | |
*/ | |
int | |
kprobe__SyS_userfaultfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_userfaultfd -- SyS_userfaultfd() exit handler | |
*/ | |
int | |
kretprobe__SyS_userfaultfd(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_userfaultfd; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_membarrier -- SyS_membarrier() entry handler | |
*/ | |
int | |
kprobe__SyS_membarrier(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_membarrier -- SyS_membarrier() exit handler | |
*/ | |
int | |
kretprobe__SyS_membarrier(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_membarrier; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
/* | |
* trace_libc_tmpl.c -- Trace syscalls with numbers known from libc. | |
* Uses BCC, eBPF. | |
*/ | |
/* | |
* kprobe__SyS_mlock2 -- SyS_mlock2() entry handler | |
*/ | |
int | |
kprobe__SyS_mlock2(struct pt_regs *ctx) | |
{ | |
struct first_step_t fs; | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
/* | |
* pid_check_ff_disabled_hook.c -- Pid check hook for no-follow-fork mode. | |
*/ | |
{ | |
if ((pid_tid >> 32) != 2878) { | |
return 0; | |
} | |
} | |
fs.start_ts_nsec = bpf_ktime_get_ns(); | |
fs.arg_1 = PT_REGS_PARM1(ctx); | |
fs.arg_2 = PT_REGS_PARM2(ctx); | |
fs.arg_3 = PT_REGS_PARM3(ctx); | |
fs.arg_4 = PT_REGS_PARM4(ctx); | |
fs.arg_5 = PT_REGS_PARM5(ctx); | |
fs.arg_6 = PT_REGS_PARM6(ctx); | |
tmp_i.update(&pid_tid, &fs); | |
return 0; | |
}; | |
/* | |
* kretprobe__SyS_mlock2 -- SyS_mlock2() exit handler | |
*/ | |
int | |
kretprobe__SyS_mlock2(struct pt_regs *ctx) | |
{ | |
struct first_step_t *fsp; | |
struct ev_dt_t ev; | |
u64 cur_nsec = bpf_ktime_get_ns(); | |
u64 pid_tid = bpf_get_current_pid_tgid(); | |
fsp = tmp_i.lookup(&pid_tid); | |
if (fsp == 0) | |
return 0; | |
ev.packet_type = 0; /* No additional packets */ | |
ev.sc_id = __NR_mlock2; /* SysCall ID */ | |
ev.arg_1 = fsp->arg_1; | |
ev.arg_2 = fsp->arg_2; | |
ev.arg_3 = fsp->arg_3; | |
ev.arg_4 = fsp->arg_4; | |
ev.arg_5 = fsp->arg_5; | |
ev.arg_6 = fsp->arg_6; | |
ev.pid_tid = pid_tid; | |
ev.start_ts_nsec = fsp->start_ts_nsec; | |
ev.finish_ts_nsec = cur_nsec; | |
ev.ret = PT_REGS_RC(ctx); | |
enum { ev_size = offsetof(struct ev_dt_t, sc_name) }; | |
events.perf_submit(ctx, &ev, ev_size); | |
tmp_i.delete(&pid_tid); | |
return 0; | |
} | |
>>>>> EndOf generated eBPF code <<<<<< | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_read'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+37 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (7b) *(u64 *)(r10 -96) = r1 | |
14: (79) r1 = *(u64 *)(r0 +0) | |
15: (7b) *(u64 *)(r10 -80) = r1 | |
16: (79) r1 = *(u64 *)(r0 +8) | |
17: (7b) *(u64 *)(r10 -72) = r1 | |
18: (79) r1 = *(u64 *)(r0 +16) | |
19: (7b) *(u64 *)(r10 -64) = r1 | |
20: (79) r1 = *(u64 *)(r0 +24) | |
21: (7b) *(u64 *)(r10 -56) = r1 | |
22: (79) r1 = *(u64 *)(r0 +32) | |
23: (7b) *(u64 *)(r10 -48) = r1 | |
24: (79) r1 = *(u64 *)(r0 +40) | |
25: (7b) *(u64 *)(r10 -40) = r1 | |
26: (79) r1 = *(u64 *)(r10 -136) | |
27: (7b) *(u64 *)(r10 -120) = r1 | |
28: (79) r1 = *(u64 *)(r0 +48) | |
29: (7b) *(u64 *)(r10 -112) = r1 | |
30: (7b) *(u64 *)(r10 -104) = r7 | |
31: (79) r1 = *(u64 *)(r6 +80) | |
32: (7b) *(u64 *)(r10 -88) = r1 | |
33: (18) r7 = 0x99943c0 | |
35: (85) call 8 | |
36: (bf) r4 = r10 | |
37: (07) r4 += -128 | |
38: (bf) r1 = r6 | |
39: (bf) r2 = r7 | |
40: (bf) r3 = r0 | |
41: (b7) r5 = 96 | |
42: (85) call 25 | |
43: (18) r1 = 0x9994900 | |
45: (bf) r2 = r10 | |
46: (07) r2 += -136 | |
47: (85) call 3 | |
48: (b7) r0 = 0 | |
49: (95) exit | |
from 10 to 48: R0=inv R6=ctx R7=inv R10=fp | |
48: (b7) r0 = 0 | |
49: (95) exit | |
processed 49 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_read'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_write'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 1 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_write'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_open'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 2 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_open'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_close'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 3 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_close'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_newstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 4 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_newstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_newfstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 5 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_newfstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_newlstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 6 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_newlstat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_poll'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 7 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_poll'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_lseek'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 8 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_lseek'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mmap'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 9 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mmap'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mprotect'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 10 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mprotect'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_munmap'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 11 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_munmap'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_brk'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 12 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_brk'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigaction'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 13 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigaction'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigprocmask'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 14 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigprocmask'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_rt_sigreturn'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 15 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_rt_sigreturn'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_ioctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 16 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_ioctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_pread64'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 17 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_pread64'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_pwrite64'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 18 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_pwrite64'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_readv'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 19 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_readv'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_writev'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 20 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_writev'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_access'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 21 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_access'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_pipe'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 22 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_pipe'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_select'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 23 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_select'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_sched_yield'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 24 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_sched_yield'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mremap'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 25 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mremap'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_msync'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 26 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_msync'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mincore'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 27 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mincore'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_madvise'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 28 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_madvise'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_shmget'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 29 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_shmget'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_shmat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 30 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_shmat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_shmctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 31 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_shmctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_dup'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 32 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_dup'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_dup2'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 33 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_dup2'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_pause'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 34 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_pause'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_nanosleep'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 35 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_nanosleep'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getitimer'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 36 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getitimer'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_alarm'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 37 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_alarm'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setitimer'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 38 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setitimer'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getpid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 39 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getpid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sendfile'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 40 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sendfile'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_socket'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 41 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_socket'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_connect'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 42 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_connect'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_accept'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 43 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_accept'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sendto'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 44 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sendto'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_recvfrom'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 45 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_recvfrom'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sendmsg'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 46 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sendmsg'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_recvmsg'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 47 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_recvmsg'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_shutdown'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 48 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_shutdown'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_bind'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 49 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_bind'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_listen'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 50 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_listen'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getsockname'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 51 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getsockname'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getpeername'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 52 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getpeername'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_socketpair'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 53 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_socketpair'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setsockopt'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 54 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setsockopt'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getsockopt'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 55 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getsockopt'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_clone'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 56 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_clone'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_fork'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 57 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_fork'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_vfork'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 58 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_vfork'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_execve'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 59 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_execve'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_exit'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 60 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_exit'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_wait4'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 61 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_wait4'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_kill'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 62 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_kill'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_uname'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 63 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_uname'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_semget'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 64 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_semget'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_semop'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 65 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_semop'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_semctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 66 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_semctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_shmdt'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 67 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_shmdt'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_msgget'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 68 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_msgget'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_msgsnd'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 69 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_msgsnd'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_msgrcv'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 70 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_msgrcv'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_msgctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 71 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_msgctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fcntl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 72 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fcntl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_flock'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 73 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_flock'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fsync'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 74 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fsync'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fdatasync'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 75 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fdatasync'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_truncate'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 76 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_truncate'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_ftruncate'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 77 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_ftruncate'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getdents'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 78 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getdents'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getcwd'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 79 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getcwd'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_chdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 80 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_chdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fchdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 81 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fchdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rename'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (bf) r8 = r0 | |
11: (15) if r8 == 0x0 goto pc+48 | |
R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=map_value(ks=8,vs=56) R10=fp | |
12: (b7) r1 = 0 | |
13: (7b) *(u64 *)(r10 -352) = r1 | |
14: (b7) r1 = 82 | |
15: (7b) *(u64 *)(r10 -320) = r1 | |
16: (79) r1 = *(u64 *)(r8 +0) | |
17: (7b) *(u64 *)(r10 -304) = r1 | |
18: (79) r1 = *(u64 *)(r8 +8) | |
19: (7b) *(u64 *)(r10 -296) = r1 | |
20: (79) r1 = *(u64 *)(r8 +16) | |
21: (7b) *(u64 *)(r10 -288) = r1 | |
22: (79) r1 = *(u64 *)(r8 +24) | |
23: (7b) *(u64 *)(r10 -280) = r1 | |
24: (79) r1 = *(u64 *)(r8 +32) | |
25: (7b) *(u64 *)(r10 -272) = r1 | |
26: (79) r1 = *(u64 *)(r8 +40) | |
27: (7b) *(u64 *)(r10 -264) = r1 | |
28: (79) r1 = *(u64 *)(r10 -360) | |
29: (7b) *(u64 *)(r10 -344) = r1 | |
30: (79) r1 = *(u64 *)(r8 +48) | |
31: (7b) *(u64 *)(r10 -336) = r1 | |
32: (7b) *(u64 *)(r10 -328) = r7 | |
33: (79) r1 = *(u64 *)(r6 +80) | |
34: (7b) *(u64 *)(r10 -312) = r1 | |
35: (79) r3 = *(u64 *)(r8 +0) | |
36: (bf) r1 = r10 | |
37: (07) r1 += -256 | |
38: (b7) r2 = 127 | |
39: (85) call 4 | |
40: (79) r3 = *(u64 *)(r8 +8) | |
41: (bf) r1 = r10 | |
42: (07) r1 += -129 | |
43: (b7) r2 = 128 | |
44: (85) call 4 | |
45: (18) r7 = 0x99943c0 | |
47: (85) call 8 | |
48: (bf) r4 = r10 | |
49: (07) r4 += -352 | |
50: (bf) r1 = r6 | |
51: (bf) r2 = r7 | |
52: (bf) r3 = r0 | |
53: (b7) r5 = 351 | |
54: (85) call 25 | |
55: (18) r1 = 0x9994900 | |
57: (bf) r2 = r10 | |
58: (07) r2 += -360 | |
59: (85) call 3 | |
60: (b7) r0 = 0 | |
61: (95) exit | |
from 11 to 60: R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=inv R10=fp | |
60: (b7) r0 = 0 | |
61: (95) exit | |
processed 61 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rename'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mkdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 83 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mkdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rmdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 84 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rmdir'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_creat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 85 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_creat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_link'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (bf) r8 = r0 | |
11: (15) if r8 == 0x0 goto pc+48 | |
R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=map_value(ks=8,vs=56) R10=fp | |
12: (b7) r1 = 0 | |
13: (7b) *(u64 *)(r10 -352) = r1 | |
14: (b7) r1 = 86 | |
15: (7b) *(u64 *)(r10 -320) = r1 | |
16: (79) r1 = *(u64 *)(r8 +0) | |
17: (7b) *(u64 *)(r10 -304) = r1 | |
18: (79) r1 = *(u64 *)(r8 +8) | |
19: (7b) *(u64 *)(r10 -296) = r1 | |
20: (79) r1 = *(u64 *)(r8 +16) | |
21: (7b) *(u64 *)(r10 -288) = r1 | |
22: (79) r1 = *(u64 *)(r8 +24) | |
23: (7b) *(u64 *)(r10 -280) = r1 | |
24: (79) r1 = *(u64 *)(r8 +32) | |
25: (7b) *(u64 *)(r10 -272) = r1 | |
26: (79) r1 = *(u64 *)(r8 +40) | |
27: (7b) *(u64 *)(r10 -264) = r1 | |
28: (79) r1 = *(u64 *)(r10 -360) | |
29: (7b) *(u64 *)(r10 -344) = r1 | |
30: (79) r1 = *(u64 *)(r8 +48) | |
31: (7b) *(u64 *)(r10 -336) = r1 | |
32: (7b) *(u64 *)(r10 -328) = r7 | |
33: (79) r1 = *(u64 *)(r6 +80) | |
34: (7b) *(u64 *)(r10 -312) = r1 | |
35: (79) r3 = *(u64 *)(r8 +0) | |
36: (bf) r1 = r10 | |
37: (07) r1 += -256 | |
38: (b7) r2 = 127 | |
39: (85) call 4 | |
40: (79) r3 = *(u64 *)(r8 +8) | |
41: (bf) r1 = r10 | |
42: (07) r1 += -129 | |
43: (b7) r2 = 128 | |
44: (85) call 4 | |
45: (18) r7 = 0x99943c0 | |
47: (85) call 8 | |
48: (bf) r4 = r10 | |
49: (07) r4 += -352 | |
50: (bf) r1 = r6 | |
51: (bf) r2 = r7 | |
52: (bf) r3 = r0 | |
53: (b7) r5 = 351 | |
54: (85) call 25 | |
55: (18) r1 = 0x9994900 | |
57: (bf) r2 = r10 | |
58: (07) r2 += -360 | |
59: (85) call 3 | |
60: (b7) r0 = 0 | |
61: (95) exit | |
from 11 to 60: R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=inv R10=fp | |
60: (b7) r0 = 0 | |
61: (95) exit | |
processed 61 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_link'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_unlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 87 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_unlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_symlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (bf) r8 = r0 | |
11: (15) if r8 == 0x0 goto pc+48 | |
R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=map_value(ks=8,vs=56) R10=fp | |
12: (b7) r1 = 0 | |
13: (7b) *(u64 *)(r10 -352) = r1 | |
14: (b7) r1 = 88 | |
15: (7b) *(u64 *)(r10 -320) = r1 | |
16: (79) r1 = *(u64 *)(r8 +0) | |
17: (7b) *(u64 *)(r10 -304) = r1 | |
18: (79) r1 = *(u64 *)(r8 +8) | |
19: (7b) *(u64 *)(r10 -296) = r1 | |
20: (79) r1 = *(u64 *)(r8 +16) | |
21: (7b) *(u64 *)(r10 -288) = r1 | |
22: (79) r1 = *(u64 *)(r8 +24) | |
23: (7b) *(u64 *)(r10 -280) = r1 | |
24: (79) r1 = *(u64 *)(r8 +32) | |
25: (7b) *(u64 *)(r10 -272) = r1 | |
26: (79) r1 = *(u64 *)(r8 +40) | |
27: (7b) *(u64 *)(r10 -264) = r1 | |
28: (79) r1 = *(u64 *)(r10 -360) | |
29: (7b) *(u64 *)(r10 -344) = r1 | |
30: (79) r1 = *(u64 *)(r8 +48) | |
31: (7b) *(u64 *)(r10 -336) = r1 | |
32: (7b) *(u64 *)(r10 -328) = r7 | |
33: (79) r1 = *(u64 *)(r6 +80) | |
34: (7b) *(u64 *)(r10 -312) = r1 | |
35: (79) r3 = *(u64 *)(r8 +0) | |
36: (bf) r1 = r10 | |
37: (07) r1 += -256 | |
38: (b7) r2 = 127 | |
39: (85) call 4 | |
40: (79) r3 = *(u64 *)(r8 +8) | |
41: (bf) r1 = r10 | |
42: (07) r1 += -129 | |
43: (b7) r2 = 128 | |
44: (85) call 4 | |
45: (18) r7 = 0x99943c0 | |
47: (85) call 8 | |
48: (bf) r4 = r10 | |
49: (07) r4 += -352 | |
50: (bf) r1 = r6 | |
51: (bf) r2 = r7 | |
52: (bf) r3 = r0 | |
53: (b7) r5 = 351 | |
54: (85) call 25 | |
55: (18) r1 = 0x9994900 | |
57: (bf) r2 = r10 | |
58: (07) r2 += -360 | |
59: (85) call 3 | |
60: (b7) r0 = 0 | |
61: (95) exit | |
from 11 to 60: R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=inv R10=fp | |
60: (b7) r0 = 0 | |
61: (95) exit | |
processed 61 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_symlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_readlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 89 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_readlink'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_chmod'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 90 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_chmod'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fchmod'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 91 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fchmod'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_chown'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 92 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_chown'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fchown'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 93 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fchown'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_lchown'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 94 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_lchown'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_umask'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 95 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_umask'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_gettimeofday'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 96 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_gettimeofday'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getrlimit'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 97 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getrlimit'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getrusage'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 98 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getrusage'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sysinfo'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 99 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sysinfo'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_times'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 100 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_times'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_ptrace'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 101 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_ptrace'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 102 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_syslog'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 103 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_syslog'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 104 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 105 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 106 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_geteuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 107 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_geteuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getegid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 108 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getegid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setpgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 109 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setpgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getppid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 110 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getppid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_getpgrp'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 111 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_getpgrp'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_setsid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 112 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_setsid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setreuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 113 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setreuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setregid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 114 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setregid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getgroups'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 115 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getgroups'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setgroups'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 116 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setgroups'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setresuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 117 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setresuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getresuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 118 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getresuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setresgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 119 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setresgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getresgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 120 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getresgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getpgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 121 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getpgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setfsuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 122 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setfsuid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setfsgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 123 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setfsgid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getsid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 124 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getsid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_capget'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 125 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_capget'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_capset'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 126 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_capset'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigpending'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 127 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigpending'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigtimedwait'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 128 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigtimedwait'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigqueueinfo'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 129 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigqueueinfo'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_rt_sigsuspend'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 130 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_rt_sigsuspend'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sigaltstack'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 131 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sigaltstack'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_utime'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 132 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_utime'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mknod'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 133 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mknod'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_uselib'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 134 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_uselib'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_personality'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 135 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_personality'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_ustat'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 136 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_ustat'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_statfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 137 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_statfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fstatfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 138 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fstatfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sysfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 139 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sysfs'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getpriority'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 140 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getpriority'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setpriority'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 141 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setpriority'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_setparam'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 142 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_setparam'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_getparam'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 143 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_getparam'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_setscheduler'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 144 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_setscheduler'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_getscheduler'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 145 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_getscheduler'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_get_priority_max'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 146 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_get_priority_max'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_get_priority_min'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 147 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_get_priority_min'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sched_rr_get_interval'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 148 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sched_rr_get_interval'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mlock'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 149 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mlock'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_munlock'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 150 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_munlock'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mlockall'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 151 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mlockall'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_munlockall'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 152 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_munlockall'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_vhangup'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 153 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_vhangup'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_modify_ldt'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 154 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_modify_ldt'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_pivot_root'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (bf) r8 = r0 | |
11: (15) if r8 == 0x0 goto pc+48 | |
R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=map_value(ks=8,vs=56) R10=fp | |
12: (b7) r1 = 0 | |
13: (7b) *(u64 *)(r10 -352) = r1 | |
14: (b7) r1 = 155 | |
15: (7b) *(u64 *)(r10 -320) = r1 | |
16: (79) r1 = *(u64 *)(r8 +0) | |
17: (7b) *(u64 *)(r10 -304) = r1 | |
18: (79) r1 = *(u64 *)(r8 +8) | |
19: (7b) *(u64 *)(r10 -296) = r1 | |
20: (79) r1 = *(u64 *)(r8 +16) | |
21: (7b) *(u64 *)(r10 -288) = r1 | |
22: (79) r1 = *(u64 *)(r8 +24) | |
23: (7b) *(u64 *)(r10 -280) = r1 | |
24: (79) r1 = *(u64 *)(r8 +32) | |
25: (7b) *(u64 *)(r10 -272) = r1 | |
26: (79) r1 = *(u64 *)(r8 +40) | |
27: (7b) *(u64 *)(r10 -264) = r1 | |
28: (79) r1 = *(u64 *)(r10 -360) | |
29: (7b) *(u64 *)(r10 -344) = r1 | |
30: (79) r1 = *(u64 *)(r8 +48) | |
31: (7b) *(u64 *)(r10 -336) = r1 | |
32: (7b) *(u64 *)(r10 -328) = r7 | |
33: (79) r1 = *(u64 *)(r6 +80) | |
34: (7b) *(u64 *)(r10 -312) = r1 | |
35: (79) r3 = *(u64 *)(r8 +0) | |
36: (bf) r1 = r10 | |
37: (07) r1 += -256 | |
38: (b7) r2 = 127 | |
39: (85) call 4 | |
40: (79) r3 = *(u64 *)(r8 +8) | |
41: (bf) r1 = r10 | |
42: (07) r1 += -129 | |
43: (b7) r2 = 128 | |
44: (85) call 4 | |
45: (18) r7 = 0x99943c0 | |
47: (85) call 8 | |
48: (bf) r4 = r10 | |
49: (07) r4 += -352 | |
50: (bf) r1 = r6 | |
51: (bf) r2 = r7 | |
52: (bf) r3 = r0 | |
53: (b7) r5 = 351 | |
54: (85) call 25 | |
55: (18) r1 = 0x9994900 | |
57: (bf) r2 = r10 | |
58: (07) r2 += -360 | |
59: (85) call 3 | |
60: (b7) r0 = 0 | |
61: (95) exit | |
from 11 to 60: R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=inv R10=fp | |
60: (b7) r0 = 0 | |
61: (95) exit | |
processed 61 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_pivot_root'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sysctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 156 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sysctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_prctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 157 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_prctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_arch_prctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 158 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_arch_prctl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_adjtimex'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 159 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_adjtimex'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setrlimit'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 160 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setrlimit'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_chroot'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 161 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_chroot'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_sync'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 162 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_sync'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_acct'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 163 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_acct'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_settimeofday'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 164 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_settimeofday'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_mount'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (bf) r8 = r0 | |
11: (15) if r8 == 0x0 goto pc+48 | |
R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=map_value(ks=8,vs=56) R10=fp | |
12: (b7) r1 = 0 | |
13: (7b) *(u64 *)(r10 -352) = r1 | |
14: (b7) r1 = 165 | |
15: (7b) *(u64 *)(r10 -320) = r1 | |
16: (79) r1 = *(u64 *)(r8 +0) | |
17: (7b) *(u64 *)(r10 -304) = r1 | |
18: (79) r1 = *(u64 *)(r8 +8) | |
19: (7b) *(u64 *)(r10 -296) = r1 | |
20: (79) r1 = *(u64 *)(r8 +16) | |
21: (7b) *(u64 *)(r10 -288) = r1 | |
22: (79) r1 = *(u64 *)(r8 +24) | |
23: (7b) *(u64 *)(r10 -280) = r1 | |
24: (79) r1 = *(u64 *)(r8 +32) | |
25: (7b) *(u64 *)(r10 -272) = r1 | |
26: (79) r1 = *(u64 *)(r8 +40) | |
27: (7b) *(u64 *)(r10 -264) = r1 | |
28: (79) r1 = *(u64 *)(r10 -360) | |
29: (7b) *(u64 *)(r10 -344) = r1 | |
30: (79) r1 = *(u64 *)(r8 +48) | |
31: (7b) *(u64 *)(r10 -336) = r1 | |
32: (7b) *(u64 *)(r10 -328) = r7 | |
33: (79) r1 = *(u64 *)(r6 +80) | |
34: (7b) *(u64 *)(r10 -312) = r1 | |
35: (79) r3 = *(u64 *)(r8 +0) | |
36: (bf) r1 = r10 | |
37: (07) r1 += -256 | |
38: (b7) r2 = 127 | |
39: (85) call 4 | |
40: (79) r3 = *(u64 *)(r8 +8) | |
41: (bf) r1 = r10 | |
42: (07) r1 += -129 | |
43: (b7) r2 = 128 | |
44: (85) call 4 | |
45: (18) r7 = 0x99943c0 | |
47: (85) call 8 | |
48: (bf) r4 = r10 | |
49: (07) r4 += -352 | |
50: (bf) r1 = r6 | |
51: (bf) r2 = r7 | |
52: (bf) r3 = r0 | |
53: (b7) r5 = 351 | |
54: (85) call 25 | |
55: (18) r1 = 0x9994900 | |
57: (bf) r2 = r10 | |
58: (07) r2 += -360 | |
59: (85) call 3 | |
60: (b7) r0 = 0 | |
61: (95) exit | |
from 11 to 60: R0=map_value_or_null(ks=8,vs=56) R6=ctx R7=inv R8=inv R10=fp | |
60: (b7) r0 = 0 | |
61: (95) exit | |
processed 61 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_mount'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_swapon'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 167 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_swapon'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_swapoff'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 168 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_swapoff'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_reboot'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 169 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_reboot'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_sethostname'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 170 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_sethostname'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setdomainname'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 171 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setdomainname'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_iopl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 172 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_iopl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_ioperm'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 173 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_ioperm'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_init_module'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 175 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_init_module'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_delete_module'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 176 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_delete_module'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_quotactl'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 179 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_quotactl'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__sys_gettid'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 186 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__sys_gettid'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_readahead'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 187 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_readahead'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_setxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 188 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_setxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_lsetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 189 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_lsetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fsetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 190 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fsetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_getxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 191 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_getxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_lgetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 192 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_lgetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_fgetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 193 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_fgetxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_listxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 194 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_listxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_llistxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 195 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_llistxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_flistxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -136) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -136 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+38 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -128) = r1 | |
13: (b7) r1 = 196 | |
14: (7b) *(u64 *)(r10 -96) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -80) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -72) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -64) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -56) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -48) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -40) = r1 | |
27: (79) r1 = *(u64 *)(r10 -136) | |
28: (7b) *(u64 *)(r10 -120) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -112) = r1 | |
31: (7b) *(u64 *)(r10 -104) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -88) = r1 | |
34: (18) r7 = 0x99943c0 | |
36: (85) call 8 | |
37: (bf) r4 = r10 | |
38: (07) r4 += -128 | |
39: (bf) r1 = r6 | |
40: (bf) r2 = r7 | |
41: (bf) r3 = r0 | |
42: (b7) r5 = 96 | |
43: (85) call 25 | |
44: (18) r1 = 0x9994900 | |
46: (bf) r2 = r10 | |
47: (07) r2 += -136 | |
48: (85) call 3 | |
49: (b7) r0 = 0 | |
50: (95) exit | |
from 10 to 49: R0=inv R6=ctx R7=inv R10=fp | |
49: (b7) r0 = 0 | |
50: (95) exit | |
processed 50 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_flistxattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_removexattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 197 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_removexattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f) r0 &= r1 | |
6: (18) r1 = 0x0 | |
8: (5d) if r0 != r1 goto pc+22 | |
R0=inv R1=inv R6=ctx R10=fp | |
9: (85) call 5 | |
10: (7b) *(u64 *)(r10 -8) = r0 | |
11: (79) r1 = *(u64 *)(r6 +112) | |
12: (7b) *(u64 *)(r10 -56) = r1 | |
13: (79) r1 = *(u64 *)(r6 +104) | |
14: (7b) *(u64 *)(r10 -48) = r1 | |
15: (79) r1 = *(u64 *)(r6 +96) | |
16: (7b) *(u64 *)(r10 -40) = r1 | |
17: (79) r1 = *(u64 *)(r6 +88) | |
18: (7b) *(u64 *)(r10 -32) = r1 | |
19: (79) r1 = *(u64 *)(r6 +72) | |
20: (7b) *(u64 *)(r10 -24) = r1 | |
21: (79) r1 = *(u64 *)(r6 +64) | |
22: (7b) *(u64 *)(r10 -16) = r1 | |
23: (18) r1 = 0x9994900 | |
25: (bf) r2 = r10 | |
26: (07) r2 += -64 | |
27: (bf) r3 = r10 | |
28: (07) r3 += -56 | |
29: (b7) r4 = 0 | |
30: (85) call 2 | |
31: (b7) r0 = 0 | |
32: (95) exit | |
from 8 to 31: R0=inv R1=inv R6=ctx R10=fp | |
31: (b7) r0 = 0 | |
32: (95) exit | |
processed 32 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kretprobe__SyS_lremovexattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 5 | |
2: (bf) r7 = r0 | |
3: (85) call 14 | |
4: (7b) *(u64 *)(r10 -360) = r0 | |
5: (18) r1 = 0x9994900 | |
7: (bf) r2 = r10 | |
8: (07) r2 += -360 | |
9: (85) call 1 | |
10: (15) if r0 == 0x0 goto pc+43 | |
R0=map_value(ks=8,vs=56) R6=ctx R7=inv R10=fp | |
11: (b7) r1 = 0 | |
12: (7b) *(u64 *)(r10 -352) = r1 | |
13: (b7) r1 = 198 | |
14: (7b) *(u64 *)(r10 -320) = r1 | |
15: (79) r1 = *(u64 *)(r0 +0) | |
16: (7b) *(u64 *)(r10 -304) = r1 | |
17: (79) r1 = *(u64 *)(r0 +8) | |
18: (7b) *(u64 *)(r10 -296) = r1 | |
19: (79) r1 = *(u64 *)(r0 +16) | |
20: (7b) *(u64 *)(r10 -288) = r1 | |
21: (79) r1 = *(u64 *)(r0 +24) | |
22: (7b) *(u64 *)(r10 -280) = r1 | |
23: (79) r1 = *(u64 *)(r0 +32) | |
24: (7b) *(u64 *)(r10 -272) = r1 | |
25: (79) r1 = *(u64 *)(r0 +40) | |
26: (7b) *(u64 *)(r10 -264) = r1 | |
27: (79) r1 = *(u64 *)(r10 -360) | |
28: (7b) *(u64 *)(r10 -344) = r1 | |
29: (79) r1 = *(u64 *)(r0 +48) | |
30: (7b) *(u64 *)(r10 -336) = r1 | |
31: (7b) *(u64 *)(r10 -328) = r7 | |
32: (79) r1 = *(u64 *)(r6 +80) | |
33: (7b) *(u64 *)(r10 -312) = r1 | |
34: (79) r3 = *(u64 *)(r0 +0) | |
35: (bf) r1 = r10 | |
36: (07) r1 += -256 | |
37: (b7) r2 = 255 | |
38: (85) call 4 | |
39: (18) r7 = 0x99943c0 | |
41: (85) call 8 | |
42: (bf) r4 = r10 | |
43: (07) r4 += -352 | |
44: (bf) r1 = r6 | |
45: (bf) r2 = r7 | |
46: (bf) r3 = r0 | |
47: (b7) r5 = 351 | |
48: (85) call 25 | |
49: (18) r1 = 0x9994900 | |
51: (bf) r2 = r10 | |
52: (07) r2 += -360 | |
53: (85) call 3 | |
54: (b7) r0 = 0 | |
55: (95) exit | |
from 10 to 54: R0=inv R6=ctx R7=inv R10=fp | |
54: (b7) r0 = 0 | |
55: (95) exit | |
processed 55 insns | |
DEBUG:load_obj_code_into_ebpf_vm('kprobe__SyS_lremovexattr'): | |
0: (bf) r6 = r1 | |
1: (85) call 14 | |
2: (7b) *(u64 *)(r10 -64) = r0 | |
3: (18) r1 = 0x0 | |
5: (5f |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment