Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) /* Copyright (c) 2015 PLUMgrid, http://plumgrid.com
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3)  * This program is free software; you can redistribute it and/or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4)  * modify it under the terms of version 2 of the GNU General Public
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5)  * License as published by the Free Software Foundation.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) #include <linux/ptrace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) #include <linux/version.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) #include <uapi/linux/bpf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <bpf/bpf_helpers.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <bpf/bpf_tracing.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) struct pair {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	u64 val;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	u64 ip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) struct {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 	__uint(type, BPF_MAP_TYPE_HASH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	__type(key, long);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	__type(value, struct pair);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	__uint(max_entries, 1000000);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) } my_map SEC(".maps");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) /* kprobe is NOT a stable ABI. If kernel internals change this bpf+kprobe
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)  * example will no longer be meaningful
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) SEC("kprobe/kmem_cache_free")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) int bpf_prog1(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) 	long ptr = PT_REGS_PARM2(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) 	bpf_map_delete_elem(&my_map, &ptr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) SEC("kretprobe/kmem_cache_alloc_node")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) int bpf_prog2(struct pt_regs *ctx)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 	long ptr = PT_REGS_RC(ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	long ip = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 	/* get ip address of kmem_cache_alloc_node() caller */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 	BPF_KRETPROBE_READ_RET_IP(ip, ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 	struct pair v = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) 		.val = bpf_ktime_get_ns(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 		.ip = ip,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) 	};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) 	bpf_map_update_elem(&my_map, &ptr, &v, BPF_ANY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) char _license[] SEC("license") = "GPL";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) u32 _version SEC("version") = LINUX_VERSION_CODE;