diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-19 17:24:30 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-19 17:24:30 +0300 |
| commit | 6ef2ad7d15b3a11e643f312884c222ac53165623 (patch) | |
| tree | a08cf1809e85d32d8fc839e9df036cff97779166 /internal/c | |
| parent | 843def4f5c23db050cccfae57a9acb5899c110f4 (diff) | |
y6: add epoll ctl/wait tracing and ready-count coverage
Diffstat (limited to 'internal/c')
| -rw-r--r-- | internal/c/generated_tracepoints.c | 36 | ||||
| -rw-r--r-- | internal/c/generated_tracepoints_result.txt | 8 | ||||
| -rw-r--r-- | internal/c/types.h | 14 |
3 files changed, 42 insertions, 16 deletions
diff --git a/internal/c/generated_tracepoints.c b/internal/c/generated_tracepoints.c index c14c61e..cc7de62 100644 --- a/internal/c/generated_tracepoints.c +++ b/internal/c/generated_tracepoints.c @@ -3987,23 +3987,32 @@ int handle_sys_exit_epoll_create(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_epoll_ctl is a struct fd_event +/// sys_enter_epoll_ctl is a struct epoll_ctl_event SEC("tracepoint/syscalls/sys_enter_epoll_ctl") int handle_sys_enter_epoll_ctl(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); + struct epoll_ctl_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct epoll_ctl_event), 0); if (!ev) return 0; - ev->event_type = ENTER_FD_EVENT; + ev->event_type = ENTER_EPOLL_CTL_EVENT; ev->trace_id = SYS_ENTER_EPOLL_CTL; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->epfd = (__s32)ctx->args[0]; + ev->op = (__s32)ctx->args[1]; ev->fd = (__s32)ctx->args[2]; + ev->events = 0; + if (ctx->args[3] != 0) { + __u32 user_events = 0; + if (bpf_probe_read_user(&user_events, sizeof(user_events), (void *)ctx->args[3]) == 0) { + ev->events = user_events; + } + } bpf_ringbuf_submit(ev, 0); return 0; @@ -4032,22 +4041,23 @@ int handle_sys_exit_epoll_ctl(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_epoll_wait is a struct null_event +/// sys_enter_epoll_wait is a struct fd_event SEC("tracepoint/syscalls/sys_enter_epoll_wait") int handle_sys_enter_epoll_wait(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_EPOLL_WAIT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; @@ -4076,22 +4086,23 @@ int handle_sys_exit_epoll_wait(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_epoll_pwait is a struct null_event +/// sys_enter_epoll_pwait is a struct fd_event SEC("tracepoint/syscalls/sys_enter_epoll_pwait") int handle_sys_enter_epoll_pwait(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_EPOLL_PWAIT; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; @@ -4120,22 +4131,23 @@ int handle_sys_exit_epoll_pwait(struct syscall_trace_exit *ctx) { return 0; } -/// sys_enter_epoll_pwait2 is a struct null_event +/// sys_enter_epoll_pwait2 is a struct fd_event SEC("tracepoint/syscalls/sys_enter_epoll_pwait2") int handle_sys_enter_epoll_pwait2(struct syscall_trace_enter *ctx) { __u32 pid, tid; if (filter(&pid, &tid)) return 0; - struct null_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct null_event), 0); + struct fd_event *ev = bpf_ringbuf_reserve(&event_map, sizeof(struct fd_event), 0); if (!ev) return 0; - ev->event_type = ENTER_NULL_EVENT; + ev->event_type = ENTER_FD_EVENT; ev->trace_id = SYS_ENTER_EPOLL_PWAIT2; ev->pid = pid; ev->tid = tid; ev->time = bpf_ktime_get_boot_ns(); + ev->fd = (__s32)ctx->args[0]; bpf_ringbuf_submit(ev, 0); return 0; diff --git a/internal/c/generated_tracepoints_result.txt b/internal/c/generated_tracepoints_result.txt index 8f2564c..312c412 100644 --- a/internal/c/generated_tracepoints_result.txt +++ b/internal/c/generated_tracepoints_result.txt @@ -34,10 +34,10 @@ sys_enter_dup2 is a struct fd_event sys_enter_dup3 is a struct dup3_event sys_enter_epoll_create is a struct null_event sys_enter_epoll_create1 is a struct null_event -sys_enter_epoll_ctl is a struct fd_event -sys_enter_epoll_pwait is a struct null_event -sys_enter_epoll_pwait2 is a struct null_event -sys_enter_epoll_wait is a struct null_event +sys_enter_epoll_ctl is a struct epoll_ctl_event +sys_enter_epoll_pwait is a struct fd_event +sys_enter_epoll_pwait2 is a struct fd_event +sys_enter_epoll_wait is a struct fd_event sys_enter_eventfd is a struct eventfd_event sys_enter_eventfd2 is a struct eventfd_event sys_enter_execve is a struct path_event diff --git a/internal/c/types.h b/internal/c/types.h index 3e06040..bcc88d2 100644 --- a/internal/c/types.h +++ b/internal/c/types.h @@ -31,6 +31,8 @@ #define EXIT_PIPE_EVENT 26 #define ENTER_EVENTFD_EVENT 27 #define EXIT_EVENTFD_EVENT 28 +#define ENTER_EPOLL_CTL_EVENT 29 +#define EXIT_EPOLL_CTL_EVENT 30 #define UNCLASSIFIED 0 #define READ_CLASSIFIED 1 @@ -181,3 +183,15 @@ struct eventfd_event { __s32 flags; __s64 ret; }; + +struct epoll_ctl_event { + __u32 event_type; + __u32 trace_id; + __u64 time; + __u32 pid; + __u32 tid; + __s32 epfd; + __s32 op; + __s32 fd; + __u32 events; +}; |