linux/samples/bpf/test_overhead_kprobe_kern.c

/* Copyright (c) 2016 Facebook
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 */
#include <linux/version.h>
#include <linux/ptrace.h>
#include <linux/sched.h>
#include <uapi/linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>

#define _(P)                                                                   \
	({                                                                     \
		typeof(P) val = 0;                                             \
		bpf_probe_read_kernel(&val, sizeof(val), &(P));                \
		val;                                                           \
	})

SEC("kprobe/__set_task_comm")
int prog(struct pt_regs *ctx)
{
	struct signal_struct *signal;
	struct task_struct *tsk;
	char oldcomm[TASK_COMM_LEN] = {};
	char newcomm[TASK_COMM_LEN] = {};
	u16 oom_score_adj;
	u32 pid;

	tsk = (void *)PT_REGS_PARM1(ctx);

	pid = _(tsk->pid);
	bpf_probe_read_kernel_str(oldcomm, sizeof(oldcomm), &tsk->comm);
	bpf_probe_read_kernel_str(newcomm, sizeof(newcomm),
				  (void *)PT_REGS_PARM2(ctx));
	signal = _(tsk->signal);
	oom_score_adj = _(signal->oom_score_adj);
	return 0;
}

SEC("kprobe/urandom_read")
int prog2(struct pt_regs *ctx)
{
	return 0;
}

char _license[] SEC("license") = "GPL";
u32 _version SEC("version") = LINUX_VERSION_CODE;