Skip to content
GitLab
Commit a4282965 authored by 千古无队's avatar 千古无队
Browse files

[Modify Feature] [2024-12-6] 补充signal中非自定义handler的信息获取

parent 1387cc56
main zzk-debug-1 zzk-dev-12-25 zzk-dev-post zzk-dev-sche-12-11 zzk-dev-shm zzk-dev-syscall zzk-test-stackmap
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 27 additions and 0 deletions
+27 -0
Linux_Lifecycle/bpf_src/syscall_trace.bpf.c
+ 27
0
View file @ a4282965
......@@ -396,3 +396,30 @@ int BPF_KRETPROBE(trace_handle_signal_exit)
bpf_printk("entry signal pid: %d delta: %lld\n", sig, delta);
return 0;
}
SEC("tp_btf/signal_deliver")
int BPF_PROG(signal_deliver_btf, int signr, kernel_siginfo_t* info, struct k_sigaction *ka)
{
struct sc_ctrl *syscall_ctrl;
syscall_ctrl = bpf_map_lookup_elem(&sc_ctrl_map, &key);
if(!syscall_ctrl || !syscall_ctrl->sc_func)
return 0;
pid_t pid = bpf_get_current_pid_tgid();
int target_pid = syscall_ctrl->target_pid;
bpf_printk("deliver sig: %d\n", signr);
if(pid != target_pid)
return 0;
u64 current_timestamp = bpf_ktime_get_ns();
struct signal_val_t *val;
val = bpf_ringbuf_reserve(&syscall_rb, sizeof(*val), 0);
if(!val) {
return 0;
}
val->timestamp = current_timestamp;
val->sig = signr;
bpf_ringbuf_submit(val, 0);
return 0;
}
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment