From 55f127b43143363d000165c7cb72e4b95de1380d Mon Sep 17 00:00:00 2001 From: Arnaldo Carvalho de Melo Date: Tue, 6 Nov 2018 15:23:40 -0300 Subject: [PATCH] perf augmented_syscalls: Filter on a hard coded pid Just to show where we'll hook pid based filters, and what we use to obtain the current pid, using a BPF getpid() equivalent. Now we need to remove that hardcoded PID with a BPF hash map, so that we start by filtering 'perf trace's own PID, implement the --filter-pid functionality, etc. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: https://lkml.kernel.org/n/tip-oshrcgcekiyhd0whwisxfvtv@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo --- tools/perf/examples/bpf/augmented_raw_syscalls.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tools/perf/examples/bpf/augmented_raw_syscalls.c b/tools/perf/examples/bpf/augmented_raw_syscalls.c index 90a19336310b..2feb00018f79 100644 --- a/tools/perf/examples/bpf/augmented_raw_syscalls.c +++ b/tools/perf/examples/bpf/augmented_raw_syscalls.c @@ -15,6 +15,7 @@ */ #include +#include #include /* bpf-output associated map */ @@ -56,6 +57,9 @@ int sys_enter(struct syscall_enter_args *args) unsigned int len = sizeof(augmented_args); const void *filename_arg = NULL; + if (getpid() == 2971) + return 0; + probe_read(&augmented_args.args, sizeof(augmented_args.args), args); /* * Yonghong and Edward Cree sayz: @@ -125,7 +129,7 @@ int sys_enter(struct syscall_enter_args *args) SEC("raw_syscalls:sys_exit") int sys_exit(struct syscall_exit_args *args) { - return 1; /* 0 as soon as we start copying data returned by the kernel, e.g. 'read' */ + return getpid() != 2971; } license(GPL);