-
Notifications
You must be signed in to change notification settings - Fork 3
/
ppm.h
104 lines (84 loc) · 2.6 KB
/
ppm.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
// SPDX-License-Identifier: GPL-2.0-only OR MIT
/*
Copyright (C) 2023 The Falco Authors.
This file is dual licensed under either the MIT or GPL 2. See MIT.txt
or GPL2.txt for full copies of the license.
*/
#ifndef PPM_H_
#define PPM_H_
/*
* Our Own ASSERT implementation, so we can easily switch among BUG_ON, WARN_ON and nothing
*/
#include <linux/time.h>
#include "ppm_consumer.h"
#ifdef _DEBUG
#define ASSERT(expr) WARN_ON(!(expr))
#else
#define ASSERT(expr)
#endif /* _DEBUG */
#include "capture_macro.h"
#define PPM_NULL_RDEV MKDEV(1, 3)
typedef uint64_t nanoseconds;
/* This is an auxiliary struct we use in setsockopt
* when `__kernel_timex_timeval` struct is not defined.
*/
struct __aux_timeval {
long long int tv_sec;
long long int tv_usec;
};
/*
* The ring descriptor.
* We have one of these for each CPU.
*/
struct ppm_ring_buffer_context {
bool cpu_online;
bool open;
struct ppm_ring_buffer_info *info;
char *buffer;
nanoseconds last_print_time;
uint32_t nevents;
atomic_t preempt_count;
char *str_storage; /* String storage. Size is one page. */
};
/*
* Global functions
*
* These are analogous to get_user(), copy_from_user() and strncpy_from_user(),
* but they can't sleep, barf on page fault or be preempted
*/
#define ppm_get_user(x, ptr) (ppm_copy_from_user(&x, ptr, sizeof(x)) ? -EFAULT : 0)
unsigned long ppm_copy_from_user(void *to, const void __user *from, unsigned long n);
long ppm_strncpy_from_user(char *to, const char __user *from, unsigned long n);
/*
* Global tables
*/
#ifdef CONFIG_MIPS
#define SYSCALL_TABLE_ID0 __NR_Linux
#elif defined CONFIG_ARM
#define SYSCALL_TABLE_ID0 __NR_SYSCALL_BASE
#elif defined CONFIG_X86 || defined CONFIG_SUPERH
#define SYSCALL_TABLE_ID0 0
#elif defined CONFIG_PPC64
#define SYSCALL_TABLE_ID0 0
#elif defined CONFIG_S390
#define SYSCALL_TABLE_ID0 0
#elif defined CONFIG_ARM64
#define SYSCALL_TABLE_ID0 0
#elif defined CONFIG_RISCV
#define SYSCALL_TABLE_ID0 0
#endif
extern const struct syscall_evt_pair g_syscall_table[];
extern const struct ppm_event_info g_event_info[];
#if defined(CONFIG_X86_64) && defined(CONFIG_IA32_EMULATION)
extern const struct syscall_evt_pair g_syscall_ia32_table[];
#endif
extern void ppm_syscall_get_arguments(struct task_struct *task, struct pt_regs *regs, unsigned long *args);
#define NS_TO_SEC(_ns) ((_ns) / 1000000000)
#define MORE_THAN_ONE_SECOND_AHEAD(_ns1, _ns2) ((_ns1) - (_ns2) > 1000000000)
#define SECOND_IN_NS 1000000000
#define USECOND_IN_NS 1000
// used in main.c, ppm_events.c and ppm_fillers.c so include it just once here
#ifdef __KERNEL__
#include <linux/version.h>
#endif
#endif /* PPM_H_ */