chore(eBPF) moved fetching call args from retprobe to probe

amosproj · Nov 17, 2024 · 434f4bb · 434f4bb
1 parent 77562fb
commit 434f4bb
Showing 1 changed file with 21 additions and 12 deletions.
diff --git a/rust/backend/ebpf/src/vfs_tracing.rs b/rust/backend/ebpf/src/vfs_tracing.rs
@@ -6,7 +6,6 @@
 
 const TIME_LIMIT_NS: u64 = 100_000_000;
 
-use core::ffi::{c_int, c_size_t};
 use aya_ebpf::{
     macros::{kprobe, map},
     maps::{HashMap, RingBuf},
@@ -20,16 +19,29 @@ use backend_common::{generate_id, VfsWriteCall};
 
 #[map(name = "VFS_WRITE_MAP")]
 pub static VFS_WRITE_MAP: RingBuf = RingBuf::with_byte_size(1024, 0);
-#[map(name = "VFS_WRITE_INTERN")]
-pub static VFS_WRITE_TIMESTAMPS: HashMap<u64, u64> = HashMap::with_max_entries(1024, 0);
+
+
+#[map(name = "VfsWriteIntern")]
+static VFS_WRITE_TIMESTAMPS: HashMap<u64, VfsWriteIntern> = HashMap::with_max_entries(1024, 0);
+
+
+struct VfsWriteIntern {
+    begin_time_stamp: u64,
+    fd: i32,
+    bytes_written: usize,
+}
 
 
 #[kprobe]
 pub fn vfs_write(ctx: ProbeContext) -> Result<(), u32> {
     let id = generate_id(ctx.pid(), ctx.tgid());
-    let time_stamp = unsafe {bpf_ktime_get_ns()};
+    let data = VfsWriteIntern {
+        begin_time_stamp: unsafe {bpf_ktime_get_ns()},
+        fd: ctx.arg(0).unwrap_or(-1),
+        bytes_written: ctx.arg(2).unwrap_or(usize::MAX) as usize,
+    };
 
-    match VFS_WRITE_TIMESTAMPS.insert(&id, &time_stamp, 0) {
+    match VFS_WRITE_TIMESTAMPS.insert(&id, &data, 0) {
         Ok(_) => Ok(()),
         Err(_) => Err(0),
     }
@@ -44,18 +56,15 @@ pub fn vfs_write_ret(ctx: ProbeContext) -> Result<(), u32> {
     let pid = ctx.pid();
     let tgid = ctx.tgid();
     let call_id = generate_id(pid, tgid);
-    let probe_start = match unsafe { VFS_WRITE_TIMESTAMPS.get(&call_id) } {
+    let data = match unsafe { VFS_WRITE_TIMESTAMPS.get(&call_id) } {
         None => {return Err(0)}
-        Some(time_stamp) => {time_stamp.clone()}
+        Some(entry) => {entry}
     };
 
-    if probe_start - probe_end > TIME_LIMIT_NS {
-        let fd: c_int = ctx.arg(0).unwrap();
-        let count: c_size_t = ctx.arg(2).unwrap();
-
+    if data.begin_time_stamp - probe_end > TIME_LIMIT_NS {
 
 
-        let data = VfsWriteCall::new(pid, tgid, probe_start, fd as i32, count as usize);
+        let data = VfsWriteCall::new(pid, tgid, data.begin_time_stamp, data.fd, data.bytes_written);
 
 
         let mut entry = match VFS_WRITE_MAP.reserve::<VfsWriteCall>(0) {