tools/testing/selftests/bpf/progs/test_perf_buffer.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0
 // Copyright (c) 2019 Facebook

 #include <linux/ptrace.h>
 #include <linux/bpf.h>
 #include <bpf/bpf_helpers.h>
 #include <bpf/bpf_tracing.h>

 struct {
 	__uint(type, BPF_MAP_TYPE_ARRAY);
 	__type(key, int);
 	__type(value, int);
 	__uint(max_entries, 1);
 } my_pid_map SEC(".maps");

 struct {
 	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
 	__type(key, int);
 	__type(value, int);
 } perf_buf_map SEC(".maps");

 SEC("tp/raw_syscalls/sys_enter")
 int handle_sys_enter(void *ctx)
 {
 	int zero = 0, *my_pid, cur_pid;
 	int cpu = bpf_get_smp_processor_id();

 	my_pid = bpf_map_lookup_elem(&my_pid_map, &zero);
 	if (!my_pid)
 		return 1;

 	cur_pid = bpf_get_current_pid_tgid() >> 32;
 	if (cur_pid != *my_pid)
 		return 1;

 	bpf_perf_event_output(ctx, &perf_buf_map, BPF_F_CURRENT_CPU,
 			      &cpu, sizeof(cpu));
 	return 1;
 }

 char _license[] SEC("license") = "GPL";
	// SPDX-License-Identifier: GPL-2.0
	// Copyright (c) 2019 Facebook

	#include <linux/ptrace.h>
	#include <linux/bpf.h>
	#include <bpf/bpf_helpers.h>
	#include <bpf/bpf_tracing.h>

	struct {
	__uint(type, BPF_MAP_TYPE_ARRAY);
	__type(key, int);
	__type(value, int);
	__uint(max_entries, 1);
	} my_pid_map SEC(".maps");

	struct {
	__uint(type, BPF_MAP_TYPE_PERF_EVENT_ARRAY);
	__type(key, int);
	__type(value, int);
	} perf_buf_map SEC(".maps");

	SEC("tp/raw_syscalls/sys_enter")
	int handle_sys_enter(void *ctx)
	{
	int zero = 0, *my_pid, cur_pid;
	int cpu = bpf_get_smp_processor_id();

	my_pid = bpf_map_lookup_elem(&my_pid_map, &zero);
	if (!my_pid)
	return 1;

	cur_pid = bpf_get_current_pid_tgid() >> 32;
	if (cur_pid != *my_pid)
	return 1;

	bpf_perf_event_output(ctx, &perf_buf_map, BPF_F_CURRENT_CPU,
	&cpu, sizeof(cpu));
	return 1;
	}

	char _license[] SEC("license") = "GPL";