Add support for several mostly x86_64-only syscalls

pinchy-common/src/kernel_types.rs

@@ -169,6 +169,16 @@ pub struct LinuxDirent64 {
     pub d_name: [u8; SMALL_READ_SIZE],
 }
 
+/// Linux directory entry structure (legacy getdents syscall)
+#[repr(C)]
+#[derive(Debug, Default, Copy, Clone)]
+pub struct LinuxDirent {
+    pub d_ino: u64,
+    pub d_off: u64,
+    pub d_reclen: u16,
+    pub d_name: [u8; SMALL_READ_SIZE],
+}
+
 /// Filesystem statistics structure, matching the kernel's struct statfs
 #[repr(C)]
 #[derive(Debug, Default, Copy, Clone)]
@@ -523,6 +533,15 @@ pub struct Seminfo {
     pub semaem: i32,
 }
 
+/// System V semaphore operation structure, matching the kernel's struct sembuf.
+#[repr(C)]
+#[derive(Debug, Default, Copy, Clone)]
+pub struct Sembuf {
+    pub sem_num: u16, // Semaphore number
+    pub sem_op: i16,  // Semaphore operation
+    pub sem_flg: i16, // Operation flags
+}
+
 #[repr(C)]
 #[derive(Clone, Copy)]
 pub union Semun {

pinchy-common/src/lib.rs

@@ -130,6 +130,9 @@ pub union SyscallEventData {
     pub fstat: FstatData,
     pub newfstatat: NewfstatatData,
     pub getdents64: Getdents64Data,
+    pub getdents: GetdentsData,
+    pub semtimedop: SemtimedopData,
+    pub sendfile: SendfileData,
     pub mmap: MmapData,
     pub munmap: MunmapData,
     pub brk: BrkData,
@@ -170,6 +173,8 @@ pub union SyscallEventData {
     pub gettid: GettidData,
     pub getuid: GetuidData,
     pub geteuid: GeteuidData,
+    pub fork: ForkData,
+    pub vfork: VforkData,
     pub getgid: GetgidData,
     pub getegid: GetegidData,
     pub getppid: GetppidData,
@@ -417,6 +422,15 @@ pub union SyscallEventData {
     pub lookup_dcookie: LookupDcookieData,
     pub nfsservctl: NfsservctlData,
     pub utime: UtimeData,
+    pub access: AccessData,
+    pub chmod: ChmodData,
+    pub creat: CreatData,
+    pub mkdir: MkdirData,
+    pub readlink: ReadlinkData,
+    pub stat: StatData,
+    pub lstat: LstatData,
+    pub utimes: UtimesData,
+    pub futimesat: FutimesatData,
 }
 
 #[repr(C)]
@@ -750,6 +764,14 @@ pub struct GetegidData;
 #[derive(Clone, Copy)]
 pub struct GetppidData;
 
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct ForkData;
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct VforkData;
+
 #[repr(C)]
 #[derive(Clone, Copy)]
 pub struct IoctlData {
@@ -834,6 +856,35 @@ pub struct Getdents64Data {
     pub num_dirents: u8,
 }
 
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct GetdentsData {
+    pub fd: i32,
+    pub count: usize,
+    pub dirents: [crate::kernel_types::LinuxDirent; 4],
+    pub num_dirents: u8,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct SemtimedopData {
+    pub semid: i32,
+    pub sops: [crate::kernel_types::Sembuf; 4],
+    pub nsops: usize,
+    pub timeout: crate::kernel_types::Timespec,
+    pub timeout_is_null: u8,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct SendfileData {
+    pub out_fd: i32,
+    pub in_fd: i32,
+    pub offset: u64,
+    pub offset_is_null: u8,
+    pub count: usize,
+}
+
 #[repr(C)]
 #[derive(Clone, Copy)]
 pub struct MmapData {
@@ -3451,3 +3502,70 @@ pub struct UtimeData {
     pub times: kernel_types::Utimbuf,
     pub times_is_null: u8,
 }
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct AccessData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub mode: i32,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct ChmodData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub mode: u32,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct CreatData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub mode: u32,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct MkdirData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub mode: u32,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct ReadlinkData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub buf: [u8; MEDIUM_READ_SIZE],
+    pub bufsiz: u64,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct StatData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub statbuf: kernel_types::Stat,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct LstatData {
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub statbuf: kernel_types::Stat,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct UtimesData {
+    pub filename: [u8; SMALL_READ_SIZE],
+    pub times: [kernel_types::Timeval; 2],
+    pub times_is_null: u8,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy)]
+pub struct FutimesatData {
+    pub dirfd: i32,
+    pub pathname: [u8; SMALL_READ_SIZE],
+    pub times: [kernel_types::Timeval; 2],
+    pub times_is_null: u8,
+}

pinchy-ebpf/src/basic_io.rs

@@ -577,6 +577,23 @@ pub fn syscall_exit_basic_io(ctx: TracePointContext) -> u32 {
                 data.arg = args[2] as u64;
                 data.nr_args = args[3] as u32;
             }
+            #[cfg(x86_64)]
+            syscalls::SYS_sendfile => {
+                let data = data_mut!(entry, sendfile);
+
+                data.out_fd = args[0] as i32;
+                data.in_fd = args[1] as i32;
+                data.count = args[3] as usize;
+
+                let offset_ptr = args[2] as *const u64;
+
+                if offset_ptr.is_null() {
+                    data.offset_is_null = 1;
+                } else {
+                    data.offset_is_null = 0;
+                    data.offset = unsafe { bpf_probe_read_user::<u64>(offset_ptr).unwrap_or(0) };
+                }
+            }
             _ => {
                 entry.discard();
                 return Ok(());