1 | // SPDX-License-Identifier: GPL-2.0 |
2 | // Copyright (c) 2020 Facebook |
3 | #include <linux/bpf.h> |
4 | #include <bpf/bpf_helpers.h> |
5 | #include <bpf/bpf_core_read.h> |
6 | |
7 | struct task_struct { |
8 | int tgid; |
9 | } __attribute__((preserve_access_index)); |
10 | |
11 | struct { |
12 | __uint(type, BPF_MAP_TYPE_ARRAY); |
13 | __uint(max_entries, 1); |
14 | __type(key, int); |
15 | __type(value, int); |
16 | } exp_tgid_map SEC(".maps" ); |
17 | |
18 | struct { |
19 | __uint(type, BPF_MAP_TYPE_ARRAY); |
20 | __uint(max_entries, 1); |
21 | __type(key, int); |
22 | __type(value, int); |
23 | } results SEC(".maps" ); |
24 | |
25 | SEC("tp/raw_syscalls/sys_enter" ) |
26 | int handle_sys_enter(void *ctx) |
27 | { |
28 | struct task_struct *task = (void *)bpf_get_current_task(); |
29 | int tgid = BPF_CORE_READ(task, tgid); |
30 | int zero = 0; |
31 | int real_tgid = bpf_get_current_pid_tgid() >> 32; |
32 | int *exp_tgid = bpf_map_lookup_elem(&exp_tgid_map, &zero); |
33 | |
34 | /* only pass through sys_enters from test process */ |
35 | if (!exp_tgid || *exp_tgid != real_tgid) |
36 | return 0; |
37 | |
38 | bpf_map_update_elem(&results, &zero, &tgid, 0); |
39 | |
40 | return 0; |
41 | } |
42 | |
43 | char _license[] SEC("license" ) = "GPL" ; |
44 | |