1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */ |
3 | |
4 | #include "vmlinux.h" |
5 | #include <bpf/bpf_helpers.h> |
6 | |
7 | char _license[] SEC("license" ) = "GPL" ; |
8 | |
9 | struct { |
10 | __uint(type, BPF_MAP_TYPE_HASH); |
11 | __uint(max_entries, 1); |
12 | __type(key, int); |
13 | __type(value, int); |
14 | } hash_map SEC(".maps" ); |
15 | |
16 | struct { |
17 | __uint(type, BPF_MAP_TYPE_STACK); |
18 | __uint(max_entries, 1); |
19 | __type(value, int); |
20 | } stack_map SEC(".maps" ); |
21 | |
22 | struct { |
23 | __uint(type, BPF_MAP_TYPE_ARRAY); |
24 | __uint(max_entries, 1); |
25 | __type(key, int); |
26 | __type(value, int); |
27 | } array_map SEC(".maps" ); |
28 | |
29 | const volatile pid_t pid; |
30 | long err = 0; |
31 | |
32 | static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags) |
33 | { |
34 | return 0; |
35 | } |
36 | |
37 | SEC("tp/syscalls/sys_enter_getpid" ) |
38 | int map_update(void *ctx) |
39 | { |
40 | const int key = 0; |
41 | const int val = 1; |
42 | |
43 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
44 | return 0; |
45 | |
46 | err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST); |
47 | |
48 | return 0; |
49 | } |
50 | |
51 | SEC("tp/syscalls/sys_enter_getppid" ) |
52 | int map_delete(void *ctx) |
53 | { |
54 | const int key = 0; |
55 | |
56 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
57 | return 0; |
58 | |
59 | err = bpf_map_delete_elem(&hash_map, &key); |
60 | |
61 | return 0; |
62 | } |
63 | |
64 | SEC("tp/syscalls/sys_enter_getuid" ) |
65 | int map_push(void *ctx) |
66 | { |
67 | const int val = 1; |
68 | |
69 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
70 | return 0; |
71 | |
72 | err = bpf_map_push_elem(&stack_map, &val, 0); |
73 | |
74 | return 0; |
75 | } |
76 | |
77 | SEC("tp/syscalls/sys_enter_geteuid" ) |
78 | int map_pop(void *ctx) |
79 | { |
80 | int val; |
81 | |
82 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
83 | return 0; |
84 | |
85 | err = bpf_map_pop_elem(&stack_map, &val); |
86 | |
87 | return 0; |
88 | } |
89 | |
90 | SEC("tp/syscalls/sys_enter_getgid" ) |
91 | int map_peek(void *ctx) |
92 | { |
93 | int val; |
94 | |
95 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
96 | return 0; |
97 | |
98 | err = bpf_map_peek_elem(&stack_map, &val); |
99 | |
100 | return 0; |
101 | } |
102 | |
103 | SEC("tp/syscalls/sys_enter_gettid" ) |
104 | int map_for_each_pass(void *ctx) |
105 | { |
106 | const int key = 0; |
107 | const int val = 1; |
108 | const u64 flags = 0; |
109 | int callback_ctx; |
110 | |
111 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
112 | return 0; |
113 | |
114 | bpf_map_update_elem(&array_map, &key, &val, flags); |
115 | |
116 | err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags); |
117 | |
118 | return 0; |
119 | } |
120 | |
121 | SEC("tp/syscalls/sys_enter_getpgid" ) |
122 | int map_for_each_fail(void *ctx) |
123 | { |
124 | const int key = 0; |
125 | const int val = 1; |
126 | const u64 flags = BPF_NOEXIST; |
127 | int callback_ctx; |
128 | |
129 | if (pid != (bpf_get_current_pid_tgid() >> 32)) |
130 | return 0; |
131 | |
132 | bpf_map_update_elem(&array_map, &key, &val, flags); |
133 | |
134 | /* calling for_each with non-zero flags will return error */ |
135 | err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags); |
136 | |
137 | return 0; |
138 | } |
139 | |