1 // SPDX-License-Identifier: GPL-2.0 2 #include <stdio.h> 3 #include <stdlib.h> 4 #include <unistd.h> 5 #include <linux/filter.h> 6 #include <linux/seccomp.h> 7 #include <sys/prctl.h> 8 #include <bpf/bpf.h> 9 #include <bpf/libbpf.h> 10 #include <sys/resource.h> 11 #include "trace_helpers.h" 12 13 #ifdef __mips__ 14 #define MAX_ENTRIES 6000 /* MIPS n64 syscalls start at 5000 */ 15 #else 16 #define MAX_ENTRIES 1024 17 #endif 18 19 /* install fake seccomp program to enable seccomp code path inside the kernel, 20 * so that our kprobe attached to seccomp_phase1() can be triggered 21 */ 22 static void install_accept_all_seccomp(void) 23 { 24 struct sock_filter filter[] = { 25 BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), 26 }; 27 struct sock_fprog prog = { 28 .len = (unsigned short)(sizeof(filter)/sizeof(filter[0])), 29 .filter = filter, 30 }; 31 if (prctl(PR_SET_SECCOMP, 2, &prog)) 32 perror("prctl"); 33 } 34 35 int main(int ac, char **argv) 36 { 37 struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY}; 38 struct bpf_link *link = NULL; 39 struct bpf_program *prog; 40 struct bpf_object *obj; 41 int key, fd, progs_fd; 42 char filename[256]; 43 const char *title; 44 FILE *f; 45 46 setrlimit(RLIMIT_MEMLOCK, &r); 47 48 snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); 49 obj = bpf_object__open_file(filename, NULL); 50 if (libbpf_get_error(obj)) { 51 fprintf(stderr, "ERROR: opening BPF object file failed\n"); 52 return 0; 53 } 54 55 prog = bpf_object__find_program_by_name(obj, "bpf_prog1"); 56 if (!prog) { 57 printf("finding a prog in obj file failed\n"); 58 goto cleanup; 59 } 60 61 /* load BPF program */ 62 if (bpf_object__load(obj)) { 63 fprintf(stderr, "ERROR: loading BPF object file failed\n"); 64 goto cleanup; 65 } 66 67 link = bpf_program__attach(prog); 68 if (libbpf_get_error(link)) { 69 fprintf(stderr, "ERROR: bpf_program__attach failed\n"); 70 link = NULL; 71 goto cleanup; 72 } 73 74 progs_fd = bpf_object__find_map_fd_by_name(obj, "progs"); 75 if (progs_fd < 0) { 76 fprintf(stderr, "ERROR: finding a map in obj file failed\n"); 77 goto cleanup; 78 } 79 80 bpf_object__for_each_program(prog, obj) { 81 title = bpf_program__title(prog, false); 82 /* register only syscalls to PROG_ARRAY */ 83 if (sscanf(title, "kprobe/%d", &key) != 1) 84 continue; 85 86 fd = bpf_program__fd(prog); 87 bpf_map_update_elem(progs_fd, &key, &fd, BPF_ANY); 88 } 89 90 install_accept_all_seccomp(); 91 92 f = popen("dd if=/dev/zero of=/dev/null count=5", "r"); 93 (void) f; 94 95 read_trace_pipe(); 96 97 cleanup: 98 bpf_link__destroy(link); 99 bpf_object__close(obj); 100 return 0; 101 } 102