103e54f10SKP Singh // SPDX-License-Identifier: GPL-2.0
203e54f10SKP Singh
303e54f10SKP Singh /*
403e54f10SKP Singh * Copyright 2020 Google LLC.
503e54f10SKP Singh */
603e54f10SKP Singh
703e54f10SKP Singh #include "vmlinux.h"
8*8c2b5e90SAndrii Nakryiko #include <errno.h>
9207612ebSIlya Leoshkevich #include <bpf/bpf_core_read.h>
1003e54f10SKP Singh #include <bpf/bpf_helpers.h>
1103e54f10SKP Singh #include <bpf/bpf_tracing.h>
12*8c2b5e90SAndrii Nakryiko #include "bpf_misc.h"
1303e54f10SKP Singh
14e68a1445SAlexei Starovoitov struct {
15e68a1445SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_ARRAY);
16e68a1445SAlexei Starovoitov __uint(max_entries, 1);
17e68a1445SAlexei Starovoitov __type(key, __u32);
18e68a1445SAlexei Starovoitov __type(value, __u64);
19e68a1445SAlexei Starovoitov } array SEC(".maps");
20e68a1445SAlexei Starovoitov
21e68a1445SAlexei Starovoitov struct {
22e68a1445SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_HASH);
23e68a1445SAlexei Starovoitov __uint(max_entries, 1);
24e68a1445SAlexei Starovoitov __type(key, __u32);
25e68a1445SAlexei Starovoitov __type(value, __u64);
26e68a1445SAlexei Starovoitov } hash SEC(".maps");
27e68a1445SAlexei Starovoitov
28e68a1445SAlexei Starovoitov struct {
29e68a1445SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_LRU_HASH);
30e68a1445SAlexei Starovoitov __uint(max_entries, 1);
31e68a1445SAlexei Starovoitov __type(key, __u32);
32e68a1445SAlexei Starovoitov __type(value, __u64);
33e68a1445SAlexei Starovoitov } lru_hash SEC(".maps");
34e68a1445SAlexei Starovoitov
35750e5d76SAlexei Starovoitov struct {
36750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
37750e5d76SAlexei Starovoitov __uint(max_entries, 1);
38750e5d76SAlexei Starovoitov __type(key, __u32);
39750e5d76SAlexei Starovoitov __type(value, __u64);
40750e5d76SAlexei Starovoitov } percpu_array SEC(".maps");
41750e5d76SAlexei Starovoitov
42750e5d76SAlexei Starovoitov struct {
43750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_PERCPU_HASH);
44750e5d76SAlexei Starovoitov __uint(max_entries, 1);
45750e5d76SAlexei Starovoitov __type(key, __u32);
46750e5d76SAlexei Starovoitov __type(value, __u64);
47750e5d76SAlexei Starovoitov } percpu_hash SEC(".maps");
48750e5d76SAlexei Starovoitov
49750e5d76SAlexei Starovoitov struct {
50750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_LRU_PERCPU_HASH);
51750e5d76SAlexei Starovoitov __uint(max_entries, 1);
52750e5d76SAlexei Starovoitov __type(key, __u32);
53750e5d76SAlexei Starovoitov __type(value, __u64);
54750e5d76SAlexei Starovoitov } lru_percpu_hash SEC(".maps");
55750e5d76SAlexei Starovoitov
56750e5d76SAlexei Starovoitov struct inner_map {
57750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_ARRAY);
58750e5d76SAlexei Starovoitov __uint(max_entries, 1);
59750e5d76SAlexei Starovoitov __type(key, int);
60750e5d76SAlexei Starovoitov __type(value, __u64);
61750e5d76SAlexei Starovoitov } inner_map SEC(".maps");
62750e5d76SAlexei Starovoitov
63750e5d76SAlexei Starovoitov struct outer_arr {
64750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_ARRAY_OF_MAPS);
65750e5d76SAlexei Starovoitov __uint(max_entries, 1);
66750e5d76SAlexei Starovoitov __uint(key_size, sizeof(int));
67750e5d76SAlexei Starovoitov __uint(value_size, sizeof(int));
68750e5d76SAlexei Starovoitov __array(values, struct inner_map);
69750e5d76SAlexei Starovoitov } outer_arr SEC(".maps") = {
70750e5d76SAlexei Starovoitov .values = { [0] = &inner_map },
71750e5d76SAlexei Starovoitov };
72750e5d76SAlexei Starovoitov
73750e5d76SAlexei Starovoitov struct outer_hash {
74750e5d76SAlexei Starovoitov __uint(type, BPF_MAP_TYPE_HASH_OF_MAPS);
75750e5d76SAlexei Starovoitov __uint(max_entries, 1);
76750e5d76SAlexei Starovoitov __uint(key_size, sizeof(int));
77750e5d76SAlexei Starovoitov __array(values, struct inner_map);
78750e5d76SAlexei Starovoitov } outer_hash SEC(".maps") = {
79750e5d76SAlexei Starovoitov .values = { [0] = &inner_map },
80750e5d76SAlexei Starovoitov };
81750e5d76SAlexei Starovoitov
8203e54f10SKP Singh char _license[] SEC("license") = "GPL";
8303e54f10SKP Singh
8403e54f10SKP Singh int monitored_pid = 0;
8503e54f10SKP Singh int mprotect_count = 0;
8603e54f10SKP Singh int bprm_count = 0;
8703e54f10SKP Singh
88f56407faSAlexei Starovoitov SEC("lsm/file_mprotect")
BPF_PROG(test_int_hook,struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot,int ret)8903e54f10SKP Singh int BPF_PROG(test_int_hook, struct vm_area_struct *vma,
9003e54f10SKP Singh unsigned long reqprot, unsigned long prot, int ret)
9103e54f10SKP Singh {
9203e54f10SKP Singh if (ret != 0)
9303e54f10SKP Singh return ret;
9403e54f10SKP Singh
9503e54f10SKP Singh __u32 pid = bpf_get_current_pid_tgid() >> 32;
965222d696SKP Singh int is_stack = 0;
9703e54f10SKP Singh
985222d696SKP Singh is_stack = (vma->vm_start <= vma->vm_mm->start_stack &&
995222d696SKP Singh vma->vm_end >= vma->vm_mm->start_stack);
10003e54f10SKP Singh
1015222d696SKP Singh if (is_stack && monitored_pid == pid) {
10203e54f10SKP Singh mprotect_count++;
10303e54f10SKP Singh ret = -EPERM;
10403e54f10SKP Singh }
10503e54f10SKP Singh
10603e54f10SKP Singh return ret;
10703e54f10SKP Singh }
10803e54f10SKP Singh
109e68a1445SAlexei Starovoitov SEC("lsm.s/bprm_committed_creds")
BPF_PROG(test_void_hook,struct linux_binprm * bprm)11003e54f10SKP Singh int BPF_PROG(test_void_hook, struct linux_binprm *bprm)
11103e54f10SKP Singh {
11203e54f10SKP Singh __u32 pid = bpf_get_current_pid_tgid() >> 32;
113750e5d76SAlexei Starovoitov struct inner_map *inner_map;
114f56407faSAlexei Starovoitov char args[64];
115f56407faSAlexei Starovoitov __u32 key = 0;
116f56407faSAlexei Starovoitov __u64 *value;
11703e54f10SKP Singh
11803e54f10SKP Singh if (monitored_pid == pid)
11903e54f10SKP Singh bprm_count++;
12003e54f10SKP Singh
121f56407faSAlexei Starovoitov bpf_copy_from_user(args, sizeof(args), (void *)bprm->vma->vm_mm->arg_start);
122f56407faSAlexei Starovoitov bpf_copy_from_user(args, sizeof(args), (void *)bprm->mm->arg_start);
123f56407faSAlexei Starovoitov
124f56407faSAlexei Starovoitov value = bpf_map_lookup_elem(&array, &key);
125f56407faSAlexei Starovoitov if (value)
126f56407faSAlexei Starovoitov *value = 0;
127f56407faSAlexei Starovoitov value = bpf_map_lookup_elem(&hash, &key);
128f56407faSAlexei Starovoitov if (value)
129f56407faSAlexei Starovoitov *value = 0;
130f56407faSAlexei Starovoitov value = bpf_map_lookup_elem(&lru_hash, &key);
131f56407faSAlexei Starovoitov if (value)
132f56407faSAlexei Starovoitov *value = 0;
133750e5d76SAlexei Starovoitov value = bpf_map_lookup_elem(&percpu_array, &key);
134750e5d76SAlexei Starovoitov if (value)
135750e5d76SAlexei Starovoitov *value = 0;
136750e5d76SAlexei Starovoitov value = bpf_map_lookup_elem(&percpu_hash, &key);
137750e5d76SAlexei Starovoitov if (value)
138750e5d76SAlexei Starovoitov *value = 0;
139750e5d76SAlexei Starovoitov value = bpf_map_lookup_elem(&lru_percpu_hash, &key);
140750e5d76SAlexei Starovoitov if (value)
141750e5d76SAlexei Starovoitov *value = 0;
142750e5d76SAlexei Starovoitov inner_map = bpf_map_lookup_elem(&outer_arr, &key);
143750e5d76SAlexei Starovoitov if (inner_map) {
144750e5d76SAlexei Starovoitov value = bpf_map_lookup_elem(inner_map, &key);
145750e5d76SAlexei Starovoitov if (value)
146750e5d76SAlexei Starovoitov *value = 0;
147750e5d76SAlexei Starovoitov }
148750e5d76SAlexei Starovoitov inner_map = bpf_map_lookup_elem(&outer_hash, &key);
149750e5d76SAlexei Starovoitov if (inner_map) {
150750e5d76SAlexei Starovoitov value = bpf_map_lookup_elem(inner_map, &key);
151750e5d76SAlexei Starovoitov if (value)
152750e5d76SAlexei Starovoitov *value = 0;
153750e5d76SAlexei Starovoitov }
154f56407faSAlexei Starovoitov
15503e54f10SKP Singh return 0;
15603e54f10SKP Singh }
157e68a1445SAlexei Starovoitov SEC("lsm/task_free") /* lsm/ is ok, lsm.s/ fails */
BPF_PROG(test_task_free,struct task_struct * task)158e68a1445SAlexei Starovoitov int BPF_PROG(test_task_free, struct task_struct *task)
159e68a1445SAlexei Starovoitov {
160e68a1445SAlexei Starovoitov return 0;
161e68a1445SAlexei Starovoitov }
162e68a1445SAlexei Starovoitov
163e68a1445SAlexei Starovoitov int copy_test = 0;
164e68a1445SAlexei Starovoitov
165807662caSArtem Savkov SEC("fentry.s/" SYS_PREFIX "sys_setdomainname")
BPF_PROG(test_sys_setdomainname,struct pt_regs * regs)166e68a1445SAlexei Starovoitov int BPF_PROG(test_sys_setdomainname, struct pt_regs *regs)
167e68a1445SAlexei Starovoitov {
168207612ebSIlya Leoshkevich void *ptr = (void *)PT_REGS_PARM1_SYSCALL(regs);
169207612ebSIlya Leoshkevich int len = PT_REGS_PARM2_SYSCALL(regs);
170e68a1445SAlexei Starovoitov int buf = 0;
171e68a1445SAlexei Starovoitov long ret;
172e68a1445SAlexei Starovoitov
173e68a1445SAlexei Starovoitov ret = bpf_copy_from_user(&buf, sizeof(buf), ptr);
174e68a1445SAlexei Starovoitov if (len == -2 && ret == 0 && buf == 1234)
175e68a1445SAlexei Starovoitov copy_test++;
176e68a1445SAlexei Starovoitov if (len == -3 && ret == -EFAULT)
177e68a1445SAlexei Starovoitov copy_test++;
178e68a1445SAlexei Starovoitov if (len == -4 && ret == -EFAULT)
179e68a1445SAlexei Starovoitov copy_test++;
180e68a1445SAlexei Starovoitov return 0;
181e68a1445SAlexei Starovoitov }
182