10a80cf67SAndrii Nakryiko // SPDX-License-Identifier: GPL-2.0
20a80cf67SAndrii Nakryiko /* Copyright (c) 2021 Facebook */
30a80cf67SAndrii Nakryiko
40a80cf67SAndrii Nakryiko #include "vmlinux.h"
50a80cf67SAndrii Nakryiko #include <bpf/bpf_helpers.h>
60a80cf67SAndrii Nakryiko #include <bpf/bpf_tracing.h>
7ddc0027aSKui-Feng Lee #include <errno.h>
80a80cf67SAndrii Nakryiko
90a80cf67SAndrii Nakryiko int my_tid;
100a80cf67SAndrii Nakryiko
11ddc0027aSKui-Feng Lee __u64 kprobe_res;
12ddc0027aSKui-Feng Lee __u64 kprobe_multi_res;
13ddc0027aSKui-Feng Lee __u64 kretprobe_res;
14ddc0027aSKui-Feng Lee __u64 uprobe_res;
15ddc0027aSKui-Feng Lee __u64 uretprobe_res;
16ddc0027aSKui-Feng Lee __u64 tp_res;
17ddc0027aSKui-Feng Lee __u64 pe_res;
18ddc0027aSKui-Feng Lee __u64 fentry_res;
19ddc0027aSKui-Feng Lee __u64 fexit_res;
20ddc0027aSKui-Feng Lee __u64 fmod_ret_res;
21ddc0027aSKui-Feng Lee __u64 lsm_res;
220a80cf67SAndrii Nakryiko
update(void * ctx,__u64 * res)23ddc0027aSKui-Feng Lee static void update(void *ctx, __u64 *res)
240a80cf67SAndrii Nakryiko {
250a80cf67SAndrii Nakryiko if (my_tid != (u32)bpf_get_current_pid_tgid())
260a80cf67SAndrii Nakryiko return;
270a80cf67SAndrii Nakryiko
280a80cf67SAndrii Nakryiko *res |= bpf_get_attach_cookie(ctx);
290a80cf67SAndrii Nakryiko }
300a80cf67SAndrii Nakryiko
31*5653f55eSJoanne Koong SEC("kprobe")
handle_kprobe(struct pt_regs * ctx)320a80cf67SAndrii Nakryiko int handle_kprobe(struct pt_regs *ctx)
330a80cf67SAndrii Nakryiko {
340a80cf67SAndrii Nakryiko update(ctx, &kprobe_res);
350a80cf67SAndrii Nakryiko return 0;
360a80cf67SAndrii Nakryiko }
370a80cf67SAndrii Nakryiko
38*5653f55eSJoanne Koong SEC("kretprobe")
handle_kretprobe(struct pt_regs * ctx)390a80cf67SAndrii Nakryiko int handle_kretprobe(struct pt_regs *ctx)
400a80cf67SAndrii Nakryiko {
410a80cf67SAndrii Nakryiko update(ctx, &kretprobe_res);
420a80cf67SAndrii Nakryiko return 0;
430a80cf67SAndrii Nakryiko }
440a80cf67SAndrii Nakryiko
4539f8dc43SAlan Maguire SEC("uprobe")
handle_uprobe(struct pt_regs * ctx)460a80cf67SAndrii Nakryiko int handle_uprobe(struct pt_regs *ctx)
470a80cf67SAndrii Nakryiko {
480a80cf67SAndrii Nakryiko update(ctx, &uprobe_res);
490a80cf67SAndrii Nakryiko return 0;
500a80cf67SAndrii Nakryiko }
510a80cf67SAndrii Nakryiko
5239f8dc43SAlan Maguire SEC("uretprobe")
handle_uretprobe(struct pt_regs * ctx)530a80cf67SAndrii Nakryiko int handle_uretprobe(struct pt_regs *ctx)
540a80cf67SAndrii Nakryiko {
550a80cf67SAndrii Nakryiko update(ctx, &uretprobe_res);
560a80cf67SAndrii Nakryiko return 0;
570a80cf67SAndrii Nakryiko }
580a80cf67SAndrii Nakryiko
590a80cf67SAndrii Nakryiko /* bpf_prog_array, used by kernel internally to keep track of attached BPF
600a80cf67SAndrii Nakryiko * programs to a given BPF hook (e.g., for tracepoints) doesn't allow the same
610a80cf67SAndrii Nakryiko * BPF program to be attached multiple times. So have three identical copies
620a80cf67SAndrii Nakryiko * ready to attach to the same tracepoint.
630a80cf67SAndrii Nakryiko */
640a80cf67SAndrii Nakryiko SEC("tp/syscalls/sys_enter_nanosleep")
handle_tp1(struct pt_regs * ctx)650a80cf67SAndrii Nakryiko int handle_tp1(struct pt_regs *ctx)
660a80cf67SAndrii Nakryiko {
670a80cf67SAndrii Nakryiko update(ctx, &tp_res);
680a80cf67SAndrii Nakryiko return 0;
690a80cf67SAndrii Nakryiko }
700a80cf67SAndrii Nakryiko SEC("tp/syscalls/sys_enter_nanosleep")
handle_tp2(struct pt_regs * ctx)710a80cf67SAndrii Nakryiko int handle_tp2(struct pt_regs *ctx)
720a80cf67SAndrii Nakryiko {
730a80cf67SAndrii Nakryiko update(ctx, &tp_res);
740a80cf67SAndrii Nakryiko return 0;
750a80cf67SAndrii Nakryiko }
760a80cf67SAndrii Nakryiko SEC("tp/syscalls/sys_enter_nanosleep")
handle_tp3(void * ctx)770a80cf67SAndrii Nakryiko int handle_tp3(void *ctx)
780a80cf67SAndrii Nakryiko {
790a80cf67SAndrii Nakryiko update(ctx, &tp_res);
800a80cf67SAndrii Nakryiko return 1;
810a80cf67SAndrii Nakryiko }
820a80cf67SAndrii Nakryiko
830a80cf67SAndrii Nakryiko SEC("perf_event")
handle_pe(struct pt_regs * ctx)840a80cf67SAndrii Nakryiko int handle_pe(struct pt_regs *ctx)
850a80cf67SAndrii Nakryiko {
860a80cf67SAndrii Nakryiko update(ctx, &pe_res);
870a80cf67SAndrii Nakryiko return 0;
880a80cf67SAndrii Nakryiko }
890a80cf67SAndrii Nakryiko
90ddc0027aSKui-Feng Lee SEC("fentry/bpf_fentry_test1")
BPF_PROG(fentry_test1,int a)91ddc0027aSKui-Feng Lee int BPF_PROG(fentry_test1, int a)
92ddc0027aSKui-Feng Lee {
93ddc0027aSKui-Feng Lee update(ctx, &fentry_res);
94ddc0027aSKui-Feng Lee return 0;
95ddc0027aSKui-Feng Lee }
96ddc0027aSKui-Feng Lee
97ddc0027aSKui-Feng Lee SEC("fexit/bpf_fentry_test1")
BPF_PROG(fexit_test1,int a,int ret)98ddc0027aSKui-Feng Lee int BPF_PROG(fexit_test1, int a, int ret)
99ddc0027aSKui-Feng Lee {
100ddc0027aSKui-Feng Lee update(ctx, &fexit_res);
101ddc0027aSKui-Feng Lee return 0;
102ddc0027aSKui-Feng Lee }
103ddc0027aSKui-Feng Lee
104ddc0027aSKui-Feng Lee SEC("fmod_ret/bpf_modify_return_test")
BPF_PROG(fmod_ret_test,int _a,int * _b,int _ret)105ddc0027aSKui-Feng Lee int BPF_PROG(fmod_ret_test, int _a, int *_b, int _ret)
106ddc0027aSKui-Feng Lee {
107ddc0027aSKui-Feng Lee update(ctx, &fmod_ret_res);
108ddc0027aSKui-Feng Lee return 1234;
109ddc0027aSKui-Feng Lee }
110ddc0027aSKui-Feng Lee
111ddc0027aSKui-Feng Lee SEC("lsm/file_mprotect")
BPF_PROG(test_int_hook,struct vm_area_struct * vma,unsigned long reqprot,unsigned long prot,int ret)112ddc0027aSKui-Feng Lee int BPF_PROG(test_int_hook, struct vm_area_struct *vma,
113ddc0027aSKui-Feng Lee unsigned long reqprot, unsigned long prot, int ret)
114ddc0027aSKui-Feng Lee {
115ddc0027aSKui-Feng Lee if (my_tid != (u32)bpf_get_current_pid_tgid())
116ddc0027aSKui-Feng Lee return ret;
117ddc0027aSKui-Feng Lee update(ctx, &lsm_res);
118ddc0027aSKui-Feng Lee return -EPERM;
119ddc0027aSKui-Feng Lee }
120ddc0027aSKui-Feng Lee
1210a80cf67SAndrii Nakryiko char _license[] SEC("license") = "GPL";
122