1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2021 Facebook */ 3 4 #include "vmlinux.h" 5 #include <bpf/bpf_helpers.h> 6 #include <bpf/bpf_tracing.h> 7 #include <errno.h> 8 9 int my_tid; 10 11 __u64 kprobe_res; 12 __u64 kprobe_multi_res; 13 __u64 kretprobe_res; 14 __u64 uprobe_res; 15 __u64 uretprobe_res; 16 __u64 tp_res; 17 __u64 pe_res; 18 __u64 fentry_res; 19 __u64 fexit_res; 20 __u64 fmod_ret_res; 21 __u64 lsm_res; 22 23 static void update(void *ctx, __u64 *res) 24 { 25 if (my_tid != (u32)bpf_get_current_pid_tgid()) 26 return; 27 28 *res |= bpf_get_attach_cookie(ctx); 29 } 30 31 SEC("kprobe/sys_nanosleep") 32 int handle_kprobe(struct pt_regs *ctx) 33 { 34 update(ctx, &kprobe_res); 35 return 0; 36 } 37 38 SEC("kretprobe/sys_nanosleep") 39 int handle_kretprobe(struct pt_regs *ctx) 40 { 41 update(ctx, &kretprobe_res); 42 return 0; 43 } 44 45 SEC("uprobe") 46 int handle_uprobe(struct pt_regs *ctx) 47 { 48 update(ctx, &uprobe_res); 49 return 0; 50 } 51 52 SEC("uretprobe") 53 int handle_uretprobe(struct pt_regs *ctx) 54 { 55 update(ctx, &uretprobe_res); 56 return 0; 57 } 58 59 /* bpf_prog_array, used by kernel internally to keep track of attached BPF 60 * programs to a given BPF hook (e.g., for tracepoints) doesn't allow the same 61 * BPF program to be attached multiple times. So have three identical copies 62 * ready to attach to the same tracepoint. 63 */ 64 SEC("tp/syscalls/sys_enter_nanosleep") 65 int handle_tp1(struct pt_regs *ctx) 66 { 67 update(ctx, &tp_res); 68 return 0; 69 } 70 SEC("tp/syscalls/sys_enter_nanosleep") 71 int handle_tp2(struct pt_regs *ctx) 72 { 73 update(ctx, &tp_res); 74 return 0; 75 } 76 SEC("tp/syscalls/sys_enter_nanosleep") 77 int handle_tp3(void *ctx) 78 { 79 update(ctx, &tp_res); 80 return 1; 81 } 82 83 SEC("perf_event") 84 int handle_pe(struct pt_regs *ctx) 85 { 86 update(ctx, &pe_res); 87 return 0; 88 } 89 90 SEC("fentry/bpf_fentry_test1") 91 int BPF_PROG(fentry_test1, int a) 92 { 93 update(ctx, &fentry_res); 94 return 0; 95 } 96 97 SEC("fexit/bpf_fentry_test1") 98 int BPF_PROG(fexit_test1, int a, int ret) 99 { 100 update(ctx, &fexit_res); 101 return 0; 102 } 103 104 SEC("fmod_ret/bpf_modify_return_test") 105 int BPF_PROG(fmod_ret_test, int _a, int *_b, int _ret) 106 { 107 update(ctx, &fmod_ret_res); 108 return 1234; 109 } 110 111 SEC("lsm/file_mprotect") 112 int BPF_PROG(test_int_hook, struct vm_area_struct *vma, 113 unsigned long reqprot, unsigned long prot, int ret) 114 { 115 if (my_tid != (u32)bpf_get_current_pid_tgid()) 116 return ret; 117 update(ctx, &lsm_res); 118 return -EPERM; 119 } 120 121 char _license[] SEC("license") = "GPL"; 122