1*830154cdSJP Kobryn // SPDX-License-Identifier: GPL-2.0
2*830154cdSJP Kobryn /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3*830154cdSJP Kobryn
4*830154cdSJP Kobryn #include "vmlinux.h"
5*830154cdSJP Kobryn #include <bpf/bpf_helpers.h>
6*830154cdSJP Kobryn
7*830154cdSJP Kobryn char _license[] SEC("license") = "GPL";
8*830154cdSJP Kobryn
9*830154cdSJP Kobryn struct {
10*830154cdSJP Kobryn __uint(type, BPF_MAP_TYPE_HASH);
11*830154cdSJP Kobryn __uint(max_entries, 1);
12*830154cdSJP Kobryn __type(key, int);
13*830154cdSJP Kobryn __type(value, int);
14*830154cdSJP Kobryn } hash_map SEC(".maps");
15*830154cdSJP Kobryn
16*830154cdSJP Kobryn struct {
17*830154cdSJP Kobryn __uint(type, BPF_MAP_TYPE_STACK);
18*830154cdSJP Kobryn __uint(max_entries, 1);
19*830154cdSJP Kobryn __type(value, int);
20*830154cdSJP Kobryn } stack_map SEC(".maps");
21*830154cdSJP Kobryn
22*830154cdSJP Kobryn struct {
23*830154cdSJP Kobryn __uint(type, BPF_MAP_TYPE_ARRAY);
24*830154cdSJP Kobryn __uint(max_entries, 1);
25*830154cdSJP Kobryn __type(key, int);
26*830154cdSJP Kobryn __type(value, int);
27*830154cdSJP Kobryn } array_map SEC(".maps");
28*830154cdSJP Kobryn
29*830154cdSJP Kobryn const volatile pid_t pid;
30*830154cdSJP Kobryn long err = 0;
31*830154cdSJP Kobryn
callback(u64 map,u64 key,u64 val,u64 ctx,u64 flags)32*830154cdSJP Kobryn static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
33*830154cdSJP Kobryn {
34*830154cdSJP Kobryn return 0;
35*830154cdSJP Kobryn }
36*830154cdSJP Kobryn
37*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_getpid")
map_update(void * ctx)38*830154cdSJP Kobryn int map_update(void *ctx)
39*830154cdSJP Kobryn {
40*830154cdSJP Kobryn const int key = 0;
41*830154cdSJP Kobryn const int val = 1;
42*830154cdSJP Kobryn
43*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
44*830154cdSJP Kobryn return 0;
45*830154cdSJP Kobryn
46*830154cdSJP Kobryn err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
47*830154cdSJP Kobryn
48*830154cdSJP Kobryn return 0;
49*830154cdSJP Kobryn }
50*830154cdSJP Kobryn
51*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_getppid")
map_delete(void * ctx)52*830154cdSJP Kobryn int map_delete(void *ctx)
53*830154cdSJP Kobryn {
54*830154cdSJP Kobryn const int key = 0;
55*830154cdSJP Kobryn
56*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
57*830154cdSJP Kobryn return 0;
58*830154cdSJP Kobryn
59*830154cdSJP Kobryn err = bpf_map_delete_elem(&hash_map, &key);
60*830154cdSJP Kobryn
61*830154cdSJP Kobryn return 0;
62*830154cdSJP Kobryn }
63*830154cdSJP Kobryn
64*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_getuid")
map_push(void * ctx)65*830154cdSJP Kobryn int map_push(void *ctx)
66*830154cdSJP Kobryn {
67*830154cdSJP Kobryn const int val = 1;
68*830154cdSJP Kobryn
69*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
70*830154cdSJP Kobryn return 0;
71*830154cdSJP Kobryn
72*830154cdSJP Kobryn err = bpf_map_push_elem(&stack_map, &val, 0);
73*830154cdSJP Kobryn
74*830154cdSJP Kobryn return 0;
75*830154cdSJP Kobryn }
76*830154cdSJP Kobryn
77*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_geteuid")
map_pop(void * ctx)78*830154cdSJP Kobryn int map_pop(void *ctx)
79*830154cdSJP Kobryn {
80*830154cdSJP Kobryn int val;
81*830154cdSJP Kobryn
82*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
83*830154cdSJP Kobryn return 0;
84*830154cdSJP Kobryn
85*830154cdSJP Kobryn err = bpf_map_pop_elem(&stack_map, &val);
86*830154cdSJP Kobryn
87*830154cdSJP Kobryn return 0;
88*830154cdSJP Kobryn }
89*830154cdSJP Kobryn
90*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_getgid")
map_peek(void * ctx)91*830154cdSJP Kobryn int map_peek(void *ctx)
92*830154cdSJP Kobryn {
93*830154cdSJP Kobryn int val;
94*830154cdSJP Kobryn
95*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
96*830154cdSJP Kobryn return 0;
97*830154cdSJP Kobryn
98*830154cdSJP Kobryn err = bpf_map_peek_elem(&stack_map, &val);
99*830154cdSJP Kobryn
100*830154cdSJP Kobryn return 0;
101*830154cdSJP Kobryn }
102*830154cdSJP Kobryn
103*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_gettid")
map_for_each_pass(void * ctx)104*830154cdSJP Kobryn int map_for_each_pass(void *ctx)
105*830154cdSJP Kobryn {
106*830154cdSJP Kobryn const int key = 0;
107*830154cdSJP Kobryn const int val = 1;
108*830154cdSJP Kobryn const u64 flags = 0;
109*830154cdSJP Kobryn int callback_ctx;
110*830154cdSJP Kobryn
111*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
112*830154cdSJP Kobryn return 0;
113*830154cdSJP Kobryn
114*830154cdSJP Kobryn bpf_map_update_elem(&array_map, &key, &val, flags);
115*830154cdSJP Kobryn
116*830154cdSJP Kobryn err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
117*830154cdSJP Kobryn
118*830154cdSJP Kobryn return 0;
119*830154cdSJP Kobryn }
120*830154cdSJP Kobryn
121*830154cdSJP Kobryn SEC("tp/syscalls/sys_enter_getpgid")
map_for_each_fail(void * ctx)122*830154cdSJP Kobryn int map_for_each_fail(void *ctx)
123*830154cdSJP Kobryn {
124*830154cdSJP Kobryn const int key = 0;
125*830154cdSJP Kobryn const int val = 1;
126*830154cdSJP Kobryn const u64 flags = BPF_NOEXIST;
127*830154cdSJP Kobryn int callback_ctx;
128*830154cdSJP Kobryn
129*830154cdSJP Kobryn if (pid != (bpf_get_current_pid_tgid() >> 32))
130*830154cdSJP Kobryn return 0;
131*830154cdSJP Kobryn
132*830154cdSJP Kobryn bpf_map_update_elem(&array_map, &key, &val, flags);
133*830154cdSJP Kobryn
134*830154cdSJP Kobryn /* calling for_each with non-zero flags will return error */
135*830154cdSJP Kobryn err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
136*830154cdSJP Kobryn
137*830154cdSJP Kobryn return 0;
138*830154cdSJP Kobryn }
139