Loading...
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3
4#include "vmlinux.h"
5#include <bpf/bpf_helpers.h>
6
7char _license[] SEC("license") = "GPL";
8
9struct {
10 __uint(type, BPF_MAP_TYPE_HASH);
11 __uint(max_entries, 1);
12 __type(key, int);
13 __type(value, int);
14} hash_map SEC(".maps");
15
16struct {
17 __uint(type, BPF_MAP_TYPE_STACK);
18 __uint(max_entries, 1);
19 __type(value, int);
20} stack_map SEC(".maps");
21
22struct {
23 __uint(type, BPF_MAP_TYPE_ARRAY);
24 __uint(max_entries, 1);
25 __type(key, int);
26 __type(value, int);
27} array_map SEC(".maps");
28
29const volatile pid_t pid;
30long err = 0;
31
32static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
33{
34 return 0;
35}
36
37SEC("tp/syscalls/sys_enter_getpid")
38int map_update(void *ctx)
39{
40 const int key = 0;
41 const int val = 1;
42
43 if (pid != (bpf_get_current_pid_tgid() >> 32))
44 return 0;
45
46 err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
47
48 return 0;
49}
50
51SEC("tp/syscalls/sys_enter_getppid")
52int map_delete(void *ctx)
53{
54 const int key = 0;
55
56 if (pid != (bpf_get_current_pid_tgid() >> 32))
57 return 0;
58
59 err = bpf_map_delete_elem(&hash_map, &key);
60
61 return 0;
62}
63
64SEC("tp/syscalls/sys_enter_getuid")
65int map_push(void *ctx)
66{
67 const int val = 1;
68
69 if (pid != (bpf_get_current_pid_tgid() >> 32))
70 return 0;
71
72 err = bpf_map_push_elem(&stack_map, &val, 0);
73
74 return 0;
75}
76
77SEC("tp/syscalls/sys_enter_geteuid")
78int map_pop(void *ctx)
79{
80 int val;
81
82 if (pid != (bpf_get_current_pid_tgid() >> 32))
83 return 0;
84
85 err = bpf_map_pop_elem(&stack_map, &val);
86
87 return 0;
88}
89
90SEC("tp/syscalls/sys_enter_getgid")
91int map_peek(void *ctx)
92{
93 int val;
94
95 if (pid != (bpf_get_current_pid_tgid() >> 32))
96 return 0;
97
98 err = bpf_map_peek_elem(&stack_map, &val);
99
100 return 0;
101}
102
103SEC("tp/syscalls/sys_enter_gettid")
104int map_for_each_pass(void *ctx)
105{
106 const int key = 0;
107 const int val = 1;
108 const u64 flags = 0;
109 int callback_ctx;
110
111 if (pid != (bpf_get_current_pid_tgid() >> 32))
112 return 0;
113
114 bpf_map_update_elem(&array_map, &key, &val, flags);
115
116 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
117
118 return 0;
119}
120
121SEC("tp/syscalls/sys_enter_getpgid")
122int map_for_each_fail(void *ctx)
123{
124 const int key = 0;
125 const int val = 1;
126 const u64 flags = BPF_NOEXIST;
127 int callback_ctx;
128
129 if (pid != (bpf_get_current_pid_tgid() >> 32))
130 return 0;
131
132 bpf_map_update_elem(&array_map, &key, &val, flags);
133
134 /* calling for_each with non-zero flags will return error */
135 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
136
137 return 0;
138}
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3
4#include "vmlinux.h"
5#include <bpf/bpf_helpers.h>
6
7char _license[] SEC("license") = "GPL";
8
9struct {
10 __uint(type, BPF_MAP_TYPE_HASH);
11 __uint(max_entries, 1);
12 __type(key, int);
13 __type(value, int);
14} hash_map SEC(".maps");
15
16struct {
17 __uint(type, BPF_MAP_TYPE_STACK);
18 __uint(max_entries, 1);
19 __type(value, int);
20} stack_map SEC(".maps");
21
22struct {
23 __uint(type, BPF_MAP_TYPE_ARRAY);
24 __uint(max_entries, 1);
25 __type(key, int);
26 __type(value, int);
27} array_map SEC(".maps");
28
29const volatile pid_t pid;
30long err = 0;
31
32static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
33{
34 return 0;
35}
36
37SEC("tp/syscalls/sys_enter_getpid")
38int map_update(void *ctx)
39{
40 const int key = 0;
41 const int val = 1;
42
43 if (pid != (bpf_get_current_pid_tgid() >> 32))
44 return 0;
45
46 err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
47
48 return 0;
49}
50
51SEC("tp/syscalls/sys_enter_getppid")
52int map_delete(void *ctx)
53{
54 const int key = 0;
55
56 if (pid != (bpf_get_current_pid_tgid() >> 32))
57 return 0;
58
59 err = bpf_map_delete_elem(&hash_map, &key);
60
61 return 0;
62}
63
64SEC("tp/syscalls/sys_enter_getuid")
65int map_push(void *ctx)
66{
67 const int val = 1;
68
69 if (pid != (bpf_get_current_pid_tgid() >> 32))
70 return 0;
71
72 err = bpf_map_push_elem(&stack_map, &val, 0);
73
74 return 0;
75}
76
77SEC("tp/syscalls/sys_enter_geteuid")
78int map_pop(void *ctx)
79{
80 int val;
81
82 if (pid != (bpf_get_current_pid_tgid() >> 32))
83 return 0;
84
85 err = bpf_map_pop_elem(&stack_map, &val);
86
87 return 0;
88}
89
90SEC("tp/syscalls/sys_enter_getgid")
91int map_peek(void *ctx)
92{
93 int val;
94
95 if (pid != (bpf_get_current_pid_tgid() >> 32))
96 return 0;
97
98 err = bpf_map_peek_elem(&stack_map, &val);
99
100 return 0;
101}
102
103SEC("tp/syscalls/sys_enter_gettid")
104int map_for_each_pass(void *ctx)
105{
106 const int key = 0;
107 const int val = 1;
108 const u64 flags = 0;
109 int callback_ctx;
110
111 if (pid != (bpf_get_current_pid_tgid() >> 32))
112 return 0;
113
114 bpf_map_update_elem(&array_map, &key, &val, flags);
115
116 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
117
118 return 0;
119}
120
121SEC("tp/syscalls/sys_enter_getpgid")
122int map_for_each_fail(void *ctx)
123{
124 const int key = 0;
125 const int val = 1;
126 const u64 flags = BPF_NOEXIST;
127 int callback_ctx;
128
129 if (pid != (bpf_get_current_pid_tgid() >> 32))
130 return 0;
131
132 bpf_map_update_elem(&array_map, &key, &val, flags);
133
134 /* calling for_each with non-zero flags will return error */
135 err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
136
137 return 0;
138}