1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3 
4 #include "vmlinux.h"
5 #include <bpf/bpf_helpers.h>
6 
7 char _license[] SEC("license") = "GPL";
8 
9 struct {
10 	__uint(type, BPF_MAP_TYPE_HASH);
11 	__uint(max_entries, 1);
12 	__type(key, int);
13 	__type(value, int);
14 } hash_map SEC(".maps");
15 
16 struct {
17 	__uint(type, BPF_MAP_TYPE_STACK);
18 	__uint(max_entries, 1);
19 	__type(value, int);
20 } stack_map SEC(".maps");
21 
22 struct {
23 	__uint(type, BPF_MAP_TYPE_ARRAY);
24 	__uint(max_entries, 1);
25 	__type(key, int);
26 	__type(value, int);
27 } array_map SEC(".maps");
28 
29 const volatile pid_t pid;
30 long err = 0;
31 
callback(u64 map,u64 key,u64 val,u64 ctx,u64 flags)32 static u64 callback(u64 map, u64 key, u64 val, u64 ctx, u64 flags)
33 {
34 	return 0;
35 }
36 
37 SEC("tp/syscalls/sys_enter_getpid")
map_update(void * ctx)38 int map_update(void *ctx)
39 {
40 	const int key = 0;
41 	const int val = 1;
42 
43 	if (pid != (bpf_get_current_pid_tgid() >> 32))
44 		return 0;
45 
46 	err = bpf_map_update_elem(&hash_map, &key, &val, BPF_NOEXIST);
47 
48 	return 0;
49 }
50 
51 SEC("tp/syscalls/sys_enter_getppid")
map_delete(void * ctx)52 int map_delete(void *ctx)
53 {
54 	const int key = 0;
55 
56 	if (pid != (bpf_get_current_pid_tgid() >> 32))
57 		return 0;
58 
59 	err = bpf_map_delete_elem(&hash_map, &key);
60 
61 	return 0;
62 }
63 
64 SEC("tp/syscalls/sys_enter_getuid")
map_push(void * ctx)65 int map_push(void *ctx)
66 {
67 	const int val = 1;
68 
69 	if (pid != (bpf_get_current_pid_tgid() >> 32))
70 		return 0;
71 
72 	err = bpf_map_push_elem(&stack_map, &val, 0);
73 
74 	return 0;
75 }
76 
77 SEC("tp/syscalls/sys_enter_geteuid")
map_pop(void * ctx)78 int map_pop(void *ctx)
79 {
80 	int val;
81 
82 	if (pid != (bpf_get_current_pid_tgid() >> 32))
83 		return 0;
84 
85 	err = bpf_map_pop_elem(&stack_map, &val);
86 
87 	return 0;
88 }
89 
90 SEC("tp/syscalls/sys_enter_getgid")
map_peek(void * ctx)91 int map_peek(void *ctx)
92 {
93 	int val;
94 
95 	if (pid != (bpf_get_current_pid_tgid() >> 32))
96 		return 0;
97 
98 	err = bpf_map_peek_elem(&stack_map, &val);
99 
100 	return 0;
101 }
102 
103 SEC("tp/syscalls/sys_enter_gettid")
map_for_each_pass(void * ctx)104 int map_for_each_pass(void *ctx)
105 {
106 	const int key = 0;
107 	const int val = 1;
108 	const u64 flags = 0;
109 	int callback_ctx;
110 
111 	if (pid != (bpf_get_current_pid_tgid() >> 32))
112 		return 0;
113 
114 	bpf_map_update_elem(&array_map, &key, &val, flags);
115 
116 	err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
117 
118 	return 0;
119 }
120 
121 SEC("tp/syscalls/sys_enter_getpgid")
map_for_each_fail(void * ctx)122 int map_for_each_fail(void *ctx)
123 {
124 	const int key = 0;
125 	const int val = 1;
126 	const u64 flags = BPF_NOEXIST;
127 	int callback_ctx;
128 
129 	if (pid != (bpf_get_current_pid_tgid() >> 32))
130 		return 0;
131 
132 	bpf_map_update_elem(&array_map, &key, &val, flags);
133 
134 	/* calling for_each with non-zero flags will return error */
135 	err = bpf_for_each_map_elem(&array_map, callback, &callback_ctx, flags);
136 
137 	return 0;
138 }
139