1// SPDX-License-Identifier: GPL-2.0 2 3/* 4 * Copyright 2020 Google LLC. 5 */ 6 7#include "vmlinux.h" 8#include <errno.h> 9#include <bpf/bpf_core_read.h> 10#include <bpf/bpf_helpers.h> 11#include <bpf/bpf_tracing.h> 12#include "bpf_misc.h" 13 14struct { 15 __uint(type, BPF_MAP_TYPE_ARRAY); 16 __uint(max_entries, 1); 17 __type(key, __u32); 18 __type(value, __u64); 19} array SEC(".maps"); 20 21struct { 22 __uint(type, BPF_MAP_TYPE_HASH); 23 __uint(max_entries, 1); 24 __type(key, __u32); 25 __type(value, __u64); 26} hash SEC(".maps"); 27 28struct { 29 __uint(type, BPF_MAP_TYPE_LRU_HASH); 30 __uint(max_entries, 1); 31 __type(key, __u32); 32 __type(value, __u64); 33} lru_hash SEC(".maps"); 34 35struct { 36 __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY); 37 __uint(max_entries, 1); 38 __type(key, __u32); 39 __type(value, __u64); 40} percpu_array SEC(".maps"); 41 42struct { 43 __uint(type, BPF_MAP_TYPE_PERCPU_HASH); 44 __uint(max_entries, 1); 45 __type(key, __u32); 46 __type(value, __u64); 47} percpu_hash SEC(".maps"); 48 49struct { 50 __uint(type, BPF_MAP_TYPE_LRU_PERCPU_HASH); 51 __uint(max_entries, 1); 52 __type(key, __u32); 53 __type(value, __u64); 54} lru_percpu_hash SEC(".maps"); 55 56struct inner_map { 57 __uint(type, BPF_MAP_TYPE_ARRAY); 58 __uint(max_entries, 1); 59 __type(key, int); 60 __type(value, __u64); 61} inner_map SEC(".maps"); 62 63struct outer_arr { 64 __uint(type, BPF_MAP_TYPE_ARRAY_OF_MAPS); 65 __uint(max_entries, 1); 66 __uint(key_size, sizeof(int)); 67 __uint(value_size, sizeof(int)); 68 __array(values, struct inner_map); 69} outer_arr SEC(".maps") = { 70 .values = { [0] = &inner_map }, 71}; 72 73struct outer_hash { 74 __uint(type, BPF_MAP_TYPE_HASH_OF_MAPS); 75 __uint(max_entries, 1); 76 __uint(key_size, sizeof(int)); 77 __array(values, struct inner_map); 78} outer_hash SEC(".maps") = { 79 .values = { [0] = &inner_map }, 80}; 81 82char _license[] SEC("license") = "GPL"; 83 84int monitored_pid = 0; 85int mprotect_count = 0; 86int bprm_count = 0; 87 88SEC("lsm/file_mprotect") 89int BPF_PROG(test_int_hook, struct vm_area_struct *vma, 90 unsigned long reqprot, unsigned long prot, int ret) 91{ 92 if (ret != 0) 93 return ret; 94 95 __s32 pid = bpf_get_current_pid_tgid() >> 32; 96 int is_stack = 0; 97 98 is_stack = (vma->vm_start <= vma->vm_mm->start_stack && 99 vma->vm_end >= vma->vm_mm->start_stack); 100 101 if (is_stack && monitored_pid == pid) { 102 mprotect_count++; 103 ret = -EPERM; 104 } 105 106 return ret; 107} 108 109SEC("lsm.s/bprm_committed_creds") 110int BPF_PROG(test_void_hook, struct linux_binprm *bprm) 111{ 112 __u32 pid = bpf_get_current_pid_tgid() >> 32; 113 struct inner_map *inner_map; 114 char args[64]; 115 __u32 key = 0; 116 __u64 *value; 117 118 if (monitored_pid == pid) 119 bprm_count++; 120 121 bpf_copy_from_user(args, sizeof(args), (void *)bprm->vma->vm_mm->arg_start); 122 bpf_copy_from_user(args, sizeof(args), (void *)bprm->mm->arg_start); 123 124 value = bpf_map_lookup_elem(&array, &key); 125 if (value) 126 *value = 0; 127 value = bpf_map_lookup_elem(&hash, &key); 128 if (value) 129 *value = 0; 130 value = bpf_map_lookup_elem(&lru_hash, &key); 131 if (value) 132 *value = 0; 133 value = bpf_map_lookup_elem(&percpu_array, &key); 134 if (value) 135 *value = 0; 136 value = bpf_map_lookup_elem(&percpu_hash, &key); 137 if (value) 138 *value = 0; 139 value = bpf_map_lookup_elem(&lru_percpu_hash, &key); 140 if (value) 141 *value = 0; 142 inner_map = bpf_map_lookup_elem(&outer_arr, &key); 143 if (inner_map) { 144 value = bpf_map_lookup_elem(inner_map, &key); 145 if (value) 146 *value = 0; 147 } 148 inner_map = bpf_map_lookup_elem(&outer_hash, &key); 149 if (inner_map) { 150 value = bpf_map_lookup_elem(inner_map, &key); 151 if (value) 152 *value = 0; 153 } 154 155 return 0; 156} 157SEC("lsm/task_free") /* lsm/ is ok, lsm.s/ fails */ 158int BPF_PROG(test_task_free, struct task_struct *task) 159{ 160 return 0; 161} 162 163int copy_test = 0; 164 165SEC("fentry.s/" SYS_PREFIX "sys_setdomainname") 166int BPF_PROG(test_sys_setdomainname, struct pt_regs *regs) 167{ 168 void *ptr = (void *)PT_REGS_PARM1_SYSCALL(regs); 169 int len = PT_REGS_PARM2_SYSCALL(regs); 170 int buf = 0; 171 long ret; 172 173 ret = bpf_copy_from_user(&buf, sizeof(buf), ptr); 174 if (len == -2 && ret == 0 && buf == 1234) 175 copy_test++; 176 if (len == -3 && ret == -EFAULT) 177 copy_test++; 178 if (len == -4 && ret == -EFAULT) 179 copy_test++; 180 return 0; 181} 182