1// SPDX-License-Identifier: GPL-2.0 2/* Copyright (c) 2021 Facebook */ 3 4#include "vmlinux.h" 5#include <bpf/bpf_helpers.h> 6#include <bpf/bpf_tracing.h> 7#include <errno.h> 8 9int my_tid; 10 11__u64 kprobe_res; 12__u64 kprobe_multi_res; 13__u64 kretprobe_res; 14__u64 uprobe_res; 15__u64 uretprobe_res; 16__u64 tp_res; 17__u64 pe_res; 18__u64 raw_tp_res; 19__u64 tp_btf_res; 20__u64 fentry_res; 21__u64 fexit_res; 22__u64 fmod_ret_res; 23__u64 lsm_res; 24 25static void update(void *ctx, __u64 *res) 26{ 27 if (my_tid != (u32)bpf_get_current_pid_tgid()) 28 return; 29 30 *res |= bpf_get_attach_cookie(ctx); 31} 32 33SEC("kprobe") 34int handle_kprobe(struct pt_regs *ctx) 35{ 36 update(ctx, &kprobe_res); 37 return 0; 38} 39 40SEC("kretprobe") 41int handle_kretprobe(struct pt_regs *ctx) 42{ 43 update(ctx, &kretprobe_res); 44 return 0; 45} 46 47SEC("uprobe") 48int handle_uprobe(struct pt_regs *ctx) 49{ 50 update(ctx, &uprobe_res); 51 return 0; 52} 53 54SEC("uretprobe") 55int handle_uretprobe(struct pt_regs *ctx) 56{ 57 update(ctx, &uretprobe_res); 58 return 0; 59} 60 61/* bpf_prog_array, used by kernel internally to keep track of attached BPF 62 * programs to a given BPF hook (e.g., for tracepoints) doesn't allow the same 63 * BPF program to be attached multiple times. So have three identical copies 64 * ready to attach to the same tracepoint. 65 */ 66SEC("tp/syscalls/sys_enter_nanosleep") 67int handle_tp1(struct pt_regs *ctx) 68{ 69 update(ctx, &tp_res); 70 return 0; 71} 72SEC("tp/syscalls/sys_enter_nanosleep") 73int handle_tp2(struct pt_regs *ctx) 74{ 75 update(ctx, &tp_res); 76 return 0; 77} 78SEC("tp/syscalls/sys_enter_nanosleep") 79int handle_tp3(void *ctx) 80{ 81 update(ctx, &tp_res); 82 return 1; 83} 84 85SEC("perf_event") 86int handle_pe(struct pt_regs *ctx) 87{ 88 update(ctx, &pe_res); 89 return 0; 90} 91 92SEC("raw_tp/sys_enter") 93int handle_raw_tp(void *ctx) 94{ 95 update(ctx, &raw_tp_res); 96 return 0; 97} 98 99SEC("tp_btf/sys_enter") 100int handle_tp_btf(void *ctx) 101{ 102 update(ctx, &tp_btf_res); 103 return 0; 104} 105 106SEC("fentry/bpf_fentry_test1") 107int BPF_PROG(fentry_test1, int a) 108{ 109 update(ctx, &fentry_res); 110 return 0; 111} 112 113SEC("fexit/bpf_fentry_test1") 114int BPF_PROG(fexit_test1, int a, int ret) 115{ 116 update(ctx, &fexit_res); 117 return 0; 118} 119 120SEC("fmod_ret/bpf_modify_return_test") 121int BPF_PROG(fmod_ret_test, int _a, int *_b, int _ret) 122{ 123 update(ctx, &fmod_ret_res); 124 return 1234; 125} 126 127SEC("lsm/file_mprotect") 128int BPF_PROG(test_int_hook, struct vm_area_struct *vma, 129 unsigned long reqprot, unsigned long prot, int ret) 130{ 131 if (my_tid != (u32)bpf_get_current_pid_tgid()) 132 return ret; 133 update(ctx, &lsm_res); 134 return -EPERM; 135} 136 137char _license[] SEC("license") = "GPL"; 138