tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */
3
4#include "vmlinux.h"
5#include <errno.h>
6#include <bpf/bpf_helpers.h>
7#include <bpf/bpf_tracing.h>
8#include "bpf_kfuncs.h"
9
10char _license[] SEC("license") = "GPL";
11
12__u32 monitored_pid;
13__u32 found_xattr_from_file;
14__u32 found_xattr_from_dentry;
15
16static const char expected_value[] = "hello";
17char value1[32];
18char value2[32];
19
20SEC("lsm.s/file_open")
21int BPF_PROG(test_file_open, struct file *f)
22{
23 struct bpf_dynptr value_ptr;
24 __u32 pid;
25 int ret;
26
27 pid = bpf_get_current_pid_tgid() >> 32;
28 if (pid != monitored_pid)
29 return 0;
30
31 bpf_dynptr_from_mem(value1, sizeof(value1), 0, &value_ptr);
32
33 ret = bpf_get_file_xattr(f, "user.kfuncs", &value_ptr);
34 if (ret != sizeof(expected_value))
35 return 0;
36 if (bpf_strncmp(value1, ret, expected_value))
37 return 0;
38 found_xattr_from_file = 1;
39 return 0;
40}
41
42SEC("lsm.s/inode_getxattr")
43int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name)
44{
45 struct bpf_dynptr value_ptr;
46 __u32 pid;
47 int ret;
48
49 pid = bpf_get_current_pid_tgid() >> 32;
50 if (pid != monitored_pid)
51 return 0;
52
53 bpf_dynptr_from_mem(value2, sizeof(value2), 0, &value_ptr);
54
55 ret = bpf_get_dentry_xattr(dentry, "user.kfuncs", &value_ptr);
56 if (ret != sizeof(expected_value))
57 return 0;
58 if (bpf_strncmp(value2, ret, expected_value))
59 return 0;
60 found_xattr_from_dentry = 1;
61
62 /* return non-zero to fail getxattr from user space */
63 return -EINVAL;
64}