1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2023 Meta Platforms, Inc. and affiliates. */ 3 4 #include "vmlinux.h" 5 #include <errno.h> 6 #include <bpf/bpf_helpers.h> 7 #include <bpf/bpf_tracing.h> 8 #include "bpf_kfuncs.h" 9 10 char _license[] SEC("license") = "GPL"; 11 12 __u32 monitored_pid; 13 __u32 found_xattr_from_file; 14 __u32 found_xattr_from_dentry; 15 16 static const char expected_value[] = "hello"; 17 char value1[32]; 18 char value2[32]; 19 20 SEC("lsm.s/file_open") 21 int BPF_PROG(test_file_open, struct file *f) 22 { 23 struct bpf_dynptr value_ptr; 24 __u32 pid; 25 int ret; 26 27 pid = bpf_get_current_pid_tgid() >> 32; 28 if (pid != monitored_pid) 29 return 0; 30 31 bpf_dynptr_from_mem(value1, sizeof(value1), 0, &value_ptr); 32 33 ret = bpf_get_file_xattr(f, "user.kfuncs", &value_ptr); 34 if (ret != sizeof(expected_value)) 35 return 0; 36 if (bpf_strncmp(value1, ret, expected_value)) 37 return 0; 38 found_xattr_from_file = 1; 39 return 0; 40 } 41 42 SEC("lsm.s/inode_getxattr") 43 int BPF_PROG(test_inode_getxattr, struct dentry *dentry, char *name) 44 { 45 struct bpf_dynptr value_ptr; 46 __u32 pid; 47 int ret; 48 49 pid = bpf_get_current_pid_tgid() >> 32; 50 if (pid != monitored_pid) 51 return 0; 52 53 bpf_dynptr_from_mem(value2, sizeof(value2), 0, &value_ptr); 54 55 ret = bpf_get_dentry_xattr(dentry, "user.kfuncs", &value_ptr); 56 if (ret != sizeof(expected_value)) 57 return 0; 58 if (bpf_strncmp(value2, ret, expected_value)) 59 return 0; 60 found_xattr_from_dentry = 1; 61 62 /* return non-zero to fail getxattr from user space */ 63 return -EINVAL; 64 } 65