// SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2023 Bytedance */ #include <vmlinux.h> #include <bpf/bpf_tracing.h> #include <bpf/bpf_helpers.h> #include "bpf_misc.h" struct cgroup *bpf_cgroup_from_id(u64 cgid) __ksym; long bpf_task_under_cgroup(struct task_struct *task, struct cgroup *ancestor) __ksym; void bpf_cgroup_release(struct cgroup *p) __ksym; struct task_struct *bpf_task_acquire(struct task_struct *p) __ksym; void bpf_task_release(struct task_struct *p) __ksym; const volatile int local_pid; const volatile __u64 cgid; int remote_pid; SEC("tp_btf/task_newtask") int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags) { struct cgroup *cgrp = NULL; struct task_struct *acquired; if (local_pid != (bpf_get_current_pid_tgid() >> 32)) return 0; acquired = bpf_task_acquire(task); if (!acquired) return 0; if (local_pid == acquired->tgid) goto out; cgrp = bpf_cgroup_from_id(cgid); if (!cgrp) goto out; if (bpf_task_under_cgroup(acquired, cgrp)) remote_pid = acquired->tgid; out: if (cgrp) bpf_cgroup_release(cgrp); bpf_task_release(acquired); return 0; } SEC("lsm.s/bpf") int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size) { struct cgroup *cgrp = NULL; struct task_struct *task; int ret = 0; task = bpf_get_current_task_btf(); if (local_pid != task->pid) return 0; if (cmd != BPF_LINK_CREATE) return 0; /* 1 is the root cgroup */ cgrp = bpf_cgroup_from_id(1); if (!cgrp) goto out; if (!bpf_task_under_cgroup(task, cgrp)) ret = -1; bpf_cgroup_release(cgrp); out: return ret; } char _license[] SEC("license") = "GPL";