1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2023 Chuyi Zhou <zhouchuyi@bytedance.com> */ 3 4 #include "vmlinux.h" 5 #include <errno.h> 6 #include <bpf/bpf_helpers.h> 7 #include <bpf/bpf_tracing.h> 8 #include "bpf_misc.h" 9 #include "bpf_experimental.h" 10 11 char _license[] SEC("license") = "GPL"; 12 13 struct cgroup *bpf_cgroup_from_id(u64 cgid) __ksym; 14 void bpf_cgroup_release(struct cgroup *p) __ksym; 15 16 pid_t target_pid; 17 int css_task_cnt; 18 u64 cg_id; 19 20 SEC("lsm/file_mprotect") 21 int BPF_PROG(iter_css_task_for_each, struct vm_area_struct *vma, 22 unsigned long reqprot, unsigned long prot, int ret) 23 { 24 struct task_struct *cur_task = bpf_get_current_task_btf(); 25 struct cgroup_subsys_state *css; 26 struct task_struct *task; 27 struct cgroup *cgrp; 28 29 if (cur_task->pid != target_pid) 30 return ret; 31 32 cgrp = bpf_cgroup_from_id(cg_id); 33 34 if (!cgrp) 35 return -EPERM; 36 37 css = &cgrp->self; 38 css_task_cnt = 0; 39 40 bpf_for_each(css_task, task, css, CSS_TASK_ITER_PROCS) 41 if (task->pid == target_pid) 42 css_task_cnt++; 43 44 bpf_cgroup_release(cgrp); 45 46 return -EPERM; 47 } 48