1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (c) 2023 Bytedance */ 3 4 #include <vmlinux.h> 5 #include <bpf/bpf_tracing.h> 6 #include <bpf/bpf_helpers.h> 7 8 #include "bpf_misc.h" 9 10 struct cgroup *bpf_cgroup_from_id(u64 cgid) __ksym; 11 long bpf_task_under_cgroup(struct task_struct *task, struct cgroup *ancestor) __ksym; 12 void bpf_cgroup_release(struct cgroup *p) __ksym; 13 struct task_struct *bpf_task_acquire(struct task_struct *p) __ksym; 14 void bpf_task_release(struct task_struct *p) __ksym; 15 16 const volatile int local_pid; 17 const volatile __u64 cgid; 18 int remote_pid; 19 20 SEC("tp_btf/task_newtask") 21 int BPF_PROG(tp_btf_run, struct task_struct *task, u64 clone_flags) 22 { 23 struct cgroup *cgrp = NULL; 24 struct task_struct *acquired; 25 26 if (local_pid != (bpf_get_current_pid_tgid() >> 32)) 27 return 0; 28 29 acquired = bpf_task_acquire(task); 30 if (!acquired) 31 return 0; 32 33 if (local_pid == acquired->tgid) 34 goto out; 35 36 cgrp = bpf_cgroup_from_id(cgid); 37 if (!cgrp) 38 goto out; 39 40 if (bpf_task_under_cgroup(acquired, cgrp)) 41 remote_pid = acquired->tgid; 42 43 out: 44 if (cgrp) 45 bpf_cgroup_release(cgrp); 46 bpf_task_release(acquired); 47 48 return 0; 49 } 50 51 SEC("lsm.s/bpf") 52 int BPF_PROG(lsm_run, int cmd, union bpf_attr *attr, unsigned int size) 53 { 54 struct cgroup *cgrp = NULL; 55 struct task_struct *task; 56 int ret = 0; 57 58 task = bpf_get_current_task_btf(); 59 if (local_pid != task->pid) 60 return 0; 61 62 if (cmd != BPF_LINK_CREATE) 63 return 0; 64 65 /* 1 is the root cgroup */ 66 cgrp = bpf_cgroup_from_id(1); 67 if (!cgrp) 68 goto out; 69 if (!bpf_task_under_cgroup(task, cgrp)) 70 ret = -1; 71 bpf_cgroup_release(cgrp); 72 73 out: 74 return ret; 75 } 76 77 char _license[] SEC("license") = "GPL"; 78