KFunc `bpf_iter_css_task_new`

Initialize a task iterator for a cGroup.

Definition

it should be a stack allocated struct bpf_iter_css_task that is used to iterate over tasks in a cGroup. The css parameter is the cGroup subsystem state to iterate over. The flags parameter is a bitmask of flags that control the behavior of the iterator. The following flags are supported:

0: Walk all tasks in the domain.
CSS_TASK_ITER_PROCS: Walk only threadgroup leaders.
CSS_TASK_ITER_PROCS | CSS_TASK_ITER_THREADED: Walk all threaded css_sets in the domain.

int bpf_iter_css_task_new(struct bpf_iter_css_task *it, struct cgroup_subsys_state *css, unsigned int flags)

Usage

Docs could be improved

This part of the docs is incomplete, contributions are very welcome

Program types

The following program types can make use of this kfunc:

Example

// SPDX-License-Identifier: GPL-2.0
/* Copyright (C) 2023 Chuyi Zhou <zhouchuyi@bytedance.com> */

#include "vmlinux.h"
#include <errno.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
#include "bpf_misc.h"
#include "bpf_experimental.h"

char _license[] SEC("license") = "GPL";

struct cgroup *bpf_cgroup_from_id(u64 cgid) __ksym;
void bpf_cgroup_release(struct cgroup *p) __ksym;

pid_t target_pid;
int css_task_cnt;
u64 cg_id;

SEC("lsm/file_mprotect")
int BPF_PROG(iter_css_task_for_each, struct vm_area_struct *vma,
        unsigned long reqprot, unsigned long prot, int ret)
{
    struct task_struct *cur_task = bpf_get_current_task_btf();
    struct cgroup_subsys_state *css;
    struct task_struct *task;
    struct cgroup *cgrp;

    if (cur_task->pid != target_pid)
        return ret;

    cgrp = bpf_cgroup_from_id(cg_id);

    if (!cgrp)
        return -EPERM;

    css = &cgrp->self;
    css_task_cnt = 0;

    bpf_for_each(css_task, task, css, CSS_TASK_ITER_PROCS)
        if (task->pid == target_pid)
            css_task_cnt++;

    bpf_cgroup_release(cgrp);

    return -EPERM;
}

KFunc bpf_iter_css_task_new