Em Fri, Jun 12, 2020 at 10:57:59PM -0700, Andrii Nakryiko escreveu: > On Fri, Jun 12, 2020 at 8:45 PM Alexei Starovoitov > <alexei.starovoitov@xxxxxxxxx> wrote: > > > > On Fri, Jun 12, 2020 at 03:31:50PM -0700, Andrii Nakryiko wrote: > > > Add bpf_iter-based way to find all the processes that hold open FDs against > > > BPF object (map, prog, link, btf). Add new flag (-o, for "ownership", given > > > -p is already taken) to trigger collection and output of these PIDs. > > > > > > Sample output for each of 4 BPF objects: > > > > > > $ sudo ./bpftool -o prog show > > > 1992: cgroup_skb name egress_alt tag 9ad187367cf2b9e8 gpl > > > loaded_at 2020-06-12T14:18:10-0700 uid 0 > > > xlated 48B jited 59B memlock 4096B map_ids 2074 > > > btf_id 460 > > > pids: 913709,913732,913733,913734 > > > 2062: cgroup_device tag 8c42dee26e8cd4c2 gpl > > > loaded_at 2020-06-12T14:37:52-0700 uid 0 > > > xlated 648B jited 409B memlock 4096B > > > pids: 1 > > > > > > $ sudo ./bpftool -o map show > > > 2074: array name test_cgr.bss flags 0x400 > > > key 4B value 8B max_entries 1 memlock 8192B > > > btf_id 460 > > > pids: 913709,913732,913733,913734 > > > > > > $ sudo ./bpftool -o link show > > > 82: cgroup prog 1992 > > > cgroup_id 0 attach_type egress > > > pids: 913709,913732,913733,913734 > > > 86: cgroup prog 1992 > > > cgroup_id 0 attach_type egress > > > pids: 913709,913732,913733,913734 > > > > This is awesome. Indeed. > Thanks. > > > > > Why extra flag though? I think it's so useful that everyone would want to see Agreed. > No good reason apart from "being safe by default". If turned on by > default, bpftool would need to probe for bpf_iter support first. I can > add probing and do this by default. I think this is the way to go. > > this by default. Also the word 'pid' has kernel meaning or user space meaning? > > Looks like kernel then bpftool should say 'tid'. > > No, its process ID in user-space sense. See task->tgid in > pid_iter.bpf.c. I figured thread ID isn't all that useful. > > > Could you capture comm as well and sort it by comm, like: > > > > $ sudo ./bpftool link show > > 82: cgroup prog 1992 > > cgroup_id 0 attach_type egress > > systemd(1), firewall(913709 913732), logger(913733 913734) > > Yep, comm is useful, I'll add that. Grouping by comm is kind of a > pain, though, plus usually there will be one process only. So let me > start with doing comm (pid) for each PID independently. I think that > will be as good in practice. -- - Arnaldo
