On Tue, Nov 3, 2020 at 4:04 PM Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> wrote: > > On Tue, Nov 03, 2020 at 02:19:22PM -0500, Kenny Ho wrote: > > On Tue, Nov 3, 2020 at 12:43 AM Alexei Starovoitov > > <alexei.starovoitov@xxxxxxxxx> wrote: > > > On Mon, Nov 2, 2020 at 9:39 PM Kenny Ho <y2kenny@xxxxxxxxx> wrote: > > Sounds like either bpf_lsm needs to be made aware of cgv2 (which would > be a great thing to have regardless) or cgroup-bpf needs a drm/gpu specific hook. > I think generic ioctl hook is too broad for this use case. > I suspect drm/gpu internal state would be easier to access inside > bpf program if the hook is next to gpu/drm. At ioctl level there is 'file'. > It's probably too abstract for the things you want to do. > Like how VRAM/shader/etc can be accessed through file? > Probably possible through a bunch of lookups and dereferences, but > if the hook is custom to GPU that info is likely readily available. > Then such cgroup-bpf check would be suitable in execution paths where > ioctl-based hook would be too slow. Just to clarify, when you say drm specific hook, did you mean just a unique attach_type or a unique prog_type+attach_type combination? (I am still a bit fuzzy on when a new prog type is needed vs a new attach type. I think prog type is associated with a unique type of context that the bpf prog will get but I could be missing some nuances.) When I was thinking of doing an ioctl wide hook, the file would be the device file and the thinking was to have a helper function provided by device drivers to further disambiguate. For our (AMD's) driver, we have a bunch of ioctls for set/get/create/destroy (https://elixir.bootlin.com/linux/latest/source/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c#L1763) so the bpf prog can make the decision after the disambiguation. For example, we have an ioctl called "kfd_ioctl_set_cu_mask." You can think of cu_mask like cpumask but for the cores/compute-unit inside a GPU. The ioctl hook will get the file, the bpf prog will call a helper function from the amdgpu driver to return some data structure specific to the driver and then the bpf prog can make a decision on gating the ioctl or not. From what you are saying, sounds like this kind of back and forth lookup and dereferencing should be avoided for performance considerations? Having a DRM specific hook is certainly an alternative. I just wasn't sure which level of trade off on abstraction/generic is acceptable. I am guessing a new BPF_PROG_TYPE_CGROUP_AMDGPU is probably too specific? But sounds like BPF_PROG_TYPE_CGROUP_DRM may be ok? Regards, Kenny
