On Thu, Dec 17, 2020 at 9:26 AM Stanislav Fomichev <sdf@xxxxxxxxxx> wrote: > > When we attach any cgroup hook, the rest (even if unused/unattached) start > to contribute small overhead. In particular, the one we want to avoid is > __cgroup_bpf_run_filter_skb which does two redirections to get to > the cgroup and pushes/pulls skb. > > Let's split cgroup_bpf_enabled to be per-attach to make sure > only used attach types trigger. > > I've dropped some existing high-level cgroup_bpf_enabled in some > places because BPF_PROG_CGROUP_XXX_RUN macros usually have another > cgroup_bpf_enabled check. > > I also had to copy-paste BPF_CGROUP_RUN_SA_PROG_LOCK for > GETPEERNAME/GETSOCKNAME because type for cgroup_bpf_enabled[type] > has to be constant and known at compile time. > > Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx> [...] > @@ -252,8 +252,10 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, > #define BPF_CGROUP_RUN_PROG_INET6_BIND_LOCK(sk, uaddr) \ > BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_INET6_BIND, NULL) > > -#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (cgroup_bpf_enabled && \ > - sk->sk_prot->pre_connect) > +#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) \ > + ((cgroup_bpf_enabled(BPF_CGROUP_INET4_CONNECT) || \ > + cgroup_bpf_enabled(BPF_CGROUP_INET6_CONNECT)) && \ > + sk->sk_prot->pre_connect) Patchworks highlighted the following (from checkpatch.pl I guess): CHECK: Macro argument 'sk' may be better as '(sk)' to avoid precedence issues #99: FILE: include/linux/bpf-cgroup.h:255: +#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) \ + ((cgroup_bpf_enabled(BPF_CGROUP_INET4_CONNECT) || \ + cgroup_bpf_enabled(BPF_CGROUP_INET6_CONNECT)) && \ + sk->sk_prot->pre_connect) Other than, looks good to me. Acked-by: Song Liu <songliubraving@xxxxxx>
