On Mon, Jun 6, 2022 at 5:32 AM Michal Koutný <mkoutny@xxxxxxxx> wrote: > > On Fri, Jun 03, 2022 at 12:47:19PM -0700, Yosry Ahmed <yosryahmed@xxxxxxxxxx> wrote: > > In short, think of these bpf maps as equivalents to "struct > > memcg_vmstats" and "struct memcg_vmstats_percpu" in the memory > > controller. They are just containers to store the stats in, they do > > not have any subgraph structure and they have no use beyond storing > > percpu and total stats. > > Thanks for the explanation. > > > I run small microbenchmarks that are not worth posting, they compared > > the latency of bpf stats collection vs. in-kernel code that adds stats > > to struct memcg_vmstats[_percpu] and flushes them accordingly, the > > difference was marginal. > > OK, that's a reasonable comparison. > > > The main reason for this is to provide data in a similar fashion to > > cgroupfs, in text file per-cgroup. I will include this clearly in the > > next cover message. > > Thanks, it'd be great to have that use-case captured there. > > > AFAIK loading bpf programs requires a privileged user, so someone has > > to approve such a program. Am I missing something? > > A sysctl unprivileged_bpf_disabled somehow stuck in my head. But as I > wrote, this adds a way how to call cgroup_rstat_updated() directly, it's > not reserved for privilged users anyhow. I am not sure if kfuncs have different privilege requirements or if there is a way to mark a kfunc as privileged. Maybe someone with more bpf knowledge can help here. But I assume if unprivileged_bpf_disabled is not set then there is a certain amount of risk/trust that you are taking anyway? > > > bpf_iter_run_prog() is used to run bpf iterator programs, and it grabs > > rcu read lock before doing so. So AFAICT we are good on that front. > > Thanks for the clarification. > > > Michal
