Currently, BPF is primarily confined to cgroup2, with the exception of cgroup_iter, which supports cgroup1 fds. Unfortunately, this limitation prevents us from harnessing the full potential of BPF within cgroup1 environments. In our endeavor to seamlessly integrate BPF within our Kubernetes environment, which relies on cgroup1, we have been exploring the possibility of transitioning to cgroup2. While this transition is forward-looking, it poses challenges due to the necessity for numerous applications to adapt. While we acknowledge that cgroup2 represents the future, we also recognize that such transitions demand time and effort. As a result, we are considering an alternative approach. Instead of migrating to cgroup2, we are contemplating modifications to the BPF kernel code to ensure compatibility with cgroup1. These adjustments appear to be relatively minor, making this option more feasible. Given the widespread use of cgroup1 in container environments, this change would be beneficial to many users. As discussed with Tejun[1], it has been determined that tying the interface directly to the cgroup1 hierarchies is acceptable. As a result, this patchset introduces cgroup1-only interfaces that operate with both hierarchy ID and cgroup ID as parameters. Within this patchset, two new cgroup1-only interfaces have been introduced: - [bpf_]task_cgroup1_id_within_hierarchy Retrieves the associated cgroup ID of a task whithin a specific cgroup1 hierarchy. The cgroup1 hierarchy is identified by its hierarchy ID. - [bpf_]task_ancestor_cgroup1_id_within_hierarchy Retrieves the associated ancestor cgroup ID of a task whithin a specific cgroup1 hierarchy. he specific ancestor cgroup is determined by the ancestor level within the cgroup1 hierarchy. These two new kfuncs enable the tracing of tasks within a designated container or its ancestor cgroup directory in BPF programs. Additionally, they are capable of operating on named cgroups, providing valuable utility for hybrid cgroup mode scenarios. [1]. https://lwn.net/ml/cgroups/ZRHU6MfwqRxjBFUH@xxxxxxxxxxxxxxx/ Changes: - bpf, cgroup: Add bpf support for cgroup controller https://lwn.net/Articles/945318/ - bpf, cgroup: Enable cgroup_array map on cgroup1 https://lore.kernel.org/bpf/20230903142800.3870-1-laoar.shao@xxxxxxxxx/ Yafang Shao (8): cgroup: Don't have to hold cgroup_mutex in task_cgroup_from_root() cgroup: Add new helpers for cgroup1 hierarchy bpf: Add kfuncs for cgroup1 hierarchy selftests/bpf: Fix issues in setup_classid_environment() selftests/bpf: Add parallel support for classid selftests/bpf: Add a new cgroup helper get_classid_cgroup_id() selftests/bpf: Add a new cgroup helper get_cgroup_hierarchy_id() selftests/bpf: Add selftests for cgroup1 hierarchy include/linux/cgroup.h | 9 +- kernel/bpf/helpers.c | 26 +++ kernel/cgroup/cgroup-internal.h | 2 - kernel/cgroup/cgroup-v1.c | 67 ++++++++ kernel/cgroup/cgroup.c | 5 +- tools/testing/selftests/bpf/cgroup_helpers.c | 114 +++++++++++-- tools/testing/selftests/bpf/cgroup_helpers.h | 4 +- .../bpf/prog_tests/cgroup1_hierarchy.c | 159 ++++++++++++++++++ .../selftests/bpf/prog_tests/cgroup_v1v2.c | 2 +- .../bpf/progs/test_cgroup1_hierarchy.c | 62 +++++++ 10 files changed, 426 insertions(+), 24 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c create mode 100644 tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c -- 2.30.1 (Apple Git-130)
