1. Add socket cgroup id and socket's peer cgroup id in socket's fdinfo 2. Add SO_PEERCGROUPID which allows to retrieve socket's peer cgroup id 3. Add SO_PEERCGROUPID kselftest Generally speaking, this API allows race-free resolution of socket's peer cgroup id. Currently, to do that SCM_CREDENTIALS/SCM_PIDFD -> pid -> /proc/<pid>/cgroup sequence is used which is racy. As we don't add any new state to the socket itself there is no potential locking issues or performance problems. We use already existing sk->sk_cgrp_data. We already have analogical interfaces to retrieve this information: - inet_diag: INET_DIAG_CGROUP_ID - eBPF: bpf_sk_cgroup_id Having getsockopt() interface makes sense for many applications, because using eBPF is not always an option, while inet_diag has obvious complexety and performance drawbacks if we only want to get this specific info for one specific socket. Idea comes from UAPI kernel group: https://uapi-group.org/kernel-features/ Huge thanks to Christian Brauner, Lennart Poettering and Luca Boccassi for proposing and exchanging ideas about this. Git tree: https://github.com/mihalicyn/linux/tree/so_peercgroupid Cc: linux-kernel@xxxxxxxxxxxxxxx Cc: netdev@xxxxxxxxxxxxxxx Cc: cgroups@xxxxxxxxxxxxxxx Cc: "David S. Miller" <davem@xxxxxxxxxxxxx> Cc: Eric Dumazet <edumazet@xxxxxxxxxx> Cc: Jakub Kicinski <kuba@xxxxxxxxxx> Cc: Paolo Abeni <pabeni@xxxxxxxxxx> Cc: Willem de Bruijn <willemb@xxxxxxxxxx> Cc: Leon Romanovsky <leon@xxxxxxxxxx> Cc: Arnd Bergmann <arnd@xxxxxxxx> Cc: Christian Brauner <brauner@xxxxxxxxxx> Cc: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx> Cc: Lennart Poettering <mzxreary@xxxxxxxxxxx> Cc: Luca Boccassi <bluca@xxxxxxxxxx> Cc: Tejun Heo <tj@xxxxxxxxxx> Cc: Johannes Weiner <hannes@xxxxxxxxxxx> Cc: "Michal Koutný" <mkoutny@xxxxxxxx> Cc: Shuah Khan <shuah@xxxxxxxxxx> Alexander Mikhalitsyn (4): net: unix: print cgroup_id and peer_cgroup_id in fdinfo net: core: add getsockopt SO_PEERCGROUPID tools/testing/selftests/cgroup/cgroup_util: add cg_get_id helper tools/testing/selftests/cgroup: add test for SO_PEERCGROUPID arch/alpha/include/uapi/asm/socket.h | 2 + arch/mips/include/uapi/asm/socket.h | 2 + arch/parisc/include/uapi/asm/socket.h | 2 + arch/sparc/include/uapi/asm/socket.h | 2 + include/uapi/asm-generic/socket.h | 2 + net/core/sock.c | 17 + net/unix/af_unix.c | 84 +++++ tools/include/uapi/asm-generic/socket.h | 2 + tools/testing/selftests/cgroup/Makefile | 2 + tools/testing/selftests/cgroup/cgroup_util.c | 15 + tools/testing/selftests/cgroup/cgroup_util.h | 2 + .../selftests/cgroup/test_so_peercgroupid.c | 308 ++++++++++++++++++ 12 files changed, 440 insertions(+) create mode 100644 tools/testing/selftests/cgroup/test_so_peercgroupid.c -- 2.43.0
