Re: [External] Re: [PATCH bpf-next 1/2] bpf: Add bpf_task_under_cgroup helper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



在 2023/4/21 02:22, Alexei Starovoitov 写道:
On Thu, Apr 20, 2023 at 12:27 AM Feng zhou <zhoufeng.zf@xxxxxxxxxxxxx> wrote:
From: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>

This adds a bpf helper that's similar to the
bpf_current_task_under_cgroup. The difference is that it is a
designated task.

When hook sched related functions, sometimes it is necessary to
specify a task instead of the current task.

Signed-off-by: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>
---
  include/uapi/linux/bpf.h       | 13 +++++++++++++
  kernel/bpf/verifier.c          |  4 +++-
  kernel/trace/bpf_trace.c       | 31 +++++++++++++++++++++++++++++++
  tools/include/uapi/linux/bpf.h | 13 +++++++++++++
  4 files changed, 60 insertions(+), 1 deletion(-)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4b20a7269bee..3d31ddb39e10 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5550,6 +5550,18 @@ union bpf_attr {
   *             0 on success.
   *
   *             **-ENOENT** if the bpf_local_storage cannot be found.
+ *
+ * long bpf_task_under_cgroup(struct bpf_map *map, struct task_struct *task, u32 index)
+ *     Description
+ *             Check whether the probe is being run is the context of a given
+ *             subset of the cgroup2 hierarchy. The cgroup2 to test is held by
+ *             *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*.
+ *     Return
+ *             The return value depends on the result of the test, and can be:
+ *
+ *             * 1, if assigned task belongs to the cgroup2.
+ *             * 0, if assigned task does not belong to the cgroup2.
+ *             * A negative error code, if an error occurred.
   */
  #define ___BPF_FUNC_MAPPER(FN, ctx...)                 \
         FN(unspec, 0, ##ctx)                            \
@@ -5764,6 +5776,7 @@ union bpf_attr {
         FN(user_ringbuf_drain, 209, ##ctx)              \
         FN(cgrp_storage_get, 210, ##ctx)                \
         FN(cgrp_storage_delete, 211, ##ctx)             \
+       FN(task_under_cgroup, 212, ##ctx)               \
         /* */

  /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 1e05355facdc..1e2c3c3e8d5f 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -7771,7 +7771,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env,
                 break;
         case BPF_MAP_TYPE_CGROUP_ARRAY:
                 if (func_id != BPF_FUNC_skb_under_cgroup &&
-                   func_id != BPF_FUNC_current_task_under_cgroup)
+                   func_id != BPF_FUNC_current_task_under_cgroup &&
+                   func_id != BPF_FUNC_task_under_cgroup)
                         goto error;
                 break;
         case BPF_MAP_TYPE_CGROUP_STORAGE:
@@ -7902,6 +7903,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env,
                         goto error;
                 break;
         case BPF_FUNC_current_task_under_cgroup:
+       case BPF_FUNC_task_under_cgroup:
         case BPF_FUNC_skb_under_cgroup:
                 if (map->map_type != BPF_MAP_TYPE_CGROUP_ARRAY)
                         goto error;
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index bcf91bc7bf71..b02a04768824 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -814,6 +814,35 @@ static const struct bpf_func_proto bpf_current_task_under_cgroup_proto = {
         .arg2_type      = ARG_ANYTHING,
  };

+BPF_CALL_3(bpf_task_under_cgroup, struct bpf_map *, map, struct task_struct *,
+          task, u32, idx)
+{
+       struct bpf_array *array = container_of(map, struct bpf_array, map);
+       struct cgroup *cgrp;
+
+       if (unlikely(!task))
+               return -ENOENT;
+
+       if (unlikely(idx >= array->map.max_entries))
+               return -E2BIG;
+
+       cgrp = READ_ONCE(array->ptrs[idx]);
+       if (unlikely(!cgrp))
+               return -EAGAIN;
+
+       return task_under_cgroup_hierarchy(task, cgrp);
We don't add helpers anymore.
Please wrap task_under_cgroup_hierarchy() as a kfunc
that takes two TRUSTED pointers task and cgroup.
Will do, thanks.



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux