Message ID | 20230420072657.80324-2-zhoufeng.zf@bytedance.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Introduce a new bpf helper of bpf_task_under_cgroup | expand |
On Thu, Apr 20, 2023 at 12:27 AM Feng zhou <zhoufeng.zf@bytedance.com> wrote: > > From: Feng Zhou <zhoufeng.zf@bytedance.com> > > This adds a bpf helper that's similar to the > bpf_current_task_under_cgroup. The difference is that it is a > designated task. > > When hook sched related functions, sometimes it is necessary to > specify a task instead of the current task. > > Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com> > --- > include/uapi/linux/bpf.h | 13 +++++++++++++ > kernel/bpf/verifier.c | 4 +++- > kernel/trace/bpf_trace.c | 31 +++++++++++++++++++++++++++++++ > tools/include/uapi/linux/bpf.h | 13 +++++++++++++ > 4 files changed, 60 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > index 4b20a7269bee..3d31ddb39e10 100644 > --- a/include/uapi/linux/bpf.h > +++ b/include/uapi/linux/bpf.h > @@ -5550,6 +5550,18 @@ union bpf_attr { > * 0 on success. > * > * **-ENOENT** if the bpf_local_storage cannot be found. > + * > + * long bpf_task_under_cgroup(struct bpf_map *map, struct task_struct *task, u32 index) > + * Description > + * Check whether the probe is being run is the context of a given > + * subset of the cgroup2 hierarchy. The cgroup2 to test is held by > + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. > + * Return > + * The return value depends on the result of the test, and can be: > + * > + * * 1, if assigned task belongs to the cgroup2. > + * * 0, if assigned task does not belong to the cgroup2. > + * * A negative error code, if an error occurred. > */ > #define ___BPF_FUNC_MAPPER(FN, ctx...) \ > FN(unspec, 0, ##ctx) \ > @@ -5764,6 +5776,7 @@ union bpf_attr { > FN(user_ringbuf_drain, 209, ##ctx) \ > FN(cgrp_storage_get, 210, ##ctx) \ > FN(cgrp_storage_delete, 211, ##ctx) \ > + FN(task_under_cgroup, 212, ##ctx) \ > /* */ > > /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't > diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c > index 1e05355facdc..1e2c3c3e8d5f 100644 > --- a/kernel/bpf/verifier.c > +++ b/kernel/bpf/verifier.c > @@ -7771,7 +7771,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, > break; > case BPF_MAP_TYPE_CGROUP_ARRAY: > if (func_id != BPF_FUNC_skb_under_cgroup && > - func_id != BPF_FUNC_current_task_under_cgroup) > + func_id != BPF_FUNC_current_task_under_cgroup && > + func_id != BPF_FUNC_task_under_cgroup) > goto error; > break; > case BPF_MAP_TYPE_CGROUP_STORAGE: > @@ -7902,6 +7903,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, > goto error; > break; > case BPF_FUNC_current_task_under_cgroup: > + case BPF_FUNC_task_under_cgroup: > case BPF_FUNC_skb_under_cgroup: > if (map->map_type != BPF_MAP_TYPE_CGROUP_ARRAY) > goto error; > diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c > index bcf91bc7bf71..b02a04768824 100644 > --- a/kernel/trace/bpf_trace.c > +++ b/kernel/trace/bpf_trace.c > @@ -814,6 +814,35 @@ static const struct bpf_func_proto bpf_current_task_under_cgroup_proto = { > .arg2_type = ARG_ANYTHING, > }; > > +BPF_CALL_3(bpf_task_under_cgroup, struct bpf_map *, map, struct task_struct *, > + task, u32, idx) > +{ > + struct bpf_array *array = container_of(map, struct bpf_array, map); > + struct cgroup *cgrp; > + > + if (unlikely(!task)) > + return -ENOENT; > + > + if (unlikely(idx >= array->map.max_entries)) > + return -E2BIG; > + > + cgrp = READ_ONCE(array->ptrs[idx]); > + if (unlikely(!cgrp)) > + return -EAGAIN; > + > + return task_under_cgroup_hierarchy(task, cgrp); We don't add helpers anymore. Please wrap task_under_cgroup_hierarchy() as a kfunc that takes two TRUSTED pointers task and cgroup.
在 2023/4/21 02:22, Alexei Starovoitov 写道: > On Thu, Apr 20, 2023 at 12:27 AM Feng zhou <zhoufeng.zf@bytedance.com> wrote: >> From: Feng Zhou <zhoufeng.zf@bytedance.com> >> >> This adds a bpf helper that's similar to the >> bpf_current_task_under_cgroup. The difference is that it is a >> designated task. >> >> When hook sched related functions, sometimes it is necessary to >> specify a task instead of the current task. >> >> Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com> >> --- >> include/uapi/linux/bpf.h | 13 +++++++++++++ >> kernel/bpf/verifier.c | 4 +++- >> kernel/trace/bpf_trace.c | 31 +++++++++++++++++++++++++++++++ >> tools/include/uapi/linux/bpf.h | 13 +++++++++++++ >> 4 files changed, 60 insertions(+), 1 deletion(-) >> >> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h >> index 4b20a7269bee..3d31ddb39e10 100644 >> --- a/include/uapi/linux/bpf.h >> +++ b/include/uapi/linux/bpf.h >> @@ -5550,6 +5550,18 @@ union bpf_attr { >> * 0 on success. >> * >> * **-ENOENT** if the bpf_local_storage cannot be found. >> + * >> + * long bpf_task_under_cgroup(struct bpf_map *map, struct task_struct *task, u32 index) >> + * Description >> + * Check whether the probe is being run is the context of a given >> + * subset of the cgroup2 hierarchy. The cgroup2 to test is held by >> + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. >> + * Return >> + * The return value depends on the result of the test, and can be: >> + * >> + * * 1, if assigned task belongs to the cgroup2. >> + * * 0, if assigned task does not belong to the cgroup2. >> + * * A negative error code, if an error occurred. >> */ >> #define ___BPF_FUNC_MAPPER(FN, ctx...) \ >> FN(unspec, 0, ##ctx) \ >> @@ -5764,6 +5776,7 @@ union bpf_attr { >> FN(user_ringbuf_drain, 209, ##ctx) \ >> FN(cgrp_storage_get, 210, ##ctx) \ >> FN(cgrp_storage_delete, 211, ##ctx) \ >> + FN(task_under_cgroup, 212, ##ctx) \ >> /* */ >> >> /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't >> diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c >> index 1e05355facdc..1e2c3c3e8d5f 100644 >> --- a/kernel/bpf/verifier.c >> +++ b/kernel/bpf/verifier.c >> @@ -7771,7 +7771,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, >> break; >> case BPF_MAP_TYPE_CGROUP_ARRAY: >> if (func_id != BPF_FUNC_skb_under_cgroup && >> - func_id != BPF_FUNC_current_task_under_cgroup) >> + func_id != BPF_FUNC_current_task_under_cgroup && >> + func_id != BPF_FUNC_task_under_cgroup) >> goto error; >> break; >> case BPF_MAP_TYPE_CGROUP_STORAGE: >> @@ -7902,6 +7903,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, >> goto error; >> break; >> case BPF_FUNC_current_task_under_cgroup: >> + case BPF_FUNC_task_under_cgroup: >> case BPF_FUNC_skb_under_cgroup: >> if (map->map_type != BPF_MAP_TYPE_CGROUP_ARRAY) >> goto error; >> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c >> index bcf91bc7bf71..b02a04768824 100644 >> --- a/kernel/trace/bpf_trace.c >> +++ b/kernel/trace/bpf_trace.c >> @@ -814,6 +814,35 @@ static const struct bpf_func_proto bpf_current_task_under_cgroup_proto = { >> .arg2_type = ARG_ANYTHING, >> }; >> >> +BPF_CALL_3(bpf_task_under_cgroup, struct bpf_map *, map, struct task_struct *, >> + task, u32, idx) >> +{ >> + struct bpf_array *array = container_of(map, struct bpf_array, map); >> + struct cgroup *cgrp; >> + >> + if (unlikely(!task)) >> + return -ENOENT; >> + >> + if (unlikely(idx >= array->map.max_entries)) >> + return -E2BIG; >> + >> + cgrp = READ_ONCE(array->ptrs[idx]); >> + if (unlikely(!cgrp)) >> + return -EAGAIN; >> + >> + return task_under_cgroup_hierarchy(task, cgrp); > We don't add helpers anymore. > Please wrap task_under_cgroup_hierarchy() as a kfunc > that takes two TRUSTED pointers task and cgroup. Will do, thanks.
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 4b20a7269bee..3d31ddb39e10 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -5550,6 +5550,18 @@ union bpf_attr { * 0 on success. * * **-ENOENT** if the bpf_local_storage cannot be found. + * + * long bpf_task_under_cgroup(struct bpf_map *map, struct task_struct *task, u32 index) + * Description + * Check whether the probe is being run is the context of a given + * subset of the cgroup2 hierarchy. The cgroup2 to test is held by + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. + * Return + * The return value depends on the result of the test, and can be: + * + * * 1, if assigned task belongs to the cgroup2. + * * 0, if assigned task does not belong to the cgroup2. + * * A negative error code, if an error occurred. */ #define ___BPF_FUNC_MAPPER(FN, ctx...) \ FN(unspec, 0, ##ctx) \ @@ -5764,6 +5776,7 @@ union bpf_attr { FN(user_ringbuf_drain, 209, ##ctx) \ FN(cgrp_storage_get, 210, ##ctx) \ FN(cgrp_storage_delete, 211, ##ctx) \ + FN(task_under_cgroup, 212, ##ctx) \ /* */ /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 1e05355facdc..1e2c3c3e8d5f 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -7771,7 +7771,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, break; case BPF_MAP_TYPE_CGROUP_ARRAY: if (func_id != BPF_FUNC_skb_under_cgroup && - func_id != BPF_FUNC_current_task_under_cgroup) + func_id != BPF_FUNC_current_task_under_cgroup && + func_id != BPF_FUNC_task_under_cgroup) goto error; break; case BPF_MAP_TYPE_CGROUP_STORAGE: @@ -7902,6 +7903,7 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, goto error; break; case BPF_FUNC_current_task_under_cgroup: + case BPF_FUNC_task_under_cgroup: case BPF_FUNC_skb_under_cgroup: if (map->map_type != BPF_MAP_TYPE_CGROUP_ARRAY) goto error; diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index bcf91bc7bf71..b02a04768824 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -814,6 +814,35 @@ static const struct bpf_func_proto bpf_current_task_under_cgroup_proto = { .arg2_type = ARG_ANYTHING, }; +BPF_CALL_3(bpf_task_under_cgroup, struct bpf_map *, map, struct task_struct *, + task, u32, idx) +{ + struct bpf_array *array = container_of(map, struct bpf_array, map); + struct cgroup *cgrp; + + if (unlikely(!task)) + return -ENOENT; + + if (unlikely(idx >= array->map.max_entries)) + return -E2BIG; + + cgrp = READ_ONCE(array->ptrs[idx]); + if (unlikely(!cgrp)) + return -EAGAIN; + + return task_under_cgroup_hierarchy(task, cgrp); +} + +static const struct bpf_func_proto bpf_task_under_cgroup_proto = { + .func = bpf_task_under_cgroup, + .gpl_only = false, + .ret_type = RET_INTEGER, + .arg1_type = ARG_CONST_MAP_PTR, + .arg2_type = ARG_PTR_TO_BTF_ID, + .arg2_btf_id = &btf_tracing_ids[BTF_TRACING_TYPE_TASK], + .arg3_type = ARG_ANYTHING, +}; + struct send_signal_irq_work { struct irq_work irq_work; struct task_struct *task; @@ -1510,6 +1539,8 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_find_vma_proto; case BPF_FUNC_trace_vprintk: return bpf_get_trace_vprintk_proto(); + case BPF_FUNC_task_under_cgroup: + return &bpf_task_under_cgroup_proto; default: return bpf_base_func_proto(func_id); } diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 4b20a7269bee..3d31ddb39e10 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -5550,6 +5550,18 @@ union bpf_attr { * 0 on success. * * **-ENOENT** if the bpf_local_storage cannot be found. + * + * long bpf_task_under_cgroup(struct bpf_map *map, struct task_struct *task, u32 index) + * Description + * Check whether the probe is being run is the context of a given + * subset of the cgroup2 hierarchy. The cgroup2 to test is held by + * *map* of type **BPF_MAP_TYPE_CGROUP_ARRAY**, at *index*. + * Return + * The return value depends on the result of the test, and can be: + * + * * 1, if assigned task belongs to the cgroup2. + * * 0, if assigned task does not belong to the cgroup2. + * * A negative error code, if an error occurred. */ #define ___BPF_FUNC_MAPPER(FN, ctx...) \ FN(unspec, 0, ##ctx) \ @@ -5764,6 +5776,7 @@ union bpf_attr { FN(user_ringbuf_drain, 209, ##ctx) \ FN(cgrp_storage_get, 210, ##ctx) \ FN(cgrp_storage_delete, 211, ##ctx) \ + FN(task_under_cgroup, 212, ##ctx) \ /* */ /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't