mbox series

[RFC,bpf-next,0/8] bpf, cgroup: Add BPF support for cgroup1 hierarchy

Message ID 20231007140304.4390-1-laoar.shao@gmail.com (mailing list archive)
Headers show
Series bpf, cgroup: Add BPF support for cgroup1 hierarchy | expand

Message

Yafang Shao Oct. 7, 2023, 2:02 p.m. UTC
Currently, BPF is primarily confined to cgroup2, with the exception of
cgroup_iter, which supports cgroup1 fds. Unfortunately, this limitation
prevents us from harnessing the full potential of BPF within cgroup1
environments.

In our endeavor to seamlessly integrate BPF within our Kubernetes
environment, which relies on cgroup1, we have been exploring the
possibility of transitioning to cgroup2. While this transition is
forward-looking, it poses challenges due to the necessity for numerous
applications to adapt.

While we acknowledge that cgroup2 represents the future, we also recognize
that such transitions demand time and effort. As a result, we are
considering an alternative approach. Instead of migrating to cgroup2, we
are contemplating modifications to the BPF kernel code to ensure
compatibility with cgroup1. These adjustments appear to be relatively
minor, making this option more feasible.

Given the widespread use of cgroup1 in container environments, this change
would be beneficial to many users.

As discussed with Tejun[1], it has been determined that tying the interface
directly to the cgroup1 hierarchies is acceptable. As a result, this
patchset introduces cgroup1-only interfaces that operate with both
hierarchy ID and cgroup ID as parameters.

Within this patchset, two new cgroup1-only interfaces have been introduced:

- [bpf_]task_cgroup1_id_within_hierarchy
  Retrieves the associated cgroup ID of a task whithin a specific
  cgroup1 hierarchy. The cgroup1 hierarchy is identified by its
  hierarchy ID.
- [bpf_]task_ancestor_cgroup1_id_within_hierarchy
  Retrieves the associated ancestor cgroup ID of a task whithin a
  specific cgroup1 hierarchy. he specific ancestor cgroup is determined by
  the ancestor level within the cgroup1 hierarchy.
 
These two new kfuncs enable the tracing of tasks within a designated
container or its ancestor cgroup directory in BPF programs. Additionally,
they are capable of operating on named cgroups, providing valuable utility
for hybrid cgroup mode scenarios.

[1]. https://lwn.net/ml/cgroups/ZRHU6MfwqRxjBFUH@slm.duckdns.org/

Changes:
- bpf, cgroup: Add bpf support for cgroup controller
  https://lwn.net/Articles/945318/
- bpf, cgroup: Enable cgroup_array map on cgroup1
  https://lore.kernel.org/bpf/20230903142800.3870-1-laoar.shao@gmail.com/

Yafang Shao (8):
  cgroup: Don't have to hold cgroup_mutex in task_cgroup_from_root()
  cgroup: Add new helpers for cgroup1 hierarchy
  bpf: Add kfuncs for cgroup1 hierarchy
  selftests/bpf: Fix issues in setup_classid_environment()
  selftests/bpf: Add parallel support for classid
  selftests/bpf: Add a new cgroup helper get_classid_cgroup_id()
  selftests/bpf: Add a new cgroup helper get_cgroup_hierarchy_id()
  selftests/bpf: Add selftests for cgroup1 hierarchy

 include/linux/cgroup.h                        |   9 +-
 kernel/bpf/helpers.c                          |  26 +++
 kernel/cgroup/cgroup-internal.h               |   2 -
 kernel/cgroup/cgroup-v1.c                     |  67 ++++++++
 kernel/cgroup/cgroup.c                        |   5 +-
 tools/testing/selftests/bpf/cgroup_helpers.c  | 114 +++++++++++--
 tools/testing/selftests/bpf/cgroup_helpers.h  |   4 +-
 .../bpf/prog_tests/cgroup1_hierarchy.c        | 159 ++++++++++++++++++
 .../selftests/bpf/prog_tests/cgroup_v1v2.c    |   2 +-
 .../bpf/progs/test_cgroup1_hierarchy.c        |  62 +++++++
 10 files changed, 426 insertions(+), 24 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c

Comments

Michal Koutný Oct. 9, 2023, 11:46 a.m. UTC | #1
Hi.

On Sat, Oct 07, 2023 at 02:02:56PM +0000, Yafang Shao <laoar.shao@gmail.com> wrote:
> Given the widespread use of cgroup1 in container environments, this change
> would be beneficial to many users.

This is an unverifiable claim (and benefit applies only to subset of
those users who would use cgroup1 and BPF). So please don't use it in
this form.

Thanks,
Michal
Yafang Shao Oct. 9, 2023, 1:11 p.m. UTC | #2
On Mon, Oct 9, 2023 at 7:46 PM Michal Koutný <mkoutny@suse.com> wrote:
>
> Hi.
>
> On Sat, Oct 07, 2023 at 02:02:56PM +0000, Yafang Shao <laoar.shao@gmail.com> wrote:
> > Given the widespread use of cgroup1 in container environments, this change
> > would be beneficial to many users.
>
> This is an unverifiable claim (and benefit applies only to subset of
> those users who would use cgroup1 and BPF). So please don't use it in
> this form.

Sure. will remove it.