From: Yonghong Song <yhs@fb.com>
To: Andrii Nakryiko <andriin@fb.com>, <bpf@vger.kernel.org>,
Martin KaFai Lau <kafai@fb.com>, <netdev@vger.kernel.org>
Cc: Alexei Starovoitov <ast@fb.com>,
Daniel Borkmann <daniel@iogearbox.net>, <kernel-team@fb.com>
Subject: [PATCH bpf-next v1 11/19] bpf: add task and task/file targets
Date: Mon, 27 Apr 2020 13:12:47 -0700 [thread overview]
Message-ID: <20200427201247.2995622-1-yhs@fb.com> (raw)
In-Reply-To: <20200427201235.2994549-1-yhs@fb.com>
Only the tasks belonging to "current" pid namespace
are enumerated.
For task/file target, the bpf program will have access to
struct task_struct *task
u32 fd
struct file *file
where fd/file is an open file for the task.
Signed-off-by: Yonghong Song <yhs@fb.com>
---
kernel/bpf/Makefile | 2 +-
kernel/bpf/task_iter.c | 319 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 320 insertions(+), 1 deletion(-)
create mode 100644 kernel/bpf/task_iter.c
diff --git a/kernel/bpf/Makefile b/kernel/bpf/Makefile
index b2b5eefc5254..37b2d8620153 100644
--- a/kernel/bpf/Makefile
+++ b/kernel/bpf/Makefile
@@ -2,7 +2,7 @@
obj-y := core.o
CFLAGS_core.o += $(call cc-disable-warning, override-init)
-obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o inode.o helpers.o tnum.o bpf_iter.o map_iter.o
+obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o inode.o helpers.o tnum.o bpf_iter.o map_iter.o task_iter.o
obj-$(CONFIG_BPF_SYSCALL) += hashtab.o arraymap.o percpu_freelist.o bpf_lru_list.o lpm_trie.o map_in_map.o
obj-$(CONFIG_BPF_SYSCALL) += local_storage.o queue_stack_maps.o
obj-$(CONFIG_BPF_SYSCALL) += disasm.o
diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c
new file mode 100644
index 000000000000..ee29574e427d
--- /dev/null
+++ b/kernel/bpf/task_iter.c
@@ -0,0 +1,319 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/* Copyright (c) 2020 Facebook */
+
+#include <linux/init.h>
+#include <linux/namei.h>
+#include <linux/pid_namespace.h>
+#include <linux/fs.h>
+#include <linux/fdtable.h>
+#include <linux/filter.h>
+
+struct bpf_iter_seq_task_info {
+ struct pid_namespace *ns;
+ struct task_struct *task;
+ u32 id;
+};
+
+static struct task_struct *task_seq_get_next(struct pid_namespace *ns, u32 *id)
+{
+ struct task_struct *task = NULL;
+ struct pid *pid;
+
+ rcu_read_lock();
+ pid = idr_get_next(&ns->idr, id);
+ if (pid)
+ task = get_pid_task(pid, PIDTYPE_PID);
+ rcu_read_unlock();
+
+ return task;
+}
+
+static void *task_seq_start(struct seq_file *seq, loff_t *pos)
+{
+ struct bpf_iter_seq_task_info *info = seq->private;
+ struct task_struct *task;
+ u32 id = info->id;
+
+ if (*pos == 0)
+ info->ns = task_active_pid_ns(current);
+
+ task = task_seq_get_next(info->ns, &id);
+ if (!task)
+ return NULL;
+
+ ++*pos;
+ info->task = task;
+ info->id = id;
+
+ return task;
+}
+
+static void *task_seq_next(struct seq_file *seq, void *v, loff_t *pos)
+{
+ struct bpf_iter_seq_task_info *info = seq->private;
+ struct task_struct *task;
+
+ ++*pos;
+ ++info->id;
+ task = task_seq_get_next(info->ns, &info->id);
+ if (!task)
+ return NULL;
+
+ put_task_struct(info->task);
+ info->task = task;
+ return task;
+}
+
+struct bpf_iter__task {
+ __bpf_md_ptr(struct bpf_iter_meta *, meta);
+ __bpf_md_ptr(struct task_struct *, task);
+};
+
+int __init __bpf_iter__task(struct bpf_iter_meta *meta, struct task_struct *task)
+{
+ return 0;
+}
+
+static int task_seq_show(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_meta meta;
+ struct bpf_iter__task ctx;
+ struct bpf_prog *prog;
+ int ret = 0;
+
+ prog = bpf_iter_get_prog(seq, sizeof(struct bpf_iter_seq_task_info),
+ &meta.session_id, &meta.seq_num,
+ v == (void *)0);
+ if (prog) {
+ meta.seq = seq;
+ ctx.meta = &meta;
+ ctx.task = v;
+ ret = bpf_iter_run_prog(prog, &ctx);
+ }
+
+ return ret == 0 ? 0 : -EINVAL;
+}
+
+static void task_seq_stop(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_seq_task_info *info = seq->private;
+
+ if (!v)
+ task_seq_show(seq, v);
+
+ if (info->task) {
+ put_task_struct(info->task);
+ info->task = NULL;
+ }
+}
+
+static const struct seq_operations task_seq_ops = {
+ .start = task_seq_start,
+ .next = task_seq_next,
+ .stop = task_seq_stop,
+ .show = task_seq_show,
+};
+
+struct bpf_iter_seq_task_file_info {
+ struct pid_namespace *ns;
+ struct task_struct *task;
+ struct files_struct *files;
+ u32 id;
+ u32 fd;
+};
+
+static struct file *task_file_seq_get_next(struct pid_namespace *ns, u32 *id,
+ int *fd, struct task_struct **task,
+ struct files_struct **fstruct)
+{
+ struct files_struct *files;
+ struct task_struct *tk;
+ u32 sid = *id;
+ int sfd;
+
+ /* If this function returns a non-NULL file object,
+ * it held a reference to the files_struct and file.
+ * Otherwise, it does not hold any reference.
+ */
+again:
+ if (*fstruct) {
+ files = *fstruct;
+ sfd = *fd;
+ } else {
+ tk = task_seq_get_next(ns, &sid);
+ if (!tk)
+ return NULL;
+
+ files = get_files_struct(tk);
+ put_task_struct(tk);
+ if (!files) {
+ sid = ++(*id);
+ *fd = 0;
+ goto again;
+ }
+ *fstruct = files;
+ *task = tk;
+ if (sid == *id) {
+ sfd = *fd;
+ } else {
+ *id = sid;
+ sfd = 0;
+ }
+ }
+
+ rcu_read_lock();
+ for (; sfd < files_fdtable(files)->max_fds; sfd++) {
+ struct file *f;
+
+ f = fcheck_files(files, sfd);
+ if (!f)
+ continue;
+ *fd = sfd;
+ get_file(f);
+ rcu_read_unlock();
+ return f;
+ }
+
+ /* the current task is done, go to the next task */
+ rcu_read_unlock();
+ put_files_struct(files);
+ *fstruct = NULL;
+ sid = ++(*id);
+ *fd = 0;
+ goto again;
+}
+
+static void *task_file_seq_start(struct seq_file *seq, loff_t *pos)
+{
+ struct bpf_iter_seq_task_file_info *info = seq->private;
+ struct files_struct *files = NULL;
+ struct task_struct *task = NULL;
+ struct file *file;
+ u32 id = info->id;
+ int fd = info->fd;
+
+ if (*pos == 0)
+ info->ns = task_active_pid_ns(current);
+
+ file = task_file_seq_get_next(info->ns, &id, &fd, &task, &files);
+ if (!file) {
+ info->files = NULL;
+ return NULL;
+ }
+
+ ++*pos;
+ info->id = id;
+ info->fd = fd;
+ info->task = task;
+ info->files = files;
+
+ return file;
+}
+
+static void *task_file_seq_next(struct seq_file *seq, void *v, loff_t *pos)
+{
+ struct bpf_iter_seq_task_file_info *info = seq->private;
+ struct files_struct *files = info->files;
+ struct task_struct *task = info->task;
+ struct file *file;
+ u32 id = info->id;
+
+ ++*pos;
+ ++info->fd;
+ fput((struct file *)v);
+ file = task_file_seq_get_next(info->ns, &id, &info->fd, &task, &files);
+ if (!file) {
+ info->files = NULL;
+ return NULL;
+ }
+
+ info->id = id;
+ info->task = task;
+ info->files = files;
+
+ return file;
+}
+
+struct bpf_iter__task_file {
+ __bpf_md_ptr(struct bpf_iter_meta *, meta);
+ __bpf_md_ptr(struct task_struct *, task);
+ u32 fd;
+ __bpf_md_ptr(struct file *, file);
+};
+
+int __init __bpf_iter__task_file(struct bpf_iter_meta *meta,
+ struct task_struct *task, u32 fd,
+ struct file *file)
+{
+ return 0;
+}
+
+static int task_file_seq_show(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_seq_task_file_info *info = seq->private;
+ struct bpf_iter__task_file ctx;
+ struct bpf_iter_meta meta;
+ struct bpf_prog *prog;
+ int ret = 0;
+
+ prog = bpf_iter_get_prog(seq, sizeof(struct bpf_iter_seq_task_file_info),
+ &meta.session_id, &meta.seq_num, v == (void *)0);
+ if (prog) {
+ meta.seq = seq;
+ ctx.meta = &meta;
+ ctx.task = info->task;
+ ctx.fd = info->fd;
+ ctx.file = v;
+ ret = bpf_iter_run_prog(prog, &ctx);
+ }
+
+ return ret == 0 ? 0 : -EINVAL;
+}
+
+static void task_file_seq_stop(struct seq_file *seq, void *v)
+{
+ struct bpf_iter_seq_task_file_info *info = seq->private;
+
+ if (v)
+ fput((struct file *)v);
+ else
+ task_file_seq_show(seq, v);
+
+ if (info->files) {
+ put_files_struct(info->files);
+ info->files = NULL;
+ }
+}
+
+static const struct seq_operations task_file_seq_ops = {
+ .start = task_file_seq_start,
+ .next = task_file_seq_next,
+ .stop = task_file_seq_stop,
+ .show = task_file_seq_show,
+};
+
+static int __init task_iter_init(void)
+{
+ struct bpf_iter_reg task_file_reg_info = {
+ .target = "task_file",
+ .target_func_name = "__bpf_iter__task_file",
+ .seq_ops = &task_file_seq_ops,
+ .seq_priv_size = sizeof(struct bpf_iter_seq_task_file_info),
+ .target_feature = 0,
+ };
+ struct bpf_iter_reg task_reg_info = {
+ .target = "task",
+ .target_func_name = "__bpf_iter__task",
+ .seq_ops = &task_seq_ops,
+ .seq_priv_size = sizeof(struct bpf_iter_seq_task_info),
+ .target_feature = 0,
+ };
+ int ret;
+
+ ret = bpf_iter_reg_target(&task_reg_info);
+ if (ret)
+ return ret;
+
+ return bpf_iter_reg_target(&task_file_reg_info);
+}
+late_initcall(task_iter_init);
--
2.24.1
next prev parent reply other threads:[~2020-04-27 20:13 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-27 20:12 [PATCH bpf-next v1 00/19] bpf: implement bpf iterator for kernel data Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 01/19] net: refactor net assignment for seq_net_private structure Yonghong Song
2020-04-29 5:38 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 02/19] bpf: implement an interface to register bpf_iter targets Yonghong Song
2020-04-28 16:20 ` Martin KaFai Lau
2020-04-28 16:50 ` Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 03/19] bpf: add bpf_map iterator Yonghong Song
2020-04-29 0:37 ` Martin KaFai Lau
2020-04-29 0:48 ` Alexei Starovoitov
2020-04-29 1:15 ` Yonghong Song
2020-04-29 2:44 ` Alexei Starovoitov
2020-04-29 5:09 ` Yonghong Song
2020-04-29 6:08 ` Andrii Nakryiko
2020-04-29 6:20 ` Yonghong Song
2020-04-29 6:30 ` Alexei Starovoitov
2020-04-29 6:40 ` Andrii Nakryiko
2020-04-29 6:44 ` Yonghong Song
2020-04-29 15:34 ` Alexei Starovoitov
2020-04-29 18:14 ` Yonghong Song
2020-04-29 19:19 ` Andrii Nakryiko
2020-04-29 20:15 ` Yonghong Song
2020-04-30 3:06 ` Alexei Starovoitov
2020-04-30 4:01 ` Yonghong Song
2020-04-29 6:34 ` Martin KaFai Lau
2020-04-29 6:51 ` Yonghong Song
2020-04-29 19:25 ` Andrii Nakryiko
2020-04-29 1:02 ` Yonghong Song
2020-04-29 6:04 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 04/19] bpf: allow loading of a bpf_iter program Yonghong Song
2020-04-29 0:54 ` Martin KaFai Lau
2020-04-29 1:27 ` Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 05/19] bpf: support bpf tracing/iter programs for BPF_LINK_CREATE Yonghong Song
2020-04-29 1:17 ` [Potential Spoof] " Martin KaFai Lau
2020-04-29 6:25 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 06/19] bpf: support bpf tracing/iter programs for BPF_LINK_UPDATE Yonghong Song
2020-04-29 1:32 ` Martin KaFai Lau
2020-04-29 5:04 ` Yonghong Song
2020-04-29 5:58 ` Martin KaFai Lau
2020-04-29 6:32 ` Andrii Nakryiko
2020-04-29 6:41 ` Martin KaFai Lau
2020-04-27 20:12 ` [PATCH bpf-next v1 07/19] bpf: create anonymous bpf iterator Yonghong Song
2020-04-29 5:39 ` Martin KaFai Lau
2020-04-29 6:56 ` Andrii Nakryiko
2020-04-29 7:06 ` Yonghong Song
2020-04-29 18:16 ` Andrii Nakryiko
2020-04-29 18:46 ` Martin KaFai Lau
2020-04-29 19:20 ` Yonghong Song
2020-04-29 20:50 ` Martin KaFai Lau
2020-04-29 20:54 ` Yonghong Song
2020-04-29 19:39 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 08/19] bpf: create file " Yonghong Song
2020-04-29 20:40 ` Andrii Nakryiko
2020-04-30 18:02 ` Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 09/19] bpf: add PTR_TO_BTF_ID_OR_NULL support Yonghong Song
2020-04-29 20:46 ` Andrii Nakryiko
2020-04-29 20:51 ` Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 10/19] bpf: add netlink and ipv6_route targets Yonghong Song
2020-04-28 19:49 ` kbuild test robot
2020-04-28 19:49 ` kbuild test robot
2020-04-28 19:50 ` [RFC PATCH] bpf: __bpf_iter__netlink() can be static kbuild test robot
2020-04-28 19:50 ` kbuild test robot
2020-04-27 20:12 ` Yonghong Song [this message]
2020-04-30 2:08 ` [PATCH bpf-next v1 11/19] bpf: add task and task/file targets Andrii Nakryiko
2020-05-01 17:23 ` Yonghong Song
2020-05-01 19:01 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 12/19] bpf: add bpf_seq_printf and bpf_seq_write helpers Yonghong Song
2020-04-28 6:02 ` kbuild test robot
2020-04-28 6:02 ` kbuild test robot
2020-04-28 16:35 ` Yonghong Song
2020-04-28 16:35 ` Yonghong Song
2020-04-30 20:06 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 13/19] bpf: handle spilled PTR_TO_BTF_ID properly when checking stack_boundary Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 14/19] bpf: support variable length array in tracing programs Yonghong Song
2020-04-30 20:04 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 15/19] tools/libbpf: add bpf_iter support Yonghong Song
2020-04-30 1:41 ` Andrii Nakryiko
2020-05-02 7:17 ` Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 16/19] tools/bpftool: add bpf_iter support for bptool Yonghong Song
2020-04-28 9:27 ` Quentin Monnet
2020-04-28 17:35 ` Yonghong Song
2020-04-29 8:37 ` Quentin Monnet
2020-04-27 20:12 ` [PATCH bpf-next v1 17/19] tools/bpf: selftests: add iterator programs for ipv6_route and netlink Yonghong Song
2020-04-30 2:12 ` Andrii Nakryiko
2020-04-27 20:12 ` [PATCH bpf-next v1 18/19] tools/bpf: selftests: add iter progs for bpf_map/task/task_file Yonghong Song
2020-04-27 20:12 ` [PATCH bpf-next v1 19/19] tools/bpf: selftests: add bpf_iter selftests Yonghong Song
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200427201247.2995622-1-yhs@fb.com \
--to=yhs@fb.com \
--cc=andriin@fb.com \
--cc=ast@fb.com \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=kafai@fb.com \
--cc=kernel-team@fb.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.