* [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs
@ 2024-08-19 16:28 Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs Matteo Croce
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Matteo Croce @ 2024-08-19 16:28 UTC (permalink / raw)
To: Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann,
Steven Rostedt, Masami Hiramatsu, bpf, linux-trace-kernel
Cc: linux-kernel, Matteo Croce
From: Matteo Croce <teknoraver@meta.com>
Enable some BPF kfuncs and the helper bpf_current_task_under_cgroup()
for program types BPF_CGROUP_*.
These will be used by systemd-networkd:
https://github.com/systemd/systemd/pull/32212
v5->v6:
Called register_btf_kfunc_id_set() only once
Fixed build error with !CONFIG_CGROUPS
v4->v5:
Same code, but v4 had an old cover letter
v3->v4:
Reset all the acked-by tags because the code changed a bit.
Signed-off-by: Matteo Croce <teknoraver@meta.com>
Matteo Croce (2):
bpf: enable generic kfuncs for BPF_CGROUP_* programs
bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_*
include/linux/bpf.h | 1 +
kernel/bpf/btf.c | 8 ++++++--
kernel/bpf/cgroup.c | 2 ++
kernel/bpf/helpers.c | 24 ++++++++++++++++++++++++
kernel/trace/bpf_trace.c | 27 ++-------------------------
5 files changed, 35 insertions(+), 27 deletions(-)
--
2.46.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH bpf-next v6 1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs
2024-08-19 16:28 [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs Matteo Croce
@ 2024-08-19 16:28 ` Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_* Matteo Croce
2024-08-19 22:50 ` [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Matteo Croce @ 2024-08-19 16:28 UTC (permalink / raw)
To: Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann,
Steven Rostedt, Masami Hiramatsu, bpf, linux-trace-kernel
Cc: linux-kernel, Matteo Croce
From: Matteo Croce <teknoraver@meta.com>
These kfuncs are enabled even in BPF_PROG_TYPE_TRACING, so they
should be safe also in BPF_CGROUP_* programs.
Since all BPF_CGROUP_* programs share the same hook,
call register_btf_kfunc_id_set() only once.
In enum btf_kfunc_hook, rename BTF_KFUNC_HOOK_CGROUP_SKB to a more
generic BTF_KFUNC_HOOK_CGROUP, since it's used for all the cgroup
related program types.
Signed-off-by: Matteo Croce <teknoraver@meta.com>
---
kernel/bpf/btf.c | 8 ++++++--
kernel/bpf/helpers.c | 1 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
index bfb0d89ccc8b..b12db397303e 100644
--- a/kernel/bpf/btf.c
+++ b/kernel/bpf/btf.c
@@ -212,7 +212,7 @@ enum btf_kfunc_hook {
BTF_KFUNC_HOOK_TRACING,
BTF_KFUNC_HOOK_SYSCALL,
BTF_KFUNC_HOOK_FMODRET,
- BTF_KFUNC_HOOK_CGROUP_SKB,
+ BTF_KFUNC_HOOK_CGROUP,
BTF_KFUNC_HOOK_SCHED_ACT,
BTF_KFUNC_HOOK_SK_SKB,
BTF_KFUNC_HOOK_SOCKET_FILTER,
@@ -8307,8 +8307,12 @@ static int bpf_prog_type_to_kfunc_hook(enum bpf_prog_type prog_type)
case BPF_PROG_TYPE_SYSCALL:
return BTF_KFUNC_HOOK_SYSCALL;
case BPF_PROG_TYPE_CGROUP_SKB:
+ case BPF_PROG_TYPE_CGROUP_SOCK:
+ case BPF_PROG_TYPE_CGROUP_DEVICE:
case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
- return BTF_KFUNC_HOOK_CGROUP_SKB;
+ case BPF_PROG_TYPE_CGROUP_SOCKOPT:
+ case BPF_PROG_TYPE_CGROUP_SYSCTL:
+ return BTF_KFUNC_HOOK_CGROUP;
case BPF_PROG_TYPE_SCHED_ACT:
return BTF_KFUNC_HOOK_SCHED_ACT;
case BPF_PROG_TYPE_SK_SKB:
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index d02ae323996b..26b9649ab4ce 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -3052,6 +3052,7 @@ static int __init kfunc_init(void)
ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &generic_kfunc_set);
ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_STRUCT_OPS, &generic_kfunc_set);
ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_SYSCALL, &generic_kfunc_set);
+ ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SKB, &generic_kfunc_set);
ret = ret ?: register_btf_id_dtor_kfuncs(generic_dtors,
ARRAY_SIZE(generic_dtors),
THIS_MODULE);
--
2.46.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH bpf-next v6 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_*
2024-08-19 16:28 [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs Matteo Croce
@ 2024-08-19 16:28 ` Matteo Croce
2024-08-19 22:50 ` [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Matteo Croce @ 2024-08-19 16:28 UTC (permalink / raw)
To: Andrii Nakryiko, Alexei Starovoitov, Daniel Borkmann,
Steven Rostedt, Masami Hiramatsu, bpf, linux-trace-kernel
Cc: linux-kernel, Matteo Croce
From: Matteo Croce <teknoraver@meta.com>
The helper bpf_current_task_under_cgroup() currently is only allowed for
tracing programs, allow its usage also in the BPF_CGROUP_* program types.
Move the code from kernel/trace/bpf_trace.c to kernel/bpf/helpers.c,
so it compiles also without CONFIG_BPF_EVENTS.
This will be used in systemd-networkd to monitor the sysctl writes,
and filter it's own writes from others:
https://github.com/systemd/systemd/pull/32212
Signed-off-by: Matteo Croce <teknoraver@meta.com>
---
include/linux/bpf.h | 1 +
kernel/bpf/cgroup.c | 2 ++
kernel/bpf/helpers.c | 23 +++++++++++++++++++++++
kernel/trace/bpf_trace.c | 27 ++-------------------------
4 files changed, 28 insertions(+), 25 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index b9425e410bcb..f0192c173ed8 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -3206,6 +3206,7 @@ extern const struct bpf_func_proto bpf_sock_hash_update_proto;
extern const struct bpf_func_proto bpf_get_current_cgroup_id_proto;
extern const struct bpf_func_proto bpf_get_current_ancestor_cgroup_id_proto;
extern const struct bpf_func_proto bpf_get_cgroup_classid_curr_proto;
+extern const struct bpf_func_proto bpf_current_task_under_cgroup_proto;
extern const struct bpf_func_proto bpf_msg_redirect_hash_proto;
extern const struct bpf_func_proto bpf_msg_redirect_map_proto;
extern const struct bpf_func_proto bpf_sk_redirect_hash_proto;
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index 8ba73042a239..e7113d700b87 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -2581,6 +2581,8 @@ cgroup_current_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
case BPF_FUNC_get_cgroup_classid:
return &bpf_get_cgroup_classid_curr_proto;
#endif
+ case BPF_FUNC_current_task_under_cgroup:
+ return &bpf_current_task_under_cgroup_proto;
default:
return NULL;
}
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 26b9649ab4ce..12e3aa40b180 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -2458,6 +2458,29 @@ __bpf_kfunc long bpf_task_under_cgroup(struct task_struct *task,
return ret;
}
+BPF_CALL_2(bpf_current_task_under_cgroup, struct bpf_map *, map, u32, idx)
+{
+ struct bpf_array *array = container_of(map, struct bpf_array, map);
+ struct cgroup *cgrp;
+
+ if (unlikely(idx >= array->map.max_entries))
+ return -E2BIG;
+
+ cgrp = READ_ONCE(array->ptrs[idx]);
+ if (unlikely(!cgrp))
+ return -EAGAIN;
+
+ return task_under_cgroup_hierarchy(current, cgrp);
+}
+
+const struct bpf_func_proto bpf_current_task_under_cgroup_proto = {
+ .func = bpf_current_task_under_cgroup,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_CONST_MAP_PTR,
+ .arg2_type = ARG_ANYTHING,
+};
+
/**
* bpf_task_get_cgroup1 - Acquires the associated cgroup of a task within a
* specific cgroup1 hierarchy. The cgroup1 hierarchy is identified by its
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index d557bb11e0ff..b69a39316c0c 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -797,29 +797,6 @@ const struct bpf_func_proto bpf_task_pt_regs_proto = {
.ret_btf_id = &bpf_task_pt_regs_ids[0],
};
-BPF_CALL_2(bpf_current_task_under_cgroup, struct bpf_map *, map, u32, idx)
-{
- struct bpf_array *array = container_of(map, struct bpf_array, map);
- struct cgroup *cgrp;
-
- if (unlikely(idx >= array->map.max_entries))
- return -E2BIG;
-
- cgrp = READ_ONCE(array->ptrs[idx]);
- if (unlikely(!cgrp))
- return -EAGAIN;
-
- return task_under_cgroup_hierarchy(current, cgrp);
-}
-
-static const struct bpf_func_proto bpf_current_task_under_cgroup_proto = {
- .func = bpf_current_task_under_cgroup,
- .gpl_only = false,
- .ret_type = RET_INTEGER,
- .arg1_type = ARG_CONST_MAP_PTR,
- .arg2_type = ARG_ANYTHING,
-};
-
struct send_signal_irq_work {
struct irq_work irq_work;
struct task_struct *task;
@@ -1480,8 +1457,6 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_get_numa_node_id_proto;
case BPF_FUNC_perf_event_read:
return &bpf_perf_event_read_proto;
- case BPF_FUNC_current_task_under_cgroup:
- return &bpf_current_task_under_cgroup_proto;
case BPF_FUNC_get_prandom_u32:
return &bpf_get_prandom_u32_proto;
case BPF_FUNC_probe_write_user:
@@ -1510,6 +1485,8 @@ bpf_tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
return &bpf_cgrp_storage_get_proto;
case BPF_FUNC_cgrp_storage_delete:
return &bpf_cgrp_storage_delete_proto;
+ case BPF_FUNC_current_task_under_cgroup:
+ return &bpf_current_task_under_cgroup_proto;
#endif
case BPF_FUNC_send_signal:
return &bpf_send_signal_proto;
--
2.46.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs
2024-08-19 16:28 [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_* Matteo Croce
@ 2024-08-19 22:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2024-08-19 22:50 UTC (permalink / raw)
To: Matteo Croce
Cc: andrii, ast, daniel, rostedt, mhiramat, bpf, linux-trace-kernel,
linux-kernel, teknoraver
Hello:
This series was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:
On Mon, 19 Aug 2024 18:28:03 +0200 you wrote:
> From: Matteo Croce <teknoraver@meta.com>
>
> Enable some BPF kfuncs and the helper bpf_current_task_under_cgroup()
> for program types BPF_CGROUP_*.
> These will be used by systemd-networkd:
> https://github.com/systemd/systemd/pull/32212
>
> [...]
Here is the summary with links:
- [bpf-next,v6,1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs
https://git.kernel.org/bpf/bpf-next/c/67666479edf1
- [bpf-next,v6,2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_*
https://git.kernel.org/bpf/bpf-next/c/7f6287417baf
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-08-19 22:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-19 16:28 [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 1/2] bpf: enable generic kfuncs for BPF_CGROUP_* programs Matteo Croce
2024-08-19 16:28 ` [PATCH bpf-next v6 2/2] bpf: allow bpf_current_task_under_cgroup() with BPF_CGROUP_* Matteo Croce
2024-08-19 22:50 ` [PATCH bpf-next v6 0/2] bpf: enable some functions in cgroup programs patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).