From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carlos Neira Subject: Re: [PATCH bpf-next] BPF: helpers: New helper to obtain namespace data from current task Date: Thu, 9 Aug 2018 10:49:35 -0400 Message-ID: <20180809144935.27zl2gerxii6rgya@krondor> References: <20180809131800.11338-1-cneirabustos@gmail.com> <20180809154653.40396ce3@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Carlos Neira , netdev@vger.kernel.org, ebiederm@xmission.com, quentin.monnet@netronome.com, ys114321@gmail.com To: Jesper Dangaard Brouer Return-path: Received: from mail-qt0-f194.google.com ([209.85.216.194]:46325 "EHLO mail-qt0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732124AbeHIRO6 (ORCPT ); Thu, 9 Aug 2018 13:14:58 -0400 Received: by mail-qt0-f194.google.com with SMTP id d4-v6so6726068qtn.13 for ; Thu, 09 Aug 2018 07:49:43 -0700 (PDT) Content-Disposition: inline In-Reply-To: <20180809154653.40396ce3@redhat.com> Sender: netdev-owner@vger.kernel.org List-ID: Yes, you are right. I'll resubmit the patch with those corrections. Thanks a lot for catching this. Thu, Aug 09, 2018 at 03:46:53PM +0200, Jesper Dangaard Brouer wrote: > On Thu, 9 Aug 2018 09:18:00 -0400 > Carlos Neira wrote: > > > From: cneira > > > > This helper obtains the active namespace from current and returns pid, tgid, > > device and namespace id as seen from that namespace, allowing to instrument > > a process inside a container. > > Device is read from /proc/self/ns/pid, as in the future it's possible that > > different pid_ns files may belong to different devices, according > > to the discussion between Eric Biederman and Yonghong in 2017 linux plumbers > > conference. > > > > Currently bpf_get_current_pid_tgid(), is used to do pid filtering in bcc's > > scripts but this helper returns the pid as seen by the root namespace which is > > fine when a bcc script is not executed inside a container. > > When the process of interest is inside a container, pid filtering will not work > > if bpf_get_current_pid_tgid() is used. This helper addresses this limitation > > returning the pid as it's seen by the current namespace where the script is > > executing. > > > > This helper has the same use cases as bpf_get_current_pid_tgid() as it can be > > used to do pid filtering even inside a container. > > > > For example a bcc script using bpf_get_current_pid_tgid() (tools/funccount.py): > > > > u32 pid = bpf_get_current_pid_tgid() >> 32; > > if (pid != ) > > return 0; > > > > Could be modified to use bpf_get_current_pidns_info() as follows: > > > > struct bpf_pidns pidns; > > bpf_get_current_pid_tgid(&pidns, sizeof(struct bpf_pidns)); > ^^^^^^^^^^^^^^^^^^^^^^^^ > > Shouldn't this be: > bpf_get_current_pidns_info(...) > > > u32 pid = pidns.tgid; > > u32 nsid = pidns.nsid; > > if ((pid != ) && (nsid != )) > > return 0; > > > > [...] > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > index dd5758dc35d3..031e7d9dba09 100644 > > --- a/include/uapi/linux/bpf.h > > +++ b/include/uapi/linux/bpf.h > > @@ -2113,6 +2113,18 @@ union bpf_attr { > > * the shared data. > > * Return > > * Pointer to the local storage area. > > + * > > + * int bpf_get_current_pidns(struct bpf_pidns_info *pidns, u32 size_of_pidns) > > Should this be: > bpf_get_current_pidns_info(...) > > > + * Description > > + * Copies into *pidns* pid, namespace id and tgid as seen by the > > + * current namespace and also device from /proc/self/ns/pid. > > + * *size_of_pidns* must be the size of *pidns* > > + * > > + * This helper is used when pid filtering is needed inside a > > + * container as bpf_get_current_tgid() helper returns always the > > + * pid id as seen by the root namespace. > > + * Return > > + * 0 on success -EINVAL on error. > > */ > > #define __BPF_FUNC_MAPPER(FN) \ > > FN(unspec), \ > > @@ -2196,7 +2208,8 @@ union bpf_attr { > > FN(rc_keydown), \ > > FN(skb_cgroup_id), \ > > FN(get_current_cgroup_id), \ > > - FN(get_local_storage), > > + FN(get_local_storage), \ > > + FN(get_current_pidns_info), > > -- > Best regards, > Jesper Dangaard Brouer > MSc.CS, Principal Kernel Engineer at Red Hat > LinkedIn: http://www.linkedin.com/in/brouer