diff options
| author | David S. Miller <davem@davemloft.net> | 2016-08-12 21:49:42 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-08-12 21:49:42 -0700 |
| commit | 7cac5303ee006b6092d42daa065bb541bda51dd2 (patch) | |
| tree | 249b8cc8c37b46570ca05305aaa0c5ab79c28cee /include/uapi/linux/bpf.h | |
| parent | f9f9ab17268e53b2ca0920c0c0c50f98bd267fe3 (diff) | |
| parent | 9e6e60ecbd7323d4ac3f98dcdc1bd2c527a736ef (diff) | |
Merge branch 'bpf-under-cgroup'
Sargun Dhillon says:
====================
Add test_current_task_under_cgroup bpf helper and test
This patchset includes a helper and an example to determine whether the probe is
currently executing in the context of a specific cgroup based on a cgroup bpf
map / array. The helper checks the cgroupsv2 hierarchy based on the handle in
the map and if the current cgroup is equal to it, or a descendant of it. The
helper was tested with the example program, and it was verified that the correct
behaviour occurs in the interrupt context.
In an earlier version of this patchset I had added an "opensnoop"-like tool, and
I realized I was basically reimplementing a lot of the code that already exists
in the bcc repo. So, instead I decided to write a test that creates a new mount
namespace, mounts up the cgroupv2 hierarchy, and does some basic tests. I used
the sync syscall as a canary for these tests because it's a simple, 0-arg
syscall. Once this patch is accepted, adding support to opensnoop will be easy.
I also added a task_under_cgroup_hierarchy function in cgroups.h, as this
pattern is used in a couple places. Converting those can be done in a later
patchset.
Thanks to Alexei, Tejun, and Daniel for providing review.
v1->v2: Clean up
v2->v3: Move around ifdefs out of *.c files, add an "integration" test
v3->v4: De-genercize arraymap fetching function;
rename helper from in_cgroup to under_cgroup (makes much more sense)
Split adding cgroups task_under_cgroup_hierarchy function
v4->v5: Fix formatting
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux/bpf.h')
| -rw-r--r-- | include/uapi/linux/bpf.h | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index da218fec6056..bea0c4e2830a 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -375,6 +375,17 @@ enum bpf_func_id { */ BPF_FUNC_probe_write_user, + /** + * bpf_current_task_under_cgroup(map, index) - Check cgroup2 membership of current task + * @map: pointer to bpf_map in BPF_MAP_TYPE_CGROUP_ARRAY type + * @index: index of the cgroup in the bpf_map + * Return: + * == 0 current failed the cgroup2 descendant test + * == 1 current succeeded the cgroup2 descendant test + * < 0 error + */ + BPF_FUNC_current_task_under_cgroup, + __BPF_FUNC_MAX_ID, }; |