Message ID | 20220801232649.2306614-2-kuifeng@fb.com (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | BPF |
Headers | show |
Series | Parameterize task iterators. | expand |
On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > Allow creating an iterator that loops through resources of one task/thread. > > People could only create iterators to loop through all resources of > files, vma, and tasks in the system, even though they were interested > in only the resources of a specific task or process. Passing the > additional parameters, people can now create an iterator to go > through all resources or only the resources of a task. > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > --- > include/linux/bpf.h | 4 ++ > include/uapi/linux/bpf.h | 23 +++++++++ > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++-------- > tools/include/uapi/linux/bpf.h | 23 +++++++++ > 4 files changed, 121 insertions(+), 22 deletions(-) > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > index 11950029284f..3c26dbfc9cef 100644 > --- a/include/linux/bpf.h > +++ b/include/linux/bpf.h > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user *pathname, int flags); > > struct bpf_iter_aux_info { > struct bpf_map *map; > + struct { > + u32 tid; > + u8 type; > + } task; > }; > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > index ffcbf79a556b..ed5ba501609f 100644 > --- a/include/uapi/linux/bpf.h > +++ b/include/uapi/linux/bpf.h > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > __u32 attach_type; /* program attach type (enum bpf_attach_type) */ > }; > > +enum bpf_task_iter_type { > + BPF_TASK_ITER_ALL = 0, > + BPF_TASK_ITER_TID, > +}; > + > union bpf_iter_link_info { > struct { > __u32 map_fd; > } map; > + /* > + * Parameters of task iterators. > + */ > + struct { > + __u32 pid_fd; > + /* > + * The type of the iterator. > + * > + * It can be one of enum bpf_task_iter_type. > + * > + * BPF_TASK_ITER_ALL (default) > + * The iterator iterates over resources of everyprocess. > + * > + * BPF_TASK_ITER_TID > + * You should also set *pid_fd* to iterate over one task. > + */ > + __u8 type; /* BPF_TASK_ITER_* */ __u8 might be a pain for future extensibility. big vs little endian will be another potential issue. Maybe use enum bpf_task_iter_type type; here and move the comment to enum def ? Or rename it to '__u32 flags;' ?
On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > Allow creating an iterator that loops through resources of one task/thread. > > People could only create iterators to loop through all resources of > files, vma, and tasks in the system, even though they were interested > in only the resources of a specific task or process. Passing the > additional parameters, people can now create an iterator to go > through all resources or only the resources of a task. > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > --- > include/linux/bpf.h | 4 ++ > include/uapi/linux/bpf.h | 23 +++++++++ > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++-------- > tools/include/uapi/linux/bpf.h | 23 +++++++++ > 4 files changed, 121 insertions(+), 22 deletions(-) > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > index 11950029284f..3c26dbfc9cef 100644 > --- a/include/linux/bpf.h > +++ b/include/linux/bpf.h > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user *pathname, int flags); > > struct bpf_iter_aux_info { > struct bpf_map *map; > + struct { > + u32 tid; > + u8 type; > + } task; > }; > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > index ffcbf79a556b..ed5ba501609f 100644 > --- a/include/uapi/linux/bpf.h > +++ b/include/uapi/linux/bpf.h > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > __u32 attach_type; /* program attach type (enum bpf_attach_type) */ > }; > > +enum bpf_task_iter_type { > + BPF_TASK_ITER_ALL = 0, > + BPF_TASK_ITER_TID, > +}; > + > union bpf_iter_link_info { > struct { > __u32 map_fd; > } map; > + /* > + * Parameters of task iterators. > + */ > + struct { > + __u32 pid_fd; I was a bit late to the discussion about pidfd vs plain pid. I think we should support both in this API. While pid_fd has some nice guarantees like avoiding the risk of accidental PID reuse, in a lot (if not all) cases where task/task_vma/task_file iterators are going to be used this is never a risk, because pid will usually come from some tracing BPF program (kprobe/tp/fentry/etc), like in case of profiling, and then will be used by user-space almost immediately to query some additional information (fetching relevant vma information for profiling use case). So main benefit of pidfd is not that relevant for BPF tracing use cases, because PIDs are not going to be reused so fast within such a short time frame. But pidfd does have downsides. It requires 2 syscalls (pidfd_open and close) for each PID, it creates struct file for each such active pidfd. So it will have non-trivial overhead for high-frequency BPF iterator use cases (imagine querying some simple stats for a big set of tasks, frequently: you'll spend more time in pidfd syscalls and more resources just keeping corresponding struct file open than actually doing useful BPF work). For simple BPF iter cases it will unnecessarily complicate program flow while giving no benefit instead. So I propose we support both in UAPI. Internally either way we resolve to plain pid/tid, so this won't cause added maintenance burden. But simple cases will keep simple, while more long-lived and/or complicated ones will still be supported. We then can have BPF_TASK_ITER_PIDFD vs BPF_TASK_ITER_TID to differentiate whether the above __u32 pid_fd (which we should probably rename to something more generic like "target") is pid FD or TID/PID. See also below about TID vs PID. > + /* > + * The type of the iterator. > + * > + * It can be one of enum bpf_task_iter_type. > + * > + * BPF_TASK_ITER_ALL (default) > + * The iterator iterates over resources of everyprocess. > + * > + * BPF_TASK_ITER_TID > + * You should also set *pid_fd* to iterate over one task. naming nit: we should decide whether we use TID (thread) and PID (process) terminology (more usual for user-space) or PID (process == task == user-space thread) and TGID (thread group, i.e. user-space process). I haven't investigated much what's we use most consistently, but curious to hear what others think. Also I can see use-cases where we want to iterate just specified task (i.e., just specified thread) vs all the tasks that belong to the same process group (i.e., thread within process). Naming TBD, but we should have BPF_TASK_ITER_TID and BPF_TASK_ITER_TGID (or some other naming). One might ask why do we need single-task mode if we can always stop iteration from BPF program, but this is trivial only for iter/task, while for iter/task_vma and iter/task_file it becomes inconvenient to detect switch from one task to another. It costs us essentially nothing to support this mode, so I advocate to do that. I have similar thoughts about cgroup iteration modes and actually supporting cgroup_fd as target for task iterators (which will mean iterating tasks belonging to provided cgroup(s)), but I'll reply on cgroup iterator patch first, and we can just reuse the same cgroup target specification between iter/cgroup and iter/task afterwards. > + */ > + __u8 type; /* BPF_TASK_ITER_* */ > + } task; > }; > [...]
On Mon, 2022-08-01 at 20:30 -0700, Andrii Nakryiko wrote: > On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > > > Allow creating an iterator that loops through resources of one > > task/thread. > > > > People could only create iterators to loop through all resources of > > files, vma, and tasks in the system, even though they were > > interested > > in only the resources of a specific task or process. Passing the > > additional parameters, people can now create an iterator to go > > through all resources or only the resources of a task. > > > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > > --- > > include/linux/bpf.h | 4 ++ > > include/uapi/linux/bpf.h | 23 +++++++++ > > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++---- > > ---- > > tools/include/uapi/linux/bpf.h | 23 +++++++++ > > 4 files changed, 121 insertions(+), 22 deletions(-) > > > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > > index 11950029284f..3c26dbfc9cef 100644 > > --- a/include/linux/bpf.h > > +++ b/include/linux/bpf.h > > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user > > *pathname, int flags); > > > > struct bpf_iter_aux_info { > > struct bpf_map *map; > > + struct { > > + u32 tid; > > + u8 type; > > + } task; > > }; > > > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > index ffcbf79a556b..ed5ba501609f 100644 > > --- a/include/uapi/linux/bpf.h > > +++ b/include/uapi/linux/bpf.h > > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > > __u32 attach_type; /* program attach type > > (enum bpf_attach_type) */ > > }; > > > > +enum bpf_task_iter_type { > > + BPF_TASK_ITER_ALL = 0, > > + BPF_TASK_ITER_TID, > > +}; > > + > > union bpf_iter_link_info { > > struct { > > __u32 map_fd; > > } map; > > + /* > > + * Parameters of task iterators. > > + */ > > + struct { > > + __u32 pid_fd; > > I was a bit late to the discussion about pidfd vs plain pid. I think > we should support both in this API. While pid_fd has some nice > guarantees like avoiding the risk of accidental PID reuse, in a lot > (if not all) cases where task/task_vma/task_file iterators are going > to be used this is never a risk, because pid will usually come from > some tracing BPF program (kprobe/tp/fentry/etc), like in case of > profiling, and then will be used by user-space almost immediately to > query some additional information (fetching relevant vma information > for profiling use case). So main benefit of pidfd is not that > relevant > for BPF tracing use cases, because PIDs are not going to be reused so > fast within such a short time frame. > > But pidfd does have downsides. It requires 2 syscalls (pidfd_open and > close) for each PID, it creates struct file for each such active > pidfd. So it will have non-trivial overhead for high-frequency BPF > iterator use cases (imagine querying some simple stats for a big set > of tasks, frequently: you'll spend more time in pidfd syscalls and > more resources just keeping corresponding struct file open than > actually doing useful BPF work). For simple BPF iter cases it will > unnecessarily complicate program flow while giving no benefit > instead. It is a good point to have more syscalls. > > So I propose we support both in UAPI. Internally either way we > resolve > to plain pid/tid, so this won't cause added maintenance burden. But > simple cases will keep simple, while more long-lived and/or > complicated ones will still be supported. We then can have > BPF_TASK_ITER_PIDFD vs BPF_TASK_ITER_TID to differentiate whether the > above __u32 pid_fd (which we should probably rename to something more > generic like "target") is pid FD or TID/PID. See also below about TID > vs PID. > > > + /* > > + * The type of the iterator. > > + * > > + * It can be one of enum bpf_task_iter_type. > > + * > > + * BPF_TASK_ITER_ALL (default) > > + * The iterator iterates over resources of > > everyprocess. > > + * > > + * BPF_TASK_ITER_TID > > + * You should also set *pid_fd* to iterate > > over one task. > > naming nit: we should decide whether we use TID (thread) and PID > (process) terminology (more usual for user-space) or PID (process == > task == user-space thread) and TGID (thread group, i.e. user-space > process). I haven't investigated much what's we use most > consistently, > but curious to hear what others think. > > Also I can see use-cases where we want to iterate just specified task > (i.e., just specified thread) vs all the tasks that belong to the > same > process group (i.e., thread within process). Naming TBD, but we > should > have BPF_TASK_ITER_TID and BPF_TASK_ITER_TGID (or some other naming). I discussed with Yonghong about iterators over resources of all tasks of a process. User code should create iterators for each thread of the process if necessary. We may add the support of tgid if it is higly demanded. In a discussion of using pidfd, people mentioned to extend pidfd to threads if there is a good use-case. It also applies to our case. Most of the time, if not always, vma & files are shared by all threads of a process. So, an iteration over all resources of every threads of a process doesn't get obvious benefit. It is also true for an iterator over the resources of a specific thread instead of a process. > > One might ask why do we need single-task mode if we can always stop > iteration from BPF program, but this is trivial only for iter/task, > while for iter/task_vma and iter/task_file it becomes inconvenient to > detect switch from one task to another. It costs us essentially > nothing to support this mode, so I advocate to do that. > > I have similar thoughts about cgroup iteration modes and actually > supporting cgroup_fd as target for task iterators (which will mean > iterating tasks belonging to provided cgroup(s)), but I'll reply on > cgroup iterator patch first, and we can just reuse the same cgroup > target specification between iter/cgroup and iter/task afterwards. > > > > + */ > > + __u8 type; /* BPF_TASK_ITER_* */ > > + } task; > > }; > > > > [...]
On Mon, 2022-08-01 at 18:49 -0700, Alexei Starovoitov wrote: > On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > > > Allow creating an iterator that loops through resources of one > > task/thread. > > > > People could only create iterators to loop through all resources of > > files, vma, and tasks in the system, even though they were > > interested > > in only the resources of a specific task or process. Passing the > > additional parameters, people can now create an iterator to go > > through all resources or only the resources of a task. > > > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > > --- > > include/linux/bpf.h | 4 ++ > > include/uapi/linux/bpf.h | 23 +++++++++ > > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++---- > > ---- > > tools/include/uapi/linux/bpf.h | 23 +++++++++ > > 4 files changed, 121 insertions(+), 22 deletions(-) > > > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > > index 11950029284f..3c26dbfc9cef 100644 > > --- a/include/linux/bpf.h > > +++ b/include/linux/bpf.h > > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user > > *pathname, int flags); > > > > struct bpf_iter_aux_info { > > struct bpf_map *map; > > + struct { > > + u32 tid; > > + u8 type; > > + } task; > > }; > > > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > index ffcbf79a556b..ed5ba501609f 100644 > > --- a/include/uapi/linux/bpf.h > > +++ b/include/uapi/linux/bpf.h > > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > > __u32 attach_type; /* program attach type > > (enum bpf_attach_type) */ > > }; > > > > +enum bpf_task_iter_type { > > + BPF_TASK_ITER_ALL = 0, > > + BPF_TASK_ITER_TID, > > +}; > > + > > union bpf_iter_link_info { > > struct { > > __u32 map_fd; > > } map; > > + /* > > + * Parameters of task iterators. > > + */ > > + struct { > > + __u32 pid_fd; > > + /* > > + * The type of the iterator. > > + * > > + * It can be one of enum bpf_task_iter_type. > > + * > > + * BPF_TASK_ITER_ALL (default) > > + * The iterator iterates over resources of > > everyprocess. > > + * > > + * BPF_TASK_ITER_TID > > + * You should also set *pid_fd* to iterate > > over one task. > > + */ > > + __u8 type; /* BPF_TASK_ITER_* */ > > __u8 might be a pain for future extensibility. Do you mean the problem caused by padding? > big vs little endian will be another potential issue. Do we need binary compatible for different platforms? I don't get the point of endian. Could you explain it more? > > Maybe use enum bpf_task_iter_type type; here and > move the comment to enum def ? > Or rename it to '__u32 flags;' ?
On Tue, Aug 2, 2022 at 9:42 AM Kui-Feng Lee <kuifeng@fb.com> wrote: > > On Mon, 2022-08-01 at 20:30 -0700, Andrii Nakryiko wrote: > > On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > > > > > Allow creating an iterator that loops through resources of one > > > task/thread. > > > > > > People could only create iterators to loop through all resources of > > > files, vma, and tasks in the system, even though they were > > > interested > > > in only the resources of a specific task or process. Passing the > > > additional parameters, people can now create an iterator to go > > > through all resources or only the resources of a task. > > > > > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > > > --- > > > include/linux/bpf.h | 4 ++ > > > include/uapi/linux/bpf.h | 23 +++++++++ > > > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++---- > > > ---- > > > tools/include/uapi/linux/bpf.h | 23 +++++++++ > > > 4 files changed, 121 insertions(+), 22 deletions(-) > > > > > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > > > index 11950029284f..3c26dbfc9cef 100644 > > > --- a/include/linux/bpf.h > > > +++ b/include/linux/bpf.h > > > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user > > > *pathname, int flags); > > > > > > struct bpf_iter_aux_info { > > > struct bpf_map *map; > > > + struct { > > > + u32 tid; > > > + u8 type; > > > + } task; > > > }; > > > > > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > > index ffcbf79a556b..ed5ba501609f 100644 > > > --- a/include/uapi/linux/bpf.h > > > +++ b/include/uapi/linux/bpf.h > > > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > > > __u32 attach_type; /* program attach type > > > (enum bpf_attach_type) */ > > > }; > > > > > > +enum bpf_task_iter_type { > > > + BPF_TASK_ITER_ALL = 0, > > > + BPF_TASK_ITER_TID, > > > +}; > > > + > > > union bpf_iter_link_info { > > > struct { > > > __u32 map_fd; > > > } map; > > > + /* > > > + * Parameters of task iterators. > > > + */ > > > + struct { > > > + __u32 pid_fd; > > > > I was a bit late to the discussion about pidfd vs plain pid. I think > > we should support both in this API. While pid_fd has some nice > > guarantees like avoiding the risk of accidental PID reuse, in a lot > > (if not all) cases where task/task_vma/task_file iterators are going > > to be used this is never a risk, because pid will usually come from > > some tracing BPF program (kprobe/tp/fentry/etc), like in case of > > profiling, and then will be used by user-space almost immediately to > > query some additional information (fetching relevant vma information > > for profiling use case). So main benefit of pidfd is not that > > relevant > > for BPF tracing use cases, because PIDs are not going to be reused so > > fast within such a short time frame. > > > > But pidfd does have downsides. It requires 2 syscalls (pidfd_open and > > close) for each PID, it creates struct file for each such active > > pidfd. So it will have non-trivial overhead for high-frequency BPF > > iterator use cases (imagine querying some simple stats for a big set > > of tasks, frequently: you'll spend more time in pidfd syscalls and > > more resources just keeping corresponding struct file open than > > actually doing useful BPF work). For simple BPF iter cases it will > > unnecessarily complicate program flow while giving no benefit > > instead. > > It is a good point to have more syscalls. > > > > > So I propose we support both in UAPI. Internally either way we > > resolve > > to plain pid/tid, so this won't cause added maintenance burden. But > > simple cases will keep simple, while more long-lived and/or > > complicated ones will still be supported. We then can have > > BPF_TASK_ITER_PIDFD vs BPF_TASK_ITER_TID to differentiate whether the > > above __u32 pid_fd (which we should probably rename to something more > > generic like "target") is pid FD or TID/PID. See also below about TID > > vs PID. > > > > > + /* > > > + * The type of the iterator. > > > + * > > > + * It can be one of enum bpf_task_iter_type. > > > + * > > > + * BPF_TASK_ITER_ALL (default) > > > + * The iterator iterates over resources of > > > everyprocess. > > > + * > > > + * BPF_TASK_ITER_TID > > > + * You should also set *pid_fd* to iterate > > > over one task. > > > > naming nit: we should decide whether we use TID (thread) and PID > > (process) terminology (more usual for user-space) or PID (process == > > task == user-space thread) and TGID (thread group, i.e. user-space > > process). I haven't investigated much what's we use most > > consistently, > > but curious to hear what others think. > > > > Also I can see use-cases where we want to iterate just specified task > > (i.e., just specified thread) vs all the tasks that belong to the > > same > > process group (i.e., thread within process). Naming TBD, but we > > should > > have BPF_TASK_ITER_TID and BPF_TASK_ITER_TGID (or some other naming). > > > I discussed with Yonghong about iterators over resources of all tasks > of a process. User code should create iterators for each thread of the > process if necessary. We may add the support of tgid if it is higly > demanded. > > In a discussion of using pidfd, people mentioned to extend pidfd to > threads if there is a good use-case. It also applies to our case. > Most of the time, if not always, vma & files are shared by all threads > of a process. So, an iteration over all resources of every threads of > a process doesn't get obvious benefit. It is also true for an iterator > over the resources of a specific thread instead of a process. > Ok, so two different points here. First, TID (thread) vs TGID (process) modes. I'd define TGID mode as: a) user specifies some TID and we resolve that to thread group leader TID (that is we resolve thread to process), and then iterate all threads within that process. For TID (thread) mode, we accept specified TID as exactly the thread we iterate (even if it's thread group leader, we iterate only that specific thread, not all threads in a process). Second, about the point that all threads within a process share vma, file table, etc. That's true. But you are forgetting about iter/task that is iterating just tasks. TGID mode for such use case is very useful. For task_vma/task_file we can probably do the same logic we have today where if the thread has the same file table or mm_struct as thread group leader, we skip such thread when iterating vmas and files. Thoughts? > > > > One might ask why do we need single-task mode if we can always stop > > iteration from BPF program, but this is trivial only for iter/task, > > while for iter/task_vma and iter/task_file it becomes inconvenient to > > detect switch from one task to another. It costs us essentially > > nothing to support this mode, so I advocate to do that. > > > > I have similar thoughts about cgroup iteration modes and actually > > supporting cgroup_fd as target for task iterators (which will mean > > iterating tasks belonging to provided cgroup(s)), but I'll reply on > > cgroup iterator patch first, and we can just reuse the same cgroup > > target specification between iter/cgroup and iter/task afterwards. > > > > > > > + */ > > > + __u8 type; /* BPF_TASK_ITER_* */ > > > + } task; > > > }; > > > > > > > [...] >
On Tue, Aug 2, 2022 at 9:48 AM Kui-Feng Lee <kuifeng@fb.com> wrote: > > On Mon, 2022-08-01 at 18:49 -0700, Alexei Starovoitov wrote: > > On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> wrote: > > > > > > Allow creating an iterator that loops through resources of one > > > task/thread. > > > > > > People could only create iterators to loop through all resources of > > > files, vma, and tasks in the system, even though they were > > > interested > > > in only the resources of a specific task or process. Passing the > > > additional parameters, people can now create an iterator to go > > > through all resources or only the resources of a task. > > > > > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > > > --- > > > include/linux/bpf.h | 4 ++ > > > include/uapi/linux/bpf.h | 23 +++++++++ > > > kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++---- > > > ---- > > > tools/include/uapi/linux/bpf.h | 23 +++++++++ > > > 4 files changed, 121 insertions(+), 22 deletions(-) > > > > > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > > > index 11950029284f..3c26dbfc9cef 100644 > > > --- a/include/linux/bpf.h > > > +++ b/include/linux/bpf.h > > > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user > > > *pathname, int flags); > > > > > > struct bpf_iter_aux_info { > > > struct bpf_map *map; > > > + struct { > > > + u32 tid; > > > + u8 type; > > > + } task; > > > }; > > > > > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > > > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h > > > index ffcbf79a556b..ed5ba501609f 100644 > > > --- a/include/uapi/linux/bpf.h > > > +++ b/include/uapi/linux/bpf.h > > > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > > > __u32 attach_type; /* program attach type > > > (enum bpf_attach_type) */ > > > }; > > > > > > +enum bpf_task_iter_type { > > > + BPF_TASK_ITER_ALL = 0, > > > + BPF_TASK_ITER_TID, > > > +}; > > > + > > > union bpf_iter_link_info { > > > struct { > > > __u32 map_fd; > > > } map; > > > + /* > > > + * Parameters of task iterators. > > > + */ > > > + struct { > > > + __u32 pid_fd; > > > + /* > > > + * The type of the iterator. > > > + * > > > + * It can be one of enum bpf_task_iter_type. > > > + * > > > + * BPF_TASK_ITER_ALL (default) > > > + * The iterator iterates over resources of > > > everyprocess. > > > + * > > > + * BPF_TASK_ITER_TID > > > + * You should also set *pid_fd* to iterate > > > over one task. > > > + */ > > > + __u8 type; /* BPF_TASK_ITER_* */ > > > > __u8 might be a pain for future extensibility. > > Do you mean the problem caused by padding? Not Alexei, but I agree that there is no reason to try to save a few bytes here. Let's use u32 or just plain 32-bit enum. Please also put it in front of pid_fd (first field in this substruct), so that it's easier to extend this with more information about "iteration target" (e.g., if we later want to iterate tasks within cgroup, we might end up specifying cgroup_id, which I believe is 64-bit, so it would be nice to be able to just do a union across {pid_fd, pid, cgroup_fd, cgroup_id}. > > > big vs little endian will be another potential issue. > > Do we need binary compatible for different platforms? > I don't get the point of endian. Could you explain it more? > > > > > Maybe use enum bpf_task_iter_type type; here and > > move the comment to enum def ? > > Or rename it to '__u32 flags;' ? >
On Tue, 2022-08-02 at 14:17 -0700, Andrii Nakryiko wrote: > On Tue, Aug 2, 2022 at 9:42 AM Kui-Feng Lee <kuifeng@fb.com> wrote: > > > > On Mon, 2022-08-01 at 20:30 -0700, Andrii Nakryiko wrote: > > > On Mon, Aug 1, 2022 at 4:27 PM Kui-Feng Lee <kuifeng@fb.com> > > > wrote: > > > > > > > > Allow creating an iterator that loops through resources of one > > > > task/thread. > > > > > > > > People could only create iterators to loop through all > > > > resources of > > > > files, vma, and tasks in the system, even though they were > > > > interested > > > > in only the resources of a specific task or process. Passing > > > > the > > > > additional parameters, people can now create an iterator to go > > > > through all resources or only the resources of a task. > > > > > > > > Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> > > > > --- > > > > include/linux/bpf.h | 4 ++ > > > > include/uapi/linux/bpf.h | 23 +++++++++ > > > > kernel/bpf/task_iter.c | 93 > > > > ++++++++++++++++++++++++++---- > > > > ---- > > > > tools/include/uapi/linux/bpf.h | 23 +++++++++ > > > > 4 files changed, 121 insertions(+), 22 deletions(-) > > > > > > > > diff --git a/include/linux/bpf.h b/include/linux/bpf.h > > > > index 11950029284f..3c26dbfc9cef 100644 > > > > --- a/include/linux/bpf.h > > > > +++ b/include/linux/bpf.h > > > > @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user > > > > *pathname, int flags); > > > > > > > > struct bpf_iter_aux_info { > > > > struct bpf_map *map; > > > > + struct { > > > > + u32 tid; > > > > + u8 type; > > > > + } task; > > > > }; > > > > > > > > typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, > > > > diff --git a/include/uapi/linux/bpf.h > > > > b/include/uapi/linux/bpf.h > > > > index ffcbf79a556b..ed5ba501609f 100644 > > > > --- a/include/uapi/linux/bpf.h > > > > +++ b/include/uapi/linux/bpf.h > > > > @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { > > > > __u32 attach_type; /* program attach type > > > > (enum bpf_attach_type) */ > > > > }; > > > > > > > > +enum bpf_task_iter_type { > > > > + BPF_TASK_ITER_ALL = 0, > > > > + BPF_TASK_ITER_TID, > > > > +}; > > > > + > > > > union bpf_iter_link_info { > > > > struct { > > > > __u32 map_fd; > > > > } map; > > > > + /* > > > > + * Parameters of task iterators. > > > > + */ > > > > + struct { > > > > + __u32 pid_fd; > > > > > > I was a bit late to the discussion about pidfd vs plain pid. I > > > think > > > we should support both in this API. While pid_fd has some nice > > > guarantees like avoiding the risk of accidental PID reuse, in a > > > lot > > > (if not all) cases where task/task_vma/task_file iterators are > > > going > > > to be used this is never a risk, because pid will usually come > > > from > > > some tracing BPF program (kprobe/tp/fentry/etc), like in case of > > > profiling, and then will be used by user-space almost immediately > > > to > > > query some additional information (fetching relevant vma > > > information > > > for profiling use case). So main benefit of pidfd is not that > > > relevant > > > for BPF tracing use cases, because PIDs are not going to be > > > reused so > > > fast within such a short time frame. > > > > > > But pidfd does have downsides. It requires 2 syscalls (pidfd_open > > > and > > > close) for each PID, it creates struct file for each such active > > > pidfd. So it will have non-trivial overhead for high-frequency > > > BPF > > > iterator use cases (imagine querying some simple stats for a big > > > set > > > of tasks, frequently: you'll spend more time in pidfd syscalls > > > and > > > more resources just keeping corresponding struct file open than > > > actually doing useful BPF work). For simple BPF iter cases it > > > will > > > unnecessarily complicate program flow while giving no benefit > > > instead. > > > > It is a good point to have more syscalls. > > > > > > > > So I propose we support both in UAPI. Internally either way we > > > resolve > > > to plain pid/tid, so this won't cause added maintenance burden. > > > But > > > simple cases will keep simple, while more long-lived and/or > > > complicated ones will still be supported. We then can have > > > BPF_TASK_ITER_PIDFD vs BPF_TASK_ITER_TID to differentiate whether > > > the > > > above __u32 pid_fd (which we should probably rename to something > > > more > > > generic like "target") is pid FD or TID/PID. See also below about > > > TID > > > vs PID. > > > > > > > + /* > > > > + * The type of the iterator. > > > > + * > > > > + * It can be one of enum bpf_task_iter_type. > > > > + * > > > > + * BPF_TASK_ITER_ALL (default) > > > > + * The iterator iterates over resources of > > > > everyprocess. > > > > + * > > > > + * BPF_TASK_ITER_TID > > > > + * You should also set *pid_fd* to iterate > > > > over one task. > > > > > > naming nit: we should decide whether we use TID (thread) and PID > > > (process) terminology (more usual for user-space) or PID (process > > > == > > > task == user-space thread) and TGID (thread group, i.e. user- > > > space > > > process). I haven't investigated much what's we use most > > > consistently, > > > but curious to hear what others think. > > > > > > Also I can see use-cases where we want to iterate just specified > > > task > > > (i.e., just specified thread) vs all the tasks that belong to the > > > same > > > process group (i.e., thread within process). Naming TBD, but we > > > should > > > have BPF_TASK_ITER_TID and BPF_TASK_ITER_TGID (or some other > > > naming). > > > > > > I discussed with Yonghong about iterators over resources of all > > tasks > > of a process. User code should create iterators for each thread of > > the > > process if necessary. We may add the support of tgid if it is > > higly > > demanded. > > > > In a discussion of using pidfd, people mentioned to extend pidfd to > > threads if there is a good use-case. It also applies to our case. > > Most of the time, if not always, vma & files are shared by all > > threads > > of a process. So, an iteration over all resources of every threads > > of > > a process doesn't get obvious benefit. It is also true for an > > iterator > > over the resources of a specific thread instead of a process. > > > > Ok, so two different points here. > > First, TID (thread) vs TGID (process) modes. I'd define TGID mode as: > a) user specifies some TID and we resolve that to thread group leader > TID (that is we resolve thread to process), and then iterate all > threads within that process. For TID (thread) mode, we accept > specified TID as exactly the thread we iterate (even if it's thread > group leader, we iterate only that specific thread, not all threads > in > a process). > > Second, about the point that all threads within a process share vma, > file table, etc. That's true. But you are forgetting about iter/task > that is iterating just tasks. TGID mode for such use case is very > useful. For task_vma/task_file we can probably do the same logic we > have today where if the thread has the same file table or mm_struct > as > thread group leader, we skip such thread when iterating vmas and > files. Yes, you are right. Iterators of all tasks in a procss is useful. Just like our discussion offline, it is worth to supports pidfd, tid and tgid. For pidfd, it would works just like tgid. We just do a translation at the kernel from pidfd to tgid. > > Thoughts? > > > > > > > > One might ask why do we need single-task mode if we can always > > > stop > > > iteration from BPF program, but this is trivial only for > > > iter/task, > > > while for iter/task_vma and iter/task_file it becomes > > > inconvenient to > > > detect switch from one task to another. It costs us essentially > > > nothing to support this mode, so I advocate to do that. > > > > > > I have similar thoughts about cgroup iteration modes and actually > > > supporting cgroup_fd as target for task iterators (which will > > > mean > > > iterating tasks belonging to provided cgroup(s)), but I'll reply > > > on > > > cgroup iterator patch first, and we can just reuse the same > > > cgroup > > > target specification between iter/cgroup and iter/task > > > afterwards. > > > > > > > > > > + */ > > > > + __u8 type; /* BPF_TASK_ITER_* */ > > > > + } task; > > > > }; > > > > > > > > > > [...] > >
diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 11950029284f..3c26dbfc9cef 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -1718,6 +1718,10 @@ int bpf_obj_get_user(const char __user *pathname, int flags); struct bpf_iter_aux_info { struct bpf_map *map; + struct { + u32 tid; + u8 type; + } task; }; typedef int (*bpf_iter_attach_target_t)(struct bpf_prog *prog, diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index ffcbf79a556b..ed5ba501609f 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { __u32 attach_type; /* program attach type (enum bpf_attach_type) */ }; +enum bpf_task_iter_type { + BPF_TASK_ITER_ALL = 0, + BPF_TASK_ITER_TID, +}; + union bpf_iter_link_info { struct { __u32 map_fd; } map; + /* + * Parameters of task iterators. + */ + struct { + __u32 pid_fd; + /* + * The type of the iterator. + * + * It can be one of enum bpf_task_iter_type. + * + * BPF_TASK_ITER_ALL (default) + * The iterator iterates over resources of everyprocess. + * + * BPF_TASK_ITER_TID + * You should also set *pid_fd* to iterate over one task. + */ + __u8 type; /* BPF_TASK_ITER_* */ + } task; }; /* BPF syscall commands, see bpf(2) man-page for more details. */ diff --git a/kernel/bpf/task_iter.c b/kernel/bpf/task_iter.c index 8c921799def4..9942601e1dfb 100644 --- a/kernel/bpf/task_iter.c +++ b/kernel/bpf/task_iter.c @@ -12,6 +12,8 @@ struct bpf_iter_seq_task_common { struct pid_namespace *ns; + u32 tid; + u8 type; }; struct bpf_iter_seq_task_info { @@ -22,18 +24,31 @@ struct bpf_iter_seq_task_info { u32 tid; }; -static struct task_struct *task_seq_get_next(struct pid_namespace *ns, +static struct task_struct *task_seq_get_next(struct bpf_iter_seq_task_common *common, u32 *tid, bool skip_if_dup_files) { struct task_struct *task = NULL; struct pid *pid; + if (common->type == BPF_TASK_ITER_TID) { + if (*tid && *tid != common->tid) + return NULL; + rcu_read_lock(); + pid = find_pid_ns(common->tid, common->ns); + if (pid) { + task = get_pid_task(pid, PIDTYPE_PID); + *tid = common->tid; + } + rcu_read_unlock(); + return task; + } + rcu_read_lock(); retry: - pid = find_ge_pid(*tid, ns); + pid = find_ge_pid(*tid, common->ns); if (pid) { - *tid = pid_nr_ns(pid, ns); + *tid = pid_nr_ns(pid, common->ns); task = get_pid_task(pid, PIDTYPE_PID); if (!task) { ++*tid; @@ -56,7 +71,8 @@ static void *task_seq_start(struct seq_file *seq, loff_t *pos) struct bpf_iter_seq_task_info *info = seq->private; struct task_struct *task; - task = task_seq_get_next(info->common.ns, &info->tid, false); + task = task_seq_get_next(&info->common, &info->tid, false); + if (!task) return NULL; @@ -73,7 +89,8 @@ static void *task_seq_next(struct seq_file *seq, void *v, loff_t *pos) ++*pos; ++info->tid; put_task_struct((struct task_struct *)v); - task = task_seq_get_next(info->common.ns, &info->tid, false); + + task = task_seq_get_next(&info->common, &info->tid, false); if (!task) return NULL; @@ -117,6 +134,30 @@ static void task_seq_stop(struct seq_file *seq, void *v) put_task_struct((struct task_struct *)v); } +static int bpf_iter_attach_task(struct bpf_prog *prog, + union bpf_iter_link_info *linfo, + struct bpf_iter_aux_info *aux) +{ + unsigned int flags; + struct task_struct *tsk; + + if (linfo->task.type == BPF_TASK_ITER_ALL && linfo->task.pid_fd != 0) + return -EINVAL; + + aux->task.type = linfo->task.type; + + if (linfo->task.type == BPF_TASK_ITER_TID) { + tsk = pidfd_get_task(linfo->task.pid_fd, &flags); + if (IS_ERR(tsk)) + return PTR_ERR(tsk); + + aux->task.tid = tsk->pid; + put_task_struct(tsk); + } + + return 0; +} + static const struct seq_operations task_seq_ops = { .start = task_seq_start, .next = task_seq_next, @@ -137,8 +178,7 @@ struct bpf_iter_seq_task_file_info { static struct file * task_file_seq_get_next(struct bpf_iter_seq_task_file_info *info) { - struct pid_namespace *ns = info->common.ns; - u32 curr_tid = info->tid; + u32 saved_tid = info->tid; struct task_struct *curr_task; unsigned int curr_fd = info->fd; @@ -151,21 +191,18 @@ task_file_seq_get_next(struct bpf_iter_seq_task_file_info *info) curr_task = info->task; curr_fd = info->fd; } else { - curr_task = task_seq_get_next(ns, &curr_tid, true); + curr_task = task_seq_get_next(&info->common, &info->tid, true); if (!curr_task) { info->task = NULL; - info->tid = curr_tid; return NULL; } - /* set info->task and info->tid */ + /* set info->task */ info->task = curr_task; - if (curr_tid == info->tid) { + if (saved_tid == info->tid) curr_fd = info->fd; - } else { - info->tid = curr_tid; + else curr_fd = 0; - } } rcu_read_lock(); @@ -186,9 +223,15 @@ task_file_seq_get_next(struct bpf_iter_seq_task_file_info *info) /* the current task is done, go to the next task */ rcu_read_unlock(); put_task_struct(curr_task); + + if (info->common.type == BPF_TASK_ITER_TID) { + info->task = NULL; + return NULL; + } + info->task = NULL; info->fd = 0; - curr_tid = ++(info->tid); + saved_tid = ++(info->tid); goto again; } @@ -269,6 +312,8 @@ static int init_seq_pidns(void *priv_data, struct bpf_iter_aux_info *aux) struct bpf_iter_seq_task_common *common = priv_data; common->ns = get_pid_ns(task_active_pid_ns(current)); + common->type = aux->task.type; + common->tid = aux->task.tid; return 0; } @@ -307,11 +352,10 @@ enum bpf_task_vma_iter_find_op { static struct vm_area_struct * task_vma_seq_get_next(struct bpf_iter_seq_task_vma_info *info) { - struct pid_namespace *ns = info->common.ns; enum bpf_task_vma_iter_find_op op; struct vm_area_struct *curr_vma; struct task_struct *curr_task; - u32 curr_tid = info->tid; + u32 saved_tid = info->tid; /* If this function returns a non-NULL vma, it holds a reference to * the task_struct, and holds read lock on vma->mm->mmap_lock. @@ -371,14 +415,13 @@ task_vma_seq_get_next(struct bpf_iter_seq_task_vma_info *info) } } else { again: - curr_task = task_seq_get_next(ns, &curr_tid, true); + curr_task = task_seq_get_next(&info->common, &info->tid, true); if (!curr_task) { - info->tid = curr_tid + 1; + info->tid++; goto finish; } - if (curr_tid != info->tid) { - info->tid = curr_tid; + if (saved_tid != info->tid) { /* new task, process the first vma */ op = task_vma_iter_first_vma; } else { @@ -430,9 +473,12 @@ task_vma_seq_get_next(struct bpf_iter_seq_task_vma_info *info) return curr_vma; next_task: + if (info->common.type == BPF_TASK_ITER_TID) + goto finish; + put_task_struct(curr_task); info->task = NULL; - curr_tid++; + info->tid++; goto again; finish: @@ -533,6 +579,7 @@ static const struct bpf_iter_seq_info task_seq_info = { static struct bpf_iter_reg task_reg_info = { .target = "task", + .attach_target = bpf_iter_attach_task, .feature = BPF_ITER_RESCHED, .ctx_arg_info_size = 1, .ctx_arg_info = { @@ -551,6 +598,7 @@ static const struct bpf_iter_seq_info task_file_seq_info = { static struct bpf_iter_reg task_file_reg_info = { .target = "task_file", + .attach_target = bpf_iter_attach_task, .feature = BPF_ITER_RESCHED, .ctx_arg_info_size = 2, .ctx_arg_info = { @@ -571,6 +619,7 @@ static const struct bpf_iter_seq_info task_vma_seq_info = { static struct bpf_iter_reg task_vma_reg_info = { .target = "task_vma", + .attach_target = bpf_iter_attach_task, .feature = BPF_ITER_RESCHED, .ctx_arg_info_size = 2, .ctx_arg_info = { diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index ffcbf79a556b..ed5ba501609f 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -87,10 +87,33 @@ struct bpf_cgroup_storage_key { __u32 attach_type; /* program attach type (enum bpf_attach_type) */ }; +enum bpf_task_iter_type { + BPF_TASK_ITER_ALL = 0, + BPF_TASK_ITER_TID, +}; + union bpf_iter_link_info { struct { __u32 map_fd; } map; + /* + * Parameters of task iterators. + */ + struct { + __u32 pid_fd; + /* + * The type of the iterator. + * + * It can be one of enum bpf_task_iter_type. + * + * BPF_TASK_ITER_ALL (default) + * The iterator iterates over resources of everyprocess. + * + * BPF_TASK_ITER_TID + * You should also set *pid_fd* to iterate over one task. + */ + __u8 type; /* BPF_TASK_ITER_* */ + } task; }; /* BPF syscall commands, see bpf(2) man-page for more details. */
Allow creating an iterator that loops through resources of one task/thread. People could only create iterators to loop through all resources of files, vma, and tasks in the system, even though they were interested in only the resources of a specific task or process. Passing the additional parameters, people can now create an iterator to go through all resources or only the resources of a task. Signed-off-by: Kui-Feng Lee <kuifeng@fb.com> --- include/linux/bpf.h | 4 ++ include/uapi/linux/bpf.h | 23 +++++++++ kernel/bpf/task_iter.c | 93 ++++++++++++++++++++++++++-------- tools/include/uapi/linux/bpf.h | 23 +++++++++ 4 files changed, 121 insertions(+), 22 deletions(-)