| Message ID | 20230903142800.3870-3-laoar.shao@gmail.com (mailing list archive) |
|---|---|
| State | RFC |
| Delegated to: | BPF |
| Headers | show |
| Series | bpf, cgroup: Enable cgroup_array map on cgroup1 | expand |
On Sun, Sep 03, 2023 at 02:27:57PM +0000, Yafang Shao wrote: > The cgroup_array map currently has support exclusively for cgroup2, owing > to the fact that cgroup_get_from_fd() is only valid for cgroup2 file > descriptors. However, an alternative approach is available where we can use > cgroup_v1v2_get_from_fd() for both cgroup1 and cgroup2 file descriptors. > > The corresponding cgroup pointer extracted from the cgroup file descriptor > will be utilized by functions like bpf_current_task_under_cgroup() or > bpf_skb_under_cgroup() to determine whether a task or socket buffer (skb) > is associated with a specific cgroup. In a previous commit, we successfully > enabled bpf_current_task_under_cgroup(), ensuring the safety of storing a > cgroup1 pointer within the cgroup_array map. > > Regarding bpf_skb_under_cgroup(), it is currently restricted to cgroup2 > functionality only. Nevertheless, it remains safe to verify a cgroup1 > pointer within this context as well, with the understanding that it will > return a "false" result in such cases. > > Signed-off-by: Yafang Shao <laoar.shao@gmail.com> > --- > kernel/bpf/arraymap.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c > index 2058e89..30ea57c 100644 > --- a/kernel/bpf/arraymap.c > +++ b/kernel/bpf/arraymap.c > @@ -1291,7 +1291,7 @@ static void *cgroup_fd_array_get_ptr(struct bpf_map *map, > struct file *map_file /* not used */, > int fd) > { > - return cgroup_get_from_fd(fd); > + return cgroup_v1v2_get_from_fd(fd); This part looks ok.
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 2058e89..30ea57c 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -1291,7 +1291,7 @@ static void *cgroup_fd_array_get_ptr(struct bpf_map *map, struct file *map_file /* not used */, int fd) { - return cgroup_get_from_fd(fd); + return cgroup_v1v2_get_from_fd(fd); } static void cgroup_fd_array_put_ptr(void *ptr)
The cgroup_array map currently has support exclusively for cgroup2, owing to the fact that cgroup_get_from_fd() is only valid for cgroup2 file descriptors. However, an alternative approach is available where we can use cgroup_v1v2_get_from_fd() for both cgroup1 and cgroup2 file descriptors. The corresponding cgroup pointer extracted from the cgroup file descriptor will be utilized by functions like bpf_current_task_under_cgroup() or bpf_skb_under_cgroup() to determine whether a task or socket buffer (skb) is associated with a specific cgroup. In a previous commit, we successfully enabled bpf_current_task_under_cgroup(), ensuring the safety of storing a cgroup1 pointer within the cgroup_array map. Regarding bpf_skb_under_cgroup(), it is currently restricted to cgroup2 functionality only. Nevertheless, it remains safe to verify a cgroup1 pointer within this context as well, with the understanding that it will return a "false" result in such cases. Signed-off-by: Yafang Shao <laoar.shao@gmail.com> --- kernel/bpf/arraymap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)