From patchwork Fri Jul 17 00:16:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YiFei Zhu X-Patchwork-Id: 1330633 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ABwBPq4X; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B7BWX54YYz9sRk for ; Fri, 17 Jul 2020 10:16:56 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726130AbgGQAQz (ORCPT ); Thu, 16 Jul 2020 20:16:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbgGQAQy (ORCPT ); Thu, 16 Jul 2020 20:16:54 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE179C061755 for ; Thu, 16 Jul 2020 17:16:54 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id a12so8324692ion.13 for ; Thu, 16 Jul 2020 17:16:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=K0P8SGFPnoqyVi26FeXQVELcv5US6/6JL1LqKWbrJiA=; b=ABwBPq4XnUqXZF0yNAi4Hu4iUrLs0w2b7BOlnly0a3uSfkP3PgAhGm2mODS2CW2kNX B6CsgDy5hzy1Mg6iSvqDsawR7YmStVE76jmm+iAk3ChjOgTGTEir9zPQlyVvOzEMzh7h RgoPt/dLaUjTAO030gG7vk2H+pzJUCUx1af6qPnlIS10MT3H5kLQrEk8Tkd513k1qgjq trEiYeetWonH2zXq9LadVpDC3U4bz4z/8ho9OpQjtOY2/YIED9+TCw3hefBwk9vlk8Y0 TRiOn3k26qeN/c7BiUVbBWm+d1cYjSi+KO2iB3tsPg7lHV4BC3u5j1ydoEu/9TEF0n5u +KQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=K0P8SGFPnoqyVi26FeXQVELcv5US6/6JL1LqKWbrJiA=; b=Uh3Rznp3tg07Ke/eOkECztVzQM5detanwJ0EbpZ3VaQveYwKqCxUA7WgOBbUnck8+i Ky/fLXlCwiKO/tHrcnJYqqdapBToi/MNOeRbMiJlmOD7U3Z82ak3RRIN6rhMAoawowoq fNheU4mw/kZb5oXrQGSpySxiwJunbL+ZQmNz0IJ5JOJ/twb6LJrKVMjo2mhGQj2LmrX3 cvTn5zj0L1nixoN8Hgy4pYkYmO1X2AAPpuez2BxGHCsIzjeOWs2wKH3fvW0e9nZ2/sZE 6gI1b5WipOasGaBXXGP7zlrkjj+szYDOmmcA55sBXL+nlKsIUdRaknzlxDDbz7l0sLm+ 1BRA== X-Gm-Message-State: AOAM531xiDiSj26x5y8FySzDGtgRueXTzJhJvi9eW2Fhz7HSNXOt2ho1 lxPVoahEZ2LKdxT4MI7vekJXI9AtcIdw4A== X-Google-Smtp-Source: ABdhPJwmyO4KkCUviiyic645WnuqFRl4xF0NnOxjb2kTdBFEdzAk8P0GOs3MQvxPRiHbq8+EFO3xqA== X-Received: by 2002:a6b:8b11:: with SMTP id n17mr6917646iod.155.1594945013865; Thu, 16 Jul 2020 17:16:53 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-219.tnkngak.clients.pavlovmedia.com. [173.230.99.219]) by smtp.gmail.com with ESMTPSA id m5sm3427493ilg.18.2020.07.16.17.16.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 17:16:53 -0700 (PDT) From: YiFei Zhu To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Stanislav Fomichev , Mahesh Bandewar , Roman Gushchin , Andrii Nakryiko , Martin KaFai Lau , YiFei Zhu Subject: [PATCH v3 bpf-next 1/5] selftests/bpf: Add test for CGROUP_STORAGE map on multiple attaches Date: Thu, 16 Jul 2020 19:16:25 -0500 Message-Id: <60723a180cac6aad3d0bd6d77719f8e30619dc9d.1594944827.git.zhuyifei@google.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: YiFei Zhu This test creates a parent cgroup, and a child of that cgroup. It attaches a cgroup_skb/egress program that simply counts packets, to a global variable (ARRAY map), and to a CGROUP_STORAGE map. The program is first attached to the parent cgroup only, then to parent and child. The test cases sends a message within the child cgroup, and because the program is inherited across parent / child cgroups, it will trigger the egress program for both the parent and child, if they exist. The program, when looking up a CGROUP_STORAGE map, uses the cgroup and attach type of the attachment parameters; therefore, both attaches uses different cgroup storages. We assert that all packet counts returns what we expects. Signed-off-by: YiFei Zhu --- .../bpf/prog_tests/cg_storage_multi.c | 163 ++++++++++++++++++ .../bpf/progs/cg_storage_multi_egress_only.c | 30 ++++ 2 files changed, 193 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c create mode 100644 tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c diff --git a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c new file mode 100644 index 000000000000..6d5a2194e036 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c @@ -0,0 +1,163 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright 2020 Google LLC. + */ + +#include +#include +#include + +#include "cg_storage_multi_egress_only.skel.h" + +#define PARENT_CGROUP "/cgroup_storage" +#define CHILD_CGROUP "/cgroup_storage/child" + +static int duration; + +static bool assert_storage(struct bpf_map *map, const char *cgroup_path, + __u32 expected) +{ + struct bpf_cgroup_storage_key key = {0}; + __u32 value; + int map_fd; + + map_fd = bpf_map__fd(map); + + key.cgroup_inode_id = get_cgroup_id(cgroup_path); + key.attach_type = BPF_CGROUP_INET_EGRESS; + if (CHECK(bpf_map_lookup_elem(map_fd, &key, &value) < 0, + "map-lookup", "errno %d", errno)) + return true; + if (CHECK(value != expected, + "assert-storage", "got %u expected %u", value, expected)) + return true; + + return false; +} + +static bool assert_storage_noexist(struct bpf_map *map, const char *cgroup_path) +{ + struct bpf_cgroup_storage_key key = {0}; + __u32 value; + int map_fd; + + map_fd = bpf_map__fd(map); + + key.cgroup_inode_id = get_cgroup_id(cgroup_path); + key.attach_type = BPF_CGROUP_INET_EGRESS; + if (CHECK(bpf_map_lookup_elem(map_fd, &key, &value) == 0, + "map-lookup", "succeeded, expected ENOENT")) + return true; + if (CHECK(errno != ENOENT, + "map-lookup", "errno %d, expected ENOENT", errno)) + return true; + + return false; +} + +static bool connect_send(const char *cgroup_path) +{ + bool res = true; + int server_fd = -1, client_fd = -1; + + if (join_cgroup(cgroup_path)) + goto out_clean; + + server_fd = start_server(AF_INET, SOCK_DGRAM, NULL, 0, 0); + if (server_fd < 0) + goto out_clean; + + client_fd = connect_to_fd(server_fd, 0); + if (client_fd < 0) + goto out_clean; + + if (send(client_fd, "message", strlen("message"), 0) < 0) + goto out_clean; + + res = false; + +out_clean: + close(client_fd); + close(server_fd); + return res; +} + +static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) +{ + struct cg_storage_multi_egress_only *obj; + struct bpf_link *parent_link = NULL, *child_link = NULL; + bool err; + + obj = cg_storage_multi_egress_only__open_and_load(); + if (CHECK(!obj, "skel-load", "errno %d", errno)) + return; + + /* Attach to parent cgroup, trigger packet from child. + * Assert that there is only one run and in that run the storage is + * parent cgroup's storage. + * Also assert that child cgroup's storage does not exist + */ + parent_link = bpf_program__attach_cgroup(obj->progs.egress, + parent_cgroup_fd); + if (CHECK(IS_ERR(parent_link), "parent-cg-attach", + "err %ld", PTR_ERR(parent_link))) + goto close_bpf_object; + err = connect_send(CHILD_CGROUP); + if (CHECK(err, "first-connect-send", "errno %d", errno)) + goto close_bpf_object; + if (CHECK(obj->bss->invocations != 1, + "first-invoke", "invocations=%d", obj->bss->invocations)) + goto close_bpf_object; + if (assert_storage(obj->maps.cgroup_storage, PARENT_CGROUP, 1)) + goto close_bpf_object; + if (assert_storage_noexist(obj->maps.cgroup_storage, CHILD_CGROUP)) + goto close_bpf_object; + + /* Attach to parent and child cgroup, trigger packet from child. + * Assert that there are two additional runs, one that run with parent + * cgroup's storage and one with child cgroup's storage. + */ + child_link = bpf_program__attach_cgroup(obj->progs.egress, + child_cgroup_fd); + if (CHECK(IS_ERR(child_link), "child-cg-attach", + "err %ld", PTR_ERR(child_link))) + goto close_bpf_object; + err = connect_send(CHILD_CGROUP); + if (CHECK(err, "second-connect-send", "errno %d", errno)) + goto close_bpf_object; + if (CHECK(obj->bss->invocations != 3, + "second-invoke", "invocations=%d", obj->bss->invocations)) + goto close_bpf_object; + if (assert_storage(obj->maps.cgroup_storage, PARENT_CGROUP, 2)) + goto close_bpf_object; + if (assert_storage(obj->maps.cgroup_storage, CHILD_CGROUP, 1)) + goto close_bpf_object; + +close_bpf_object: + if (parent_link) + bpf_link__destroy(parent_link); + if (child_link) + bpf_link__destroy(child_link); + + cg_storage_multi_egress_only__destroy(obj); +} + +void test_cg_storage_multi(void) +{ + int parent_cgroup_fd = -1, child_cgroup_fd = -1; + + parent_cgroup_fd = test__join_cgroup(PARENT_CGROUP); + if (CHECK(parent_cgroup_fd < 0, "cg-create-parent", "errno %d", errno)) + goto close_cgroup_fd; + child_cgroup_fd = create_and_get_cgroup(CHILD_CGROUP); + if (CHECK(child_cgroup_fd < 0, "cg-create-child", "errno %d", errno)) + goto close_cgroup_fd; + + if (test__start_subtest("egress_only")) + test_egress_only(parent_cgroup_fd, child_cgroup_fd); + +close_cgroup_fd: + close(child_cgroup_fd); + close(parent_cgroup_fd); +} diff --git a/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c new file mode 100644 index 000000000000..ec0165d07105 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright 2020 Google LLC. + */ + +#include +#include +#include +#include +#include + +struct { + __uint(type, BPF_MAP_TYPE_CGROUP_STORAGE); + __type(key, struct bpf_cgroup_storage_key); + __type(value, __u32); +} cgroup_storage SEC(".maps"); + +__u32 invocations = 0; + +SEC("cgroup_skb/egress") +int egress(struct __sk_buff *skb) +{ + __u32 *ptr_cg_storage = bpf_get_local_storage(&cgroup_storage, 0); + + __sync_fetch_and_add(ptr_cg_storage, 1); + __sync_fetch_and_add(&invocations, 1); + + return 1; +} From patchwork Fri Jul 17 00:16:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YiFei Zhu X-Patchwork-Id: 1330634 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=R/QyUFBa; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B7BWY0r67z9sSd for ; Fri, 17 Jul 2020 10:16:57 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726143AbgGQAQ4 (ORCPT ); Thu, 16 Jul 2020 20:16:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbgGQAQz (ORCPT ); Thu, 16 Jul 2020 20:16:55 -0400 Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B7981C061755 for ; Thu, 16 Jul 2020 17:16:55 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id p205so8333124iod.8 for ; Thu, 16 Jul 2020 17:16:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Wx06PrtWwrmuUpUzLQRfCLq3oYG7PmzNPdENRnSUpIU=; b=R/QyUFBaZrm/R0fhoexAHhVxV6dto6HFbymJmuexeChG2KFYIYNqOzPIK8ysMyw4Ap VkFoHlAPp9HlrDu9vt5OzUrj6c6VEk5NXeYEuHgoppqF3kGuvGFFttBINeQd57aKCoPI dtSFDCzo3oj+vuYMYWyYMdTKZ9yR4pRHLXY6GR8FssKzPZiIbKdbSiJe+1LieSO6yZ6E HizLOywggnvCYUjf6yE2XMEDKc/s0sAs/OaBDR4EyppU2S+WSPMvORMDkzuHy7DgbcD/ B0XBJwJMhfrH5HkIyj3eBwlexmmfFr1iGvK4epE6XbtEB2ZWBqA+0+CfoZ9E8Eevfwc7 wGZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Wx06PrtWwrmuUpUzLQRfCLq3oYG7PmzNPdENRnSUpIU=; b=HRB8G0+/bXCWEOD6VXEYlcEf1yD9NwGk0I0UVlcB7bbF8w2fz7BB51GMV6qG5dkteR lSxRO9XV1+LCbzW3ISUIY20hRmdxwTCRdox5e4LU99Oma2ZT6OzJ/WQmIGk1HXFVAjHo zmFChwKEXEPI5FY61WWLOayxtKXzL2FIssU97x8be2FNVrtCzgViz4gUeGE4ia3P6EXj DT5ykM6TXeyaTSB4mXuwImv1dqQ/asdZ59ofooe7+X8GIihcQ5h7UADtmDzHRqWQDjn3 k/1kPM4D2UQKla53owhFRrPTHSyodAzUJH74Lf9L3oPOMrhwswuxzKPSYQDVkv4Ia0Tq FsUw== X-Gm-Message-State: AOAM530wtvWy2gGX1iBwJgARb+zXm5vNwUc99+lSxpKKON02AHVtKJcp rfp4Rq5u+QtvfdP28zOVfu/vcKpE721u9Q== X-Google-Smtp-Source: ABdhPJwObsg5np6gZyfu6YYu8o8a2oRcLVUSMWnxloySX9ihf236OEkFmTu3hxZhfsLRmAP99WsLdA== X-Received: by 2002:a6b:c889:: with SMTP id y131mr7034504iof.194.1594945014812; Thu, 16 Jul 2020 17:16:54 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-219.tnkngak.clients.pavlovmedia.com. [173.230.99.219]) by smtp.gmail.com with ESMTPSA id m5sm3427493ilg.18.2020.07.16.17.16.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 17:16:54 -0700 (PDT) From: YiFei Zhu To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Stanislav Fomichev , Mahesh Bandewar , Roman Gushchin , Andrii Nakryiko , Martin KaFai Lau , YiFei Zhu Subject: [PATCH v3 bpf-next 2/5] selftests/bpf: Test CGROUP_STORAGE map can't be used by multiple progs Date: Thu, 16 Jul 2020 19:16:26 -0500 Message-Id: <4d599c413264a61edd2ad224ba9c2be135753efb.1594944827.git.zhuyifei@google.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: YiFei Zhu The current assumption is that the lifetime of a cgroup storage is tied to the program's attachment. The storage is created in cgroup_bpf_attach, and released upon cgroup_bpf_detach and cgroup_bpf_release. Because the current semantics is that each attachment gets a completely independent cgroup storage, and you can have multiple programs attached to the same (cgroup, attach type) pair, the key of the CGROUP_STORAGE map, looking up the map with this pair could yield multiple storages, and that is not permitted. Therefore, the kernel verifier checks that two programs cannot share the same CGROUP_STORAGE map, even if they have different expected attach types, considering that the actual attach type does not always have to be equal to the expected attach type. The test creates a CGROUP_STORAGE map and make it shared across two different programs, one cgroup_skb/egress and one /ingress. It asserts that the two programs cannot be both loaded, due to verifier failure from the above reason. Signed-off-by: YiFei Zhu --- .../bpf/prog_tests/cg_storage_multi.c | 42 +++++++++++++---- .../selftests/bpf/progs/cg_storage_multi.h | 13 ++++++ .../progs/cg_storage_multi_egress_ingress.c | 45 +++++++++++++++++++ .../bpf/progs/cg_storage_multi_egress_only.c | 9 ++-- 4 files changed, 98 insertions(+), 11 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/cg_storage_multi.h create mode 100644 tools/testing/selftests/bpf/progs/cg_storage_multi_egress_ingress.c diff --git a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c index 6d5a2194e036..1f4ab437ddb9 100644 --- a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c +++ b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c @@ -8,7 +8,10 @@ #include #include +#include "progs/cg_storage_multi.h" + #include "cg_storage_multi_egress_only.skel.h" +#include "cg_storage_multi_egress_ingress.skel.h" #define PARENT_CGROUP "/cgroup_storage" #define CHILD_CGROUP "/cgroup_storage/child" @@ -16,10 +19,10 @@ static int duration; static bool assert_storage(struct bpf_map *map, const char *cgroup_path, - __u32 expected) + struct cgroup_value *expected) { struct bpf_cgroup_storage_key key = {0}; - __u32 value; + struct cgroup_value value; int map_fd; map_fd = bpf_map__fd(map); @@ -29,8 +32,8 @@ static bool assert_storage(struct bpf_map *map, const char *cgroup_path, if (CHECK(bpf_map_lookup_elem(map_fd, &key, &value) < 0, "map-lookup", "errno %d", errno)) return true; - if (CHECK(value != expected, - "assert-storage", "got %u expected %u", value, expected)) + if (CHECK(memcmp(&value, expected, sizeof(struct cgroup_value)), + "assert-storage", "storages differ")) return true; return false; @@ -39,7 +42,7 @@ static bool assert_storage(struct bpf_map *map, const char *cgroup_path, static bool assert_storage_noexist(struct bpf_map *map, const char *cgroup_path) { struct bpf_cgroup_storage_key key = {0}; - __u32 value; + struct cgroup_value value; int map_fd; map_fd = bpf_map__fd(map); @@ -86,6 +89,7 @@ static bool connect_send(const char *cgroup_path) static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) { struct cg_storage_multi_egress_only *obj; + struct cgroup_value expected_cgroup_value; struct bpf_link *parent_link = NULL, *child_link = NULL; bool err; @@ -109,7 +113,9 @@ static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) if (CHECK(obj->bss->invocations != 1, "first-invoke", "invocations=%d", obj->bss->invocations)) goto close_bpf_object; - if (assert_storage(obj->maps.cgroup_storage, PARENT_CGROUP, 1)) + expected_cgroup_value = (struct cgroup_value) { .egress_pkts = 1 }; + if (assert_storage(obj->maps.cgroup_storage, + PARENT_CGROUP, &expected_cgroup_value)) goto close_bpf_object; if (assert_storage_noexist(obj->maps.cgroup_storage, CHILD_CGROUP)) goto close_bpf_object; @@ -129,9 +135,13 @@ static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) if (CHECK(obj->bss->invocations != 3, "second-invoke", "invocations=%d", obj->bss->invocations)) goto close_bpf_object; - if (assert_storage(obj->maps.cgroup_storage, PARENT_CGROUP, 2)) + expected_cgroup_value = (struct cgroup_value) { .egress_pkts = 2 }; + if (assert_storage(obj->maps.cgroup_storage, + PARENT_CGROUP, &expected_cgroup_value)) goto close_bpf_object; - if (assert_storage(obj->maps.cgroup_storage, CHILD_CGROUP, 1)) + expected_cgroup_value = (struct cgroup_value) { .egress_pkts = 1 }; + if (assert_storage(obj->maps.cgroup_storage, + CHILD_CGROUP, &expected_cgroup_value)) goto close_bpf_object; close_bpf_object: @@ -143,6 +153,19 @@ static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) cg_storage_multi_egress_only__destroy(obj); } +static void test_egress_ingress(int parent_cgroup_fd, int child_cgroup_fd) +{ + struct cg_storage_multi_egress_ingress *obj; + + /* Cannot load both programs due to verifier failure: + * "only one cgroup storage of each type is allowed" + */ + obj = cg_storage_multi_egress_ingress__open_and_load(); + if (CHECK(obj || errno != EBUSY, + "skel-load", "errno %d, expected EBUSY", errno)) + return; +} + void test_cg_storage_multi(void) { int parent_cgroup_fd = -1, child_cgroup_fd = -1; @@ -157,6 +180,9 @@ void test_cg_storage_multi(void) if (test__start_subtest("egress_only")) test_egress_only(parent_cgroup_fd, child_cgroup_fd); + if (test__start_subtest("egress_ingress")) + test_egress_ingress(parent_cgroup_fd, child_cgroup_fd); + close_cgroup_fd: close(child_cgroup_fd); close(parent_cgroup_fd); diff --git a/tools/testing/selftests/bpf/progs/cg_storage_multi.h b/tools/testing/selftests/bpf/progs/cg_storage_multi.h new file mode 100644 index 000000000000..a0778fe7857a --- /dev/null +++ b/tools/testing/selftests/bpf/progs/cg_storage_multi.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#ifndef __PROGS_CG_STORAGE_MULTI_H +#define __PROGS_CG_STORAGE_MULTI_H + +#include + +struct cgroup_value { + __u32 egress_pkts; + __u32 ingress_pkts; +}; + +#endif diff --git a/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_ingress.c b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_ingress.c new file mode 100644 index 000000000000..9ce386899365 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_ingress.c @@ -0,0 +1,45 @@ +// SPDX-License-Identifier: GPL-2.0-only + +/* + * Copyright 2020 Google LLC. + */ + +#include +#include +#include +#include +#include + +#include "progs/cg_storage_multi.h" + +struct { + __uint(type, BPF_MAP_TYPE_CGROUP_STORAGE); + __type(key, struct bpf_cgroup_storage_key); + __type(value, struct cgroup_value); +} cgroup_storage SEC(".maps"); + +__u32 invocations = 0; + +SEC("cgroup_skb/egress") +int egress(struct __sk_buff *skb) +{ + struct cgroup_value *ptr_cg_storage = + bpf_get_local_storage(&cgroup_storage, 0); + + __sync_fetch_and_add(&ptr_cg_storage->egress_pkts, 1); + __sync_fetch_and_add(&invocations, 1); + + return 1; +} + +SEC("cgroup_skb/ingress") +int ingress(struct __sk_buff *skb) +{ + struct cgroup_value *ptr_cg_storage = + bpf_get_local_storage(&cgroup_storage, 0); + + __sync_fetch_and_add(&ptr_cg_storage->ingress_pkts, 1); + __sync_fetch_and_add(&invocations, 1); + + return 1; +} diff --git a/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c index ec0165d07105..44ad46b33539 100644 --- a/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c +++ b/tools/testing/selftests/bpf/progs/cg_storage_multi_egress_only.c @@ -10,10 +10,12 @@ #include #include +#include "progs/cg_storage_multi.h" + struct { __uint(type, BPF_MAP_TYPE_CGROUP_STORAGE); __type(key, struct bpf_cgroup_storage_key); - __type(value, __u32); + __type(value, struct cgroup_value); } cgroup_storage SEC(".maps"); __u32 invocations = 0; @@ -21,9 +23,10 @@ __u32 invocations = 0; SEC("cgroup_skb/egress") int egress(struct __sk_buff *skb) { - __u32 *ptr_cg_storage = bpf_get_local_storage(&cgroup_storage, 0); + struct cgroup_value *ptr_cg_storage = + bpf_get_local_storage(&cgroup_storage, 0); - __sync_fetch_and_add(ptr_cg_storage, 1); + __sync_fetch_and_add(&ptr_cg_storage->egress_pkts, 1); __sync_fetch_and_add(&invocations, 1); return 1; From patchwork Fri Jul 17 00:16:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YiFei Zhu X-Patchwork-Id: 1330635 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=JTPVQ5YK; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B7BWZ3nwsz9sRN for ; Fri, 17 Jul 2020 10:16:58 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726167AbgGQAQ6 (ORCPT ); Thu, 16 Jul 2020 20:16:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbgGQAQ5 (ORCPT ); Thu, 16 Jul 2020 20:16:57 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51699C061755 for ; Thu, 16 Jul 2020 17:16:57 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id p205so8333191iod.8 for ; Thu, 16 Jul 2020 17:16:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Jj0lND0iwQ02yIIeBWCMe3Oyip+M/bV40Uoh3BeLCp8=; b=JTPVQ5YKJjxqEdiLTdMgKMGq+xhjvdPzjjX++SIj2y36d9ba5O3GMnLc9bEUX5UyEn 9f+G/tFpgkEUNrQLX+5I558y3uFztXVyU+xM/0xMfIZCrC/KmJ5/D9xXe6KBo8sazekK l2uWp9+/xUMvGpPturvrEqAp5+7GOaqnbomjVmSuKeijPv1xxt01QViOcFO+guejlZRq pfTJ6LQ57h6NVbxYeyGD6qw8J2TTFkgcmFqCJ47g5JooR862lAv/ED0czM8cmjoCndrb i0m3PVhRExq66u0DowKwp2Q9IufuBaCFrHlSzxPd4Jgq+Uy8AwwyPuQDuZ+8ULS1MUPY BcXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Jj0lND0iwQ02yIIeBWCMe3Oyip+M/bV40Uoh3BeLCp8=; b=kZHThMp6KxKWDffmOzjvOkgn70E4T17eWU45mWEvzZnSrcUKC0zxGTzj5udtd2+ExW rhEF4oNKhvJiH/LftBW0NbB+6HTGBtK1Jq6BJ3/kzg8d6DuHbnzSWbGedEKB7i0ZnRTp aq2loHaw29BEctJDol4LV2rEu3lqq4B8Sg9mP3KgpycHAFz274ULDMTV+h3T2MzCE9YI ohlgWdWqc7qSO9Th8yAA0AK1MULLIUVIJImyeWc9fDSnl6Ec7VPY7gxp4esraCTkiyrA 8Wz0WECN+E05UN9EJduxSEtAcJP7MvxWYOPk17UTQubNQ/rQBL1E9r4PY688vNI9j6kd l7GQ== X-Gm-Message-State: AOAM532QdMinDvFapQz9WV8xJXA985XZ95SG9pmKWlFkn2HXODFNkd4a ANgQQZf8WUQwPhfTChwe4kCAlIejjSHfLQ== X-Google-Smtp-Source: ABdhPJwyHRrSvdwdj0fbDMiqUayYXIlcN1f16Hix+zU5YJ0D9bJRnnXTGcFt3+UCbYa3Y8pb1EYPNw== X-Received: by 2002:a92:5a56:: with SMTP id o83mr7214522ilb.71.1594945015711; Thu, 16 Jul 2020 17:16:55 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-219.tnkngak.clients.pavlovmedia.com. [173.230.99.219]) by smtp.gmail.com with ESMTPSA id m5sm3427493ilg.18.2020.07.16.17.16.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 17:16:55 -0700 (PDT) From: YiFei Zhu To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Stanislav Fomichev , Mahesh Bandewar , Roman Gushchin , Andrii Nakryiko , Martin KaFai Lau , YiFei Zhu Subject: [PATCH v3 bpf-next 3/5] bpf: Make cgroup storages shared across attaches on the same cgroup Date: Thu, 16 Jul 2020 19:16:27 -0500 Message-Id: <4321b6199e2719b49ec6e55dae4ebbfb4f7ed0be.1594944827.git.zhuyifei@google.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: YiFei Zhu This change comes in several parts: One, the restriction that the CGROUP_STORAGE map can only be used by one program is removed. This results in the removal of the field 'aux' in struct bpf_cgroup_storage_map, and removal of relevant code associated with the field, and removal of now-noop functions bpf_free_cgroup_storage and bpf_cgroup_storage_release. Second, because there could be multiple attach types to the same cgroup, the attach type is completely ignored on comparison in the map key. Newly added keys have it zeroed. The only value in the key that still matters is the cgroup inode. bpftool map dump will also show an attach type of zero. Third, because the storages are now shared, the storages cannot be unconditionally freed on program detach. There could be two ways to solve this issue: * A. Reference count the usage of the storages, and free when the last program is detached. * B. Free only when the storage is impossible to be referred to again, i.e. when either the cgroup_bpf it is attached to, or the map itself, is freed. Option A has the side effect that, when the user detach and reattach a program, whether the program gets a fresh storage depends on whether there is another program attached using that storage. This could trigger races if the user is multi-threaded, and since nondeterminism in data races is evil, go with option B. The both the map and the cgroup_bpf now tracks their associated storages, and the storage unlink and free are removed from cgroup_bpf_detach and added to cgroup_bpf_release and cgroup_storage_map_free. The latter also new holds the cgroup_mutex to prevent any races with the former. Fourth, on attach, we reuse the old storage if the key already exists in the map. Because the rbtree traversal holds the spinlock of the map, during which we can't allocate a new storage if we don't find an old storage, instead we preallocate the storage unconditionally, and free the preallocated storage if we find an old storage in the map. This results in a change of semantics in bpf_cgroup_storage{,s}_link, and rename cgroup_storage_insert to cgroup_storage_lookup_insert that does both lookup and conditionally insert or free. bpf_cgroup_storage{,s}_link also tracks exactly which storages are reused in an array of bools, so it can unlink and free the new storages in the event that attachment failed later than link. bpf_cgroup_storages_{free,unlink} accepts the bool array in order to facilitate that. Signed-off-by: YiFei Zhu --- include/linux/bpf-cgroup.h | 15 +++--- include/uapi/linux/bpf.h | 2 +- kernel/bpf/cgroup.c | 69 +++++++++++++++------------ kernel/bpf/core.c | 12 ----- kernel/bpf/local_storage.c | 85 ++++++++++++++++------------------ tools/include/uapi/linux/bpf.h | 2 +- 6 files changed, 91 insertions(+), 94 deletions(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index 2c6f26670acc..c83cd8862298 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -46,7 +46,8 @@ struct bpf_cgroup_storage { }; struct bpf_cgroup_storage_map *map; struct bpf_cgroup_storage_key key; - struct list_head list; + struct list_head list_map; + struct list_head list_cg; struct rb_node node; struct rcu_head rcu; }; @@ -78,6 +79,9 @@ struct cgroup_bpf { struct list_head progs[MAX_BPF_ATTACH_TYPE]; u32 flags[MAX_BPF_ATTACH_TYPE]; + /* list of cgroup shared storages */ + struct list_head storages; + /* temp storage for effective prog array used by prog_attach/detach */ struct bpf_prog_array *inactive; @@ -164,12 +168,11 @@ static inline void bpf_cgroup_storage_set(struct bpf_cgroup_storage struct bpf_cgroup_storage *bpf_cgroup_storage_alloc(struct bpf_prog *prog, enum bpf_cgroup_storage_type stype); void bpf_cgroup_storage_free(struct bpf_cgroup_storage *storage); -void bpf_cgroup_storage_link(struct bpf_cgroup_storage *storage, - struct cgroup *cgroup, - enum bpf_attach_type type); +struct bpf_cgroup_storage * +bpf_cgroup_storage_link(struct bpf_cgroup_storage *new_storage, + struct cgroup *cgroup, bool *storage_reused); void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage); int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *map); -void bpf_cgroup_storage_release(struct bpf_prog_aux *aux, struct bpf_map *map); int bpf_percpu_cgroup_storage_copy(struct bpf_map *map, void *key, void *value); int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, @@ -383,8 +386,6 @@ static inline void bpf_cgroup_storage_set( struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE]) {} static inline int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *map) { return 0; } -static inline void bpf_cgroup_storage_release(struct bpf_prog_aux *aux, - struct bpf_map *map) {} static inline struct bpf_cgroup_storage *bpf_cgroup_storage_alloc( struct bpf_prog *prog, enum bpf_cgroup_storage_type stype) { return NULL; } static inline void bpf_cgroup_storage_free( diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 7ac3992dacfe..b14f008ad028 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -78,7 +78,7 @@ struct bpf_lpm_trie_key { struct bpf_cgroup_storage_key { __u64 cgroup_inode_id; /* cgroup inode id */ - __u32 attach_type; /* program attach type */ + __u32 attach_type; /* program attach type, unused */ }; /* BPF syscall commands, see bpf(2) man-page for details. */ diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index ac53102e244a..6b1ef4a809bb 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -28,12 +28,14 @@ void cgroup_bpf_offline(struct cgroup *cgrp) percpu_ref_kill(&cgrp->bpf.refcnt); } -static void bpf_cgroup_storages_free(struct bpf_cgroup_storage *storages[]) +static void bpf_cgroup_storages_free(struct bpf_cgroup_storage *storages[], + bool *storage_reused) { enum bpf_cgroup_storage_type stype; for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_free(storages[stype]); + if (!storage_reused || !storage_reused[stype]) + bpf_cgroup_storage_free(storages[stype]); } static int bpf_cgroup_storages_alloc(struct bpf_cgroup_storage *storages[], @@ -45,7 +47,7 @@ static int bpf_cgroup_storages_alloc(struct bpf_cgroup_storage *storages[], storages[stype] = bpf_cgroup_storage_alloc(prog, stype); if (IS_ERR(storages[stype])) { storages[stype] = NULL; - bpf_cgroup_storages_free(storages); + bpf_cgroup_storages_free(storages, NULL); return -ENOMEM; } } @@ -63,21 +65,24 @@ static void bpf_cgroup_storages_assign(struct bpf_cgroup_storage *dst[], } static void bpf_cgroup_storages_link(struct bpf_cgroup_storage *storages[], - struct cgroup* cgrp, - enum bpf_attach_type attach_type) + struct cgroup *cgrp, bool *storage_reused) { enum bpf_cgroup_storage_type stype; for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_link(storages[stype], cgrp, attach_type); + storages[stype] = + bpf_cgroup_storage_link(storages[stype], cgrp, + &storage_reused[stype]); } -static void bpf_cgroup_storages_unlink(struct bpf_cgroup_storage *storages[]) +static void bpf_cgroup_storages_unlink(struct bpf_cgroup_storage *storages[], + bool *storage_reused) { enum bpf_cgroup_storage_type stype; for_each_cgroup_storage_type(stype) - bpf_cgroup_storage_unlink(storages[stype]); + if (!storage_reused || !storage_reused[stype]) + bpf_cgroup_storage_unlink(storages[stype]); } /* Called when bpf_cgroup_link is auto-detached from dying cgroup. @@ -101,22 +106,23 @@ static void cgroup_bpf_release(struct work_struct *work) struct cgroup *p, *cgrp = container_of(work, struct cgroup, bpf.release_work); struct bpf_prog_array *old_array; + struct list_head *storages = &cgrp->bpf.storages; + struct bpf_cgroup_storage *storage, *stmp; + unsigned int type; mutex_lock(&cgroup_mutex); for (type = 0; type < ARRAY_SIZE(cgrp->bpf.progs); type++) { struct list_head *progs = &cgrp->bpf.progs[type]; - struct bpf_prog_list *pl, *tmp; + struct bpf_prog_list *pl, *pltmp; - list_for_each_entry_safe(pl, tmp, progs, node) { + list_for_each_entry_safe(pl, pltmp, progs, node) { list_del(&pl->node); if (pl->prog) bpf_prog_put(pl->prog); if (pl->link) bpf_cgroup_link_auto_detach(pl->link); - bpf_cgroup_storages_unlink(pl->storage); - bpf_cgroup_storages_free(pl->storage); kfree(pl); static_branch_dec(&cgroup_bpf_enabled_key); } @@ -126,6 +132,11 @@ static void cgroup_bpf_release(struct work_struct *work) bpf_prog_array_free(old_array); } + list_for_each_entry_safe(storage, stmp, storages, list_cg) { + bpf_cgroup_storage_unlink(storage); + bpf_cgroup_storage_free(storage); + } + mutex_unlock(&cgroup_mutex); for (p = cgroup_parent(cgrp); p; p = cgroup_parent(p)) @@ -290,6 +301,8 @@ int cgroup_bpf_inherit(struct cgroup *cgrp) for (i = 0; i < NR; i++) INIT_LIST_HEAD(&cgrp->bpf.progs[i]); + INIT_LIST_HEAD(&cgrp->bpf.storages); + for (i = 0; i < NR; i++) if (compute_effective_progs(cgrp, i, &arrays[i])) goto cleanup; @@ -422,7 +435,7 @@ int __cgroup_bpf_attach(struct cgroup *cgrp, struct list_head *progs = &cgrp->bpf.progs[type]; struct bpf_prog *old_prog = NULL; struct bpf_cgroup_storage *storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {}; - struct bpf_cgroup_storage *old_storage[MAX_BPF_CGROUP_STORAGE_TYPE] = {}; + bool storage_reused[MAX_BPF_CGROUP_STORAGE_TYPE]; struct bpf_prog_list *pl; int err; @@ -455,22 +468,22 @@ int __cgroup_bpf_attach(struct cgroup *cgrp, if (IS_ERR(pl)) return PTR_ERR(pl); - if (bpf_cgroup_storages_alloc(storage, prog ? : link->link.prog)) - return -ENOMEM; - if (pl) { old_prog = pl->prog; - bpf_cgroup_storages_unlink(pl->storage); - bpf_cgroup_storages_assign(old_storage, pl->storage); } else { pl = kmalloc(sizeof(*pl), GFP_KERNEL); - if (!pl) { - bpf_cgroup_storages_free(storage); + if (!pl) return -ENOMEM; - } + list_add_tail(&pl->node, progs); } + err = bpf_cgroup_storages_alloc(storage, prog ? : link->link.prog); + if (err) + goto cleanup; + + bpf_cgroup_storages_link(storage, cgrp, storage_reused); + pl->prog = prog; pl->link = link; bpf_cgroup_storages_assign(pl->storage, storage); @@ -478,24 +491,24 @@ int __cgroup_bpf_attach(struct cgroup *cgrp, err = update_effective_progs(cgrp, type); if (err) - goto cleanup; + goto cleanup_unlink; - bpf_cgroup_storages_free(old_storage); if (old_prog) bpf_prog_put(old_prog); else static_branch_inc(&cgroup_bpf_enabled_key); - bpf_cgroup_storages_link(pl->storage, cgrp, type); return 0; +cleanup_unlink: + bpf_cgroup_storages_unlink(storage, storage_reused); + cleanup: + bpf_cgroup_storages_free(storage, storage_reused); + if (old_prog) { pl->prog = old_prog; pl->link = NULL; } - bpf_cgroup_storages_free(pl->storage); - bpf_cgroup_storages_assign(pl->storage, old_storage); - bpf_cgroup_storages_link(pl->storage, cgrp, type); if (!old_prog) { list_del(&pl->node); kfree(pl); @@ -679,8 +692,6 @@ int __cgroup_bpf_detach(struct cgroup *cgrp, struct bpf_prog *prog, /* now can actually delete it from this cgroup list */ list_del(&pl->node); - bpf_cgroup_storages_unlink(pl->storage); - bpf_cgroup_storages_free(pl->storage); kfree(pl); if (list_empty(progs)) /* last program was detached, reset flags to zero */ diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index 9df4cc9a2907..f367fe7422ea 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -2042,24 +2042,12 @@ int bpf_prog_array_copy_info(struct bpf_prog_array *array, : 0; } -static void bpf_free_cgroup_storage(struct bpf_prog_aux *aux) -{ - enum bpf_cgroup_storage_type stype; - - for_each_cgroup_storage_type(stype) { - if (!aux->cgroup_storage[stype]) - continue; - bpf_cgroup_storage_release(aux, aux->cgroup_storage[stype]); - } -} - void __bpf_free_used_maps(struct bpf_prog_aux *aux, struct bpf_map **used_maps, u32 len) { struct bpf_map *map; u32 i; - bpf_free_cgroup_storage(aux); for (i = 0; i < len; i++) { map = used_maps[i]; if (map->ops->map_poke_untrack) diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c index 51bd5a8cb01b..78ffe69ff1d8 100644 --- a/kernel/bpf/local_storage.c +++ b/kernel/bpf/local_storage.c @@ -9,6 +9,8 @@ #include #include +#include "../cgroup/cgroup-internal.h" + DEFINE_PER_CPU(struct bpf_cgroup_storage*, bpf_cgroup_storage[MAX_BPF_CGROUP_STORAGE_TYPE]); #ifdef CONFIG_CGROUP_BPF @@ -20,7 +22,6 @@ struct bpf_cgroup_storage_map { struct bpf_map map; spinlock_t lock; - struct bpf_prog_aux *aux; struct rb_root root; struct list_head list; }; @@ -38,10 +39,6 @@ static int bpf_cgroup_storage_key_cmp( return -1; else if (key1->cgroup_inode_id > key2->cgroup_inode_id) return 1; - else if (key1->attach_type < key2->attach_type) - return -1; - else if (key1->attach_type > key2->attach_type) - return 1; return 0; } @@ -81,8 +78,9 @@ static struct bpf_cgroup_storage *cgroup_storage_lookup( return NULL; } -static int cgroup_storage_insert(struct bpf_cgroup_storage_map *map, - struct bpf_cgroup_storage *storage) +static struct bpf_cgroup_storage * +cgroup_storage_lookup_insert(struct bpf_cgroup_storage_map *map, + struct bpf_cgroup_storage *storage) { struct rb_root *root = &map->root; struct rb_node **new = &(root->rb_node), *parent = NULL; @@ -101,14 +99,15 @@ static int cgroup_storage_insert(struct bpf_cgroup_storage_map *map, new = &((*new)->rb_right); break; default: - return -EEXIST; + bpf_cgroup_storage_free(storage); + return this; } } rb_link_node(&storage->node, parent, new); rb_insert_color(&storage->node, root); - return 0; + return NULL; } static void *cgroup_storage_lookup_elem(struct bpf_map *_map, void *_key) @@ -131,10 +130,7 @@ static int cgroup_storage_update_elem(struct bpf_map *map, void *_key, struct bpf_cgroup_storage *storage; struct bpf_storage_buffer *new; - if (unlikely(flags & ~(BPF_F_LOCK | BPF_EXIST | BPF_NOEXIST))) - return -EINVAL; - - if (unlikely(flags & BPF_NOEXIST)) + if (unlikely(flags & ~(BPF_F_LOCK | BPF_EXIST))) return -EINVAL; if (unlikely((flags & BPF_F_LOCK) && @@ -250,16 +246,15 @@ static int cgroup_storage_get_next_key(struct bpf_map *_map, void *_key, if (!storage) goto enoent; - storage = list_next_entry(storage, list); + storage = list_next_entry(storage, list_map); if (!storage) goto enoent; } else { storage = list_first_entry(&map->list, - struct bpf_cgroup_storage, list); + struct bpf_cgroup_storage, list_map); } spin_unlock_bh(&map->lock); - next->attach_type = storage->key.attach_type; next->cgroup_inode_id = storage->key.cgroup_inode_id; return 0; @@ -318,6 +313,17 @@ static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr) static void cgroup_storage_map_free(struct bpf_map *_map) { struct bpf_cgroup_storage_map *map = map_to_storage(_map); + struct list_head *storages = &map->list; + struct bpf_cgroup_storage *storage, *stmp; + + mutex_lock(&cgroup_mutex); + + list_for_each_entry_safe(storage, stmp, storages, list_map) { + bpf_cgroup_storage_unlink(storage); + bpf_cgroup_storage_free(storage); + } + + mutex_unlock(&cgroup_mutex); WARN_ON(!RB_EMPTY_ROOT(&map->root)); WARN_ON(!list_empty(&map->list)); @@ -431,13 +437,10 @@ int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *_map) spin_lock_bh(&map->lock); - if (map->aux && map->aux != aux) - goto unlock; if (aux->cgroup_storage[stype] && aux->cgroup_storage[stype] != _map) goto unlock; - map->aux = aux; aux->cgroup_storage[stype] = _map; ret = 0; unlock: @@ -446,20 +449,6 @@ int bpf_cgroup_storage_assign(struct bpf_prog_aux *aux, struct bpf_map *_map) return ret; } -void bpf_cgroup_storage_release(struct bpf_prog_aux *aux, struct bpf_map *_map) -{ - enum bpf_cgroup_storage_type stype = cgroup_storage_type(_map); - struct bpf_cgroup_storage_map *map = map_to_storage(_map); - - spin_lock_bh(&map->lock); - if (map->aux == aux) { - WARN_ON(aux->cgroup_storage[stype] != _map); - map->aux = NULL; - aux->cgroup_storage[stype] = NULL; - } - spin_unlock_bh(&map->lock); -} - static size_t bpf_cgroup_storage_calculate_size(struct bpf_map *map, u32 *pages) { size_t size; @@ -562,24 +551,31 @@ void bpf_cgroup_storage_free(struct bpf_cgroup_storage *storage) call_rcu(&storage->rcu, free_percpu_cgroup_storage_rcu); } -void bpf_cgroup_storage_link(struct bpf_cgroup_storage *storage, - struct cgroup *cgroup, - enum bpf_attach_type type) +struct bpf_cgroup_storage * +bpf_cgroup_storage_link(struct bpf_cgroup_storage *new_storage, + struct cgroup *cgroup, bool *storage_reused) { struct bpf_cgroup_storage_map *map; + struct bpf_cgroup_storage *old_storage; - if (!storage) - return; + if (!new_storage) + return NULL; - storage->key.attach_type = type; - storage->key.cgroup_inode_id = cgroup_id(cgroup); + new_storage->key.cgroup_inode_id = cgroup_id(cgroup); - map = storage->map; + map = new_storage->map; spin_lock_bh(&map->lock); - WARN_ON(cgroup_storage_insert(map, storage)); - list_add(&storage->list, &map->list); + old_storage = cgroup_storage_lookup_insert(map, new_storage); + if (!old_storage) { + list_add(&new_storage->list_map, &map->list); + list_add(&new_storage->list_cg, &cgroup->bpf.storages); + } spin_unlock_bh(&map->lock); + + *storage_reused = old_storage; + + return old_storage ? : new_storage; } void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage) @@ -596,7 +592,8 @@ void bpf_cgroup_storage_unlink(struct bpf_cgroup_storage *storage) root = &map->root; rb_erase(&storage->node, root); - list_del(&storage->list); + list_del(&storage->list_map); + list_del(&storage->list_cg); spin_unlock_bh(&map->lock); } diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 7ac3992dacfe..b14f008ad028 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -78,7 +78,7 @@ struct bpf_lpm_trie_key { struct bpf_cgroup_storage_key { __u64 cgroup_inode_id; /* cgroup inode id */ - __u32 attach_type; /* program attach type */ + __u32 attach_type; /* program attach type, unused */ }; /* BPF syscall commands, see bpf(2) man-page for details. */ From patchwork Fri Jul 17 00:16:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YiFei Zhu X-Patchwork-Id: 1330636 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=DPfaoOtR; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B7BWb2RbPz9sRk for ; Fri, 17 Jul 2020 10:16:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726189AbgGQAQ6 (ORCPT ); Thu, 16 Jul 2020 20:16:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbgGQAQ6 (ORCPT ); Thu, 16 Jul 2020 20:16:58 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2EF8FC061755 for ; Thu, 16 Jul 2020 17:16:58 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id k23so8321228iom.10 for ; Thu, 16 Jul 2020 17:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PMjpMjNih1+jm3foEyZS3IDJgvYOqAdwPfkk24YvvLw=; b=DPfaoOtRWDhk3QZz7krIsppQULeURrpQ715cxOAbla3BSfzrJDIAw7iAbOCGviDaK6 MOE2ObOm5iJNHcNlE5vkZB1IURcGuGAWmBVOYZLILHNz2y+BH7d+WGDtnTUlaRCITVb7 JSZnoTKHqYrJ3SSgRjo5HF32aet+Er95IYoPJxSM+gC3MrIFdW9vmle1PcXA21RCcu9X 3m4TUweJjLA0gWi0c9Pct3ukoqPCexcdqtWYQEkbGKkqo+bq7pOJNAzceU9Qe/RQQt1f tM8Oqspo05w85/FTUMEFhjEUsnsRYW2mPl4obCWEuGoKyVXJQC8HJnrJNCbXt+lbANnk lxHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PMjpMjNih1+jm3foEyZS3IDJgvYOqAdwPfkk24YvvLw=; b=IelTz+MKctmp7WZBMn9HBvf3D1608e3MTyblfBm1bPPzRThofuyvtWLLaLRetNxwo8 tnCjgivZ5WL7KlHpPxzYOUvMdTIHl2vc8Q/o9H+CkfMdsbW6qaEPPXH8BXjJtwPIFEo3 0wUfN2kNYW/fLEvFTN4kKpCs0lwKmXop29LvQWu69y07IkHDUYSU6DLfpTh5Iaw7qnJC fqbc0GdhueTypQ0JV6nfUBSsa5ijAfmpnjnmgVkqVObSBeDEIhEx2jbTsYSNWw1Xk33l ggpOeA27hsoTQd2NlpFzaHJoi+OWVUz6+uQ/APFC0zOdmkJxUeQE3csp9bmE+DZh3Zli phMw== X-Gm-Message-State: AOAM533dAtjFQC3xAKkPm7xuHb2Cg0YV17vhPHIv5ZQZvyowD4qqgDLC 1mc7BEz1GUJe4f3d6s4QxGUbHNIDCjS61Q== X-Google-Smtp-Source: ABdhPJwpxbbaRfmxqHVGHF5dzSsWTQKQI1niNbh8IhLcUzuno8XhA3i0OFauFDvxddsN803fCurmVw== X-Received: by 2002:a5e:a60d:: with SMTP id q13mr6938760ioi.199.1594945016995; Thu, 16 Jul 2020 17:16:56 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-219.tnkngak.clients.pavlovmedia.com. [173.230.99.219]) by smtp.gmail.com with ESMTPSA id m5sm3427493ilg.18.2020.07.16.17.16.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 17:16:56 -0700 (PDT) From: YiFei Zhu To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Stanislav Fomichev , Mahesh Bandewar , Roman Gushchin , Andrii Nakryiko , Martin KaFai Lau , YiFei Zhu Subject: [PATCH v3 bpf-next 4/5] selftests/bpf: Test CGROUP_STORAGE behavior on shared egress + ingress Date: Thu, 16 Jul 2020 19:16:28 -0500 Message-Id: <7d0c60e72a521cc5d2ba92a9e20dacc05c09d8cd.1594944827.git.zhuyifei@google.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: YiFei Zhu This mirrors the original egress-only test. The cgroup_storage is now extended to have two packet counters, one for egress and one for ingress. The behavior of the counters are exactly the same as the original egress-only test, only that the total number of invocations doubles from having both egress and ingress being counted. The field attach_type in the map key is ignored in the kernel; however, keeping it is pointless here and we are demonstrating the expected usage of the map, so it is removed. That said, keeping the field will not fail the test, for backwards compatibility reasons. In other words, the original egress-only test is not affected by the change in CGROUP_STORAGE behavior and will pass in both cases. Signed-off-by: YiFei Zhu --- .../bpf/prog_tests/cg_storage_multi.c | 90 +++++++++++++++++-- 1 file changed, 83 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c index 1f4ab437ddb9..aa2b448c4214 100644 --- a/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c +++ b/tools/testing/selftests/bpf/prog_tests/cg_storage_multi.c @@ -28,7 +28,6 @@ static bool assert_storage(struct bpf_map *map, const char *cgroup_path, map_fd = bpf_map__fd(map); key.cgroup_inode_id = get_cgroup_id(cgroup_path); - key.attach_type = BPF_CGROUP_INET_EGRESS; if (CHECK(bpf_map_lookup_elem(map_fd, &key, &value) < 0, "map-lookup", "errno %d", errno)) return true; @@ -48,7 +47,6 @@ static bool assert_storage_noexist(struct bpf_map *map, const char *cgroup_path) map_fd = bpf_map__fd(map); key.cgroup_inode_id = get_cgroup_id(cgroup_path); - key.attach_type = BPF_CGROUP_INET_EGRESS; if (CHECK(bpf_map_lookup_elem(map_fd, &key, &value) == 0, "map-lookup", "succeeded, expected ENOENT")) return true; @@ -156,14 +154,92 @@ static void test_egress_only(int parent_cgroup_fd, int child_cgroup_fd) static void test_egress_ingress(int parent_cgroup_fd, int child_cgroup_fd) { struct cg_storage_multi_egress_ingress *obj; + struct cgroup_value expected_cgroup_value; + struct bpf_link *parent_egress_link = NULL, *parent_ingress_link = NULL; + struct bpf_link *child_egress_link = NULL, *child_ingress_link = NULL; + bool err; - /* Cannot load both programs due to verifier failure: - * "only one cgroup storage of each type is allowed" - */ obj = cg_storage_multi_egress_ingress__open_and_load(); - if (CHECK(obj || errno != EBUSY, - "skel-load", "errno %d, expected EBUSY", errno)) + if (CHECK(!obj, "skel-load", "errno %d", errno)) return; + + /* Attach to parent cgroup, trigger packet from child. + * Assert that there is two runs, one with parent cgroup egress and + * one with parent cgroup ingress. + * Also assert that child cgroup's storage does not exist + */ + parent_egress_link = bpf_program__attach_cgroup(obj->progs.egress, + parent_cgroup_fd); + if (CHECK(IS_ERR(parent_egress_link), "parent-egress-cg-attach", + "err %ld", PTR_ERR(parent_egress_link))) + goto close_bpf_object; + parent_ingress_link = bpf_program__attach_cgroup(obj->progs.ingress, + parent_cgroup_fd); + if (CHECK(IS_ERR(parent_ingress_link), "parent-ingress-cg-attach", + "err %ld", PTR_ERR(parent_ingress_link))) + goto close_bpf_object; + err = connect_send(CHILD_CGROUP); + if (CHECK(err, "first-connect-send", "errno %d", errno)) + goto close_bpf_object; + if (CHECK(obj->bss->invocations != 2, + "first-invoke", "invocations=%d", obj->bss->invocations)) + goto close_bpf_object; + expected_cgroup_value = (struct cgroup_value) { + .egress_pkts = 1, + .ingress_pkts = 1, + }; + if (assert_storage(obj->maps.cgroup_storage, + PARENT_CGROUP, &expected_cgroup_value)) + goto close_bpf_object; + if (assert_storage_noexist(obj->maps.cgroup_storage, CHILD_CGROUP)) + goto close_bpf_object; + + /* Attach to parent and child cgroup, trigger packet from child. + * Assert that there is four additional runs, parent cgroup egress and + * ingress, child cgroup egress and ingress. + */ + child_egress_link = bpf_program__attach_cgroup(obj->progs.egress, + child_cgroup_fd); + if (CHECK(IS_ERR(child_egress_link), "child-egress-cg-attach", + "err %ld", PTR_ERR(child_egress_link))) + goto close_bpf_object; + child_ingress_link = bpf_program__attach_cgroup(obj->progs.ingress, + child_cgroup_fd); + if (CHECK(IS_ERR(child_ingress_link), "child-ingress-cg-attach", + "err %ld", PTR_ERR(child_ingress_link))) + goto close_bpf_object; + err = connect_send(CHILD_CGROUP); + if (CHECK(err, "second-connect-send", "errno %d", errno)) + goto close_bpf_object; + if (CHECK(obj->bss->invocations != 6, + "second-invoke", "invocations=%d", obj->bss->invocations)) + goto close_bpf_object; + expected_cgroup_value = (struct cgroup_value) { + .egress_pkts = 2, + .ingress_pkts = 2, + }; + if (assert_storage(obj->maps.cgroup_storage, + PARENT_CGROUP, &expected_cgroup_value)) + goto close_bpf_object; + expected_cgroup_value = (struct cgroup_value) { + .egress_pkts = 1, + .ingress_pkts = 1, + }; + if (assert_storage(obj->maps.cgroup_storage, + CHILD_CGROUP, &expected_cgroup_value)) + goto close_bpf_object; + +close_bpf_object: + if (parent_egress_link) + bpf_link__destroy(parent_egress_link); + if (parent_ingress_link) + bpf_link__destroy(parent_ingress_link); + if (child_egress_link) + bpf_link__destroy(child_egress_link); + if (child_ingress_link) + bpf_link__destroy(child_ingress_link); + + cg_storage_multi_egress_ingress__destroy(obj); } void test_cg_storage_multi(void) From patchwork Fri Jul 17 00:16:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: YiFei Zhu X-Patchwork-Id: 1330637 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=HxGbGu7a; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4B7BWb5kTWz9sRW for ; Fri, 17 Jul 2020 10:16:59 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726250AbgGQAQ7 (ORCPT ); Thu, 16 Jul 2020 20:16:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54008 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726057AbgGQAQ6 (ORCPT ); Thu, 16 Jul 2020 20:16:58 -0400 Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF270C061755 for ; Thu, 16 Jul 2020 17:16:58 -0700 (PDT) Received: by mail-io1-xd44.google.com with SMTP id v8so8356448iox.2 for ; Thu, 16 Jul 2020 17:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=of9+3qI/MyRMYwvrISkr1vjZMf+9lj7qYnhFd6xNdRY=; b=HxGbGu7aB0TyItFs4j5ioukNhjwKvluELqAWALMnXzUldFeQSrefUcJpoRjdEU44UZ uHq6rszHVOnXJW8iADbUyj9rJZGuhE9k5gnSaudKCuE0iSxxByOW6qDK2Mp1+EyqlSYi UivTxozJzrVC6Mgb6+yfObZ31x2KXS+bwuv0hOld8OeqID/8YclYAQapYVtm68FG6O9g RA2kbVJ7P6Bv1TkZp2KzMlIXLHSqKonDfZ9OfZCvg0PFlJPIYAlMVupKPYjDbXfCfinD 0g1CoWWgr++qtm3H+6kXrNgtK1t7RzIg6lZniiEU9DxWkddL04BCZ9EjjFZCBq6G2DrT RuLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=of9+3qI/MyRMYwvrISkr1vjZMf+9lj7qYnhFd6xNdRY=; b=pBtehjGi30JEZlCGGw0QUSsZBBNeiUyWd88g0hO/R9Fto23+2Wc23dX8YyMD/wb3Ya ErOkFr8EQea6gOHzZq02Whth1wp2u22ZEMXUsPqdrhFW6StDj1sBATxREuh0nUN7gYp/ VzWZJEYWcijbweNZznvGmi7itt+P/gy0EzThyq4u4SWOyhj/DHJaNlOMh7blCKKwuzwZ baPGqgmRfWlR5g8i3wQxvrNf9POcvhBkV2JcczSDRGpxTZAMzQAbgPOJQNKZFiiX9Y2r BXVfjjGZNQ8bVaYKnpxMiDqObmAQGR41dBY7IU2FJbJ8VskJ5jv94Slt5R+0ZW60r06L Vk2w== X-Gm-Message-State: AOAM533bdVLxKyQGtDI3RSivHxs7C5rEJMdZnOZK0yCIskBhKzIg4UN0 SRpfAgjkNffyOLrOdEKjyixD3whyRBH3XQ== X-Google-Smtp-Source: ABdhPJyXU0Zzvy3XSHw9aAlyRnDX6ce+tcW7xogVq0mkwVclukr/b8P6bLvmmrSRlbhr/xXHr+VoJA== X-Received: by 2002:a05:6638:2172:: with SMTP id p18mr8098141jak.63.1594945017866; Thu, 16 Jul 2020 17:16:57 -0700 (PDT) Received: from localhost.localdomain (host-173-230-99-219.tnkngak.clients.pavlovmedia.com. [173.230.99.219]) by smtp.gmail.com with ESMTPSA id m5sm3427493ilg.18.2020.07.16.17.16.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Jul 2020 17:16:57 -0700 (PDT) From: YiFei Zhu To: bpf@vger.kernel.org Cc: Alexei Starovoitov , Daniel Borkmann , Stanislav Fomichev , Mahesh Bandewar , Roman Gushchin , Andrii Nakryiko , Martin KaFai Lau , YiFei Zhu Subject: [PATCH v3 bpf-next 5/5] Documentation/bpf: Document CGROUP_STORAGE map type Date: Thu, 16 Jul 2020 19:16:29 -0500 Message-Id: <0f84263988d7b0856c9a856e02159fb56c3351fc.1594944827.git.zhuyifei@google.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: References: MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: YiFei Zhu The machanics and usage are not very straightforward. Given the changes it's better to document how it works and how to use it, rather than having to rely on the examples and implementation to infer what is going on. Signed-off-by: YiFei Zhu --- Documentation/bpf/index.rst | 9 +++ Documentation/bpf/map_cgroup_storage.rst | 95 ++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 Documentation/bpf/map_cgroup_storage.rst diff --git a/Documentation/bpf/index.rst b/Documentation/bpf/index.rst index 38b4db8be7a2..26f4bb3107fc 100644 --- a/Documentation/bpf/index.rst +++ b/Documentation/bpf/index.rst @@ -48,6 +48,15 @@ Program types bpf_lsm +Map types +========= + +.. toctree:: + :maxdepth: 1 + + map_cgroup_storage + + Testing and debugging BPF ========================= diff --git a/Documentation/bpf/map_cgroup_storage.rst b/Documentation/bpf/map_cgroup_storage.rst new file mode 100644 index 000000000000..b7210cb3f294 --- /dev/null +++ b/Documentation/bpf/map_cgroup_storage.rst @@ -0,0 +1,95 @@ +.. SPDX-License-Identifier: GPL-2.0-only +.. Copyright (C) 2020 Google LLC. + +=========================== +BPF_MAP_TYPE_CGROUP_STORAGE +=========================== + +The ``BPF_MAP_TYPE_CGROUP_STORAGE`` map type represents a local fix-sized +storage. It is only available with ``CONFIG_CGROUP_BPF``, and to programs that +attach to cgroups; the programs are made available by the same config. The +storage is identified by the cgroup the program is attached to. + +This document describes the usage and semantics of the +``BPF_MAP_TYPE_CGROUP_STORAGE`` map type. Some of its behaviors was changed in +Linux 5.9 and this document will describe the differences. + +Usage +===== + +The map uses key of type ``struct bpf_cgroup_storage_key``, declared in +``linux/bpf.h``:: + + struct bpf_cgroup_storage_key { + __u64 cgroup_inode_id; + __u32 attach_type; + }; + +``cgroup_inode_id`` is the inode id of the cgroup directory. +``attach_type`` was the the program's attach type prior to Linux 5.9, since 5.9 +it is ignored and kept for backwards compatibility. + +To access the storage in a program, use ``bpf_get_local_storage``:: + + void *bpf_get_local_storage(void *map, u64 flags) + +``flags`` is reserved for future use and must be 0. + +There is no implicit synchronization. Storages of ``BPF_MAP_TYPE_CGROUP_STORAGE`` +can be accessed by multiple programs across different CPUs, and user should +take care of synchronization by themselves. + +Example usage:: + + #include + + struct { + __uint(type, BPF_MAP_TYPE_CGROUP_STORAGE); + __type(key, struct bpf_cgroup_storage_key); + __type(value, __u32); + } cgroup_storage SEC(".maps"); + + int program(struct __sk_buff *skb) + { + __u32 *ptr = bpf_get_local_storage(&cgroup_storage, 0); + __sync_fetch_and_add(ptr_cg_storage-, 1); + + return 0; + } + +Semantics +========= + +``BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE`` is a variant of this map type. This +per-CPU variant will have different memory regions for each CPU for each +storage. The non-per-CPU will have the same memory region for each storage. + +Prior to Linux 5.9, the lifetime of a storage is precisely per-attachment, and +for a single ``CGROUP_STORAGE`` map, there can be at most one program loaded +that uses the map. A program may be attached to multiple cgroups or have +multiple attach types, and each attach creates a fresh zeroed storage. The +storage is freed upon detach. + +Userspace may use the the attach parameters of cgroup and attach type pair +in ``struct bpf_cgroup_storage_key`` as the key to the BPF map APIs to read or +update the storage for a given attachment. + +Since Linux 5.9, storage can be shared by multiple programs, and attach type +is ignored. When a program is attached to a cgroup, the kernel would create a +new storage only if the map does not already contain an entry for the cgroup, +or else the old storage is reused for the new attachment. Storage is freed +only when either the map or the cgroup attached to is being freed. Detaching +will not directly free the storage, but it may cause the reference to the map +to reach zero and indirectly freeing all storage in the map. + +Userspace may use the the attach parameters of cgroup only in +``struct bpf_cgroup_storage_key`` as the key to the BPF map APIs to read or +update the storage for a given attachment. The struct also contains an +``attach_type`` field; this field is ignored. + +In all versions, the storage is bound at attach time. Even if the program is +attached to parent and triggers in child, the storage still belongs to the +parent. + +Userspace cannot create a new entry in the map or delete an existing entry. +Program test runs always use a temporary storage.