bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 2022 Meta Platforms, Inc. and affiliates.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/bpf.h>
|
|
|
|
|
#include <linux/bpf_local_storage.h>
|
|
|
|
|
#include <uapi/linux/btf.h>
|
|
|
|
|
#include <linux/btf_ids.h>
|
|
|
|
|
|
|
|
|
|
DEFINE_BPF_STORAGE_CACHE(cgroup_cache);
|
|
|
|
|
|
|
|
|
|
static DEFINE_PER_CPU(int, bpf_cgrp_storage_busy);
|
|
|
|
|
|
|
|
|
|
static void bpf_cgrp_storage_lock(void)
|
|
|
|
|
{
|
|
|
|
|
migrate_disable();
|
|
|
|
|
this_cpu_inc(bpf_cgrp_storage_busy);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void bpf_cgrp_storage_unlock(void)
|
|
|
|
|
{
|
|
|
|
|
this_cpu_dec(bpf_cgrp_storage_busy);
|
|
|
|
|
migrate_enable();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool bpf_cgrp_storage_trylock(void)
|
|
|
|
|
{
|
|
|
|
|
migrate_disable();
|
|
|
|
|
if (unlikely(this_cpu_inc_return(bpf_cgrp_storage_busy) != 1)) {
|
|
|
|
|
this_cpu_dec(bpf_cgrp_storage_busy);
|
|
|
|
|
migrate_enable();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct bpf_local_storage __rcu **cgroup_storage_ptr(void *owner)
|
|
|
|
|
{
|
|
|
|
|
struct cgroup *cg = owner;
|
|
|
|
|
|
|
|
|
|
return &cg->bpf_cgrp_storage;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void bpf_cgrp_storage_free(struct cgroup *cgroup)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_local_storage *local_storage;
|
|
|
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
|
local_storage = rcu_dereference(cgroup->bpf_cgrp_storage);
|
|
|
|
|
if (!local_storage) {
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bpf_cgrp_storage_lock();
|
2023-03-07 22:59:21 -08:00
|
|
|
bpf_local_storage_destroy(local_storage);
|
bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
rcu_read_unlock();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct bpf_local_storage_data *
|
|
|
|
|
cgroup_storage_lookup(struct cgroup *cgroup, struct bpf_map *map, bool cacheit_lockit)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_local_storage *cgroup_storage;
|
|
|
|
|
struct bpf_local_storage_map *smap;
|
|
|
|
|
|
|
|
|
|
cgroup_storage = rcu_dereference_check(cgroup->bpf_cgrp_storage,
|
|
|
|
|
bpf_rcu_lock_held());
|
|
|
|
|
if (!cgroup_storage)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
smap = (struct bpf_local_storage_map *)map;
|
|
|
|
|
return bpf_local_storage_lookup(cgroup_storage, smap, cacheit_lockit);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void *bpf_cgrp_storage_lookup_elem(struct bpf_map *map, void *key)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
|
struct cgroup *cgroup;
|
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
|
|
fd = *(int *)key;
|
|
|
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
|
|
|
if (IS_ERR(cgroup))
|
|
|
|
|
return ERR_CAST(cgroup);
|
|
|
|
|
|
|
|
|
|
bpf_cgrp_storage_lock();
|
|
|
|
|
sdata = cgroup_storage_lookup(cgroup, map, true);
|
|
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
cgroup_put(cgroup);
|
|
|
|
|
return sdata ? sdata->data : NULL;
|
|
|
|
|
}
|
|
|
|
|
|
bpf: return long from bpf_map_ops funcs
This patch changes the return types of bpf_map_ops functions to long, where
previously int was returned. Using long allows for bpf programs to maintain
the sign bit in the absence of sign extension during situations where
inlined bpf helper funcs make calls to the bpf_map_ops funcs and a negative
error is returned.
The definitions of the helper funcs are generated from comments in the bpf
uapi header at `include/uapi/linux/bpf.h`. The return type of these
helpers was previously changed from int to long in commit bdb7b79b4ce8. For
any case where one of the map helpers call the bpf_map_ops funcs that are
still returning 32-bit int, a compiler might not include sign extension
instructions to properly convert the 32-bit negative value a 64-bit
negative value.
For example:
bpf assembly excerpt of an inlined helper calling a kernel function and
checking for a specific error:
; err = bpf_map_update_elem(&mymap, &key, &val, BPF_NOEXIST);
...
46: call 0xffffffffe103291c ; htab_map_update_elem
; if (err && err != -EEXIST) {
4b: cmp $0xffffffffffffffef,%rax ; cmp -EEXIST,%rax
kernel function assembly excerpt of return value from
`htab_map_update_elem` returning 32-bit int:
movl $0xffffffef, %r9d
...
movl %r9d, %eax
...results in the comparison:
cmp $0xffffffffffffffef, $0x00000000ffffffef
Fixes: bdb7b79b4ce8 ("bpf: Switch most helper return values from 32-bit int to 64-bit long")
Tested-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: JP Kobryn <inwardvessel@gmail.com>
Link: https://lore.kernel.org/r/20230322194754.185781-3-inwardvessel@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-03-22 12:47:54 -07:00
|
|
|
static long bpf_cgrp_storage_update_elem(struct bpf_map *map, void *key,
|
|
|
|
|
void *value, u64 map_flags)
|
bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
{
|
|
|
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
|
struct cgroup *cgroup;
|
|
|
|
|
int fd;
|
|
|
|
|
|
|
|
|
|
fd = *(int *)key;
|
|
|
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
|
|
|
if (IS_ERR(cgroup))
|
|
|
|
|
return PTR_ERR(cgroup);
|
|
|
|
|
|
|
|
|
|
bpf_cgrp_storage_lock();
|
|
|
|
|
sdata = bpf_local_storage_update(cgroup, (struct bpf_local_storage_map *)map,
|
|
|
|
|
value, map_flags, GFP_ATOMIC);
|
|
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
cgroup_put(cgroup);
|
|
|
|
|
return PTR_ERR_OR_ZERO(sdata);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int cgroup_storage_delete(struct cgroup *cgroup, struct bpf_map *map)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
|
|
|
|
|
|
sdata = cgroup_storage_lookup(cgroup, map, false);
|
|
|
|
|
if (!sdata)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
2023-03-07 22:59:25 -08:00
|
|
|
bpf_selem_unlink(SELEM(sdata), false);
|
bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
bpf: return long from bpf_map_ops funcs
This patch changes the return types of bpf_map_ops functions to long, where
previously int was returned. Using long allows for bpf programs to maintain
the sign bit in the absence of sign extension during situations where
inlined bpf helper funcs make calls to the bpf_map_ops funcs and a negative
error is returned.
The definitions of the helper funcs are generated from comments in the bpf
uapi header at `include/uapi/linux/bpf.h`. The return type of these
helpers was previously changed from int to long in commit bdb7b79b4ce8. For
any case where one of the map helpers call the bpf_map_ops funcs that are
still returning 32-bit int, a compiler might not include sign extension
instructions to properly convert the 32-bit negative value a 64-bit
negative value.
For example:
bpf assembly excerpt of an inlined helper calling a kernel function and
checking for a specific error:
; err = bpf_map_update_elem(&mymap, &key, &val, BPF_NOEXIST);
...
46: call 0xffffffffe103291c ; htab_map_update_elem
; if (err && err != -EEXIST) {
4b: cmp $0xffffffffffffffef,%rax ; cmp -EEXIST,%rax
kernel function assembly excerpt of return value from
`htab_map_update_elem` returning 32-bit int:
movl $0xffffffef, %r9d
...
movl %r9d, %eax
...results in the comparison:
cmp $0xffffffffffffffef, $0x00000000ffffffef
Fixes: bdb7b79b4ce8 ("bpf: Switch most helper return values from 32-bit int to 64-bit long")
Tested-by: Eduard Zingerman <eddyz87@gmail.com>
Signed-off-by: JP Kobryn <inwardvessel@gmail.com>
Link: https://lore.kernel.org/r/20230322194754.185781-3-inwardvessel@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2023-03-22 12:47:54 -07:00
|
|
|
static long bpf_cgrp_storage_delete_elem(struct bpf_map *map, void *key)
|
bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
{
|
|
|
|
|
struct cgroup *cgroup;
|
|
|
|
|
int err, fd;
|
|
|
|
|
|
|
|
|
|
fd = *(int *)key;
|
|
|
|
|
cgroup = cgroup_get_from_fd(fd);
|
|
|
|
|
if (IS_ERR(cgroup))
|
|
|
|
|
return PTR_ERR(cgroup);
|
|
|
|
|
|
|
|
|
|
bpf_cgrp_storage_lock();
|
|
|
|
|
err = cgroup_storage_delete(cgroup, map);
|
|
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
cgroup_put(cgroup);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int notsupp_get_next_key(struct bpf_map *map, void *key, void *next_key)
|
|
|
|
|
{
|
|
|
|
|
return -ENOTSUPP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct bpf_map *cgroup_storage_map_alloc(union bpf_attr *attr)
|
|
|
|
|
{
|
|
|
|
|
return bpf_local_storage_map_alloc(attr, &cgroup_cache);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void cgroup_storage_map_free(struct bpf_map *map)
|
|
|
|
|
{
|
|
|
|
|
bpf_local_storage_map_free(map, &cgroup_cache, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* *gfp_flags* is a hidden argument provided by the verifier */
|
|
|
|
|
BPF_CALL_5(bpf_cgrp_storage_get, struct bpf_map *, map, struct cgroup *, cgroup,
|
|
|
|
|
void *, value, u64, flags, gfp_t, gfp_flags)
|
|
|
|
|
{
|
|
|
|
|
struct bpf_local_storage_data *sdata;
|
|
|
|
|
|
|
|
|
|
WARN_ON_ONCE(!bpf_rcu_lock_held());
|
|
|
|
|
if (flags & ~(BPF_LOCAL_STORAGE_GET_F_CREATE))
|
|
|
|
|
return (unsigned long)NULL;
|
|
|
|
|
|
|
|
|
|
if (!cgroup)
|
|
|
|
|
return (unsigned long)NULL;
|
|
|
|
|
|
|
|
|
|
if (!bpf_cgrp_storage_trylock())
|
|
|
|
|
return (unsigned long)NULL;
|
|
|
|
|
|
|
|
|
|
sdata = cgroup_storage_lookup(cgroup, map, true);
|
|
|
|
|
if (sdata)
|
|
|
|
|
goto unlock;
|
|
|
|
|
|
|
|
|
|
/* only allocate new storage, when the cgroup is refcounted */
|
|
|
|
|
if (!percpu_ref_is_dying(&cgroup->self.refcnt) &&
|
|
|
|
|
(flags & BPF_LOCAL_STORAGE_GET_F_CREATE))
|
|
|
|
|
sdata = bpf_local_storage_update(cgroup, (struct bpf_local_storage_map *)map,
|
|
|
|
|
value, BPF_NOEXIST, gfp_flags);
|
|
|
|
|
|
|
|
|
|
unlock:
|
|
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
return IS_ERR_OR_NULL(sdata) ? (unsigned long)NULL : (unsigned long)sdata->data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BPF_CALL_2(bpf_cgrp_storage_delete, struct bpf_map *, map, struct cgroup *, cgroup)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
WARN_ON_ONCE(!bpf_rcu_lock_held());
|
|
|
|
|
if (!cgroup)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
if (!bpf_cgrp_storage_trylock())
|
|
|
|
|
return -EBUSY;
|
|
|
|
|
|
|
|
|
|
ret = cgroup_storage_delete(cgroup, map);
|
|
|
|
|
bpf_cgrp_storage_unlock();
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const struct bpf_map_ops cgrp_storage_map_ops = {
|
|
|
|
|
.map_meta_equal = bpf_map_meta_equal,
|
|
|
|
|
.map_alloc_check = bpf_local_storage_map_alloc_check,
|
|
|
|
|
.map_alloc = cgroup_storage_map_alloc,
|
|
|
|
|
.map_free = cgroup_storage_map_free,
|
|
|
|
|
.map_get_next_key = notsupp_get_next_key,
|
|
|
|
|
.map_lookup_elem = bpf_cgrp_storage_lookup_elem,
|
|
|
|
|
.map_update_elem = bpf_cgrp_storage_update_elem,
|
|
|
|
|
.map_delete_elem = bpf_cgrp_storage_delete_elem,
|
|
|
|
|
.map_check_btf = bpf_local_storage_map_check_btf,
|
2023-03-05 12:46:11 +00:00
|
|
|
.map_mem_usage = bpf_local_storage_map_mem_usage,
|
2022-11-29 21:21:47 -08:00
|
|
|
.map_btf_id = &bpf_local_storage_map_btf_id[0],
|
bpf: Implement cgroup storage available to non-cgroup-attached bpf progs
Similar to sk/inode/task storage, implement similar cgroup local storage.
There already exists a local storage implementation for cgroup-attached
bpf programs. See map type BPF_MAP_TYPE_CGROUP_STORAGE and helper
bpf_get_local_storage(). But there are use cases such that non-cgroup
attached bpf progs wants to access cgroup local storage data. For example,
tc egress prog has access to sk and cgroup. It is possible to use
sk local storage to emulate cgroup local storage by storing data in socket.
But this is a waste as it could be lots of sockets belonging to a particular
cgroup. Alternatively, a separate map can be created with cgroup id as the key.
But this will introduce additional overhead to manipulate the new map.
A cgroup local storage, similar to existing sk/inode/task storage,
should help for this use case.
The life-cycle of storage is managed with the life-cycle of the
cgroup struct. i.e. the storage is destroyed along with the owning cgroup
with a call to bpf_cgrp_storage_free() when cgroup itself
is deleted.
The userspace map operations can be done by using a cgroup fd as a key
passed to the lookup, update and delete operations.
Typically, the following code is used to get the current cgroup:
struct task_struct *task = bpf_get_current_task_btf();
... task->cgroups->dfl_cgrp ...
and in structure task_struct definition:
struct task_struct {
....
struct css_set __rcu *cgroups;
....
}
With sleepable program, accessing task->cgroups is not protected by rcu_read_lock.
So the current implementation only supports non-sleepable program and supporting
sleepable program will be the next step together with adding rcu_read_lock
protection for rcu tagged structures.
Since map name BPF_MAP_TYPE_CGROUP_STORAGE has been used for old cgroup local
storage support, the new map name BPF_MAP_TYPE_CGRP_STORAGE is used
for cgroup storage available to non-cgroup-attached bpf programs. The old
cgroup storage supports bpf_get_local_storage() helper to get the cgroup data.
The new cgroup storage helper bpf_cgrp_storage_get() can provide similar
functionality. While old cgroup storage pre-allocates storage memory, the new
mechanism can also pre-allocate with a user space bpf_map_update_elem() call
to avoid potential run-time memory allocation failure.
Therefore, the new cgroup storage can provide all functionality w.r.t.
the old one. So in uapi bpf.h, the old BPF_MAP_TYPE_CGROUP_STORAGE is alias to
BPF_MAP_TYPE_CGROUP_STORAGE_DEPRECATED to indicate the old cgroup storage can
be deprecated since the new one can provide the same functionality.
Acked-by: David Vernet <void@manifault.com>
Signed-off-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/r/20221026042850.673791-1-yhs@fb.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-10-25 21:28:50 -07:00
|
|
|
.map_owner_storage_ptr = cgroup_storage_ptr,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const struct bpf_func_proto bpf_cgrp_storage_get_proto = {
|
|
|
|
|
.func = bpf_cgrp_storage_get,
|
|
|
|
|
.gpl_only = false,
|
|
|
|
|
.ret_type = RET_PTR_TO_MAP_VALUE_OR_NULL,
|
|
|
|
|
.arg1_type = ARG_CONST_MAP_PTR,
|
|
|
|
|
.arg2_type = ARG_PTR_TO_BTF_ID,
|
|
|
|
|
.arg2_btf_id = &bpf_cgroup_btf_id[0],
|
|
|
|
|
.arg3_type = ARG_PTR_TO_MAP_VALUE_OR_NULL,
|
|
|
|
|
.arg4_type = ARG_ANYTHING,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const struct bpf_func_proto bpf_cgrp_storage_delete_proto = {
|
|
|
|
|
.func = bpf_cgrp_storage_delete,
|
|
|
|
|
.gpl_only = false,
|
|
|
|
|
.ret_type = RET_INTEGER,
|
|
|
|
|
.arg1_type = ARG_CONST_MAP_PTR,
|
|
|
|
|
.arg2_type = ARG_PTR_TO_BTF_ID,
|
|
|
|
|
.arg2_btf_id = &bpf_cgroup_btf_id[0],
|
|
|
|
|
};
|