(mesos) branch master updated: [ebpf] Add ability to retrieve attached BPF_CGROUP_DEVICE programs.

[bmahler]

This is an automated email from the ASF dual-hosted git repository.

bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git


The following commit(s) were added to refs/heads/master by this push:
     new f43b45248 [ebpf] Add ability to retrieve attached BPF_CGROUP_DEVICE 
programs.
f43b45248 is described below

commit f43b45248fc6c5a80c8c3fa7734bdfe84b4145a7
Author: Devin Leamy <dle...@twitter.com>
AuthorDate: Mon Mar 11 12:55:30 2024 -0400

    [ebpf] Add ability to retrieve attached BPF_CGROUP_DEVICE programs.
    
    Removing programs that are attached to a cgroup is a three step process:
      1. Fetch the program ids that are attached to the cgroup.
      2. Fetch the file descriptors of the attached programs, using the program 
ids.
      3. Detach the programs using their file descriptors.
    
    This patch introduces the function `ebpf::cgroups2::attached()` to carry 
out the
    first step. This will be followed by patches for the subsequent two steps.
    
    This closes #509
---
 src/linux/ebpf.cpp | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/src/linux/ebpf.cpp b/src/linux/ebpf.cpp
index ca68e3e2f..613a078d6 100644
--- a/src/linux/ebpf.cpp
+++ b/src/linux/ebpf.cpp
@@ -151,6 +151,43 @@ Try<Nothing> attach(int fd, const string& cgroup)
   return Nothing();
 }
 
+
+Try<vector<uint32_t>> attached(const string& cgroup)
+{
+  Try<int> cgroup_fd = os::open(cgroup, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+  if (cgroup_fd.isError()) {
+    return Error("Failed to open '" + cgroup + "': " + cgroup_fd.error());
+  }
+
+  // Program ids are unsigned 32-bit integers. We assume that a maximum
+  // of 64 programs are attached to a cgroup; there should only be 0 or 1
+  // but we allow for more to be safe.
+  const int MAX_IDS = 64;
+  vector<uint32_t> ids(MAX_IDS);
+
+  bpf_attr attr;
+  memset(&attr, 0, sizeof(attr));
+  attr.query.target_fd = *cgroup_fd;
+  attr.query.attach_type = BPF_CGROUP_DEVICE;
+  attr.query.prog_cnt = MAX_IDS;
+  attr.query.prog_ids = reinterpret_cast<uint64_t>(ids.data());
+
+  Try<int, ErrnoError> result = bpf(BPF_PROG_QUERY, &attr, sizeof(attr));
+  os::close(*cgroup_fd);
+
+  if (result.isError()) {
+    return Error(
+        "bpf syscall to BPF_PROG_QUERY for BPF_CGROUP_DEVICE programs failed: "
+        + result.error().message);
+  }
+
+  // Although `attr.query.prog_cnt` is not a pointer, the bpf() system call
+  // sets it to the number of program ids that were stored in the `ids` buffer.
+  ids.resize(attr.query.prog_cnt);
+
+  return ids;
+}
+
 } // namespace cgroups2 {
 
 } // namespace ebpf {