This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new b9815a1b6 [ebpf] Add support for detaching eBPF BPF_CGROUP_DEVICE
programs by id.
b9815a1b6 is described below
commit b9815a1b64728a89f2bc229231c1cac95eaef189
Author: Devin Leamy <[email protected]>
AuthorDate: Mon Mar 11 16:58:14 2024 -0400
[ebpf] Add support for detaching eBPF BPF_CGROUP_DEVICE programs by id.
Removing programs that are attached to a cgroup is a three step process:
1. Fetch the program ids that are attached to the cgroup.
2. Fetch the file descriptors of the attached programs, using program ids.
3. Use the file descriptors of the attached programs to detach them.
This patch adds the function `ebpf::cgroups2::detach` to carry out the
second
and third steps.
This closes #511
---
src/linux/ebpf.cpp | 40 ++++++++++++++++++++++++++++++++++++++++
src/linux/ebpf.hpp | 6 ++++++
2 files changed, 46 insertions(+)
diff --git a/src/linux/ebpf.cpp b/src/linux/ebpf.cpp
index 613a078d6..ee3186a17 100644
--- a/src/linux/ebpf.cpp
+++ b/src/linux/ebpf.cpp
@@ -188,6 +188,46 @@ Try<vector<uint32_t>> attached(const string& cgroup)
return ids;
}
+
+// Detach an eBPF program from a target (AKA path) by its attachment type
+// and program id. Returns Nothing() on success or if no program is found.
+Try<Nothing> detach(const string& cgroup, uint32_t program_id)
+{
+ Try<int> cgroup_fd = os::open(cgroup, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+ if (cgroup_fd.isError()) {
+ return Error("Failed to open '" + cgroup + "': " + cgroup_fd.error());
+ }
+
+ bpf_attr attr;
+ memset(&attr, 0, sizeof(attr));
+ attr.prog_id = program_id;
+
+ Try<int, ErrnoError> program_fd =
+ bpf(BPF_PROG_GET_FD_BY_ID, &attr, sizeof(attr));
+
+ if (program_fd.isError()) {
+ return Error("bpf syscall to BPF_PROG_GET_FD_BY_ID failed: " +
+ program_fd.error().message);
+ }
+
+ memset(&attr, 0, sizeof(attr));
+ attr.attach_type = BPF_CGROUP_DEVICE;
+ attr.target_fd = *cgroup_fd;
+ attr.attach_bpf_fd = *program_fd;
+
+ Try<int, ErrnoError> result = bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
+
+ os::close(*cgroup_fd);
+ os::close(*program_fd);
+
+ if (result.isError()) {
+ return Error("bpf syscall to BPF_PROG_DETACH failed: "
+ + result.error().message);
+ }
+
+ return Nothing();
+}
+
} // namespace cgroups2 {
} // namespace ebpf {
diff --git a/src/linux/ebpf.hpp b/src/linux/ebpf.hpp
index 0e6d81b7f..33f07740c 100644
--- a/src/linux/ebpf.hpp
+++ b/src/linux/ebpf.hpp
@@ -61,6 +61,12 @@ namespace cgroups2 {
// device access dynamically.
Try<Nothing> attach(int fd, const std::string& cgroup);
+// Detach a BPF_CGROUP_DEVICE eBPF program from a cgroup, by program id.
+Try<Nothing> detach(const std::string& cgroup, uint32_t program_id);
+
+// Get the program ids of all programs that have been attached to a cgroup.
+Try<std::vector<uint32_t>> attached(const std::string& cgroup);
+
} // namespace cgroups2 {
