This is an automated email from the ASF dual-hosted git repository.
bmahler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
The following commit(s) were added to refs/heads/master by this push:
new b82473829 [ebpf] Update ebpf::cgroups2::attach() to load and attach.
b82473829 is described below
commit b82473829e7c74b88b200aa673e53566f90e9c82
Author: Devin Leamy <[email protected]>
AuthorDate: Mon Mar 11 18:21:34 2024 -0400
[ebpf] Update ebpf::cgroups2::attach() to load and attach.
Correctly handling eBPF file descriptors requires some subtle knowledge
about
how loading and unloading eBPF programs works.
Specifically, to unload an eBPF program there cannot be any open file
descriptors to the program and the program cannot be attached.
To avoid requiring users of the API to know that the file descriptor
returned
by `ebpf::load()` need to be closed before the loaded program can be
detached,
we remove `ebpf::load()` from the public interface and update
`ebpf::cgroups2::load()` to:
1. Load a program,
2. attach the program, and
3. close the loaded program's file descriptor, so detaching it will
unload it.
This closes #512
---
src/linux/ebpf.cpp | 26 +++++++++++++++++++++++++-
src/linux/ebpf.hpp | 13 ++-----------
2 files changed, 27 insertions(+), 12 deletions(-)
diff --git a/src/linux/ebpf.cpp b/src/linux/ebpf.cpp
index ee3186a17..3d1d88ebb 100644
--- a/src/linux/ebpf.cpp
+++ b/src/linux/ebpf.cpp
@@ -65,6 +65,8 @@ void Program::append(vector<bpf_insn>&& instructions)
}
+// Load an eBPF program into the kernel and return the file
+// descriptor of the loaded program.
Try<int> load(const Program& program)
{
bpf_attr attribute;
@@ -101,7 +103,12 @@ Try<int> load(const Program& program)
namespace cgroups2 {
-Try<Nothing> attach(int fd, const string& cgroup)
+// Attaches the eBPF program identified by the provided fd to a cgroup.
+//
+// TODO(dleamy): This currently does not replace existing programs attached
+// to the cgroup, we will need to add replacement to support adding / removing
+// device access dynamically.
+Try<Nothing> attach(const string& cgroup, int fd)
{
Try<int> cgroup_fd = os::open(cgroup, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
if (cgroup_fd.isError()) {
@@ -152,6 +159,23 @@ Try<Nothing> attach(int fd, const string& cgroup)
}
+Try<Nothing> attach(const string& cgroup, const Program& program)
+{
+ Try<int> program_fd = ebpf::load(program);
+ if (program_fd.isError()) {
+ return Error("Failed to load eBPF program: " + program_fd.error());
+ }
+
+ Try<Nothing> _attach = attach(cgroup, *program_fd);
+ os::close(*program_fd);
+ if (_attach.isError()) {
+ return Error("Failed to attach eBPF program: " + _attach.error());
+ }
+
+ return Nothing();
+}
+
+
Try<vector<uint32_t>> attached(const string& cgroup)
{
Try<int> cgroup_fd = os::open(cgroup, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
diff --git a/src/linux/ebpf.hpp b/src/linux/ebpf.hpp
index 33f07740c..3e192f9fc 100644
--- a/src/linux/ebpf.hpp
+++ b/src/linux/ebpf.hpp
@@ -47,19 +47,10 @@ public:
};
-// Loads the provided eBPF program into the kernel and returns the file
-// descriptor of loaded program.
-Try<int> load(const Program& program);
-
-
namespace cgroups2 {
-// Attaches the eBPF program identified by the provided fd to a cgroup.
-//
-// TODO(dleamy): This currently does not replace existing programs attached
-// to the cgroup, we will need to add replacement to support adding / removing
-// device access dynamically.
-Try<Nothing> attach(int fd, const std::string& cgroup);
+// Load and attach a BPF_CGROUP_DEVICE eBPF program to a cgroup.
+Try<Nothing> attach(const std::string& cgroup, const Program& program);
// Detach a BPF_CGROUP_DEVICE eBPF program from a cgroup, by program id.
Try<Nothing> detach(const std::string& cgroup, uint32_t program_id);
