bmahler commented on code in PR #505:
URL: https://github.com/apache/mesos/pull/505#discussion_r1518354832
##########
src/linux/ebpf.cpp:
##########
@@ -96,4 +98,51 @@ Try<int> load(const Program& program)
return *fd;
}
+namespace cgroups2 {
+
+Try<Nothing> attach(int fd, const string& cgroup)
+{
+ Try<int> cgroupFd = os::open(cgroup, O_DIRECTORY | O_RDONLY);
Review Comment:
we need a O_CLOEXEC here as well
##########
src/linux/ebpf.cpp:
##########
@@ -96,4 +98,51 @@ Try<int> load(const Program& program)
return *fd;
}
+namespace cgroups2 {
+
+Try<Nothing> attach(int fd, const string& cgroup)
+{
+ Try<int> cgroupFd = os::open(cgroup, O_DIRECTORY | O_RDONLY);
+ if (cgroupFd.isError()) {
+ return Error(
+ "Failed to find the file descriptor of '" + cgroup +
Review Comment:
Failed to open '...': ...
##########
src/linux/ebpf.cpp:
##########
@@ -96,4 +98,51 @@ Try<int> load(const Program& program)
return *fd;
}
+namespace cgroups2 {
+
+Try<Nothing> attach(int fd, const string& cgroup)
+{
+ Try<int> cgroupFd = os::open(cgroup, O_DIRECTORY | O_RDONLY);
+ if (cgroupFd.isError()) {
+ return Error(
+ "Failed to find the file descriptor of '" + cgroup +
+ "': " + cgroupFd.error());
+ }
+
+ bpf_attr attr;
+ memset(&attr, 0, sizeof(attr));
+ attr.attach_type = BPF_CGROUP_DEVICE;
+ attr.target_fd = *cgroupFd;
+ attr.attach_bpf_fd = fd;
+ // BPF_F_ALLOW_MULTI allows multiple eBPF programs to be attached to a single
+ // cgroup and determines the order in which attached programs will run.
+ //
+ // Rules (assuming all cgroups use BPF_F_ALLOW_MULTI):
+ // 1. Programs attached to child cgroups run before programs attached
+ // to their parent.
+ // 2. Within a cgroup, programs attached earlier will run before programs
+ // attached later.
+ //
+ // Order: oldest, ..., newest
+ // cgroup1: A, B
+ // cgroup2: C
+ // cgroup3: D, E
+ // cgroup4: F
+ // cgroup4 run order: F, D, E, A, B
+ // cgroup2 run order: C, A, B
+ //
+ // src:
https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/bpf.h#L1090
Review Comment:
let's use a permalink here instead, or it will drift as the linux source
evolves
##########
src/linux/ebpf.cpp:
##########
@@ -96,4 +98,51 @@ Try<int> load(const Program& program)
return *fd;
}
+namespace cgroups2 {
+
+Try<Nothing> attach(int fd, const string& cgroup)
+{
+ Try<int> cgroupFd = os::open(cgroup, O_DIRECTORY | O_RDONLY);
Review Comment:
we have to close this file descriptor always on exit of this function, or we
will leak open file descriptors
##########
src/linux/ebpf.cpp:
##########
@@ -96,4 +98,51 @@ Try<int> load(const Program& program)
return *fd;
}
+namespace cgroups2 {
+
+Try<Nothing> attach(int fd, const string& cgroup)
+{
+ Try<int> cgroupFd = os::open(cgroup, O_DIRECTORY | O_RDONLY);
+ if (cgroupFd.isError()) {
+ return Error(
+ "Failed to find the file descriptor of '" + cgroup +
+ "': " + cgroupFd.error());
+ }
+
+ bpf_attr attr;
+ memset(&attr, 0, sizeof(attr));
+ attr.attach_type = BPF_CGROUP_DEVICE;
+ attr.target_fd = *cgroupFd;
+ attr.attach_bpf_fd = fd;
+ // BPF_F_ALLOW_MULTI allows multiple eBPF programs to be attached to a single
+ // cgroup and determines the order in which attached programs will run.
Review Comment:
we don't want multiple programs within a single cgroup, rather we want to
replace them, we can add a TODO to perform replacement for now
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
