subject:"Re\: \[PATCH \-next 3\/4\] cgroup\: bpf\: Add bpf_skb_in_cgroup

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

2016-06-22 Thread Martin KaFai Lau

On Tue, Jun 21, 2016 at 06:15:13PM -0700, Alexei Starovoitov wrote:
> On Tue, Jun 21, 2016 at 05:23:21PM -0700, Martin KaFai Lau wrote:
> > Adds a bpf helper, bpf_skb_in_cgroup, to decide if a skb->sk
> > belongs to a descendant of a cgroup2.  It is similar to the
> > feature added in netfilter:
> > commit c38c4597e4bf ("netfilter: implement xt_cgroup cgroup2 path match")
> >
> > The user is expected to populate a BPF_MAP_TYPE_CGROUP_ARRAY
> > which will be used by the bpf_skb_in_cgroup.
> >
> > Modifications to the bpf verifier is to ensure BPF_MAP_TYPE_CGROUP_ARRAY
> > and bpf_skb_in_cgroup() are always used together.
> >
> > Signed-off-by: Martin KaFai Lau 
> > Cc: Alexei Starovoitov 
> > Cc: Daniel Borkmann 
> > Cc: Tejun Heo 
> > ---
> >  include/uapi/linux/bpf.h |  1 +
> >  kernel/bpf/verifier.c|  8 
> >  net/core/filter.c| 36 
> >  3 files changed, 45 insertions(+)
> >
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index ef4e386..a91714bd 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -314,6 +314,7 @@ enum bpf_func_id {
> >  */
> > BPF_FUNC_skb_get_tunnel_opt,
> > BPF_FUNC_skb_set_tunnel_opt,
> > +   BPF_FUNC_skb_in_cgroup,
> ...
> > +static u64 bpf_skb_in_cgroup(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
> > +{
> ...
> > +   if (unlikely(!cgrp))
> > +   return -ENOENT;
> > +
> > +   return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), cgrp);
>
> if you'd need to respin the patch for other reasons please add kdoc
> to bpf.h for this new helper similar to other helpers.
> To say that 0 or 1 return values is indication of cg2 descendant relation
> and < 0 in case of error.
Will do.

I will also address the '#ifndef CONFIG_CGROUPS' case in v2, as reported
by the kbuild test.

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

2016-06-21 Thread kbuild test robot

Hi,

[auto build test ERROR on next-20160621]

url:
https://github.com/0day-ci/linux/commits/Martin-KaFai-Lau/cgroup-bpf-cgroup2-membership-test-on-skb/20160622-082800
config: sh-titan_defconfig (attached as .config)
compiler: sh4-linux-gnu-gcc (Debian 5.3.1-8) 5.3.1 20160205
reproduce:
wget 
https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross
 -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=sh 

All errors (new ones prefixed by >>):

   net/core/filter.c: In function 'bpf_skb_in_cgroup':
>> net/core/filter.c:2049:9: error: implicit declaration of function 
>> 'cgroup_is_descendant' [-Werror=implicit-function-declaration]
 return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), cgrp);
^
   net/core/filter.c:2049:30: error: implicit declaration of function 
'sock_cgroup_ptr' [-Werror=implicit-function-declaration]
 return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), cgrp);
 ^
   cc1: some warnings being treated as errors

vim +/cgroup_is_descendant +2049 net/core/filter.c

  2043  return -E2BIG;
  2044  
  2045  cgrp = READ_ONCE(array->ptrs[i]);
  2046  if (unlikely(!cgrp))
  2047  return -ENOENT;
  2048  
> 2049  return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), 
> cgrp);
  2050  }
  2051  
  2052  static const struct bpf_func_proto bpf_skb_in_cgroup_proto = {

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: Binary data

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

2016-06-21 Thread kbuild test robot

Hi,

[auto build test ERROR on next-20160621]

url:
https://github.com/0day-ci/linux/commits/Martin-KaFai-Lau/cgroup-bpf-cgroup2-membership-test-on-skb/20160622-082800
config: i386-randconfig-s1-201625 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-1) 6.1.1 20160430
reproduce:
# save the attached .config to linux build tree
make ARCH=i386 

All error/warnings (new ones prefixed by >>):

   net/core/filter.c: In function 'bpf_skb_in_cgroup':
>> net/core/filter.c:2049:30: error: implicit declaration of function 
>> 'sock_cgroup_ptr' [-Werror=implicit-function-declaration]
 return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), cgrp);
 ^~~
>> net/core/filter.c:2049:30: warning: passing argument 1 of 
>> 'cgroup_is_descendant' makes pointer from integer without a cast 
>> [-Wint-conversion]
   In file included from include/net/netprio_cgroup.h:17:0,
from include/linux/netdevice.h:48,
from net/core/filter.c:31:
   include/linux/cgroup.h:492:20: note: expected 'struct cgroup *' but argument 
is of type 'int'
static inline bool cgroup_is_descendant(struct cgroup *cgrp,
   ^~~~
   cc1: some warnings being treated as errors

vim +/sock_cgroup_ptr +2049 net/core/filter.c

  2043  return -E2BIG;
  2044  
  2045  cgrp = READ_ONCE(array->ptrs[i]);
  2046  if (unlikely(!cgrp))
  2047  return -ENOENT;
  2048  
> 2049  return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), 
> cgrp);
  2050  }
  2051  
  2052  static const struct bpf_func_proto bpf_skb_in_cgroup_proto = {

---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all   Intel Corporation


.config.gz
Description: Binary data

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

2016-06-21 Thread Alexei Starovoitov

On Tue, Jun 21, 2016 at 05:23:21PM -0700, Martin KaFai Lau wrote:
> Adds a bpf helper, bpf_skb_in_cgroup, to decide if a skb->sk
> belongs to a descendant of a cgroup2.  It is similar to the
> feature added in netfilter:
> commit c38c4597e4bf ("netfilter: implement xt_cgroup cgroup2 path match")
> 
> The user is expected to populate a BPF_MAP_TYPE_CGROUP_ARRAY
> which will be used by the bpf_skb_in_cgroup.
> 
> Modifications to the bpf verifier is to ensure BPF_MAP_TYPE_CGROUP_ARRAY
> and bpf_skb_in_cgroup() are always used together.
> 
> Signed-off-by: Martin KaFai Lau 
> Cc: Alexei Starovoitov 
> Cc: Daniel Borkmann 
> Cc: Tejun Heo 
> ---
>  include/uapi/linux/bpf.h |  1 +
>  kernel/bpf/verifier.c|  8 
>  net/core/filter.c| 36 
>  3 files changed, 45 insertions(+)
> 
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index ef4e386..a91714bd 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -314,6 +314,7 @@ enum bpf_func_id {
>*/
>   BPF_FUNC_skb_get_tunnel_opt,
>   BPF_FUNC_skb_set_tunnel_opt,
> + BPF_FUNC_skb_in_cgroup,
...
> +static u64 bpf_skb_in_cgroup(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
> +{
...
> + if (unlikely(!cgrp))
> + return -ENOENT;
> +
> + return cgroup_is_descendant(sock_cgroup_ptr(>sk_cgrp_data), cgrp);

if you'd need to respin the patch for other reasons please add kdoc
to bpf.h for this new helper similar to other helpers.
To say that 0 or 1 return values is indication of cg2 descendant relation
and < 0 in case of error.

Acked-by: Alexei Starovoitov

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

Re: [PATCH -next 3/4] cgroup: bpf: Add bpf_skb_in_cgroup_proto

4 matches

Site Navigation

Mail list logo

Footer information