[PATCH bpf-next v3 0/2] Fix wrong cgroup attach flags being assigned to effective progs

From: Pu Lehui
Date: Wed Sep 14 2022 - 04:16:28 EST

Next message: AngeloGioacchino Del Regno: "Re: [PATCH] drm: mediatek: Fix display vblank timeout when disable dsi"
Previous message: Pu Lehui: "[PATCH bpf-next v3 2/2] bpftool: Fix wrong cgroup attach flags being assigned to effective progs"
Next in thread: Pu Lehui: "[PATCH bpf-next v3 1/2] bpf, cgroup: Don't populate prog_attach_flags array when effective query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pu Lehui <pulehui@xxxxxxxxxx>

When root-cgroup attach multi progs and sub-cgroup attach a
override prog, bpftool will display incorrectly for the attach
flags of the sub-cgroup’s effective progs:

$ bpftool cgroup tree /sys/fs/cgroup effective
CgroupPath
ID AttachType AttachFlags Name
/sys/fs/cgroup
6 cgroup_sysctl multi sysctl_tcp_mem
13 cgroup_sysctl multi sysctl_tcp_mem
/sys/fs/cgroup/cg1
20 cgroup_sysctl override sysctl_tcp_mem
6 cgroup_sysctl override sysctl_tcp_mem <- wrong
13 cgroup_sysctl override sysctl_tcp_mem <- wrong
/sys/fs/cgroup/cg1/cg2
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem

For cg1, obviously, the attach flags of prog6 and prog13 can not be
OVERRIDE. And for query with EFFECTIVE flags, exporting attach flags
does not make sense, we can remove this logic. After these patches,
the above situation will show as bellow:

# bpftool cgroup tree /sys/fs/cgroup effective
CgroupPath
ID AttachType Name
/sys/fs/cgroup
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
/sys/fs/cgroup/cg1
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem
/sys/fs/cgroup/cg1/cg2
20 cgroup_sysctl sysctl_tcp_mem
6 cgroup_sysctl sysctl_tcp_mem
13 cgroup_sysctl sysctl_tcp_mem

v3:
- Don't show attach flags when effective query. (John, sdf, martin)

v2:
https://lore.kernel.org/bpf/20220908145304.3436139-1-pulehui@xxxxxxxxxxxxxxx
- Limit prog_cnt to avoid overflow. (John)
- Add more detail message.

v1:
https://lore.kernel.org/bpf/20220820120234.2121044-1-pulehui@xxxxxxxxxx

Pu Lehui (2):
bpf, cgroup: Don't populate prog_attach_flags array when effective
query
bpftool: Fix wrong cgroup attach flags being assigned to effective
progs

kernel/bpf/cgroup.c | 23 +++++++++-------
tools/bpf/bpftool/cgroup.c | 54 +++++++++++++++++++++++---------------
2 files changed, 46 insertions(+), 31 deletions(-)

--
2.25.1

Next message: AngeloGioacchino Del Regno: "Re: [PATCH] drm: mediatek: Fix display vblank timeout when disable dsi"
Previous message: Pu Lehui: "[PATCH bpf-next v3 2/2] bpftool: Fix wrong cgroup attach flags being assigned to effective progs"
Next in thread: Pu Lehui: "[PATCH bpf-next v3 1/2] bpf, cgroup: Don't populate prog_attach_flags array when effective query"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]