[RFC PATCH bpf-next 0/8] bpf, cgroup: Add BPF support for cgroup1 hierarchy

[Yafang Shao <laoar.shao@gmail.com>]

Currently, BPF is primarily confined to cgroup2, with the exception of
cgroup_iter, which supports cgroup1 fds. Unfortunately, this limitation
prevents us from harnessing the full potential of BPF within cgroup1
environments.

In our endeavor to seamlessly integrate BPF within our Kubernetes
environment, which relies on cgroup1, we have been exploring the
possibility of transitioning to cgroup2. While this transition is
forward-looking, it poses challenges due to the necessity for numerous
applications to adapt.

While we acknowledge that cgroup2 represents the future, we also recognize
that such transitions demand time and effort. As a result, we are
considering an alternative approach. Instead of migrating to cgroup2, we
are contemplating modifications to the BPF kernel code to ensure
compatibility with cgroup1. These adjustments appear to be relatively
minor, making this option more feasible.

Given the widespread use of cgroup1 in container environments, this change
would be beneficial to many users.

As discussed with Tejun[1], it has been determined that tying the interface
directly to the cgroup1 hierarchies is acceptable. As a result, this
patchset introduces cgroup1-only interfaces that operate with both
hierarchy ID and cgroup ID as parameters.

Within this patchset, two new cgroup1-only interfaces have been introduced:

- [bpf_]task_cgroup1_id_within_hierarchy
  Retrieves the associated cgroup ID of a task whithin a specific
  cgroup1 hierarchy. The cgroup1 hierarchy is identified by its
  hierarchy ID.
- [bpf_]task_ancestor_cgroup1_id_within_hierarchy
  Retrieves the associated ancestor cgroup ID of a task whithin a
  specific cgroup1 hierarchy. he specific ancestor cgroup is determined by
  the ancestor level within the cgroup1 hierarchy.
 
These two new kfuncs enable the tracing of tasks within a designated
container or its ancestor cgroup directory in BPF programs. Additionally,
they are capable of operating on named cgroups, providing valuable utility
for hybrid cgroup mode scenarios.

[1]. https://lwn.net/ml/cgroups/ZRHU6MfwqRxjBFUH@slm.duckdns.org/

Changes:
- bpf, cgroup: Add bpf support for cgroup controller
  https://lwn.net/Articles/945318/
- bpf, cgroup: Enable cgroup_array map on cgroup1
  https://lore.kernel.org/bpf/20230903142800.3870-1-laoar.shao@gmail.com/

Yafang Shao (8):
  cgroup: Don't have to hold cgroup_mutex in task_cgroup_from_root()
  cgroup: Add new helpers for cgroup1 hierarchy
  bpf: Add kfuncs for cgroup1 hierarchy
  selftests/bpf: Fix issues in setup_classid_environment()
  selftests/bpf: Add parallel support for classid
  selftests/bpf: Add a new cgroup helper get_classid_cgroup_id()
  selftests/bpf: Add a new cgroup helper get_cgroup_hierarchy_id()
  selftests/bpf: Add selftests for cgroup1 hierarchy

 include/linux/cgroup.h                        |   9 +-
 kernel/bpf/helpers.c                          |  26 +++
 kernel/cgroup/cgroup-internal.h               |   2 -
 kernel/cgroup/cgroup-v1.c                     |  67 ++++++++
 kernel/cgroup/cgroup.c                        |   5 +-
 tools/testing/selftests/bpf/cgroup_helpers.c  | 114 +++++++++++--
 tools/testing/selftests/bpf/cgroup_helpers.h  |   4 +-
 .../bpf/prog_tests/cgroup1_hierarchy.c        | 159 ++++++++++++++++++
 .../selftests/bpf/prog_tests/cgroup_v1v2.c    |   2 +-
 .../bpf/progs/test_cgroup1_hierarchy.c        |  62 +++++++
 10 files changed, 426 insertions(+), 24 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/cgroup1_hierarchy.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_cgroup1_hierarchy.c

-- 
2.30.1 (Apple Git-130)