bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task
@ 2019-10-22 19:17 Carlos Neira
  2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
                   ` (4 more replies)
  0 siblings, 5 replies; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

Currently bpf_get_current_pid_tgid(), is used to do pid filtering in bcc's
scripts but this helper returns the pid as seen by the root namespace which is
fine when a bcc script is not executed inside a container.
When the process of interest is inside a container, pid filtering will not work
if bpf_get_current_pid_tgid() is used.
This helper addresses this limitation returning the pid as it's seen by the current
namespace where the script is executing.

In the future different pid_ns files may belong to different devices, according to the
discussion between Eric Biederman and Yonghong in 2017 Linux plumbers conference.
To address that situation the helper requires inum and dev_t from /proc/self/ns/pid.
This helper has the same use cases as bpf_get_current_pid_tgid() as it can be
used to do pid filtering even inside a container.

Changes from V14:

- refactored selftests
- refactored ebpf helper

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>

Carlos Neira (5):
  fs/nsfs.c: added ns_match
  bpf: added new helper bpf_get_ns_current_pid_tgid
  tools: Added bpf_get_ns_current_pid_tgid helper
  tools/testing/selftests/bpf: Add self-tests for new  helper.
  bpf_helpers_doc.py: Add struct bpf_pidns_info to known types

 fs/nsfs.c                                     | 14 +++
 include/linux/bpf.h                           |  1 +
 include/linux/proc_ns.h                       |  2 +
 include/uapi/linux/bpf.h                      | 20 ++++-
 kernel/bpf/core.c                             |  1 +
 kernel/bpf/helpers.c                          | 45 ++++++++++
 kernel/trace/bpf_trace.c                      |  2 +
 scripts/bpf_helpers_doc.py                    |  1 +
 tools/include/uapi/linux/bpf.h                | 20 ++++-
 .../bpf/prog_tests/ns_current_pid_tgid.c      | 87 +++++++++++++++++++
 .../bpf/progs/test_ns_current_pid_tgid.c      | 37 ++++++++
 11 files changed, 228 insertions(+), 2 deletions(-)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c

-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
  2019-10-23  3:05   ` Yonghong Song
  2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
                   ` (3 subsequent siblings)
  4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

ns_match returns true if the namespace inode and dev_t matches the ones
provided by the caller.

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
 fs/nsfs.c               | 14 ++++++++++++++
 include/linux/proc_ns.h |  2 ++
 2 files changed, 16 insertions(+)

diff --git a/fs/nsfs.c b/fs/nsfs.c
index a0431642c6b5..ef59cf347285 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
 	return ERR_PTR(-EINVAL);
 }
 
+/**
+ * ns_match() - Returns true if current namespace matches dev/ino provided.
+ * @ns_common: current ns
+ * @dev: dev_t from nsfs that will be matched against current nsfs
+ * @ino: ino_t from nsfs that will be matched against current nsfs
+ *
+ * Return: true if dev and ino matches the current nsfs.
+ */
+bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
+{
+	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
+}
+
+
 static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
 {
 	struct inode *inode = d_inode(dentry);
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index d31cb6215905..1da9f33489f3 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
 extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
 			    void *private_data);
 
+extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
+
 extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
 			const struct proc_ns_operations *ns_ops);
 extern void nsfs_init(void);
-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid
  2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
  2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
  2019-10-23  2:51   ` Yonghong Song
  2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
                   ` (2 subsequent siblings)
  4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

New bpf helper bpf_get_ns_current_pid_tgid,
This helper will return pid and tgid from current task
which namespace matches dev_t and inode number provided,
this will allows us to instrument a process inside a container.

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
 include/linux/bpf.h      |  1 +
 include/uapi/linux/bpf.h | 20 +++++++++++++++++-
 kernel/bpf/core.c        |  1 +
 kernel/bpf/helpers.c     | 45 ++++++++++++++++++++++++++++++++++++++++
 kernel/trace/bpf_trace.c |  2 ++
 5 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2c2c29b49845..1d7c86019113 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1082,6 +1082,7 @@ extern const struct bpf_func_proto bpf_get_local_storage_proto;
 extern const struct bpf_func_proto bpf_strtol_proto;
 extern const struct bpf_func_proto bpf_strtoul_proto;
 extern const struct bpf_func_proto bpf_tcp_sock_proto;
+extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto;
 
 /* Shared helpers among cBPF and eBPF. */
 void bpf_user_rnd_init_once(void);
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4af8b0819a32..4c3e0b0952e6 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2775,6 +2775,19 @@ union bpf_attr {
  * 		restricted to raw_tracepoint bpf programs.
  * 	Return
  * 		0 on success, or a negative error in case of failure.
+ *
+ * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
+ *	Description
+ *		Returns 0 on success, values for *pid* and *tgid* as seen from the current
+ *		*namespace* will be returned in *nsdata*.
+ *
+ *		On failure, the returned value is one of the following:
+ *
+ *		**-EINVAL** if dev and inum supplied don't match dev_t and inode number
+ *              with nsfs of current task, or if dev conversion to dev_t lost high bits.
+ *
+ *		**-ENOENT** if pidns does not exists for the current task.
+ *
  */
 #define __BPF_FUNC_MAPPER(FN)		\
 	FN(unspec),			\
@@ -2888,7 +2901,8 @@ union bpf_attr {
 	FN(sk_storage_delete),		\
 	FN(send_signal),		\
 	FN(tcp_gen_syncookie),		\
-	FN(skb_output),
+	FN(skb_output),			\
+	FN(get_ns_current_pid_tgid),
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
  * function eBPF program intends to call
@@ -3639,4 +3653,8 @@ struct bpf_sockopt {
 	__s32	retval;
 };
 
+struct bpf_pidns_info {
+	__u32 pid;
+	__u32 tgid;
+};
 #endif /* _UAPI__LINUX_BPF_H__ */
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 673f5d40a93e..04083942a13a 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2079,6 +2079,7 @@ const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
 const struct bpf_func_proto bpf_get_current_comm_proto __weak;
 const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
 const struct bpf_func_proto bpf_get_local_storage_proto __weak;
+const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto __weak;
 
 const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
 {
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 5e28718928ca..5477ad984d7c 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -11,6 +11,8 @@
 #include <linux/uidgid.h>
 #include <linux/filter.h>
 #include <linux/ctype.h>
+#include <linux/pid_namespace.h>
+#include <linux/proc_ns.h>
 
 #include "../../lib/kstrtox.h"
 
@@ -487,3 +489,46 @@ const struct bpf_func_proto bpf_strtoul_proto = {
 	.arg4_type	= ARG_PTR_TO_LONG,
 };
 #endif
+
+BPF_CALL_4(bpf_get_ns_current_pid_tgid, u64, dev, u64, ino,
+	   struct bpf_pidns_info *, nsdata, u32, size)
+{
+	struct task_struct *task = current;
+	struct pid_namespace *pidns;
+	int err = -EINVAL;
+
+	if (unlikely(size != sizeof(struct bpf_pidns_info)))
+		goto clear;
+
+	if (unlikely((u64)(dev_t)dev != dev))
+		goto clear;
+
+	if (unlikely(!task))
+		goto clear;
+
+	pidns = task_active_pid_ns(task);
+	if (unlikely(!pidns)) {
+		err = -ENOENT;
+		goto clear;
+	}
+
+	if (!ns_match(&pidns->ns, (dev_t)dev, ino))
+		goto clear;
+
+	nsdata->pid = task_pid_nr_ns(task, pidns);
+	nsdata->tgid = task_tgid_nr_ns(task, pidns);
+	return 0;
+clear:
+	memset((void *)nsdata, 0, (size_t) size);
+	return err;
+}
+
+const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto = {
+	.func		= bpf_get_ns_current_pid_tgid,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_ANYTHING,
+	.arg2_type	= ARG_ANYTHING,
+	.arg3_type      = ARG_PTR_TO_UNINIT_MEM,
+	.arg4_type      = ARG_CONST_SIZE,
+};
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index c3240898cc44..07f6fa354f15 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -735,6 +735,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 #endif
 	case BPF_FUNC_send_signal:
 		return &bpf_send_signal_proto;
+	case BPF_FUNC_get_ns_current_pid_tgid:
+		return &bpf_get_ns_current_pid_tgid_proto;
 	default:
 		return NULL;
 	}
-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper
  2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
  2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
  2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
  2019-10-23  2:51   ` Yonghong Song
  2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
  2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
  4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

sync tools/include/uapi/linux/bpf.h to include new helper.

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
 tools/include/uapi/linux/bpf.h | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 4af8b0819a32..4c3e0b0952e6 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2775,6 +2775,19 @@ union bpf_attr {
  * 		restricted to raw_tracepoint bpf programs.
  * 	Return
  * 		0 on success, or a negative error in case of failure.
+ *
+ * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
+ *	Description
+ *		Returns 0 on success, values for *pid* and *tgid* as seen from the current
+ *		*namespace* will be returned in *nsdata*.
+ *
+ *		On failure, the returned value is one of the following:
+ *
+ *		**-EINVAL** if dev and inum supplied don't match dev_t and inode number
+ *              with nsfs of current task, or if dev conversion to dev_t lost high bits.
+ *
+ *		**-ENOENT** if pidns does not exists for the current task.
+ *
  */
 #define __BPF_FUNC_MAPPER(FN)		\
 	FN(unspec),			\
@@ -2888,7 +2901,8 @@ union bpf_attr {
 	FN(sk_storage_delete),		\
 	FN(send_signal),		\
 	FN(tcp_gen_syncookie),		\
-	FN(skb_output),
+	FN(skb_output),			\
+	FN(get_ns_current_pid_tgid),
 
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
  * function eBPF program intends to call
@@ -3639,4 +3653,8 @@ struct bpf_sockopt {
 	__s32	retval;
 };
 
+struct bpf_pidns_info {
+	__u32 pid;
+	__u32 tgid;
+};
 #endif /* _UAPI__LINUX_BPF_H__ */
-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v15 4/5]  tools/testing/selftests/bpf: Add self-tests for new  helper.
  2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
                   ` (2 preceding siblings ...)
  2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
  2019-10-23  3:02   ` Yonghong Song
  2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
  4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

Self tests added for new helper

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
 .../bpf/prog_tests/ns_current_pid_tgid.c      | 87 +++++++++++++++++++
 .../bpf/progs/test_ns_current_pid_tgid.c      | 37 ++++++++
 2 files changed, 124 insertions(+)
 create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
 create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c

diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
new file mode 100644
index 000000000000..257f18999bb6
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
+#include <test_progs.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+
+struct bss {
+	__u64 dev;
+	__u64 ino;
+	__u64 pid_tgid;
+	__u64 user_pid_tgid;
+};
+
+void test_ns_current_pid_tgid(void)
+{
+	const char *probe_name = "raw_tracepoint/sys_enter";
+	const char *file = "test_ns_current_pid_tgid.o";
+	int err, key = 0, duration = 0;
+	struct bpf_link *link = NULL;
+	struct bpf_program *prog;
+	struct bpf_map *bss_map;
+	struct bpf_object *obj;
+	struct bss bss;
+	struct stat st;
+	__u64 id;
+
+	obj = bpf_object__open_file(file, NULL);
+	if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
+		return;
+
+	err = bpf_object__load(obj);
+	if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
+		goto cleanup;
+
+	bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
+	if (CHECK(!bss_map, "find_bss_map", "failed\n"))
+		goto cleanup;
+
+	prog = bpf_object__find_program_by_title(obj, probe_name);
+	if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
+		  probe_name))
+		goto cleanup;
+
+	memset(&bss, 0, sizeof(bss));
+	pid_t tid = syscall(SYS_gettid);
+	pid_t pid = getpid();
+
+	id = (__u64) tid << 32 | pid;
+	bss.user_pid_tgid = id;
+
+	if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
+		perror("Failed to stat /proc/self/ns/pid");
+		goto cleanup;
+	}
+
+	bss.dev = st.st_dev;
+	bss.ino = st.st_ino;
+
+	err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
+	if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
+		goto cleanup;
+
+	link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
+	if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
+		  PTR_ERR(link)))
+		goto cleanup;
+
+	/* trigger some syscalls */
+	usleep(1);
+
+	err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
+	if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
+		goto cleanup;
+
+	if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
+		  "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
+		goto cleanup;
+cleanup:
+
+	if (!IS_ERR_OR_NULL(link)) {
+		bpf_link__destroy(link);
+		link = NULL;
+	}
+	bpf_object__close(obj);
+}
diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
new file mode 100644
index 000000000000..cdb77eb1a4fb
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
+
+#include <linux/bpf.h>
+#include <stdint.h>
+#include "bpf_helpers.h"
+
+static volatile struct {
+	__u64 dev;
+	__u64 ino;
+	__u64 pid_tgid;
+	__u64 user_pid_tgid;
+} res;
+
+SEC("raw_tracepoint/sys_enter")
+int trace(void *ctx)
+{
+	__u64  ns_pid_tgid, expected_pid;
+	struct bpf_pidns_info nsdata;
+	__u32 key = 0;
+
+	if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
+		   sizeof(struct bpf_pidns_info)))
+		return 0;
+
+	ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
+	expected_pid = res.user_pid_tgid;
+
+	if (expected_pid != ns_pid_tgid)
+		return 0;
+
+	res.pid_tgid = ns_pid_tgid;
+
+	return 0;
+}
+
+char _license[] SEC("license") = "GPL";
-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types
  2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
                   ` (3 preceding siblings ...)
  2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
  2019-10-23  3:03   ` Yonghong Song
  4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
  To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos

Add struct bpf_pidns_info to known types

Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
 scripts/bpf_helpers_doc.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
index 7548569e8076..021cc387d414 100755
--- a/scripts/bpf_helpers_doc.py
+++ b/scripts/bpf_helpers_doc.py
@@ -437,6 +437,7 @@ class PrinterHelpers(Printer):
             'struct bpf_fib_lookup',
             'struct bpf_perf_event_data',
             'struct bpf_perf_event_value',
+            'struct bpf_pidns_info',
             'struct bpf_sock',
             'struct bpf_sock_addr',
             'struct bpf_sock_ops',
-- 
2.20.1


^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid
  2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
@ 2019-10-23  2:51   ` Yonghong Song
  0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23  2:51 UTC (permalink / raw)
  To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf



On 10/22/19 12:17 PM, Carlos Neira wrote:
> New bpf helper bpf_get_ns_current_pid_tgid,
> This helper will return pid and tgid from current task
> which namespace matches dev_t and inode number provided,
> this will allows us to instrument a process inside a container.
> 
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>

Acked-by: Yonghong Song <yhs@fb.com>

> ---
>   include/linux/bpf.h      |  1 +
>   include/uapi/linux/bpf.h | 20 +++++++++++++++++-
>   kernel/bpf/core.c        |  1 +
>   kernel/bpf/helpers.c     | 45 ++++++++++++++++++++++++++++++++++++++++
>   kernel/trace/bpf_trace.c |  2 ++
>   5 files changed, 68 insertions(+), 1 deletion(-)
> 
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 2c2c29b49845..1d7c86019113 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -1082,6 +1082,7 @@ extern const struct bpf_func_proto bpf_get_local_storage_proto;
>   extern const struct bpf_func_proto bpf_strtol_proto;
>   extern const struct bpf_func_proto bpf_strtoul_proto;
>   extern const struct bpf_func_proto bpf_tcp_sock_proto;
> +extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto;
>   
>   /* Shared helpers among cBPF and eBPF. */
>   void bpf_user_rnd_init_once(void);
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 4af8b0819a32..4c3e0b0952e6 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -2775,6 +2775,19 @@ union bpf_attr {
>    * 		restricted to raw_tracepoint bpf programs.
>    * 	Return
>    * 		0 on success, or a negative error in case of failure.
> + *
> + * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
> + *	Description
> + *		Returns 0 on success, values for *pid* and *tgid* as seen from the current
> + *		*namespace* will be returned in *nsdata*.
> + *
> + *		On failure, the returned value is one of the following:
> + *
> + *		**-EINVAL** if dev and inum supplied don't match dev_t and inode number
> + *              with nsfs of current task, or if dev conversion to dev_t lost high bits.
> + *
> + *		**-ENOENT** if pidns does not exists for the current task.
> + *
>    */
>   #define __BPF_FUNC_MAPPER(FN)		\
>   	FN(unspec),			\
> @@ -2888,7 +2901,8 @@ union bpf_attr {
>   	FN(sk_storage_delete),		\
>   	FN(send_signal),		\
>   	FN(tcp_gen_syncookie),		\
> -	FN(skb_output),
> +	FN(skb_output),			\
> +	FN(get_ns_current_pid_tgid),
>   
>   /* integer value in 'imm' field of BPF_CALL instruction selects which helper
>    * function eBPF program intends to call
> @@ -3639,4 +3653,8 @@ struct bpf_sockopt {
>   	__s32	retval;
>   };
>   
> +struct bpf_pidns_info {
> +	__u32 pid;
> +	__u32 tgid;
> +};
>   #endif /* _UAPI__LINUX_BPF_H__ */
> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> index 673f5d40a93e..04083942a13a 100644
> --- a/kernel/bpf/core.c
> +++ b/kernel/bpf/core.c
> @@ -2079,6 +2079,7 @@ const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
>   const struct bpf_func_proto bpf_get_current_comm_proto __weak;
>   const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
>   const struct bpf_func_proto bpf_get_local_storage_proto __weak;
> +const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto __weak;
>   
>   const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
>   {
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 5e28718928ca..5477ad984d7c 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -11,6 +11,8 @@
>   #include <linux/uidgid.h>
>   #include <linux/filter.h>
>   #include <linux/ctype.h>
> +#include <linux/pid_namespace.h>
> +#include <linux/proc_ns.h>
>   
>   #include "../../lib/kstrtox.h"
>   
> @@ -487,3 +489,46 @@ const struct bpf_func_proto bpf_strtoul_proto = {
>   	.arg4_type	= ARG_PTR_TO_LONG,
>   };
>   #endif
> +
> +BPF_CALL_4(bpf_get_ns_current_pid_tgid, u64, dev, u64, ino,
> +	   struct bpf_pidns_info *, nsdata, u32, size)
> +{
> +	struct task_struct *task = current;
> +	struct pid_namespace *pidns;
> +	int err = -EINVAL;
> +
> +	if (unlikely(size != sizeof(struct bpf_pidns_info)))
> +		goto clear;
> +
> +	if (unlikely((u64)(dev_t)dev != dev))
> +		goto clear;
> +
> +	if (unlikely(!task))
> +		goto clear;
> +
> +	pidns = task_active_pid_ns(task);
> +	if (unlikely(!pidns)) {
> +		err = -ENOENT;
> +		goto clear;
> +	}
> +
> +	if (!ns_match(&pidns->ns, (dev_t)dev, ino))
> +		goto clear;
> +
> +	nsdata->pid = task_pid_nr_ns(task, pidns);
> +	nsdata->tgid = task_tgid_nr_ns(task, pidns);
> +	return 0;
> +clear:
> +	memset((void *)nsdata, 0, (size_t) size);
> +	return err;
> +}
> +
> +const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto = {
> +	.func		= bpf_get_ns_current_pid_tgid,
> +	.gpl_only	= false,
> +	.ret_type	= RET_INTEGER,
> +	.arg1_type	= ARG_ANYTHING,
> +	.arg2_type	= ARG_ANYTHING,
> +	.arg3_type      = ARG_PTR_TO_UNINIT_MEM,
> +	.arg4_type      = ARG_CONST_SIZE,
> +};
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index c3240898cc44..07f6fa354f15 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -735,6 +735,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
>   #endif
>   	case BPF_FUNC_send_signal:
>   		return &bpf_send_signal_proto;
> +	case BPF_FUNC_get_ns_current_pid_tgid:
> +		return &bpf_get_ns_current_pid_tgid_proto;
>   	default:
>   		return NULL;
>   	}
> 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper
  2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
@ 2019-10-23  2:51   ` Yonghong Song
  0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23  2:51 UTC (permalink / raw)
  To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf



On 10/22/19 12:17 PM, Carlos Neira wrote:
> sync tools/include/uapi/linux/bpf.h to include new helper.
> 
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>

Acked-by: Yonghong Song <yhs@fb.com>

> ---
>   tools/include/uapi/linux/bpf.h | 20 +++++++++++++++++++-
>   1 file changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index 4af8b0819a32..4c3e0b0952e6 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -2775,6 +2775,19 @@ union bpf_attr {
>    * 		restricted to raw_tracepoint bpf programs.
>    * 	Return
>    * 		0 on success, or a negative error in case of failure.
> + *
> + * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
> + *	Description
> + *		Returns 0 on success, values for *pid* and *tgid* as seen from the current
> + *		*namespace* will be returned in *nsdata*.
> + *
> + *		On failure, the returned value is one of the following:
> + *
> + *		**-EINVAL** if dev and inum supplied don't match dev_t and inode number
> + *              with nsfs of current task, or if dev conversion to dev_t lost high bits.
> + *
> + *		**-ENOENT** if pidns does not exists for the current task.
> + *
>    */
>   #define __BPF_FUNC_MAPPER(FN)		\
>   	FN(unspec),			\
> @@ -2888,7 +2901,8 @@ union bpf_attr {
>   	FN(sk_storage_delete),		\
>   	FN(send_signal),		\
>   	FN(tcp_gen_syncookie),		\
> -	FN(skb_output),
> +	FN(skb_output),			\
> +	FN(get_ns_current_pid_tgid),
>   
>   /* integer value in 'imm' field of BPF_CALL instruction selects which helper
>    * function eBPF program intends to call
> @@ -3639,4 +3653,8 @@ struct bpf_sockopt {
>   	__s32	retval;
>   };
>   
> +struct bpf_pidns_info {
> +	__u32 pid;
> +	__u32 tgid;
> +};
>   #endif /* _UAPI__LINUX_BPF_H__ */
> 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
  2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
@ 2019-10-23  3:02   ` Yonghong Song
  2019-10-23 14:42     ` Carlos Antonio Neira Bustos
  0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-23  3:02 UTC (permalink / raw)
  To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf



On 10/22/19 12:17 PM, Carlos Neira wrote:
> Self tests added for new helper

Please mention the name of the new helper in the commit message.

> 
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>

LGTM Ack with a few nits below.
Acked-by: Yonghong Song <yhs@fb.com>

> ---
>   .../bpf/prog_tests/ns_current_pid_tgid.c      | 87 +++++++++++++++++++
>   .../bpf/progs/test_ns_current_pid_tgid.c      | 37 ++++++++
>   2 files changed, 124 insertions(+)
>   create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>   create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> 
> diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> new file mode 100644
> index 000000000000..257f18999bb6
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> @@ -0,0 +1,87 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> +#include <test_progs.h>
> +#include <sys/stat.h>
> +#include <sys/types.h>
> +#include <unistd.h>
> +#include <sys/syscall.h>
> +
> +struct bss {
> +	__u64 dev;
> +	__u64 ino;
> +	__u64 pid_tgid;
> +	__u64 user_pid_tgid;
> +};
> +
> +void test_ns_current_pid_tgid(void)
> +{
> +	const char *probe_name = "raw_tracepoint/sys_enter";
> +	const char *file = "test_ns_current_pid_tgid.o";
> +	int err, key = 0, duration = 0;
> +	struct bpf_link *link = NULL;
> +	struct bpf_program *prog;
> +	struct bpf_map *bss_map;
> +	struct bpf_object *obj;
> +	struct bss bss;
> +	struct stat st;
> +	__u64 id;
> +
> +	obj = bpf_object__open_file(file, NULL);
> +	if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
> +		return;
> +
> +	err = bpf_object__load(obj);
> +	if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
> +		goto cleanup;
> +
> +	bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
> +	if (CHECK(!bss_map, "find_bss_map", "failed\n"))
> +		goto cleanup;
> +
> +	prog = bpf_object__find_program_by_title(obj, probe_name);
> +	if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
> +		  probe_name))
> +		goto cleanup;
> +
> +	memset(&bss, 0, sizeof(bss));
> +	pid_t tid = syscall(SYS_gettid);
> +	pid_t pid = getpid();
> +
> +	id = (__u64) tid << 32 | pid;
> +	bss.user_pid_tgid = id;
> +
> +	if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
> +		perror("Failed to stat /proc/self/ns/pid");
> +		goto cleanup;
> +	}
> +
> +	bss.dev = st.st_dev;
> +	bss.ino = st.st_ino;
> +
> +	err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
> +	if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
> +		goto cleanup;
> +
> +	link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
> +	if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
> +		  PTR_ERR(link)))
> +		goto cleanup;

You already have default link = NULL.
Here, I think you can do
		link = NULL;
		goto cleanup;

> +
> +	/* trigger some syscalls */
> +	usleep(1);
> +
> +	err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
> +	if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
> +		goto cleanup;
> +
> +	if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
> +		  "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))

EBPF -> BPF?

> +		goto cleanup;
> +cleanup:
> +

The above empty line can be removed.

> +	if (!IS_ERR_OR_NULL(link)) {

With the above suggested change, you only need to check
	if (!link)

> +		bpf_link__destroy(link);
> +		link = NULL;
> +	}
> +	bpf_object__close(obj);
> +}
> diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> new file mode 100644
> index 000000000000..cdb77eb1a4fb
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> @@ -0,0 +1,37 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> +
> +#include <linux/bpf.h>
> +#include <stdint.h>
> +#include "bpf_helpers.h"
> +
> +static volatile struct {
> +	__u64 dev;
> +	__u64 ino;
> +	__u64 pid_tgid;
> +	__u64 user_pid_tgid;
> +} res;
> +
> +SEC("raw_tracepoint/sys_enter")
> +int trace(void *ctx)
> +{
> +	__u64  ns_pid_tgid, expected_pid;
> +	struct bpf_pidns_info nsdata;
> +	__u32 key = 0;
> +
> +	if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
> +		   sizeof(struct bpf_pidns_info)))
> +		return 0;
> +
> +	ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
> +	expected_pid = res.user_pid_tgid;
> +
> +	if (expected_pid != ns_pid_tgid)
> +		return 0;
> +
> +	res.pid_tgid = ns_pid_tgid;
> +
> +	return 0;
> +}
> +
> +char _license[] SEC("license") = "GPL";

The new helper does not require GPL, could you double check this?
The above _license should not be necessary.

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types
  2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
@ 2019-10-23  3:03   ` Yonghong Song
  0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23  3:03 UTC (permalink / raw)
  To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf



On 10/22/19 12:17 PM, Carlos Neira wrote:
> Add struct bpf_pidns_info to known types
> 
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>

Acked-by: Yonghong Song <yhs@fb.com>

> ---
>   scripts/bpf_helpers_doc.py | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
> index 7548569e8076..021cc387d414 100755
> --- a/scripts/bpf_helpers_doc.py
> +++ b/scripts/bpf_helpers_doc.py
> @@ -437,6 +437,7 @@ class PrinterHelpers(Printer):
>               'struct bpf_fib_lookup',
>               'struct bpf_perf_event_data',
>               'struct bpf_perf_event_value',
> +            'struct bpf_pidns_info',
>               'struct bpf_sock',
>               'struct bpf_sock_addr',
>               'struct bpf_sock_ops',
> 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
@ 2019-10-23  3:05   ` Yonghong Song
  2019-10-28 15:34     ` Yonghong Song
  0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-23  3:05 UTC (permalink / raw)
  To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf


Hi, Eric,

Could you take a look at this patch the series as well?
If it looks good, could you ack the patch #1?

Thanks!

On 10/22/19 12:17 PM, Carlos Neira wrote:
> ns_match returns true if the namespace inode and dev_t matches the ones
> provided by the caller.
> 
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
> ---
>   fs/nsfs.c               | 14 ++++++++++++++
>   include/linux/proc_ns.h |  2 ++
>   2 files changed, 16 insertions(+)
> 
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index a0431642c6b5..ef59cf347285 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>   	return ERR_PTR(-EINVAL);
>   }
>   
> +/**
> + * ns_match() - Returns true if current namespace matches dev/ino provided.
> + * @ns_common: current ns
> + * @dev: dev_t from nsfs that will be matched against current nsfs
> + * @ino: ino_t from nsfs that will be matched against current nsfs
> + *
> + * Return: true if dev and ino matches the current nsfs.
> + */
> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
> +{
> +	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
> +}
> +
> +
>   static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
>   {
>   	struct inode *inode = d_inode(dentry);
> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> index d31cb6215905..1da9f33489f3 100644
> --- a/include/linux/proc_ns.h
> +++ b/include/linux/proc_ns.h
> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
>   extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
>   			    void *private_data);
>   
> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
> +
>   extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
>   			const struct proc_ns_operations *ns_ops);
>   extern void nsfs_init(void);
> 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
  2019-10-23  3:02   ` Yonghong Song
@ 2019-10-23 14:42     ` Carlos Antonio Neira Bustos
  2019-10-23 15:20       ` Yonghong Song
  0 siblings, 1 reply; 17+ messages in thread
From: Carlos Antonio Neira Bustos @ 2019-10-23 14:42 UTC (permalink / raw)
  To: Yonghong Song; +Cc: netdev, ebiederm, brouer, bpf

On Wed, Oct 23, 2019 at 03:02:51AM +0000, Yonghong Song wrote:
> 
> 
> On 10/22/19 12:17 PM, Carlos Neira wrote:
> > Self tests added for new helper
> 
> Please mention the name of the new helper in the commit message.
> 
> > 
> > Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
> 
> LGTM Ack with a few nits below.
> Acked-by: Yonghong Song <yhs@fb.com>
> 
> > ---
> >   .../bpf/prog_tests/ns_current_pid_tgid.c      | 87 +++++++++++++++++++
> >   .../bpf/progs/test_ns_current_pid_tgid.c      | 37 ++++++++
> >   2 files changed, 124 insertions(+)
> >   create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> >   create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> > 
> > diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> > new file mode 100644
> > index 000000000000..257f18999bb6
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> > @@ -0,0 +1,87 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> > +#include <test_progs.h>
> > +#include <sys/stat.h>
> > +#include <sys/types.h>
> > +#include <unistd.h>
> > +#include <sys/syscall.h>
> > +
> > +struct bss {
> > +	__u64 dev;
> > +	__u64 ino;
> > +	__u64 pid_tgid;
> > +	__u64 user_pid_tgid;
> > +};
> > +
> > +void test_ns_current_pid_tgid(void)
> > +{
> > +	const char *probe_name = "raw_tracepoint/sys_enter";
> > +	const char *file = "test_ns_current_pid_tgid.o";
> > +	int err, key = 0, duration = 0;
> > +	struct bpf_link *link = NULL;
> > +	struct bpf_program *prog;
> > +	struct bpf_map *bss_map;
> > +	struct bpf_object *obj;
> > +	struct bss bss;
> > +	struct stat st;
> > +	__u64 id;
> > +
> > +	obj = bpf_object__open_file(file, NULL);
> > +	if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
> > +		return;
> > +
> > +	err = bpf_object__load(obj);
> > +	if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
> > +		goto cleanup;
> > +
> > +	bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
> > +	if (CHECK(!bss_map, "find_bss_map", "failed\n"))
> > +		goto cleanup;
> > +
> > +	prog = bpf_object__find_program_by_title(obj, probe_name);
> > +	if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
> > +		  probe_name))
> > +		goto cleanup;
> > +
> > +	memset(&bss, 0, sizeof(bss));
> > +	pid_t tid = syscall(SYS_gettid);
> > +	pid_t pid = getpid();
> > +
> > +	id = (__u64) tid << 32 | pid;
> > +	bss.user_pid_tgid = id;
> > +
> > +	if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
> > +		perror("Failed to stat /proc/self/ns/pid");
> > +		goto cleanup;
> > +	}
> > +
> > +	bss.dev = st.st_dev;
> > +	bss.ino = st.st_ino;
> > +
> > +	err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
> > +	if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
> > +		goto cleanup;
> > +
> > +	link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
> > +	if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
> > +		  PTR_ERR(link)))
> > +		goto cleanup;
> 
> You already have default link = NULL.
> Here, I think you can do
> 		link = NULL;
> 		goto cleanup;
> 
> > +
> > +	/* trigger some syscalls */
> > +	usleep(1);
> > +
> > +	err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
> > +	if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
> > +		goto cleanup;
> > +
> > +	if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
> > +		  "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
> 
> EBPF -> BPF?
> 
> > +		goto cleanup;
> > +cleanup:
> > +
> 
> The above empty line can be removed.
> 
> > +	if (!IS_ERR_OR_NULL(link)) {
> 
> With the above suggested change, you only need to check
> 	if (!link)
> 
> > +		bpf_link__destroy(link);
> > +		link = NULL;
> > +	}
> > +	bpf_object__close(obj);
> > +}
> > diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> > new file mode 100644
> > index 000000000000..cdb77eb1a4fb
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> > @@ -0,0 +1,37 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> > +
> > +#include <linux/bpf.h>
> > +#include <stdint.h>
> > +#include "bpf_helpers.h"
> > +
> > +static volatile struct {
> > +	__u64 dev;
> > +	__u64 ino;
> > +	__u64 pid_tgid;
> > +	__u64 user_pid_tgid;
> > +} res;
> > +
> > +SEC("raw_tracepoint/sys_enter")
> > +int trace(void *ctx)
> > +{
> > +	__u64  ns_pid_tgid, expected_pid;
> > +	struct bpf_pidns_info nsdata;
> > +	__u32 key = 0;
> > +
> > +	if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
> > +		   sizeof(struct bpf_pidns_info)))
> > +		return 0;
> > +
> > +	ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
> > +	expected_pid = res.user_pid_tgid;
> > +
> > +	if (expected_pid != ns_pid_tgid)
> > +		return 0;
> > +
> > +	res.pid_tgid = ns_pid_tgid;
> > +
> > +	return 0;
> > +}
> > +
> > +char _license[] SEC("license") = "GPL";
> 
> The new helper does not require GPL, could you double check this?
> The above _license should not be necessary.

Thanks, Yonghong.

Do I need to re-send the series of patches as v16 ? or I could reply to this thread addressing your comments for patch 4/5.
Thanks again for your support.

Bests 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
  2019-10-23 14:42     ` Carlos Antonio Neira Bustos
@ 2019-10-23 15:20       ` Yonghong Song
  0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 15:20 UTC (permalink / raw)
  To: Carlos Antonio Neira Bustos; +Cc: netdev, ebiederm, brouer, bpf



On 10/23/19 7:42 AM, Carlos Antonio Neira Bustos wrote:
> On Wed, Oct 23, 2019 at 03:02:51AM +0000, Yonghong Song wrote:
>>
>>
>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>> Self tests added for new helper
>>
>> Please mention the name of the new helper in the commit message.
>>
>>>
>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>
>> LGTM Ack with a few nits below.
>> Acked-by: Yonghong Song <yhs@fb.com>
>>
>>> ---
>>>    .../bpf/prog_tests/ns_current_pid_tgid.c      | 87 +++++++++++++++++++
>>>    .../bpf/progs/test_ns_current_pid_tgid.c      | 37 ++++++++
>>>    2 files changed, 124 insertions(+)
>>>    create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>>    create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>>
>>> diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>> new file mode 100644
>>> index 000000000000..257f18999bb6
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>> @@ -0,0 +1,87 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
>>> +#include <test_progs.h>
>>> +#include <sys/stat.h>
>>> +#include <sys/types.h>
>>> +#include <unistd.h>
>>> +#include <sys/syscall.h>
>>> +
>>> +struct bss {
>>> +	__u64 dev;
>>> +	__u64 ino;
>>> +	__u64 pid_tgid;
>>> +	__u64 user_pid_tgid;
>>> +};
>>> +
>>> +void test_ns_current_pid_tgid(void)
>>> +{
>>> +	const char *probe_name = "raw_tracepoint/sys_enter";
>>> +	const char *file = "test_ns_current_pid_tgid.o";
>>> +	int err, key = 0, duration = 0;
>>> +	struct bpf_link *link = NULL;
>>> +	struct bpf_program *prog;
>>> +	struct bpf_map *bss_map;
>>> +	struct bpf_object *obj;
>>> +	struct bss bss;
>>> +	struct stat st;
>>> +	__u64 id;
>>> +
>>> +	obj = bpf_object__open_file(file, NULL);
>>> +	if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
>>> +		return;
>>> +
>>> +	err = bpf_object__load(obj);
>>> +	if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
>>> +		goto cleanup;
>>> +
>>> +	bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
>>> +	if (CHECK(!bss_map, "find_bss_map", "failed\n"))
>>> +		goto cleanup;
>>> +
>>> +	prog = bpf_object__find_program_by_title(obj, probe_name);
>>> +	if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
>>> +		  probe_name))
>>> +		goto cleanup;
>>> +
>>> +	memset(&bss, 0, sizeof(bss));
>>> +	pid_t tid = syscall(SYS_gettid);
>>> +	pid_t pid = getpid();
>>> +
>>> +	id = (__u64) tid << 32 | pid;
>>> +	bss.user_pid_tgid = id;
>>> +
>>> +	if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
>>> +		perror("Failed to stat /proc/self/ns/pid");
>>> +		goto cleanup;
>>> +	}
>>> +
>>> +	bss.dev = st.st_dev;
>>> +	bss.ino = st.st_ino;
>>> +
>>> +	err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
>>> +	if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
>>> +		goto cleanup;
>>> +
>>> +	link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
>>> +	if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
>>> +		  PTR_ERR(link)))
>>> +		goto cleanup;
>>
>> You already have default link = NULL.
>> Here, I think you can do
>> 		link = NULL;
>> 		goto cleanup;
>>
>>> +
>>> +	/* trigger some syscalls */
>>> +	usleep(1);
>>> +
>>> +	err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
>>> +	if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
>>> +		goto cleanup;
>>> +
>>> +	if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
>>> +		  "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
>>
>> EBPF -> BPF?
>>
>>> +		goto cleanup;
>>> +cleanup:
>>> +
>>
>> The above empty line can be removed.
>>
>>> +	if (!IS_ERR_OR_NULL(link)) {
>>
>> With the above suggested change, you only need to check
>> 	if (!link)
>>
>>> +		bpf_link__destroy(link);
>>> +		link = NULL;
>>> +	}
>>> +	bpf_object__close(obj);
>>> +}
>>> diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>> new file mode 100644
>>> index 000000000000..cdb77eb1a4fb
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>> @@ -0,0 +1,37 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
>>> +
>>> +#include <linux/bpf.h>
>>> +#include <stdint.h>
>>> +#include "bpf_helpers.h"
>>> +
>>> +static volatile struct {
>>> +	__u64 dev;
>>> +	__u64 ino;
>>> +	__u64 pid_tgid;
>>> +	__u64 user_pid_tgid;
>>> +} res;
>>> +
>>> +SEC("raw_tracepoint/sys_enter")
>>> +int trace(void *ctx)
>>> +{
>>> +	__u64  ns_pid_tgid, expected_pid;
>>> +	struct bpf_pidns_info nsdata;
>>> +	__u32 key = 0;
>>> +
>>> +	if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
>>> +		   sizeof(struct bpf_pidns_info)))
>>> +		return 0;
>>> +
>>> +	ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
>>> +	expected_pid = res.user_pid_tgid;
>>> +
>>> +	if (expected_pid != ns_pid_tgid)
>>> +		return 0;
>>> +
>>> +	res.pid_tgid = ns_pid_tgid;
>>> +
>>> +	return 0;
>>> +}
>>> +
>>> +char _license[] SEC("license") = "GPL";
>>
>> The new helper does not require GPL, could you double check this?
>> The above _license should not be necessary.
> 
> Thanks, Yonghong.
> 
> Do I need to re-send the series of patches as v16 ? or I could reply to this thread addressing your comments for patch 4/5.

You can wait for Eric's ACK and then resend a new version of the patch 
set with all Ack's.

> Thanks again for your support.
> 
> Bests
> 

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-10-23  3:05   ` Yonghong Song
@ 2019-10-28 15:34     ` Yonghong Song
  2019-10-31 22:31       ` [Review Request] " Yonghong Song
  0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-28 15:34 UTC (permalink / raw)
  To: Carlos Neira, ebiederm; +Cc: netdev, brouer, bpf

Ping again.

Eric, could you take a look at this patch and ack it if it is okay?

Thanks!


On 10/22/19 8:05 PM, Yonghong Song wrote:
> 
> Hi, Eric,
> 
> Could you take a look at this patch the series as well?
> If it looks good, could you ack the patch #1?
> 
> Thanks!
> 
> On 10/22/19 12:17 PM, Carlos Neira wrote:
>> ns_match returns true if the namespace inode and dev_t matches the ones
>> provided by the caller.
>>
>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>> ---
>>    fs/nsfs.c               | 14 ++++++++++++++
>>    include/linux/proc_ns.h |  2 ++
>>    2 files changed, 16 insertions(+)
>>
>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>> index a0431642c6b5..ef59cf347285 100644
>> --- a/fs/nsfs.c
>> +++ b/fs/nsfs.c
>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>>    	return ERR_PTR(-EINVAL);
>>    }
>>    
>> +/**
>> + * ns_match() - Returns true if current namespace matches dev/ino provided.
>> + * @ns_common: current ns
>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>> + *
>> + * Return: true if dev and ino matches the current nsfs.
>> + */
>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>> +{
>> +	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>> +}
>> +
>> +
>>    static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
>>    {
>>    	struct inode *inode = d_inode(dentry);
>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>> index d31cb6215905..1da9f33489f3 100644
>> --- a/include/linux/proc_ns.h
>> +++ b/include/linux/proc_ns.h
>> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
>>    extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
>>    			    void *private_data);
>>    
>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
>> +
>>    extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
>>    			const struct proc_ns_operations *ns_ops);
>>    extern void nsfs_init(void);
>>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-10-28 15:34     ` Yonghong Song
@ 2019-10-31 22:31       ` Yonghong Song
  2019-11-12 15:18         ` Yonghong Song
  0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-31 22:31 UTC (permalink / raw)
  To: Carlos Neira, ebiederm; +Cc: netdev, brouer, bpf


Eric,

In case that you missed the email, I added "[Review Request]"
and pinged again. It would be good if you can take a look
and ack if it looks good to you.

Thanks!


On 10/28/19 8:34 AM, Yonghong Song wrote:
> Ping again.
> 
> Eric, could you take a look at this patch and ack it if it is okay?
> 
> Thanks!
> 
> 
> On 10/22/19 8:05 PM, Yonghong Song wrote:
>>
>> Hi, Eric,
>>
>> Could you take a look at this patch the series as well?
>> If it looks good, could you ack the patch #1?
>>
>> Thanks!
>>
>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>> ns_match returns true if the namespace inode and dev_t matches the ones
>>> provided by the caller.
>>>
>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>> ---
>>>     fs/nsfs.c               | 14 ++++++++++++++
>>>     include/linux/proc_ns.h |  2 ++
>>>     2 files changed, 16 insertions(+)
>>>
>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>>> index a0431642c6b5..ef59cf347285 100644
>>> --- a/fs/nsfs.c
>>> +++ b/fs/nsfs.c
>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>>>     	return ERR_PTR(-EINVAL);
>>>     }
>>>     
>>> +/**
>>> + * ns_match() - Returns true if current namespace matches dev/ino provided.
>>> + * @ns_common: current ns
>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>>> + *
>>> + * Return: true if dev and ino matches the current nsfs.
>>> + */
>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>>> +{
>>> +	return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>>> +}
>>> +
>>> +
>>>     static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
>>>     {
>>>     	struct inode *inode = d_inode(dentry);
>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>>> index d31cb6215905..1da9f33489f3 100644
>>> --- a/include/linux/proc_ns.h
>>> +++ b/include/linux/proc_ns.h
>>> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
>>>     extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
>>>     			    void *private_data);
>>>     
>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
>>> +
>>>     extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
>>>     			const struct proc_ns_operations *ns_ops);
>>>     extern void nsfs_init(void);
>>>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-10-31 22:31       ` [Review Request] " Yonghong Song
@ 2019-11-12 15:18         ` Yonghong Song
  2019-11-25 14:03           ` Carlos Antonio Neira Bustos
  0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-11-12 15:18 UTC (permalink / raw)
  To: ebiederm; +Cc: Carlos Neira, netdev, brouer, bpf

Eric,

ping again. Any comment on this patch?

On 10/31/19 3:31 PM, Yonghong Song wrote:
> 
> Eric,
> 
> In case that you missed the email, I added "[Review Request]"
> and pinged again. It would be good if you can take a look
> and ack if it looks good to you.
> 
> Thanks!
> 
> 
> On 10/28/19 8:34 AM, Yonghong Song wrote:
>> Ping again.
>>
>> Eric, could you take a look at this patch and ack it if it is okay?
>>
>> Thanks!
>>
>>
>> On 10/22/19 8:05 PM, Yonghong Song wrote:
>>>
>>> Hi, Eric,
>>>
>>> Could you take a look at this patch the series as well?
>>> If it looks good, could you ack the patch #1?
>>>
>>> Thanks!
>>>
>>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>>> ns_match returns true if the namespace inode and dev_t matches the ones
>>>> provided by the caller.
>>>>
>>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>>> ---
>>>>     fs/nsfs.c               | 14 ++++++++++++++
>>>>     include/linux/proc_ns.h |  2 ++
>>>>     2 files changed, 16 insertions(+)
>>>>
>>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>>>> index a0431642c6b5..ef59cf347285 100644
>>>> --- a/fs/nsfs.c
>>>> +++ b/fs/nsfs.c
>>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>>>>         return ERR_PTR(-EINVAL);
>>>>     }
>>>> +/**
>>>> + * ns_match() - Returns true if current namespace matches dev/ino 
>>>> provided.
>>>> + * @ns_common: current ns
>>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>>>> + *
>>>> + * Return: true if dev and ino matches the current nsfs.
>>>> + */
>>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>>>> +{
>>>> +    return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>>>> +}
>>>> +
>>>> +
>>>>     static int nsfs_show_path(struct seq_file *seq, struct dentry 
>>>> *dentry)
>>>>     {
>>>>         struct inode *inode = d_inode(dentry);
>>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>>>> index d31cb6215905..1da9f33489f3 100644
>>>> --- a/include/linux/proc_ns.h
>>>> +++ b/include/linux/proc_ns.h
>>>> @@ -82,6 +82,8 @@ typedef struct ns_common 
>>>> *ns_get_path_helper_t(void *);
>>>>     extern void *ns_get_path_cb(struct path *path, 
>>>> ns_get_path_helper_t ns_get_cb,
>>>>                     void *private_data);
>>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t 
>>>> ino);
>>>> +
>>>>     extern int ns_get_name(char *buf, size_t size, struct 
>>>> task_struct *task,
>>>>                 const struct proc_ns_operations *ns_ops);
>>>>     extern void nsfs_init(void);
>>>>

^ permalink raw reply	[flat|nested] 17+ messages in thread

* Re: [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
  2019-11-12 15:18         ` Yonghong Song
@ 2019-11-25 14:03           ` Carlos Antonio Neira Bustos
  0 siblings, 0 replies; 17+ messages in thread
From: Carlos Antonio Neira Bustos @ 2019-11-25 14:03 UTC (permalink / raw)
  To: Yonghong Song; +Cc: ebiederm, netdev, brouer, bpf

Yonghong,

I think the merge window has closed, should I resubmit these patches, or 
wait for Eric's feedback ?

Bests

On Tue, Nov 12, 2019 at 03:18:20PM +0000, Yonghong Song wrote:
> Eric,
> 
> ping again. Any comment on this patch?
> 
> On 10/31/19 3:31 PM, Yonghong Song wrote:
> > 
> > Eric,
> > 
> > In case that you missed the email, I added "[Review Request]"
> > and pinged again. It would be good if you can take a look
> > and ack if it looks good to you.
> > 
> > Thanks!
> > 
> > 
> > On 10/28/19 8:34 AM, Yonghong Song wrote:
> >> Ping again.
> >>
> >> Eric, could you take a look at this patch and ack it if it is okay?
> >>
> >> Thanks!
> >>
> >>
> >> On 10/22/19 8:05 PM, Yonghong Song wrote:
> >>>
> >>> Hi, Eric,
> >>>
> >>> Could you take a look at this patch the series as well?
> >>> If it looks good, could you ack the patch #1?
> >>>
> >>> Thanks!
> >>>
> >>> On 10/22/19 12:17 PM, Carlos Neira wrote:
> >>>> ns_match returns true if the namespace inode and dev_t matches the ones
> >>>> provided by the caller.
> >>>>
> >>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
> >>>> ---
> >>>>     fs/nsfs.c               | 14 ++++++++++++++
> >>>>     include/linux/proc_ns.h |  2 ++
> >>>>     2 files changed, 16 insertions(+)
> >>>>
> >>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
> >>>> index a0431642c6b5..ef59cf347285 100644
> >>>> --- a/fs/nsfs.c
> >>>> +++ b/fs/nsfs.c
> >>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
> >>>>         return ERR_PTR(-EINVAL);
> >>>>     }
> >>>> +/**
> >>>> + * ns_match() - Returns true if current namespace matches dev/ino 
> >>>> provided.
> >>>> + * @ns_common: current ns
> >>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
> >>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
> >>>> + *
> >>>> + * Return: true if dev and ino matches the current nsfs.
> >>>> + */
> >>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
> >>>> +{
> >>>> +    return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
> >>>> +}
> >>>> +
> >>>> +
> >>>>     static int nsfs_show_path(struct seq_file *seq, struct dentry 
> >>>> *dentry)
> >>>>     {
> >>>>         struct inode *inode = d_inode(dentry);
> >>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> >>>> index d31cb6215905..1da9f33489f3 100644
> >>>> --- a/include/linux/proc_ns.h
> >>>> +++ b/include/linux/proc_ns.h
> >>>> @@ -82,6 +82,8 @@ typedef struct ns_common 
> >>>> *ns_get_path_helper_t(void *);
> >>>>     extern void *ns_get_path_cb(struct path *path, 
> >>>> ns_get_path_helper_t ns_get_cb,
> >>>>                     void *private_data);
> >>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t 
> >>>> ino);
> >>>> +
> >>>>     extern int ns_get_name(char *buf, size_t size, struct 
> >>>> task_struct *task,
> >>>>                 const struct proc_ns_operations *ns_ops);
> >>>>     extern void nsfs_init(void);
> >>>>

^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2019-11-25 14:03 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
2019-10-23  3:05   ` Yonghong Song
2019-10-28 15:34     ` Yonghong Song
2019-10-31 22:31       ` [Review Request] " Yonghong Song
2019-11-12 15:18         ` Yonghong Song
2019-11-25 14:03           ` Carlos Antonio Neira Bustos
2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
2019-10-23  2:51   ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
2019-10-23  2:51   ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
2019-10-23  3:02   ` Yonghong Song
2019-10-23 14:42     ` Carlos Antonio Neira Bustos
2019-10-23 15:20       ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
2019-10-23  3:03   ` Yonghong Song

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).