* [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
2019-10-23 3:05 ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
` (3 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos
ns_match returns true if the namespace inode and dev_t matches the ones
provided by the caller.
Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
fs/nsfs.c | 14 ++++++++++++++
include/linux/proc_ns.h | 2 ++
2 files changed, 16 insertions(+)
diff --git a/fs/nsfs.c b/fs/nsfs.c
index a0431642c6b5..ef59cf347285 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
return ERR_PTR(-EINVAL);
}
+/**
+ * ns_match() - Returns true if current namespace matches dev/ino provided.
+ * @ns_common: current ns
+ * @dev: dev_t from nsfs that will be matched against current nsfs
+ * @ino: ino_t from nsfs that will be matched against current nsfs
+ *
+ * Return: true if dev and ino matches the current nsfs.
+ */
+bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
+{
+ return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
+}
+
+
static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
{
struct inode *inode = d_inode(dentry);
diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
index d31cb6215905..1da9f33489f3 100644
--- a/include/linux/proc_ns.h
+++ b/include/linux/proc_ns.h
@@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
void *private_data);
+extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
+
extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
const struct proc_ns_operations *ns_ops);
extern void nsfs_init(void);
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
@ 2019-10-23 3:05 ` Yonghong Song
2019-10-28 15:34 ` Yonghong Song
0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 3:05 UTC (permalink / raw)
To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf
Hi, Eric,
Could you take a look at this patch the series as well?
If it looks good, could you ack the patch #1?
Thanks!
On 10/22/19 12:17 PM, Carlos Neira wrote:
> ns_match returns true if the namespace inode and dev_t matches the ones
> provided by the caller.
>
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
> ---
> fs/nsfs.c | 14 ++++++++++++++
> include/linux/proc_ns.h | 2 ++
> 2 files changed, 16 insertions(+)
>
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index a0431642c6b5..ef59cf347285 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
> return ERR_PTR(-EINVAL);
> }
>
> +/**
> + * ns_match() - Returns true if current namespace matches dev/ino provided.
> + * @ns_common: current ns
> + * @dev: dev_t from nsfs that will be matched against current nsfs
> + * @ino: ino_t from nsfs that will be matched against current nsfs
> + *
> + * Return: true if dev and ino matches the current nsfs.
> + */
> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
> +{
> + return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
> +}
> +
> +
> static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
> {
> struct inode *inode = d_inode(dentry);
> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> index d31cb6215905..1da9f33489f3 100644
> --- a/include/linux/proc_ns.h
> +++ b/include/linux/proc_ns.h
> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
> extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
> void *private_data);
>
> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
> +
> extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
> const struct proc_ns_operations *ns_ops);
> extern void nsfs_init(void);
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-10-23 3:05 ` Yonghong Song
@ 2019-10-28 15:34 ` Yonghong Song
2019-10-31 22:31 ` [Review Request] " Yonghong Song
0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-28 15:34 UTC (permalink / raw)
To: Carlos Neira, ebiederm; +Cc: netdev, brouer, bpf
Ping again.
Eric, could you take a look at this patch and ack it if it is okay?
Thanks!
On 10/22/19 8:05 PM, Yonghong Song wrote:
>
> Hi, Eric,
>
> Could you take a look at this patch the series as well?
> If it looks good, could you ack the patch #1?
>
> Thanks!
>
> On 10/22/19 12:17 PM, Carlos Neira wrote:
>> ns_match returns true if the namespace inode and dev_t matches the ones
>> provided by the caller.
>>
>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>> ---
>> fs/nsfs.c | 14 ++++++++++++++
>> include/linux/proc_ns.h | 2 ++
>> 2 files changed, 16 insertions(+)
>>
>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>> index a0431642c6b5..ef59cf347285 100644
>> --- a/fs/nsfs.c
>> +++ b/fs/nsfs.c
>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>> return ERR_PTR(-EINVAL);
>> }
>>
>> +/**
>> + * ns_match() - Returns true if current namespace matches dev/ino provided.
>> + * @ns_common: current ns
>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>> + *
>> + * Return: true if dev and ino matches the current nsfs.
>> + */
>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>> +{
>> + return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>> +}
>> +
>> +
>> static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
>> {
>> struct inode *inode = d_inode(dentry);
>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>> index d31cb6215905..1da9f33489f3 100644
>> --- a/include/linux/proc_ns.h
>> +++ b/include/linux/proc_ns.h
>> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
>> extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
>> void *private_data);
>>
>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
>> +
>> extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
>> const struct proc_ns_operations *ns_ops);
>> extern void nsfs_init(void);
>>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-10-28 15:34 ` Yonghong Song
@ 2019-10-31 22:31 ` Yonghong Song
2019-11-12 15:18 ` Yonghong Song
0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-31 22:31 UTC (permalink / raw)
To: Carlos Neira, ebiederm; +Cc: netdev, brouer, bpf
Eric,
In case that you missed the email, I added "[Review Request]"
and pinged again. It would be good if you can take a look
and ack if it looks good to you.
Thanks!
On 10/28/19 8:34 AM, Yonghong Song wrote:
> Ping again.
>
> Eric, could you take a look at this patch and ack it if it is okay?
>
> Thanks!
>
>
> On 10/22/19 8:05 PM, Yonghong Song wrote:
>>
>> Hi, Eric,
>>
>> Could you take a look at this patch the series as well?
>> If it looks good, could you ack the patch #1?
>>
>> Thanks!
>>
>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>> ns_match returns true if the namespace inode and dev_t matches the ones
>>> provided by the caller.
>>>
>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>> ---
>>> fs/nsfs.c | 14 ++++++++++++++
>>> include/linux/proc_ns.h | 2 ++
>>> 2 files changed, 16 insertions(+)
>>>
>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>>> index a0431642c6b5..ef59cf347285 100644
>>> --- a/fs/nsfs.c
>>> +++ b/fs/nsfs.c
>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>>> return ERR_PTR(-EINVAL);
>>> }
>>>
>>> +/**
>>> + * ns_match() - Returns true if current namespace matches dev/ino provided.
>>> + * @ns_common: current ns
>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>>> + *
>>> + * Return: true if dev and ino matches the current nsfs.
>>> + */
>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>>> +{
>>> + return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>>> +}
>>> +
>>> +
>>> static int nsfs_show_path(struct seq_file *seq, struct dentry *dentry)
>>> {
>>> struct inode *inode = d_inode(dentry);
>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>>> index d31cb6215905..1da9f33489f3 100644
>>> --- a/include/linux/proc_ns.h
>>> +++ b/include/linux/proc_ns.h
>>> @@ -82,6 +82,8 @@ typedef struct ns_common *ns_get_path_helper_t(void *);
>>> extern void *ns_get_path_cb(struct path *path, ns_get_path_helper_t ns_get_cb,
>>> void *private_data);
>>>
>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino);
>>> +
>>> extern int ns_get_name(char *buf, size_t size, struct task_struct *task,
>>> const struct proc_ns_operations *ns_ops);
>>> extern void nsfs_init(void);
>>>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-10-31 22:31 ` [Review Request] " Yonghong Song
@ 2019-11-12 15:18 ` Yonghong Song
2019-11-25 14:03 ` Carlos Antonio Neira Bustos
0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-11-12 15:18 UTC (permalink / raw)
To: ebiederm; +Cc: Carlos Neira, netdev, brouer, bpf
Eric,
ping again. Any comment on this patch?
On 10/31/19 3:31 PM, Yonghong Song wrote:
>
> Eric,
>
> In case that you missed the email, I added "[Review Request]"
> and pinged again. It would be good if you can take a look
> and ack if it looks good to you.
>
> Thanks!
>
>
> On 10/28/19 8:34 AM, Yonghong Song wrote:
>> Ping again.
>>
>> Eric, could you take a look at this patch and ack it if it is okay?
>>
>> Thanks!
>>
>>
>> On 10/22/19 8:05 PM, Yonghong Song wrote:
>>>
>>> Hi, Eric,
>>>
>>> Could you take a look at this patch the series as well?
>>> If it looks good, could you ack the patch #1?
>>>
>>> Thanks!
>>>
>>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>>> ns_match returns true if the namespace inode and dev_t matches the ones
>>>> provided by the caller.
>>>>
>>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>>> ---
>>>> fs/nsfs.c | 14 ++++++++++++++
>>>> include/linux/proc_ns.h | 2 ++
>>>> 2 files changed, 16 insertions(+)
>>>>
>>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
>>>> index a0431642c6b5..ef59cf347285 100644
>>>> --- a/fs/nsfs.c
>>>> +++ b/fs/nsfs.c
>>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
>>>> return ERR_PTR(-EINVAL);
>>>> }
>>>> +/**
>>>> + * ns_match() - Returns true if current namespace matches dev/ino
>>>> provided.
>>>> + * @ns_common: current ns
>>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
>>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
>>>> + *
>>>> + * Return: true if dev and ino matches the current nsfs.
>>>> + */
>>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
>>>> +{
>>>> + return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
>>>> +}
>>>> +
>>>> +
>>>> static int nsfs_show_path(struct seq_file *seq, struct dentry
>>>> *dentry)
>>>> {
>>>> struct inode *inode = d_inode(dentry);
>>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
>>>> index d31cb6215905..1da9f33489f3 100644
>>>> --- a/include/linux/proc_ns.h
>>>> +++ b/include/linux/proc_ns.h
>>>> @@ -82,6 +82,8 @@ typedef struct ns_common
>>>> *ns_get_path_helper_t(void *);
>>>> extern void *ns_get_path_cb(struct path *path,
>>>> ns_get_path_helper_t ns_get_cb,
>>>> void *private_data);
>>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t
>>>> ino);
>>>> +
>>>> extern int ns_get_name(char *buf, size_t size, struct
>>>> task_struct *task,
>>>> const struct proc_ns_operations *ns_ops);
>>>> extern void nsfs_init(void);
>>>>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [Review Request] Re: [PATCH v15 1/5] fs/nsfs.c: added ns_match
2019-11-12 15:18 ` Yonghong Song
@ 2019-11-25 14:03 ` Carlos Antonio Neira Bustos
0 siblings, 0 replies; 17+ messages in thread
From: Carlos Antonio Neira Bustos @ 2019-11-25 14:03 UTC (permalink / raw)
To: Yonghong Song; +Cc: ebiederm, netdev, brouer, bpf
Yonghong,
I think the merge window has closed, should I resubmit these patches, or
wait for Eric's feedback ?
Bests
On Tue, Nov 12, 2019 at 03:18:20PM +0000, Yonghong Song wrote:
> Eric,
>
> ping again. Any comment on this patch?
>
> On 10/31/19 3:31 PM, Yonghong Song wrote:
> >
> > Eric,
> >
> > In case that you missed the email, I added "[Review Request]"
> > and pinged again. It would be good if you can take a look
> > and ack if it looks good to you.
> >
> > Thanks!
> >
> >
> > On 10/28/19 8:34 AM, Yonghong Song wrote:
> >> Ping again.
> >>
> >> Eric, could you take a look at this patch and ack it if it is okay?
> >>
> >> Thanks!
> >>
> >>
> >> On 10/22/19 8:05 PM, Yonghong Song wrote:
> >>>
> >>> Hi, Eric,
> >>>
> >>> Could you take a look at this patch the series as well?
> >>> If it looks good, could you ack the patch #1?
> >>>
> >>> Thanks!
> >>>
> >>> On 10/22/19 12:17 PM, Carlos Neira wrote:
> >>>> ns_match returns true if the namespace inode and dev_t matches the ones
> >>>> provided by the caller.
> >>>>
> >>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
> >>>> ---
> >>>> fs/nsfs.c | 14 ++++++++++++++
> >>>> include/linux/proc_ns.h | 2 ++
> >>>> 2 files changed, 16 insertions(+)
> >>>>
> >>>> diff --git a/fs/nsfs.c b/fs/nsfs.c
> >>>> index a0431642c6b5..ef59cf347285 100644
> >>>> --- a/fs/nsfs.c
> >>>> +++ b/fs/nsfs.c
> >>>> @@ -245,6 +245,20 @@ struct file *proc_ns_fget(int fd)
> >>>> return ERR_PTR(-EINVAL);
> >>>> }
> >>>> +/**
> >>>> + * ns_match() - Returns true if current namespace matches dev/ino
> >>>> provided.
> >>>> + * @ns_common: current ns
> >>>> + * @dev: dev_t from nsfs that will be matched against current nsfs
> >>>> + * @ino: ino_t from nsfs that will be matched against current nsfs
> >>>> + *
> >>>> + * Return: true if dev and ino matches the current nsfs.
> >>>> + */
> >>>> +bool ns_match(const struct ns_common *ns, dev_t dev, ino_t ino)
> >>>> +{
> >>>> + return (ns->inum == ino) && (nsfs_mnt->mnt_sb->s_dev == dev);
> >>>> +}
> >>>> +
> >>>> +
> >>>> static int nsfs_show_path(struct seq_file *seq, struct dentry
> >>>> *dentry)
> >>>> {
> >>>> struct inode *inode = d_inode(dentry);
> >>>> diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
> >>>> index d31cb6215905..1da9f33489f3 100644
> >>>> --- a/include/linux/proc_ns.h
> >>>> +++ b/include/linux/proc_ns.h
> >>>> @@ -82,6 +82,8 @@ typedef struct ns_common
> >>>> *ns_get_path_helper_t(void *);
> >>>> extern void *ns_get_path_cb(struct path *path,
> >>>> ns_get_path_helper_t ns_get_cb,
> >>>> void *private_data);
> >>>> +extern bool ns_match(const struct ns_common *ns, dev_t dev, ino_t
> >>>> ino);
> >>>> +
> >>>> extern int ns_get_name(char *buf, size_t size, struct
> >>>> task_struct *task,
> >>>> const struct proc_ns_operations *ns_ops);
> >>>> extern void nsfs_init(void);
> >>>>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
2019-10-23 2:51 ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
` (2 subsequent siblings)
4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos
New bpf helper bpf_get_ns_current_pid_tgid,
This helper will return pid and tgid from current task
which namespace matches dev_t and inode number provided,
this will allows us to instrument a process inside a container.
Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
include/linux/bpf.h | 1 +
include/uapi/linux/bpf.h | 20 +++++++++++++++++-
kernel/bpf/core.c | 1 +
kernel/bpf/helpers.c | 45 ++++++++++++++++++++++++++++++++++++++++
kernel/trace/bpf_trace.c | 2 ++
5 files changed, 68 insertions(+), 1 deletion(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 2c2c29b49845..1d7c86019113 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -1082,6 +1082,7 @@ extern const struct bpf_func_proto bpf_get_local_storage_proto;
extern const struct bpf_func_proto bpf_strtol_proto;
extern const struct bpf_func_proto bpf_strtoul_proto;
extern const struct bpf_func_proto bpf_tcp_sock_proto;
+extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto;
/* Shared helpers among cBPF and eBPF. */
void bpf_user_rnd_init_once(void);
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index 4af8b0819a32..4c3e0b0952e6 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -2775,6 +2775,19 @@ union bpf_attr {
* restricted to raw_tracepoint bpf programs.
* Return
* 0 on success, or a negative error in case of failure.
+ *
+ * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
+ * Description
+ * Returns 0 on success, values for *pid* and *tgid* as seen from the current
+ * *namespace* will be returned in *nsdata*.
+ *
+ * On failure, the returned value is one of the following:
+ *
+ * **-EINVAL** if dev and inum supplied don't match dev_t and inode number
+ * with nsfs of current task, or if dev conversion to dev_t lost high bits.
+ *
+ * **-ENOENT** if pidns does not exists for the current task.
+ *
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -2888,7 +2901,8 @@ union bpf_attr {
FN(sk_storage_delete), \
FN(send_signal), \
FN(tcp_gen_syncookie), \
- FN(skb_output),
+ FN(skb_output), \
+ FN(get_ns_current_pid_tgid),
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
@@ -3639,4 +3653,8 @@ struct bpf_sockopt {
__s32 retval;
};
+struct bpf_pidns_info {
+ __u32 pid;
+ __u32 tgid;
+};
#endif /* _UAPI__LINUX_BPF_H__ */
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index 673f5d40a93e..04083942a13a 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -2079,6 +2079,7 @@ const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
const struct bpf_func_proto bpf_get_current_comm_proto __weak;
const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
const struct bpf_func_proto bpf_get_local_storage_proto __weak;
+const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto __weak;
const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
{
diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
index 5e28718928ca..5477ad984d7c 100644
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -11,6 +11,8 @@
#include <linux/uidgid.h>
#include <linux/filter.h>
#include <linux/ctype.h>
+#include <linux/pid_namespace.h>
+#include <linux/proc_ns.h>
#include "../../lib/kstrtox.h"
@@ -487,3 +489,46 @@ const struct bpf_func_proto bpf_strtoul_proto = {
.arg4_type = ARG_PTR_TO_LONG,
};
#endif
+
+BPF_CALL_4(bpf_get_ns_current_pid_tgid, u64, dev, u64, ino,
+ struct bpf_pidns_info *, nsdata, u32, size)
+{
+ struct task_struct *task = current;
+ struct pid_namespace *pidns;
+ int err = -EINVAL;
+
+ if (unlikely(size != sizeof(struct bpf_pidns_info)))
+ goto clear;
+
+ if (unlikely((u64)(dev_t)dev != dev))
+ goto clear;
+
+ if (unlikely(!task))
+ goto clear;
+
+ pidns = task_active_pid_ns(task);
+ if (unlikely(!pidns)) {
+ err = -ENOENT;
+ goto clear;
+ }
+
+ if (!ns_match(&pidns->ns, (dev_t)dev, ino))
+ goto clear;
+
+ nsdata->pid = task_pid_nr_ns(task, pidns);
+ nsdata->tgid = task_tgid_nr_ns(task, pidns);
+ return 0;
+clear:
+ memset((void *)nsdata, 0, (size_t) size);
+ return err;
+}
+
+const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto = {
+ .func = bpf_get_ns_current_pid_tgid,
+ .gpl_only = false,
+ .ret_type = RET_INTEGER,
+ .arg1_type = ARG_ANYTHING,
+ .arg2_type = ARG_ANYTHING,
+ .arg3_type = ARG_PTR_TO_UNINIT_MEM,
+ .arg4_type = ARG_CONST_SIZE,
+};
diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
index c3240898cc44..07f6fa354f15 100644
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -735,6 +735,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
#endif
case BPF_FUNC_send_signal:
return &bpf_send_signal_proto;
+ case BPF_FUNC_get_ns_current_pid_tgid:
+ return &bpf_get_ns_current_pid_tgid_proto;
default:
return NULL;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid
2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
@ 2019-10-23 2:51 ` Yonghong Song
0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 2:51 UTC (permalink / raw)
To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf
On 10/22/19 12:17 PM, Carlos Neira wrote:
> New bpf helper bpf_get_ns_current_pid_tgid,
> This helper will return pid and tgid from current task
> which namespace matches dev_t and inode number provided,
> this will allows us to instrument a process inside a container.
>
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
> ---
> include/linux/bpf.h | 1 +
> include/uapi/linux/bpf.h | 20 +++++++++++++++++-
> kernel/bpf/core.c | 1 +
> kernel/bpf/helpers.c | 45 ++++++++++++++++++++++++++++++++++++++++
> kernel/trace/bpf_trace.c | 2 ++
> 5 files changed, 68 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 2c2c29b49845..1d7c86019113 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -1082,6 +1082,7 @@ extern const struct bpf_func_proto bpf_get_local_storage_proto;
> extern const struct bpf_func_proto bpf_strtol_proto;
> extern const struct bpf_func_proto bpf_strtoul_proto;
> extern const struct bpf_func_proto bpf_tcp_sock_proto;
> +extern const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto;
>
> /* Shared helpers among cBPF and eBPF. */
> void bpf_user_rnd_init_once(void);
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 4af8b0819a32..4c3e0b0952e6 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -2775,6 +2775,19 @@ union bpf_attr {
> * restricted to raw_tracepoint bpf programs.
> * Return
> * 0 on success, or a negative error in case of failure.
> + *
> + * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
> + * Description
> + * Returns 0 on success, values for *pid* and *tgid* as seen from the current
> + * *namespace* will be returned in *nsdata*.
> + *
> + * On failure, the returned value is one of the following:
> + *
> + * **-EINVAL** if dev and inum supplied don't match dev_t and inode number
> + * with nsfs of current task, or if dev conversion to dev_t lost high bits.
> + *
> + * **-ENOENT** if pidns does not exists for the current task.
> + *
> */
> #define __BPF_FUNC_MAPPER(FN) \
> FN(unspec), \
> @@ -2888,7 +2901,8 @@ union bpf_attr {
> FN(sk_storage_delete), \
> FN(send_signal), \
> FN(tcp_gen_syncookie), \
> - FN(skb_output),
> + FN(skb_output), \
> + FN(get_ns_current_pid_tgid),
>
> /* integer value in 'imm' field of BPF_CALL instruction selects which helper
> * function eBPF program intends to call
> @@ -3639,4 +3653,8 @@ struct bpf_sockopt {
> __s32 retval;
> };
>
> +struct bpf_pidns_info {
> + __u32 pid;
> + __u32 tgid;
> +};
> #endif /* _UAPI__LINUX_BPF_H__ */
> diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> index 673f5d40a93e..04083942a13a 100644
> --- a/kernel/bpf/core.c
> +++ b/kernel/bpf/core.c
> @@ -2079,6 +2079,7 @@ const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
> const struct bpf_func_proto bpf_get_current_comm_proto __weak;
> const struct bpf_func_proto bpf_get_current_cgroup_id_proto __weak;
> const struct bpf_func_proto bpf_get_local_storage_proto __weak;
> +const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto __weak;
>
> const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
> {
> diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> index 5e28718928ca..5477ad984d7c 100644
> --- a/kernel/bpf/helpers.c
> +++ b/kernel/bpf/helpers.c
> @@ -11,6 +11,8 @@
> #include <linux/uidgid.h>
> #include <linux/filter.h>
> #include <linux/ctype.h>
> +#include <linux/pid_namespace.h>
> +#include <linux/proc_ns.h>
>
> #include "../../lib/kstrtox.h"
>
> @@ -487,3 +489,46 @@ const struct bpf_func_proto bpf_strtoul_proto = {
> .arg4_type = ARG_PTR_TO_LONG,
> };
> #endif
> +
> +BPF_CALL_4(bpf_get_ns_current_pid_tgid, u64, dev, u64, ino,
> + struct bpf_pidns_info *, nsdata, u32, size)
> +{
> + struct task_struct *task = current;
> + struct pid_namespace *pidns;
> + int err = -EINVAL;
> +
> + if (unlikely(size != sizeof(struct bpf_pidns_info)))
> + goto clear;
> +
> + if (unlikely((u64)(dev_t)dev != dev))
> + goto clear;
> +
> + if (unlikely(!task))
> + goto clear;
> +
> + pidns = task_active_pid_ns(task);
> + if (unlikely(!pidns)) {
> + err = -ENOENT;
> + goto clear;
> + }
> +
> + if (!ns_match(&pidns->ns, (dev_t)dev, ino))
> + goto clear;
> +
> + nsdata->pid = task_pid_nr_ns(task, pidns);
> + nsdata->tgid = task_tgid_nr_ns(task, pidns);
> + return 0;
> +clear:
> + memset((void *)nsdata, 0, (size_t) size);
> + return err;
> +}
> +
> +const struct bpf_func_proto bpf_get_ns_current_pid_tgid_proto = {
> + .func = bpf_get_ns_current_pid_tgid,
> + .gpl_only = false,
> + .ret_type = RET_INTEGER,
> + .arg1_type = ARG_ANYTHING,
> + .arg2_type = ARG_ANYTHING,
> + .arg3_type = ARG_PTR_TO_UNINIT_MEM,
> + .arg4_type = ARG_CONST_SIZE,
> +};
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index c3240898cc44..07f6fa354f15 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -735,6 +735,8 @@ tracing_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
> #endif
> case BPF_FUNC_send_signal:
> return &bpf_send_signal_proto;
> + case BPF_FUNC_get_ns_current_pid_tgid:
> + return &bpf_get_ns_current_pid_tgid_proto;
> default:
> return NULL;
> }
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
2019-10-22 19:17 ` [PATCH v15 1/5] fs/nsfs.c: added ns_match Carlos Neira
2019-10-22 19:17 ` [PATCH v15 2/5] bpf: added new helper bpf_get_ns_current_pid_tgid Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
2019-10-23 2:51 ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos
sync tools/include/uapi/linux/bpf.h to include new helper.
Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
tools/include/uapi/linux/bpf.h | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index 4af8b0819a32..4c3e0b0952e6 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -2775,6 +2775,19 @@ union bpf_attr {
* restricted to raw_tracepoint bpf programs.
* Return
* 0 on success, or a negative error in case of failure.
+ *
+ * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
+ * Description
+ * Returns 0 on success, values for *pid* and *tgid* as seen from the current
+ * *namespace* will be returned in *nsdata*.
+ *
+ * On failure, the returned value is one of the following:
+ *
+ * **-EINVAL** if dev and inum supplied don't match dev_t and inode number
+ * with nsfs of current task, or if dev conversion to dev_t lost high bits.
+ *
+ * **-ENOENT** if pidns does not exists for the current task.
+ *
*/
#define __BPF_FUNC_MAPPER(FN) \
FN(unspec), \
@@ -2888,7 +2901,8 @@ union bpf_attr {
FN(sk_storage_delete), \
FN(send_signal), \
FN(tcp_gen_syncookie), \
- FN(skb_output),
+ FN(skb_output), \
+ FN(get_ns_current_pid_tgid),
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
* function eBPF program intends to call
@@ -3639,4 +3653,8 @@ struct bpf_sockopt {
__s32 retval;
};
+struct bpf_pidns_info {
+ __u32 pid;
+ __u32 tgid;
+};
#endif /* _UAPI__LINUX_BPF_H__ */
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper
2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
@ 2019-10-23 2:51 ` Yonghong Song
0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 2:51 UTC (permalink / raw)
To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf
On 10/22/19 12:17 PM, Carlos Neira wrote:
> sync tools/include/uapi/linux/bpf.h to include new helper.
>
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
> ---
> tools/include/uapi/linux/bpf.h | 20 +++++++++++++++++++-
> 1 file changed, 19 insertions(+), 1 deletion(-)
>
> diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
> index 4af8b0819a32..4c3e0b0952e6 100644
> --- a/tools/include/uapi/linux/bpf.h
> +++ b/tools/include/uapi/linux/bpf.h
> @@ -2775,6 +2775,19 @@ union bpf_attr {
> * restricted to raw_tracepoint bpf programs.
> * Return
> * 0 on success, or a negative error in case of failure.
> + *
> + * int bpf_get_ns_current_pid_tgid(u64 dev, u64 ino, struct bpf_pidns_info *nsdata, u32 size)
> + * Description
> + * Returns 0 on success, values for *pid* and *tgid* as seen from the current
> + * *namespace* will be returned in *nsdata*.
> + *
> + * On failure, the returned value is one of the following:
> + *
> + * **-EINVAL** if dev and inum supplied don't match dev_t and inode number
> + * with nsfs of current task, or if dev conversion to dev_t lost high bits.
> + *
> + * **-ENOENT** if pidns does not exists for the current task.
> + *
> */
> #define __BPF_FUNC_MAPPER(FN) \
> FN(unspec), \
> @@ -2888,7 +2901,8 @@ union bpf_attr {
> FN(sk_storage_delete), \
> FN(send_signal), \
> FN(tcp_gen_syncookie), \
> - FN(skb_output),
> + FN(skb_output), \
> + FN(get_ns_current_pid_tgid),
>
> /* integer value in 'imm' field of BPF_CALL instruction selects which helper
> * function eBPF program intends to call
> @@ -3639,4 +3653,8 @@ struct bpf_sockopt {
> __s32 retval;
> };
>
> +struct bpf_pidns_info {
> + __u32 pid;
> + __u32 tgid;
> +};
> #endif /* _UAPI__LINUX_BPF_H__ */
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
` (2 preceding siblings ...)
2019-10-22 19:17 ` [PATCH v15 3/5] tools: Added bpf_get_ns_current_pid_tgid helper Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
2019-10-23 3:02 ` Yonghong Song
2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos
Self tests added for new helper
Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
.../bpf/prog_tests/ns_current_pid_tgid.c | 87 +++++++++++++++++++
.../bpf/progs/test_ns_current_pid_tgid.c | 37 ++++++++
2 files changed, 124 insertions(+)
create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
new file mode 100644
index 000000000000..257f18999bb6
--- /dev/null
+++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
+#include <test_progs.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+
+struct bss {
+ __u64 dev;
+ __u64 ino;
+ __u64 pid_tgid;
+ __u64 user_pid_tgid;
+};
+
+void test_ns_current_pid_tgid(void)
+{
+ const char *probe_name = "raw_tracepoint/sys_enter";
+ const char *file = "test_ns_current_pid_tgid.o";
+ int err, key = 0, duration = 0;
+ struct bpf_link *link = NULL;
+ struct bpf_program *prog;
+ struct bpf_map *bss_map;
+ struct bpf_object *obj;
+ struct bss bss;
+ struct stat st;
+ __u64 id;
+
+ obj = bpf_object__open_file(file, NULL);
+ if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
+ return;
+
+ err = bpf_object__load(obj);
+ if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
+ goto cleanup;
+
+ bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
+ if (CHECK(!bss_map, "find_bss_map", "failed\n"))
+ goto cleanup;
+
+ prog = bpf_object__find_program_by_title(obj, probe_name);
+ if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
+ probe_name))
+ goto cleanup;
+
+ memset(&bss, 0, sizeof(bss));
+ pid_t tid = syscall(SYS_gettid);
+ pid_t pid = getpid();
+
+ id = (__u64) tid << 32 | pid;
+ bss.user_pid_tgid = id;
+
+ if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
+ perror("Failed to stat /proc/self/ns/pid");
+ goto cleanup;
+ }
+
+ bss.dev = st.st_dev;
+ bss.ino = st.st_ino;
+
+ err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
+ if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
+ goto cleanup;
+
+ link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
+ if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
+ PTR_ERR(link)))
+ goto cleanup;
+
+ /* trigger some syscalls */
+ usleep(1);
+
+ err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
+ if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
+ goto cleanup;
+
+ if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
+ "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
+ goto cleanup;
+cleanup:
+
+ if (!IS_ERR_OR_NULL(link)) {
+ bpf_link__destroy(link);
+ link = NULL;
+ }
+ bpf_object__close(obj);
+}
diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
new file mode 100644
index 000000000000..cdb77eb1a4fb
--- /dev/null
+++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
+
+#include <linux/bpf.h>
+#include <stdint.h>
+#include "bpf_helpers.h"
+
+static volatile struct {
+ __u64 dev;
+ __u64 ino;
+ __u64 pid_tgid;
+ __u64 user_pid_tgid;
+} res;
+
+SEC("raw_tracepoint/sys_enter")
+int trace(void *ctx)
+{
+ __u64 ns_pid_tgid, expected_pid;
+ struct bpf_pidns_info nsdata;
+ __u32 key = 0;
+
+ if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
+ sizeof(struct bpf_pidns_info)))
+ return 0;
+
+ ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
+ expected_pid = res.user_pid_tgid;
+
+ if (expected_pid != ns_pid_tgid)
+ return 0;
+
+ res.pid_tgid = ns_pid_tgid;
+
+ return 0;
+}
+
+char _license[] SEC("license") = "GPL";
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
@ 2019-10-23 3:02 ` Yonghong Song
2019-10-23 14:42 ` Carlos Antonio Neira Bustos
0 siblings, 1 reply; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 3:02 UTC (permalink / raw)
To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf
On 10/22/19 12:17 PM, Carlos Neira wrote:
> Self tests added for new helper
Please mention the name of the new helper in the commit message.
>
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
LGTM Ack with a few nits below.
Acked-by: Yonghong Song <yhs@fb.com>
> ---
> .../bpf/prog_tests/ns_current_pid_tgid.c | 87 +++++++++++++++++++
> .../bpf/progs/test_ns_current_pid_tgid.c | 37 ++++++++
> 2 files changed, 124 insertions(+)
> create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>
> diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> new file mode 100644
> index 000000000000..257f18999bb6
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> @@ -0,0 +1,87 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> +#include <test_progs.h>
> +#include <sys/stat.h>
> +#include <sys/types.h>
> +#include <unistd.h>
> +#include <sys/syscall.h>
> +
> +struct bss {
> + __u64 dev;
> + __u64 ino;
> + __u64 pid_tgid;
> + __u64 user_pid_tgid;
> +};
> +
> +void test_ns_current_pid_tgid(void)
> +{
> + const char *probe_name = "raw_tracepoint/sys_enter";
> + const char *file = "test_ns_current_pid_tgid.o";
> + int err, key = 0, duration = 0;
> + struct bpf_link *link = NULL;
> + struct bpf_program *prog;
> + struct bpf_map *bss_map;
> + struct bpf_object *obj;
> + struct bss bss;
> + struct stat st;
> + __u64 id;
> +
> + obj = bpf_object__open_file(file, NULL);
> + if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
> + return;
> +
> + err = bpf_object__load(obj);
> + if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
> + goto cleanup;
> +
> + bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
> + if (CHECK(!bss_map, "find_bss_map", "failed\n"))
> + goto cleanup;
> +
> + prog = bpf_object__find_program_by_title(obj, probe_name);
> + if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
> + probe_name))
> + goto cleanup;
> +
> + memset(&bss, 0, sizeof(bss));
> + pid_t tid = syscall(SYS_gettid);
> + pid_t pid = getpid();
> +
> + id = (__u64) tid << 32 | pid;
> + bss.user_pid_tgid = id;
> +
> + if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
> + perror("Failed to stat /proc/self/ns/pid");
> + goto cleanup;
> + }
> +
> + bss.dev = st.st_dev;
> + bss.ino = st.st_ino;
> +
> + err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
> + if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
> + goto cleanup;
> +
> + link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
> + if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
> + PTR_ERR(link)))
> + goto cleanup;
You already have default link = NULL.
Here, I think you can do
link = NULL;
goto cleanup;
> +
> + /* trigger some syscalls */
> + usleep(1);
> +
> + err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
> + if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
> + goto cleanup;
> +
> + if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
> + "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
EBPF -> BPF?
> + goto cleanup;
> +cleanup:
> +
The above empty line can be removed.
> + if (!IS_ERR_OR_NULL(link)) {
With the above suggested change, you only need to check
if (!link)
> + bpf_link__destroy(link);
> + link = NULL;
> + }
> + bpf_object__close(obj);
> +}
> diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> new file mode 100644
> index 000000000000..cdb77eb1a4fb
> --- /dev/null
> +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> @@ -0,0 +1,37 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> +
> +#include <linux/bpf.h>
> +#include <stdint.h>
> +#include "bpf_helpers.h"
> +
> +static volatile struct {
> + __u64 dev;
> + __u64 ino;
> + __u64 pid_tgid;
> + __u64 user_pid_tgid;
> +} res;
> +
> +SEC("raw_tracepoint/sys_enter")
> +int trace(void *ctx)
> +{
> + __u64 ns_pid_tgid, expected_pid;
> + struct bpf_pidns_info nsdata;
> + __u32 key = 0;
> +
> + if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
> + sizeof(struct bpf_pidns_info)))
> + return 0;
> +
> + ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
> + expected_pid = res.user_pid_tgid;
> +
> + if (expected_pid != ns_pid_tgid)
> + return 0;
> +
> + res.pid_tgid = ns_pid_tgid;
> +
> + return 0;
> +}
> +
> +char _license[] SEC("license") = "GPL";
The new helper does not require GPL, could you double check this?
The above _license should not be necessary.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
2019-10-23 3:02 ` Yonghong Song
@ 2019-10-23 14:42 ` Carlos Antonio Neira Bustos
2019-10-23 15:20 ` Yonghong Song
0 siblings, 1 reply; 17+ messages in thread
From: Carlos Antonio Neira Bustos @ 2019-10-23 14:42 UTC (permalink / raw)
To: Yonghong Song; +Cc: netdev, ebiederm, brouer, bpf
On Wed, Oct 23, 2019 at 03:02:51AM +0000, Yonghong Song wrote:
>
>
> On 10/22/19 12:17 PM, Carlos Neira wrote:
> > Self tests added for new helper
>
> Please mention the name of the new helper in the commit message.
>
> >
> > Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>
> LGTM Ack with a few nits below.
> Acked-by: Yonghong Song <yhs@fb.com>
>
> > ---
> > .../bpf/prog_tests/ns_current_pid_tgid.c | 87 +++++++++++++++++++
> > .../bpf/progs/test_ns_current_pid_tgid.c | 37 ++++++++
> > 2 files changed, 124 insertions(+)
> > create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> > create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> >
> > diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> > new file mode 100644
> > index 000000000000..257f18999bb6
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
> > @@ -0,0 +1,87 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> > +#include <test_progs.h>
> > +#include <sys/stat.h>
> > +#include <sys/types.h>
> > +#include <unistd.h>
> > +#include <sys/syscall.h>
> > +
> > +struct bss {
> > + __u64 dev;
> > + __u64 ino;
> > + __u64 pid_tgid;
> > + __u64 user_pid_tgid;
> > +};
> > +
> > +void test_ns_current_pid_tgid(void)
> > +{
> > + const char *probe_name = "raw_tracepoint/sys_enter";
> > + const char *file = "test_ns_current_pid_tgid.o";
> > + int err, key = 0, duration = 0;
> > + struct bpf_link *link = NULL;
> > + struct bpf_program *prog;
> > + struct bpf_map *bss_map;
> > + struct bpf_object *obj;
> > + struct bss bss;
> > + struct stat st;
> > + __u64 id;
> > +
> > + obj = bpf_object__open_file(file, NULL);
> > + if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
> > + return;
> > +
> > + err = bpf_object__load(obj);
> > + if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
> > + goto cleanup;
> > +
> > + bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
> > + if (CHECK(!bss_map, "find_bss_map", "failed\n"))
> > + goto cleanup;
> > +
> > + prog = bpf_object__find_program_by_title(obj, probe_name);
> > + if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
> > + probe_name))
> > + goto cleanup;
> > +
> > + memset(&bss, 0, sizeof(bss));
> > + pid_t tid = syscall(SYS_gettid);
> > + pid_t pid = getpid();
> > +
> > + id = (__u64) tid << 32 | pid;
> > + bss.user_pid_tgid = id;
> > +
> > + if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
> > + perror("Failed to stat /proc/self/ns/pid");
> > + goto cleanup;
> > + }
> > +
> > + bss.dev = st.st_dev;
> > + bss.ino = st.st_ino;
> > +
> > + err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
> > + if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
> > + goto cleanup;
> > +
> > + link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
> > + if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
> > + PTR_ERR(link)))
> > + goto cleanup;
>
> You already have default link = NULL.
> Here, I think you can do
> link = NULL;
> goto cleanup;
>
> > +
> > + /* trigger some syscalls */
> > + usleep(1);
> > +
> > + err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
> > + if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
> > + goto cleanup;
> > +
> > + if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
> > + "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
>
> EBPF -> BPF?
>
> > + goto cleanup;
> > +cleanup:
> > +
>
> The above empty line can be removed.
>
> > + if (!IS_ERR_OR_NULL(link)) {
>
> With the above suggested change, you only need to check
> if (!link)
>
> > + bpf_link__destroy(link);
> > + link = NULL;
> > + }
> > + bpf_object__close(obj);
> > +}
> > diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> > new file mode 100644
> > index 000000000000..cdb77eb1a4fb
> > --- /dev/null
> > +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
> > @@ -0,0 +1,37 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
> > +
> > +#include <linux/bpf.h>
> > +#include <stdint.h>
> > +#include "bpf_helpers.h"
> > +
> > +static volatile struct {
> > + __u64 dev;
> > + __u64 ino;
> > + __u64 pid_tgid;
> > + __u64 user_pid_tgid;
> > +} res;
> > +
> > +SEC("raw_tracepoint/sys_enter")
> > +int trace(void *ctx)
> > +{
> > + __u64 ns_pid_tgid, expected_pid;
> > + struct bpf_pidns_info nsdata;
> > + __u32 key = 0;
> > +
> > + if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
> > + sizeof(struct bpf_pidns_info)))
> > + return 0;
> > +
> > + ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
> > + expected_pid = res.user_pid_tgid;
> > +
> > + if (expected_pid != ns_pid_tgid)
> > + return 0;
> > +
> > + res.pid_tgid = ns_pid_tgid;
> > +
> > + return 0;
> > +}
> > +
> > +char _license[] SEC("license") = "GPL";
>
> The new helper does not require GPL, could you double check this?
> The above _license should not be necessary.
Thanks, Yonghong.
Do I need to re-send the series of patches as v16 ? or I could reply to this thread addressing your comments for patch 4/5.
Thanks again for your support.
Bests
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper.
2019-10-23 14:42 ` Carlos Antonio Neira Bustos
@ 2019-10-23 15:20 ` Yonghong Song
0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 15:20 UTC (permalink / raw)
To: Carlos Antonio Neira Bustos; +Cc: netdev, ebiederm, brouer, bpf
On 10/23/19 7:42 AM, Carlos Antonio Neira Bustos wrote:
> On Wed, Oct 23, 2019 at 03:02:51AM +0000, Yonghong Song wrote:
>>
>>
>> On 10/22/19 12:17 PM, Carlos Neira wrote:
>>> Self tests added for new helper
>>
>> Please mention the name of the new helper in the commit message.
>>
>>>
>>> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
>>
>> LGTM Ack with a few nits below.
>> Acked-by: Yonghong Song <yhs@fb.com>
>>
>>> ---
>>> .../bpf/prog_tests/ns_current_pid_tgid.c | 87 +++++++++++++++++++
>>> .../bpf/progs/test_ns_current_pid_tgid.c | 37 ++++++++
>>> 2 files changed, 124 insertions(+)
>>> create mode 100644 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>> create mode 100644 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>>
>>> diff --git a/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>> new file mode 100644
>>> index 000000000000..257f18999bb6
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c
>>> @@ -0,0 +1,87 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
>>> +#include <test_progs.h>
>>> +#include <sys/stat.h>
>>> +#include <sys/types.h>
>>> +#include <unistd.h>
>>> +#include <sys/syscall.h>
>>> +
>>> +struct bss {
>>> + __u64 dev;
>>> + __u64 ino;
>>> + __u64 pid_tgid;
>>> + __u64 user_pid_tgid;
>>> +};
>>> +
>>> +void test_ns_current_pid_tgid(void)
>>> +{
>>> + const char *probe_name = "raw_tracepoint/sys_enter";
>>> + const char *file = "test_ns_current_pid_tgid.o";
>>> + int err, key = 0, duration = 0;
>>> + struct bpf_link *link = NULL;
>>> + struct bpf_program *prog;
>>> + struct bpf_map *bss_map;
>>> + struct bpf_object *obj;
>>> + struct bss bss;
>>> + struct stat st;
>>> + __u64 id;
>>> +
>>> + obj = bpf_object__open_file(file, NULL);
>>> + if (CHECK(IS_ERR(obj), "obj_open", "err %ld\n", PTR_ERR(obj)))
>>> + return;
>>> +
>>> + err = bpf_object__load(obj);
>>> + if (CHECK(err, "obj_load", "err %d errno %d\n", err, errno))
>>> + goto cleanup;
>>> +
>>> + bss_map = bpf_object__find_map_by_name(obj, "test_ns_.bss");
>>> + if (CHECK(!bss_map, "find_bss_map", "failed\n"))
>>> + goto cleanup;
>>> +
>>> + prog = bpf_object__find_program_by_title(obj, probe_name);
>>> + if (CHECK(!prog, "find_prog", "prog '%s' not found\n",
>>> + probe_name))
>>> + goto cleanup;
>>> +
>>> + memset(&bss, 0, sizeof(bss));
>>> + pid_t tid = syscall(SYS_gettid);
>>> + pid_t pid = getpid();
>>> +
>>> + id = (__u64) tid << 32 | pid;
>>> + bss.user_pid_tgid = id;
>>> +
>>> + if (CHECK_FAIL(stat("/proc/self/ns/pid", &st))) {
>>> + perror("Failed to stat /proc/self/ns/pid");
>>> + goto cleanup;
>>> + }
>>> +
>>> + bss.dev = st.st_dev;
>>> + bss.ino = st.st_ino;
>>> +
>>> + err = bpf_map_update_elem(bpf_map__fd(bss_map), &key, &bss, 0);
>>> + if (CHECK(err, "setting_bss", "failed to set bss : %d\n", err))
>>> + goto cleanup;
>>> +
>>> + link = bpf_program__attach_raw_tracepoint(prog, "sys_enter");
>>> + if (CHECK(IS_ERR(link), "attach_raw_tp", "err %ld\n",
>>> + PTR_ERR(link)))
>>> + goto cleanup;
>>
>> You already have default link = NULL.
>> Here, I think you can do
>> link = NULL;
>> goto cleanup;
>>
>>> +
>>> + /* trigger some syscalls */
>>> + usleep(1);
>>> +
>>> + err = bpf_map_lookup_elem(bpf_map__fd(bss_map), &key, &bss);
>>> + if (CHECK(err, "set_bss", "failed to get bss : %d\n", err))
>>> + goto cleanup;
>>> +
>>> + if (CHECK(id != bss.pid_tgid, "Compare user pid/tgid vs. bpf pid/tgid",
>>> + "User pid/tgid %llu EBPF pid/tgid %llu\n", id, bss.pid_tgid))
>>
>> EBPF -> BPF?
>>
>>> + goto cleanup;
>>> +cleanup:
>>> +
>>
>> The above empty line can be removed.
>>
>>> + if (!IS_ERR_OR_NULL(link)) {
>>
>> With the above suggested change, you only need to check
>> if (!link)
>>
>>> + bpf_link__destroy(link);
>>> + link = NULL;
>>> + }
>>> + bpf_object__close(obj);
>>> +}
>>> diff --git a/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>> new file mode 100644
>>> index 000000000000..cdb77eb1a4fb
>>> --- /dev/null
>>> +++ b/tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c
>>> @@ -0,0 +1,37 @@
>>> +// SPDX-License-Identifier: GPL-2.0
>>> +/* Copyright (c) 2019 Carlos Neira cneirabustos@gmail.com */
>>> +
>>> +#include <linux/bpf.h>
>>> +#include <stdint.h>
>>> +#include "bpf_helpers.h"
>>> +
>>> +static volatile struct {
>>> + __u64 dev;
>>> + __u64 ino;
>>> + __u64 pid_tgid;
>>> + __u64 user_pid_tgid;
>>> +} res;
>>> +
>>> +SEC("raw_tracepoint/sys_enter")
>>> +int trace(void *ctx)
>>> +{
>>> + __u64 ns_pid_tgid, expected_pid;
>>> + struct bpf_pidns_info nsdata;
>>> + __u32 key = 0;
>>> +
>>> + if (bpf_get_ns_current_pid_tgid(res.dev, res.ino, &nsdata,
>>> + sizeof(struct bpf_pidns_info)))
>>> + return 0;
>>> +
>>> + ns_pid_tgid = (__u64)nsdata.tgid << 32 | nsdata.pid;
>>> + expected_pid = res.user_pid_tgid;
>>> +
>>> + if (expected_pid != ns_pid_tgid)
>>> + return 0;
>>> +
>>> + res.pid_tgid = ns_pid_tgid;
>>> +
>>> + return 0;
>>> +}
>>> +
>>> +char _license[] SEC("license") = "GPL";
>>
>> The new helper does not require GPL, could you double check this?
>> The above _license should not be necessary.
>
> Thanks, Yonghong.
>
> Do I need to re-send the series of patches as v16 ? or I could reply to this thread addressing your comments for patch 4/5.
You can wait for Eric's ACK and then resend a new version of the patch
set with all Ack's.
> Thanks again for your support.
>
> Bests
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types
2019-10-22 19:17 [PATCH v15 0/5] BPF: New helper to obtain namespace data from current task Carlos Neira
` (3 preceding siblings ...)
2019-10-22 19:17 ` [PATCH v15 4/5] tools/testing/selftests/bpf: Add self-tests for new helper Carlos Neira
@ 2019-10-22 19:17 ` Carlos Neira
2019-10-23 3:03 ` Yonghong Song
4 siblings, 1 reply; 17+ messages in thread
From: Carlos Neira @ 2019-10-22 19:17 UTC (permalink / raw)
To: netdev; +Cc: yhs, ebiederm, brouer, bpf, cneirabustos
Add struct bpf_pidns_info to known types
Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
---
scripts/bpf_helpers_doc.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
index 7548569e8076..021cc387d414 100755
--- a/scripts/bpf_helpers_doc.py
+++ b/scripts/bpf_helpers_doc.py
@@ -437,6 +437,7 @@ class PrinterHelpers(Printer):
'struct bpf_fib_lookup',
'struct bpf_perf_event_data',
'struct bpf_perf_event_value',
+ 'struct bpf_pidns_info',
'struct bpf_sock',
'struct bpf_sock_addr',
'struct bpf_sock_ops',
--
2.20.1
^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types
2019-10-22 19:17 ` [PATCH v15 5/5] bpf_helpers_doc.py: Add struct bpf_pidns_info to known types Carlos Neira
@ 2019-10-23 3:03 ` Yonghong Song
0 siblings, 0 replies; 17+ messages in thread
From: Yonghong Song @ 2019-10-23 3:03 UTC (permalink / raw)
To: Carlos Neira, netdev; +Cc: ebiederm, brouer, bpf
On 10/22/19 12:17 PM, Carlos Neira wrote:
> Add struct bpf_pidns_info to known types
>
> Signed-off-by: Carlos Neira <cneirabustos@gmail.com>
Acked-by: Yonghong Song <yhs@fb.com>
> ---
> scripts/bpf_helpers_doc.py | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/scripts/bpf_helpers_doc.py b/scripts/bpf_helpers_doc.py
> index 7548569e8076..021cc387d414 100755
> --- a/scripts/bpf_helpers_doc.py
> +++ b/scripts/bpf_helpers_doc.py
> @@ -437,6 +437,7 @@ class PrinterHelpers(Printer):
> 'struct bpf_fib_lookup',
> 'struct bpf_perf_event_data',
> 'struct bpf_perf_event_value',
> + 'struct bpf_pidns_info',
> 'struct bpf_sock',
> 'struct bpf_sock_addr',
> 'struct bpf_sock_ops',
>
^ permalink raw reply [flat|nested] 17+ messages in thread