If net_prio is used, we could also use eBPF programs to attach it,
because the net_prio cgroup could be got with prioidx in struct
sock_cgroup_data.
Hence it should not only be limited to cgroup2.
Signed-off-by: Yafang Shao <[email protected]>
---
include/linux/cgroup.h | 18 ++++++++++++++++--
kernel/cgroup/cgroup.c | 6 +-----
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h
index 473e0c0..1d67def 100644
--- a/include/linux/cgroup.h
+++ b/include/linux/cgroup.h
@@ -772,8 +772,22 @@ static inline struct cgroup *sock_cgroup_ptr(struct sock_cgroup_data *skcd)
*/
v = READ_ONCE(skcd->val);
- if (v & 1)
- return &cgrp_dfl_root.cgrp;
+ /* either net_prio or net_cls or both being used. */
+ if (v & 1) {
+ if (skcd->prioidx != 1) {
+ struct cgroup_subsys_state *css;
+ struct cgroup *cg;
+
+ rcu_read_lock();
+ css = css_from_id(skcd->prioidx, &net_prio_cgrp_subsys);
+ cg = css->cgroup;
+ rcu_read_unlock();
+
+ return cg;
+ }
+
+ return task_cgroup(current, net_prio_cgrp_id);
+ }
return (struct cgroup *)(unsigned long)v ?: &cgrp_dfl_root.cgrp;
#else
diff --git a/kernel/cgroup/cgroup.c b/kernel/cgroup/cgroup.c
index 7e4c445..59610f5 100644
--- a/kernel/cgroup/cgroup.c
+++ b/kernel/cgroup/cgroup.c
@@ -5735,7 +5735,7 @@ struct cgroup *cgroup_get_from_path(const char *path)
/**
* cgroup_get_from_fd - get a cgroup pointer from a fd
- * @fd: fd obtained by open(cgroup2_dir)
+ * @fd: fd obtained by open(cgroup2_dir or net_prio_dir)
*
* Find the cgroup from a fd which should be obtained
* by opening a cgroup directory. Returns a pointer to the
@@ -5758,10 +5758,6 @@ struct cgroup *cgroup_get_from_fd(int fd)
return ERR_CAST(css);
cgrp = css->cgroup;
- if (!cgroup_on_dfl(cgrp)) {
- cgroup_put(cgrp);
- return ERR_PTR(-EBADF);
- }
return cgrp;
}
--
1.8.3.1
On Thu, Jan 25, 2018 at 11:38:48PM +0800, Yafang Shao wrote:
> If net_prio is used, we could also use eBPF programs to attach it,
> because the net_prio cgroup could be got with prioidx in struct
> sock_cgroup_data.
> Hence it should not only be limited to cgroup2.
I really don't wanna do this. This comes with all sorts of reverse
lookup and naming issues. In addition, cgroup1 and 2 aren't mutually
exclusive. If the use case is on cgroup1 and wants to use cgroup bpf
programs, just replicate the cgroup2 hierarchy for bpf. Hierarchy
replication across different controllers is how most use cgroup1 after
all. With recent versions of systemd which defaults to using cgroup2
for process management, you get the replication for free too.
Thanks.
--
tejun
On Thu, Jan 25, 2018 at 11:50 PM, Tejun Heo <[email protected]> wrote:
> On Thu, Jan 25, 2018 at 11:38:48PM +0800, Yafang Shao wrote:
>> If net_prio is used, we could also use eBPF programs to attach it,
>> because the net_prio cgroup could be got with prioidx in struct
>> sock_cgroup_data.
>> Hence it should not only be limited to cgroup2.
>
> I really don't wanna do this. This comes with all sorts of reverse
> lookup and naming issues. In addition, cgroup1 and 2 aren't mutually
> exclusive. If the use case is on cgroup1 and wants to use cgroup bpf
> programs, just replicate the cgroup2 hierarchy for bpf. Hierarchy
> replication across different controllers is how most use cgroup1 after
> all. With recent versions of systemd which defaults to using cgroup2
> for process management, you get the replication for free too.
>
Hi Tejun,
I don't understand what do you mean Hierarchy replication.
Could you pls. show me some examples ?
Thanks
Yafang