Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp396079pxk; Fri, 11 Sep 2020 09:47:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx8Dc9pvsoJNP3iF7n8JeZKuuFhTXWPNHQwhtpVTOVUCo5adnFPJa4DHCE0psSPtxsr7R1O X-Received: by 2002:a17:906:cec9:: with SMTP id si9mr2809616ejb.351.1599842821212; Fri, 11 Sep 2020 09:47:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599842821; cv=none; d=google.com; s=arc-20160816; b=KbCVbd9IUejdqGsW7QKuuCZ/L+ylz1jDWmwLBLe3/L7nSV7BgJC2flqOSIootz3G3i uDtQvjQzpkBbUvHg4glPSCO5CXIxSGjNTw0h8IkminkhkPdhDap6j0ik0QjWnj0PFa7M SDLzkDkHAS2l9EtmaKGoGGxp346XFhSQ56YDQr97FSbvHmnHDUFaOhxCt/hjSHCDpbCu t7UWmyWh9I0XcPmt4Fwj1t6reAH66BPoZz3vHiigeqwBBcj70lkVuR4FiodyIqEfn5yP v2cfChbmUQgceUwoGeddT2tVShf8H2SLVR0wqtknDgE1G2XSNKxIqBBb68CkX0ClMCXb KmCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8voqPtdkbS5RYnHXaRVOj2SC1jKq1kvwIX4dEXxo6Mc=; b=L6hO5AbVp4jbg3jfKUW5k9hMZ30oCZwFbVCh+Y/L76EeBc833iGMyWx49gj4v11bus 3iS15dh80xBx5a+IBPPGMYZXwb+1PuLZNEXEYC8Af4BGmoTRyV6BUOzLA6/ZAnUkPRS6 ajVrbkBpRNtNVjE/Y0G8SpZMO2f54rhRMZ/pbm8HyKEsg9v0mFJ2Gw5xPIlB5sqmZquQ pRTlr6ln5MZRXYZEMyj663NwFe7x+iYu3DZXM4i4aVUKxXjlCXug24pLy2TTSn936olU e7vshxjaK8KfAVS6q8Yif12sNOFC9HWAlL6w3hSkipsD4yAi/xyn1nlB11t/rtSwaU1h uuKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@tessares-net.20150623.gappssmtp.com header.s=20150623 header.b=qySYWhW0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u6si1436201edx.293.2020.09.11.09.46.36; Fri, 11 Sep 2020 09:47:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@tessares-net.20150623.gappssmtp.com header.s=20150623 header.b=qySYWhW0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725833AbgIKQoA (ORCPT + 99 others); Fri, 11 Sep 2020 12:44:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726391AbgIKPIX (ORCPT ); Fri, 11 Sep 2020 11:08:23 -0400 Received: from mail-ej1-x644.google.com (mail-ej1-x644.google.com [IPv6:2a00:1450:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B40AFC06135F for ; Fri, 11 Sep 2020 07:31:06 -0700 (PDT) Received: by mail-ej1-x644.google.com with SMTP id e23so14106649eja.3 for ; Fri, 11 Sep 2020 07:31:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tessares-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=8voqPtdkbS5RYnHXaRVOj2SC1jKq1kvwIX4dEXxo6Mc=; b=qySYWhW0yC42rPW/IoqWQolhYfXTLM21q7M2YytnHh2yQU4RoGj86gmZePTxz8sAjT GFnqtUFKRVnNvFFSoku5JBmqgqWLDyp3MH8ip3utZK5/D9/Q5oyLP69h10p78VRSCZL4 CjxstQ5GyKsCPPsHl+CbtPcFPb7vjpkHd29RXhjIRjBEWV+X8wVZQMmDOV0ELwoDcLmz HrVgononjhPjTIsOluxMQICFWXylrDWQkjYNSlCBsEJOszmzHOOjtdqU3VA0Jdd7dB1w X8H0violb+3GZwx8SNphe81iv+N5lCd4hWhgNDxulNEkayJY2qBM/9ftAQY8iAf/gPHo GyDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=8voqPtdkbS5RYnHXaRVOj2SC1jKq1kvwIX4dEXxo6Mc=; b=Dg4hIfwdwvt4OggesQRes8luv/r7Yz3P6yrs+j04Gs4SQgA9gzcrkNMjtzzRR0fDG6 3oFoudJDtBpqLeq97tEkEVgrFN7iaZ68K/QxqvA1ID9TEQ4+NtgDli6/ai8wzDJRVyc8 vaxn6ApCru+Fv9oF36K8Q+jkf+5IAowGMTEuv+Au4qi44cz5VHWS1QHqI/WYnSVfer3C 00vognvIpG6p8M7rR+eSqs2lQqMQHgOsEz22A+5jz3BHmRTP9yLat9p3ZpSM2ADWizV9 MXpIYb3aIlUxnVBMoEyFOVIkO7aRQPqu/wk5NSBevff2D3RWfbwFeLCdf20Q3cNXEKwQ XdVw== X-Gm-Message-State: AOAM5333ntgwTxVLfgPmZNFvmi36FDEhPZQCBok2xgtBUfrDPMEpTyaR Wxt2kdSmSEy1ZmU9siM0B4l0pQ== X-Received: by 2002:a17:906:5206:: with SMTP id g6mr2404464ejm.292.1599834665328; Fri, 11 Sep 2020 07:31:05 -0700 (PDT) Received: from localhost.localdomain ([87.66.33.240]) by smtp.gmail.com with ESMTPSA id y21sm1716261eju.46.2020.09.11.07.31.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Sep 2020 07:31:04 -0700 (PDT) From: Nicolas Rybowski To: Mat Martineau , Matthieu Baerts , "David S. Miller" , Jakub Kicinski , Alexei Starovoitov , Daniel Borkmann , Martin KaFai Lau , Song Liu , Yonghong Song , Andrii Nakryiko , John Fastabend , KP Singh Cc: Nicolas Rybowski , Paolo Abeni , netdev@vger.kernel.org, mptcp@lists.01.org, linux-kernel@vger.kernel.org, bpf@vger.kernel.org Subject: [PATCH bpf-next v2 2/5] mptcp: attach subflow socket to parent cgroup Date: Fri, 11 Sep 2020 16:30:17 +0200 Message-Id: <20200911143022.414783-2-nicolas.rybowski@tessares.net> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200911143022.414783-1-nicolas.rybowski@tessares.net> References: <20200911143022.414783-1-nicolas.rybowski@tessares.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org It has been observed that the kernel sockets created for the subflows (except the first one) are not in the same cgroup as their parents. That's because the additional subflows are created by kernel workers. This is a problem with eBPF programs attached to the parent's cgroup won't be executed for the children. But also with any other features of CGroup linked to a sk. This patch fixes this behaviour. As the subflow sockets are created by the kernel, we can't use 'mem_cgroup_sk_alloc' because of the current context being the one of the kworker. This is why we have to do low level memcg manipulation, if required. Suggested-by: Matthieu Baerts Suggested-by: Paolo Abeni Acked-by: Matthieu Baerts Reviewed-by: Mat Martineau Signed-off-by: Nicolas Rybowski --- net/mptcp/subflow.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index e8cac2655c82..535a3f9f8cfc 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -1130,6 +1130,30 @@ int __mptcp_subflow_connect(struct sock *sk, int ifindex, return err; } +static void mptcp_attach_cgroup(struct sock *parent, struct sock *child) +{ +#ifdef CONFIG_SOCK_CGROUP_DATA + struct sock_cgroup_data *parent_skcd = &parent->sk_cgrp_data, + *child_skcd = &child->sk_cgrp_data; + + /* only the additional subflows created by kworkers have to be modified */ + if (cgroup_id(sock_cgroup_ptr(parent_skcd)) != + cgroup_id(sock_cgroup_ptr(child_skcd))) { +#ifdef CONFIG_MEMCG + struct mem_cgroup *memcg = parent->sk_memcg; + + mem_cgroup_sk_free(child); + if (memcg && css_tryget(&memcg->css)) + child->sk_memcg = memcg; +#endif /* CONFIG_MEMCG */ + + cgroup_sk_free(child_skcd); + *child_skcd = *parent_skcd; + cgroup_sk_clone(child_skcd); + } +#endif /* CONFIG_SOCK_CGROUP_DATA */ +} + int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) { struct mptcp_subflow_context *subflow; @@ -1150,6 +1174,9 @@ int mptcp_subflow_create_socket(struct sock *sk, struct socket **new_sock) lock_sock(sf->sk); + /* the newly created socket has to be in the same cgroup as its parent */ + mptcp_attach_cgroup(sk, sf->sk); + /* kernel sockets do not by default acquire net ref, but TCP timer * needs it. */ -- 2.28.0