Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp3143239rwe; Mon, 29 Aug 2022 06:36:41 -0700 (PDT) X-Google-Smtp-Source: AA6agR41y0jegEPTourGIBFDljoZoq44iDc6/7Z7n4effpxBefj9FR62XVLSvcinth0Y9153FSPm X-Received: by 2002:a17:90a:4485:b0:1fa:cc1f:a7a with SMTP id t5-20020a17090a448500b001facc1f0a7amr18830001pjg.45.1661780201420; Mon, 29 Aug 2022 06:36:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661780201; cv=none; d=google.com; s=arc-20160816; b=ArBChocuYzxRjivrg4W/JgyaO/YlHOfR6K0gCTMAhjQc6L4gBzar6xCemM6qikSRmc lEhJEsB5m835JbiMuSWRcODudN4irMH3aqpFEJlFAzi2NCBIBI+/ZlOeNUioY7l+Tl9L 6iTZqBItNZIDoRPdbTFZboQUu7qfVfcD19j3SgILC/c4mVCXF6sYKxVfdbD8PKYi7kRO ohovT8j1csgwugyKb8rfN+IWejeFr89IdWYfJg/3TezxpqflgO3v1TA6fMYpnWdVTC5F SjrrKeGX/L4kjDEwFkmJ3Lc+Wi6n0PdeRIAnHcpfWMbm182sBp+4+TDGKlSyOWwTMTXa NfCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=sSRqVVn5SCoLVeckWTZ5Gj/nBtXDD5MTT0sRUoTFBiw=; b=cXaez/tuUf5++MCtBCQf03GoLcxUjJ1MkhEL156Cy+oOGXuY7ek/U5NnBMvFGDl86z CMlMIHefIrSMmWEaqB1wnrGKg8DOzlrzVNzzSBA9gLN0aDpwPRsynuVFWXfpRKh6Kn3Q hEBxFQYvc9Rj8dpcHqWWyyNuwIlaEHs0Myf9rcwE8dOQcerBxFF5DQFReXtqmGllJJoD 8LhJGlM/7c6cytz2+SghFaylhbTlVFEb/X/DblsuDuCiWdPl7QleXlX8mtjnXvC+Piq+ fvLQvQE/kAVGfOZ+xbiR/eXPV3XHrj50q1izJiLgmpvOt5Xr1TrmN5ppEafYCJJL8nWb WUlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=UqKZNosw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r137-20020a632b8f000000b0042a88e6b1dfsi8955531pgr.770.2022.08.29.06.36.30; Mon, 29 Aug 2022 06:36:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.com header.s=susede1 header.b=UqKZNosw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=suse.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229670AbiH2NGl (ORCPT + 99 others); Mon, 29 Aug 2022 09:06:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229493AbiH2NGV (ORCPT ); Mon, 29 Aug 2022 09:06:21 -0400 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3A4562A9B; Mon, 29 Aug 2022 06:00:40 -0700 (PDT) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id D2D3222DDF; Mon, 29 Aug 2022 12:59:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1661777998; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=sSRqVVn5SCoLVeckWTZ5Gj/nBtXDD5MTT0sRUoTFBiw=; b=UqKZNoswzkT4opbT0CFX0E2k4fxB6asNd34TQMJiKraxmyY5Oy62NiBcyrPldyXJ7KDJHR 7Wzx8mJy2LXH7P8HqiXtIjspI2kHyviaLuibhQeNTELPHHnPMRqkdbRM750kNErG6GV8Br EgX2s0bkY6Ph0Hv59W0uEeHHnYScYaw= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 9836D133A6; Mon, 29 Aug 2022 12:59:58 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id 8skyJE64DGPAQwAAMHmgww (envelope-from ); Mon, 29 Aug 2022 12:59:58 +0000 Date: Mon, 29 Aug 2022 14:59:57 +0200 From: Michal =?iso-8859-1?Q?Koutn=FD?= To: Yosry Ahmed Cc: Linux Kernel Mailing List , Cgroups , bpf , Tejun Heo , Aditya Kali , Serge Hallyn , Roman Gushchin , Yonghong Song , Muneendra Kumar , Hao Luo Subject: Re: [PATCH 4/4] cgroup/bpf: Honor cgroup NS in cgroup_iter for ancestors Message-ID: <20220829125957.GB3579@blackbody.suse.cz> References: <20220826165238.30915-1-mkoutny@suse.com> <20220826165238.30915-5-mkoutny@suse.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="kORqDWCi7qDJ0mEj" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --kORqDWCi7qDJ0mEj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Aug 26, 2022 at 10:41:37AM -0700, Yosry Ahmed wrote: > I understand that currently cgroup_iter is the only user of this, but > for future use cases, is it safe to assume that cgrp will always be > inside ns? Would it be safer to do something like: I preferred the simpler root_cgrp comparison to avoid pointer arithmetics in cgroup_is_descendant. But I also made the assumption of cgrp in ns. Thanks, I'll likely adjust cgroup_path_ns to make it more robust for an external cgrp. I'd like to clarify, if a process A in a broad cgroup ns sets up a BPF cgroup iterator, exposes it via bpffs and than a process B in a narrowed cgroup ns (which excludes the origin cgroup) wants to traverse the iterator, should it fail straight ahead (regardless of iter order)? The alternative would be to allow self-dereference but prohibit any iterator moves (regardless of order). Thanks, Michal --kORqDWCi7qDJ0mEj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTrXXag4J0QvXXBmkMkDQmsBEOquQUCYwy4SQAKCRAkDQmsBEOq uZX4AQDqrzGBoULhzyvm8GveGTXVJYAupuXli8zU2n5T8KXI1wEA/d5JS9XKNwTR qMIafR6at0V6U72iM2jn2OX84ZgiKgk= =auEQ -----END PGP SIGNATURE----- --kORqDWCi7qDJ0mEj--