Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1619141rwl;
        Wed, 5 Apr 2023 21:27:36 -0700 (PDT)
X-Google-Smtp-Source: AKy350axXcwnJPp3EgHLv1gz5z5T+uYv3CZdn5PsvslfSmBW3uGSccVcr7FK/zCGMxe34poTjZY5
X-Received: by 2002:a17:903:787:b0:19f:e9e7:4cb with SMTP id kn7-20020a170903078700b0019fe9e704cbmr7567412plb.45.1680755256617;
        Wed, 05 Apr 2023 21:27:36 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680755256; cv=none;
        d=google.com; s=arc-20160816;
        b=AHiZYVhptxJJzVQLVegyUKZjROU92uQsUJiXjLrFA+ojaWjdp7OqorlMRPQpD0w41i
         OyDM4ZzE/d/OzGe+kptJhyz0ut/Fj4CSPESI9I9mSbO8NJJ03SB9NeqbgiatjHrAO6Xm
         +Rv5g0ECiVRBLeitfQuNdGeV63zoCNGvjCGBg5uXyXhPN/fSaGOY7hZn10E5p9vGFg0N
         PBjCQGcGvTfZbxBRrOLQRMRy4/AlMfSxPgO7KiH2zmOPwnFnds7SL4f8aPx+aOJF144p
         4Ob9GUoWJA5ViUWEqe0GHMrGI1gXUgL3MWrpms1NMUM+eRzeLfQ1fz6Nrr48rsclltNE
         SzQg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=RXsgvmzHukaaTecEY3Yt625/lLug2G4Dbez5De3xAOM=;
        b=dNht/xYWtDAa6nJthHrYvRrFyFa6IsXdDDQ0HbDZTL0Vq2owRykOVnznGDwd924qWx
         STHm3oD/K30vrAE+yjvT8nxXKeLAkI0L9hOFVo6QwEL8kF084+jevk11MrnE1cENLGbj
         Sg8p8yLaT0AjI07usNzoGnopMmr7/CB6oQNkE2RkDzF2DfCtbpi0swElsMuu5NYc+31R
         abqmnCOpPfR7YHQPcej1D9k0AxTi2G56bCvOaa3Hu9EAzoAO5HK3o9OXIY7PMM5Dp7Oz
         jJRr8B+L+NBit8OG65hb9ayqPlk795HEBTVR78WeRzpEcn7PWDYmOfpqycn1u7+3+F6c
         RKJA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fdz+ZTUW;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id c1-20020a170902848100b00177568a0e53si715483plo.252.2023.04.05.21.27.24;
        Wed, 05 Apr 2023 21:27:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20210112 header.b=Fdz+ZTUW;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234863AbjDFEYV (ORCPT <rfc822;antony.sucheston@gmail.com>
        + 99 others); Thu, 6 Apr 2023 00:24:21 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39576 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S234244AbjDFEYT (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 6 Apr 2023 00:24:19 -0400
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EC2B07AAC;
        Wed,  5 Apr 2023 21:24:13 -0700 (PDT)
Received: by mail-ed1-x534.google.com with SMTP id ew6so146141989edb.7;
        Wed, 05 Apr 2023 21:24:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1680755052; x=1683347052;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=RXsgvmzHukaaTecEY3Yt625/lLug2G4Dbez5De3xAOM=;
        b=Fdz+ZTUWOR98kFskw8WAXK8kkfJhEe1LRWVhn2tWMXz1ZAIrrAcpvrkN85FHGGEQCf
         V7LKb0DctSR2FCqZURuIwXiJ35yX98y/2K2ImkeD87WatEVmaJClsAYU6c5MwSInz2ed
         hNXO5GgM4v9qo6J7azUzy7TI1Ctc9tRJEo022aqC6epZK6uI03Z2N3mlaFau0UT1qFkA
         Ae8/wk3H3GGGDAIgYXt9PgKDQEU6T50qtNBU6oa5KDNYbougxMTd83LLMhci+5z4u3Vs
         5wsmFCiPxBbnDqFBg4JPZuBRnjnGqs4ZKchKcEmC5baRiE5HgMJjpJ3onSLdjF35jxWF
         qRxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680755052; x=1683347052;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=RXsgvmzHukaaTecEY3Yt625/lLug2G4Dbez5De3xAOM=;
        b=Hl2udt4tznJff8pt3E2JalpNwbpiUzdjshGE1Noek6Wiu8yg72sUGZ/5FQU/HdhbSo
         oNRJiqxcPGM01gcWiFhryLPwEKLnNHjjpM4JBmhfrm5SCHiWVsWDoQniY43BcKyFEfhV
         0lVL1ujMLr9zBpC6WcwF5laElxEnJpDMmabEL9TREIpeIHJYRapiWxFt9KKmBv5hf9KI
         gGbXFfcvfX0U40ivBOkjJSCsywyuuSWSEzHVax3JaG+wTKNkFNuoRK7bEAl6WIoHJ1TB
         1Tq6eseDZSNM3KVCTYB5VU9Jk8G/glrgNlCCM/2OLQSKmurIeTCrDTQyMVifNzWeSktK
         z33g==
X-Gm-Message-State: AAQBX9e4nKlsCVx3mdx9At8xdv1IwGtidQn6/U1iwomaW4l1L4c2Ej1Z
        njg4l3g9E3aX5zLipkg7Q49AevoRdL9KL7H36quaq2lP
X-Received: by 2002:a17:907:8a07:b0:924:32b2:e3d1 with SMTP id
 sc7-20020a1709078a0700b0092432b2e3d1mr2786379ejc.3.1680755052190; Wed, 05 Apr
 2023 21:24:12 -0700 (PDT)
MIME-Version: 1.0
References: <20230326092208.13613-1-laoar.shao@gmail.com> <CAPhsuW43EiH0tVKU8s+JwV_V6EBETTDyXsAmMzAftpVtcgLHag@mail.gmail.com>
 <CALOAHbCqCb3xmSpNe1Qvm75GBY4ZEGrAOHfVJvpZV5t=akTTgQ@mail.gmail.com>
 <20230402233740.haxb7lgfavcoe27f@dhcp-172-26-102-232.dhcp.thefacebook.com>
 <CALOAHbBj-+xY5jGLynUrg1GfSftZ+LT5DkADKz_+8+tL2kWMSw@mail.gmail.com>
 <20230403225017.onl5pbp7h2ugclbk@dhcp-172-26-102-232.dhcp.thefacebook.com>
 <CALOAHbDQROKrWe732Qv1CsZwr6nMJN-2y77JW3EuT53D8At+Ow@mail.gmail.com>
 <20230406020656.7v5ongxyon5fr4s7@dhcp-172-26-102-232.dhcp.thefacebook.com>
 <CALOAHbCEsucGRB+n5hTnPm-HssmB91HD4PFVRhdO=CZnJXfR6A@mail.gmail.com>
 <CAADnVQ+1VEBHTM5Rm-gx8-bg=tfv=4x+aONhF0bAmBFZG3W8Qg@mail.gmail.com> <CALOAHbAorooyteDjgs82TtujP4Fwo5hSkh-Z5QhxhV9p7_2mfw@mail.gmail.com>
In-Reply-To: <CALOAHbAorooyteDjgs82TtujP4Fwo5hSkh-Z5QhxhV9p7_2mfw@mail.gmail.com>
From:   Alexei Starovoitov <alexei.starovoitov@gmail.com>
Date:   Wed, 5 Apr 2023 21:24:00 -0700
Message-ID: <CAADnVQKr5Y3z9f_Vv49DvRFcN+OF3JaFx_9NgBL58pz+TLq8ig@mail.gmail.com>
Subject: Re: [RFC PATCH bpf-next 00/13] bpf: Introduce BPF namespace
To:     Yafang Shao <laoar.shao@gmail.com>
Cc:     Song Liu <song@kernel.org>, Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>,
        Stanislav Fomichev <sdf@google.com>,
        Hao Luo <haoluo@google.com>, Jiri Olsa <jolsa@kernel.org>,
        bpf <bpf@vger.kernel.org>, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Apr 5, 2023 at 8:22=E2=80=AFPM Yafang Shao <laoar.shao@gmail.com> w=
rote:
>
> On Thu, Apr 6, 2023 at 11:06=E2=80=AFAM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
> >
> > On Wed, Apr 5, 2023 at 7:55=E2=80=AFPM Yafang Shao <laoar.shao@gmail.co=
m> wrote:
> > >
> > > It seems that I didn't describe the issue clearly.
> > > The container doesn't have CAP_SYS_ADMIN, but the CAP_SYS_ADMIN is
> > > required to run bpftool,  so the bpftool running in the container
> > > can't get the ID of bpf objects or convert IDs to FDs.
> > > Is there something that I missed ?
> >
> > Nothing. This is by design. bpftool needs sudo. That's all.
> >
>
> Hmm, what I'm trying to do is make bpftool run without sudo.

This is not a task that is worth solving.

> > > Some questions,
> > > - What if the process exits after attaching the bpf prog and the prog
> > > is not auto-detachable?
> > >   For example, the reuserport bpf prog is not auto-detachable. After
> > > pins the reuserport bpf prog, a task can attach it through the pinned
> > > bpf file, but if the task forgets to detach it and the pinned file is
> > > removed, then it seems there's no way to figure out which task or
> > > cgroup this prog belongs to...
> >
> > you're saying that there is a bpf prog in the kernel without
> > corresponding user space ?
>
> No, it is corresponding to user space. For example, it may be
> corresponding to a socket fd, or a cgroup fd.
>
> > Meaning no user space process has an FD
> > that points to this prog or FD to a map that this prog is using?
> > In such a case this is truly kernel bpf prog. It doesn't belong to cgro=
up.
> >
>
> Even if it is kernel bpf prog, it is created by a process. The user
> needs to know which one created it.

In some situations it's certainly interesting to know which process
loaded a particular program.
In many other situations it's irrelevant.
For example, the process that loaded a prog could have been moved to a
different cgroup.
If you want to track the loading you need to install bpf_lsm
that monitors prog_load hook and collect that info.
It's not the job of the kernel to do it.

> > > - Could you pls. explain in detail how to get comm, pid, or cgroup
> > > from a pinned bpffs file?
> >
> > pinned bpf prog and no user space holds FD to it?
> > It's not part of any cgroup. Nothing to print.
>
> As I explained above, even if it holds nothing, the user needs to know
> the information from it. For example, if it is expected, which one
> created it?

See the answer above. The kernel has enough hooks already to provide
this information to user space. No kernel changes necessary.