diff options
| author |   David S. Miller <davem@davemloft.net> | 2016-07-01 16:32:27 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-07-01 16:32:27 -0400 |
| commit | dc9a20020a73e81766f1a6341bcafb7f00b5f92a (patch) | |
| tree | ce74217c60eeda9e99a8b5e2babcf0847ab3b24f /include/linux | |
| parent | Merge branch 'bpf-robustify' (diff) | |
| parent | cgroup: bpf: Add an example to do cgroup checking in BPF (diff) | |
Merge branch 'bpf-cgroup2'
Martin KaFai Lau says:
====================
cgroup: bpf: cgroup2 membership test on skb
This series is to implement a bpf-way to
check the cgroup2 membership of a skb (sk_buff).
It is similar to the feature added in netfilter:
c38c4597e4bf ("netfilter: implement xt_cgroup cgroup2 path match")
The current target is the tc-like usage.
v3:
- Remove WARN_ON_ONCE(!rcu_read_lock_held())
- Stop BPF_MAP_TYPE_CGROUP_ARRAY usage in patch 2/4
- Avoid mounting bpf fs manually in patch 4/4
- Thanks for Daniel's review and the above suggestions
- Check CONFIG_SOCK_CGROUP_DATA instead of CONFIG_CGROUPS. Thanks to
the kbuild bot's report.
Patch 2/4 only needs CONFIG_CGROUPS while patch 3/4 needs
CONFIG_SOCK_CGROUP_DATA. Since a single bpf cgrp2 array alone is
not useful for now, CONFIG_SOCK_CGROUP_DATA is also used in
patch 2/4. We can fine tune it later if we find other use cases
for the cgrp2 array.
- Return EAGAIN instead of ENOENT if the cgrp2 array entry is
NULL. It is to distinguish these two cases: 1) the userland has
not populated this array entry yet. or 2) not finding cgrp2 from the skb.
- Be-lated thanks to Alexei and Tejun on reviewing v1 and giving advice on
this work.
v2:
- Fix two return cases in cgroup_get_from_fd()
- Fix compilation errors when CONFIG_CGROUPS is not used:
- arraymap.c: avoid registering BPF_MAP_TYPE_CGROUP_ARRAY
- filter.c: tc_cls_act_func_proto() returns NULL on BPF_FUNC_skb_in_cgroup
- Add comments to BPF_FUNC_skb_in_cgroup and cgroup_get_from_fd()
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/cgroup.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h index a20320c666fd..984f73b719a9 100644 --- a/include/linux/cgroup.h +++ b/include/linux/cgroup.h @@ -87,6 +87,7 @@ struct cgroup_subsys_state *css_tryget_online_from_dir(struct dentry *dentry, struct cgroup_subsys *ss); struct cgroup *cgroup_get_from_path(const char *path); +struct cgroup *cgroup_get_from_fd(int fd); int cgroup_attach_task_all(struct task_struct *from, struct task_struct *); int cgroup_transfer_tasks(struct cgroup *to, struct cgroup *from); |