| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <877bwcus3h.fsf@linux.dev>
Date: Thu, 30 Oct 2025 12:06:42 -0700
From: Roman Gushchin <roman.gushchin@...ux.dev>
To: Amery Hung <ameryhung@...il.com>
Cc: Song Liu <song@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>,
linux-kernel@...r.kernel.org, Alexei Starovoitov <ast@...nel.org>,
Suren Baghdasaryan <surenb@...gle.com>, Michal Hocko
<mhocko@...nel.org>, Shakeel Butt <shakeel.butt@...ux.dev>, Johannes
Weiner <hannes@...xchg.org>, Andrii Nakryiko <andrii@...nel.org>, JP
Kobryn <inwardvessel@...il.com>, linux-mm@...ck.org,
cgroups@...r.kernel.org, bpf@...r.kernel.org, Martin KaFai Lau
<martin.lau@...nel.org>, Kumar Kartikeya Dwivedi <memxor@...il.com>,
Tejun Heo <tj@...nel.org>
Subject: Re: [PATCH v2 02/23] bpf: initial support for attaching struct ops
to cgroups
Amery Hung <ameryhung@...il.com> writes:
> On Thu, Oct 30, 2025 at 11:09 AM Song Liu <song@...nel.org> wrote:
>>
>> On Thu, Oct 30, 2025 at 10:22 AM Roman Gushchin
>> <roman.gushchin@...ux.dev> wrote:
>> >
>> > Song Liu <song@...nel.org> writes:
>> >
>> > > On Mon, Oct 27, 2025 at 4:17 PM Roman Gushchin <roman.gushchin@...ux.dev> wrote:
>> > > [...]
>> > >> struct bpf_struct_ops_value {
>> > >> struct bpf_struct_ops_common_value common;
>> > >> @@ -1359,6 +1360,18 @@ int bpf_struct_ops_link_create(union bpf_attr *attr)
>> > >> }
>> > >> bpf_link_init(&link->link, BPF_LINK_TYPE_STRUCT_OPS, &bpf_struct_ops_map_lops, NULL,
>> > >> attr->link_create.attach_type);
>> > >> +#ifdef CONFIG_CGROUPS
>> > >> + if (attr->link_create.cgroup.relative_fd) {
>> > >> + struct cgroup *cgrp;
>> > >> +
>> > >> + cgrp = cgroup_get_from_fd(attr->link_create.cgroup.relative_fd);
>> > >
>> > > We should use "target_fd" here, not relative_fd.
>> > >
>> > > Also, 0 is a valid fd, so we cannot use target_fd == 0 to attach to
>> > > global memcg.
>> >
>> > Yep, but then we need somehow signal there is a cgroup fd passed,
>> > so that struct ops'es which are not attached to cgroups keep working
>> > as previously. And we can't use link_create.attach_type.
>> >
>> > Should I use link_create.flags? E.g. something like add new flag
>> >
>> > @@ -1224,6 +1224,7 @@ enum bpf_perf_event_type {
>> > #define BPF_F_AFTER (1U << 4)
>> > #define BPF_F_ID (1U << 5)
>> > #define BPF_F_PREORDER (1U << 6)
>> > +#define BPF_F_CGROUP (1U << 7)
>> > #define BPF_F_LINK BPF_F_LINK /* 1 << 13 */
>> >
>> > /* If BPF_F_STRICT_ALIGNMENT is used in BPF_PROG_LOAD command, the
>> >
>> > and then do something like this:
>> >
>> > int bpf_struct_ops_link_create(union bpf_attr *attr)
>> > {
>> > <...>
>> > if (attr->link_create.flags & BPF_F_CGROUP) {
>> > struct cgroup *cgrp;
>> >
>> > cgrp = cgroup_get_from_fd(attr->link_create.target_fd);
>> > if (IS_ERR(cgrp)) {
>> > err = PTR_ERR(cgrp);
>> > goto err_out;
>> > }
>> >
>> > link->cgroup_id = cgroup_id(cgrp);
>> > cgroup_put(cgrp);
>> > }
>> >
>> > Does it sound right?
>>
>> I believe adding a flag (BPF_F_CGROUP or some other name), is the
>> right solution for this.
>>
>> OTOH, I am not sure whether we want to add cgroup fd/id to the
>> bpf link. I personally prefer the model used by TCP congestion
>> control: the link attaches the struct_ops to a global list, then each
>> user picks a struct_ops from the list. But I do agree this might be
>> an overkill for cgroup use cases.
>
> +1.
>
> In TCP congestion control and BPF qdisc's model:
>
> During link_create, both adds the struct_ops to a list, and the
> struct_ops can be indexed by name. The struct_ops are not "active" by
> this time.
> Then, each has their own interface to 'apply' the struct_ops to a
> socket or queue: setsockopt() or netlink.
>
> But maybe cgroup-related struct_ops are different.
Both tcp congestion and qdisk cases are somewhat different because
there already is a way to select between multiple implementations, bpf
just adds another one. In the oom case, it's not true. As of today,
there is only one (global) oom killer. Of course we can create
interfaces to allow a user make a choice. But the question is do we want
to create such interface for the oom case specifically (and later for
each new case separately), or there is a place for some generalization?
Ok, let me summarize the options we discussed here:
1) Make the attachment details (e.g. cgroup_id) the part of struct ops
itself. The attachment is happening at the reg() time.
+: It's convenient for complex stateful struct ops'es, because a
single entity represents a combination of code and data.
-: No way to attach a single struct ops to multiple entities.
This approach is used by Tejun for per-cgroup sched_ext prototype.
2) Make the attachment details a part of bpf_link creation. The
attachment is still happening at the reg() time.
+: A single struct ops can be attached to multiple entities.
-: Implementing stateful struct ops'es is harder and requires passing
an additional argument (some sort of "self") to all callbacks.
I'm using this approach in the bpf oom proposal.
3) Move the attachment out of .reg() scope entirely. reg() will register
the implementation system-wide and then some 3rd-party interface
(e.g. cgroupfs) should be used to select the implementation.
+: ?
-: New hard-coded interfaces might be required to enable bpf-driven
kernel customization. The "attachment" code is not shared between
various struct ops cases.
Implementing stateful struct ops'es is harder and requires passing
an additional argument (some sort of "self") to all callbacks.
This approach works well for cases when there is already a selection
of implementations (e.g. tcp congestion mechanisms), and bpf is adding
another one.
I personally lean towards 2), but I can easily implement bpf_oom with 1)
and most likely with 3) too, but it's a bit more complicated.
So I guess we all need to come to an agreement which way to go.
Thanks!
Powered by blists - more mailing lists