Hi,
I'll add the device major/minor numbers into the pidns_info structure and
work on those 4 points.
Thanks for your guidance on this.
Bests
On Sat, Sep 30, 2017 at 9:55 PM, Y Song wrote:
> On Thu, Sep 28, 2017 at 2:02 PM, carlos antonio neira bustos
> wrote:
> > Hi All,
> >
> > I'm still working this issue https://github.com/iovisor/bcc/issues/1329.
> > I have added tests under samples/bpf, here is test calling this new
> helper.
> >
> > Inside the container
> >
> > ping-10619 [000] d.s1 5319.547909: 0x0001: ns_id 4026532197 tgid
> 10619
> > pid 10619
> >
> > Outside the container
> >
> > ping-12174 [000] d.s1 5480.582818: 0x0001: ns_id 4026531836 tgid
> 12174
> > pid 12174
> >
> >
> > Let me know if something needs to be changed.
> >
> > Thanks again for your help and comments.
> >
> > Here is the patch
> >
> >
> > diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> > index b69e7a5..34b608e 100644
> > --- a/include/linux/bpf.h
> > +++ b/include/linux/bpf.h
> > @@ -227,6 +227,12 @@ struct bpf_event_entry {
> > struct rcu_head rcu;
> > };
> >
> > +struct bpf_current_pidns_info {
> > +u64 ns_id;
> > +u32 tgid;
> > +u32 pid;
> > +};
>
> During linux plumbers conference, I talked to
> Eric Biederman (kernel namespace maintainer).
> The below is an example output of "stat -L /proc/self/ns/pid":
>
> -bash-4.3$ stat -L /proc/self/ns/pid
> File: '/proc/self/ns/pid'
> Size: 0 Blocks: 0 IO Block: 4096 regular empty
> file
> Device: 3h/3dInode: 4026531836 Links: 1
> Access: (0444/-r--r--r--) Uid: (0/root) Gid: (0/root)
> Context: system_u:object_r:nsfs_t:s0
> Access: 2017-09-28 21:21:41.496571299 -0700
> Modify: 2017-09-28 21:21:41.496571299 -0700
> Change: 2017-09-28 21:21:41.496571299 -0700
> Birth: -
> -bash-4.3$
>
> You will notice that there is a "Device" field with major and minor
> number. Currently, all namespace files will have the same device.
> However, in the future, it is possible (maybe under really rare
> cases) that different pid_ns files may belong to different device.
>
> So he suggests that we should put device major/minor numbers
> in the pidns_info structure as well. Could you help do that as well?
>
> > +
> > u64 bpf_tail_call(u64 ctx, u64 r2, u64 index, u64 r4, u64 r5);
> > u64 bpf_get_stackid(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
> >
> > @@ -375,6 +381,8 @@ extern const struct bpf_func_proto
> > bpf_skb_vlan_push_proto;
> > extern const struct bpf_func_proto bpf_skb_vlan_pop_proto;
> > extern const struct bpf_func_proto bpf_get_stackid_proto;
> >
> > +extern const struct bpf_func_proto bpf_get_current_pidns_info_proto;
> > +
> > /* Shared helpers among cBPF and eBPF. */
> > void bpf_user_rnd_init_once(void);
> > u64 bpf_user_rnd_u32(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5);
> > diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> > index e99e3e6..c1b94fa 100644
> > --- a/include/uapi/linux/bpf.h
> > +++ b/include/uapi/linux/bpf.h
> > @@ -539,6 +539,15 @@ union bpf_attr {
> > * @mode: operation mode (enum bpf_adj_room_mode)
> > * @flags: reserved for future use
> > * Return: 0 on success or negative error code
> > + *
> > + * int bpf_get_current_pidns_info(void *buf, int size_of_buf)
> > + * stores the following namespace data into
> > + * bpf_current_pins_info struct:
> > + * namespace id
> > + * tgid inside namespace
> > + * pid inside namespace
> > + * Return: 0 on success or negative error
> > + *
> > */
> > #define __BPF_FUNC_MAPPER(FN) \
> > FN(unspec), \
> > @@ -591,7 +600,9 @@ union bpf_attr {
> > FN(get_socket_uid), \
> > FN(set_hash), \
> > FN(setsockopt), \
> > - FN(skb_adjust_room),
> > + FN(skb_adjust_room),\
> > + FN(get_current_pidns_info),
> > +
> >
> > /* integer value in 'imm' field of BPF_CALL instruction selects which
> > helper
> > * function eBPF program intends to call
> > diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
> > index ad5f559..c81ffa0 100644
> > --- a/kernel/bpf/core.c
> > +++ b/kernel/bpf/core.c
> > @@ -1379,6 +1379,9 @@ const struct bpf_func_proto
> > bpf_get_current_pid_tgid_proto __weak;
> > const struct bpf_func_proto bpf_get_current_uid_gid_proto __weak;
> > const struct bpf_func_proto bpf_get_current_comm_proto __weak;
> >
> > +const struct bpf_func_proto bpf_get_current_pidns_info __weak;
> > +
> > +
> > const struct bpf_func_proto * __weak bpf_get_trace_printk_proto(void)
> > {
> > return NULL;
> > diff --git a/kernel/bpf/helpers.c b/kernel/bpf/helpers.c
> > index 3d24e23..682d623 100644
> > --- a/kernel/bpf/helpers.c
> > +++ b/kernel/bpf/helpers.c
> > @@ -18,6 +18,7 @@
> > #include
> > #include
> > #include
> > +#include
> >
> > /* If kernel subsystem is allowing eBPF programs to call this function,
> > * inside its own verifier_ops->get_func_proto() callback it should
> return
> > @@