On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote:
> This patch adds two sets of eBPF program pointers to struct cgroup.
> One for such that are directly pinned to a cgroup, and one for such
> that are effective for it.
>
> To illustrate the logic behind that, assume the following example
> cgroup hierarchy.
>
> A - B - C
> \ D - E
>
> If only B has a program attached, it will be effective for B, C, D
> and E. If D then attaches a program itself, that will be effective for
> both D and E, and the program in B will only affect B and C. Only one
> program of a given type is effective for a cgroup.
>
> Attaching and detaching programs will be done through the bpf(2)
> syscall. For now, ingress and egress inet socket filtering are the
> only supported use-cases.
>
> Signed-off-by: Daniel Mack <dan...@zonque.org>
...
> + css_for_each_descendant_pre(pos, &cgrp->self) {
> + struct cgroup *desc = container_of(pos, struct cgroup, self);
> +
> + /* skip the subtree if the descendant has its own program */
> + if (desc->bpf.prog[type] && desc != cgrp)
is desc != cgrp really needed?
I thought css_for_each_descendant_pre() shouldn't walk itself
or I'm missing how it works.
> + pos = css_rightmost_descendant(pos);
> + else
> + rcu_assign_pointer(desc->bpf.effective[type],
> + effective);
> + }
> +}
> +
