On Wed, Apr 10, 2019 at 1:38 PM Javier Honduvilla Coto <javierhond...@fb.com> wrote: > > Hi all, > > This patch adds the bpf_descendant_of helper which accepts a PID and > returns 1 if the PID of the process currently being executed is a > descendant of it or if it's itself. Returns 0 otherwise. > > This is very useful in tracing programs when we want to filter by a > given PID and all the children it might spawn. The current workarounds > most people implement for this purpose have issues: > > - Attaching to process spawning syscalls and dynamically add those PIDs > to some bpf map that would be used to filter is cumbersome and > potentially racy. > - Unrolling some loop to perform what this helper is doing consumes lots > of instructions. That and the impossibility to jump backwards makes it > really hard to be correct in really large process chains. > > Let me know what do you think! > > Thanks,
For the set: Acked-by: Song Liu <songliubrav...@fb.com> > > --- > Changes in V5: > - Addressed code review feedback > - Renamed from progenyof => descendant_of as suggested by Jon Haslam > and Brendan Gregg > > Changes in V4: > - Rebased on latest bpf-next after merge window > > Changes in V3: > - Removed RCU read (un)locking as BPF programs alredy run in RCU > locked > context > - progenyof(0) now returns 1, which, semantically makes more sense > - Added new test case for PID 0 and changed sentinel value for errors > - Rebase on latest bpf-next/master > - Used my work email as somehow I accidentally used my personal one > in v2 > > Changes in V2: > - Adding missing docs in include/uapi/linux/bpf.h > > > Javier Honduvilla Coto (3): > bpf: add bpf_descendant_of helper > bpf: sync kernel uapi headers > bpf: add tests for bpf_descendant_of > > include/linux/bpf.h | 1 + > include/uapi/linux/bpf.h | 10 +- > kernel/bpf/core.c | 1 + > kernel/bpf/helpers.c | 27 ++ > kernel/trace/bpf_trace.c | 2 + > tools/include/uapi/linux/bpf.h | 10 +- > tools/testing/selftests/bpf/.gitignore | 1 + > tools/testing/selftests/bpf/Makefile | 2 +- > tools/testing/selftests/bpf/bpf_helpers.h | 3 + > .../bpf/progs/test_descendant_of_kern.c | 46 +++ > .../selftests/bpf/test_descendant_of_user.c | 268 ++++++++++++++++++ > 11 files changed, 368 insertions(+), 3 deletions(-) > create mode 100644 > tools/testing/selftests/bpf/progs/test_descendant_of_kern.c > create mode 100644 tools/testing/selftests/bpf/test_descendant_of_user.c > > -- > 2.17.1 >
