bpf: introduce current->pid, tgid, uid, gid, comm accessors

eBPF programs attached to kprobes need to filter based on
current->pid, uid and other fields, so introduce helper functions:

u64 bpf_get_current_pid_tgid(void)
Return: current->tgid << 32 | current->pid

u64 bpf_get_current_uid_gid(void)
Return: current_gid << 32 | current_uid

bpf_get_current_comm(char *buf, int size_of_buf)
stores current->comm into buf

They can be used from the programs attached to TC as well to classify packets
based on current task fields.

Update tracex2 example to print histogram of write syscalls for each process
instead of aggregated for all.

Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

3 files changed, 83 insertions, 14 deletions

diff --git a/samples/bpf/bpf_helpers.h b/samples/bpf/bpf_helpers.h
index f531a0b3282d..bdf1c1607b80 100644
--- a/samples/bpf/bpf_helpers.h
+++ b/samples/bpf/bpf_helpers.h
@@ -25,6 +25,12 @@ static void (*bpf_tail_call)(void *ctx, void *map, int index) =
         (void *) BPF_FUNC_tail_call;
 static unsigned long long (*bpf_get_smp_processor_id)(void) =
         (void *) BPF_FUNC_get_smp_processor_id;
+static unsigned long long (*bpf_get_current_pid_tgid)(void) =
+        (void *) BPF_FUNC_get_current_pid_tgid;
+static unsigned long long (*bpf_get_current_uid_gid)(void) =
+        (void *) BPF_FUNC_get_current_uid_gid;
+static int (*bpf_get_current_comm)(void *buf, int buf_size) =
+        (void *) BPF_FUNC_get_current_comm;
 
 /* llvm builtin functions that eBPF C program may use to
  * emit BPF_LD_ABS and BPF_LD_IND instructions
diff --git a/samples/bpf/tracex2_kern.c b/samples/bpf/tracex2_kern.c
index 19ec1cfc45db..dc50f4f2943f 100644
--- a/samples/bpf/tracex2_kern.c
+++ b/samples/bpf/tracex2_kern.c
@@ -62,11 +62,18 @@ static unsigned int log2l(unsigned long v)
                 return log2(v);
 }
 
+struct hist_key {
+        char comm[16];
+        u64 pid_tgid;
+        u64 uid_gid;
+        u32 index;
+};
+
 struct bpf_map_def SEC("maps") my_hist_map = {
-        .type = BPF_MAP_TYPE_ARRAY,
-        .key_size = sizeof(u32),
+        .type = BPF_MAP_TYPE_HASH,
+        .key_size = sizeof(struct hist_key),
         .value_size = sizeof(long),
-        .max_entries = 64,
+        .max_entries = 1024,
 };
 
 SEC("kprobe/sys_write")
@@ -75,11 +82,18 @@ int bpf_prog3(struct pt_regs *ctx)
         long write_size = ctx->dx; /* arg3 */
         long init_val = 1;
         long *value;
-        u32 index = log2l(write_size);
+        struct hist_key key = {};
+
+        key.index = log2l(write_size);
+        key.pid_tgid = bpf_get_current_pid_tgid();
+        key.uid_gid = bpf_get_current_uid_gid();
+        bpf_get_current_comm(&key.comm, sizeof(key.comm));
 
-        value = bpf_map_lookup_elem(&my_hist_map, &index);
+        value = bpf_map_lookup_elem(&my_hist_map, &key);
         if (value)
                 __sync_fetch_and_add(value, 1);
+        else
+                bpf_map_update_elem(&my_hist_map, &key, &init_val, BPF_ANY);
         return 0;
 }
 char _license[] SEC("license") = "GPL";
diff --git a/samples/bpf/tracex2_user.c b/samples/bpf/tracex2_user.c
index 91b8d0896fbb..cd0241c1447a 100644
--- a/samples/bpf/tracex2_user.c
+++ b/samples/bpf/tracex2_user.c
@@ -3,6 +3,7 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <linux/bpf.h>
+#include <string.h>
 #include "libbpf.h"
 #include "bpf_load.h"
 
@@ -20,23 +21,42 @@ static void stars(char *str, long val, long max, int width)
         str[i] = '\0';
 }
 
-static void print_hist(int fd)
+struct task {
+        char comm[16];
+        __u64 pid_tgid;
+        __u64 uid_gid;
+};
+
+struct hist_key {
+        struct task t;
+        __u32 index;
+};
+
+#define SIZE sizeof(struct task)
+
+static void print_hist_for_pid(int fd, void *task)
 {
-        int key;
+        struct hist_key key = {}, next_key;
+        char starstr[MAX_STARS];
         long value;
         long data[MAX_INDEX] = {};
-        char starstr[MAX_STARS];
-        int i;
         int max_ind = -1;
         long max_value = 0;
+        int i, ind;
 
-        for (key = 0; key < MAX_INDEX; key++) {
-                bpf_lookup_elem(fd, &key, &value);
-                data[key] = value;
-                if (value && key > max_ind)
-                        max_ind = key;
+        while (bpf_get_next_key(fd, &key, &next_key) == 0) {
+                if (memcmp(&next_key, task, SIZE)) {
+                        key = next_key;
+                        continue;
+                }
+                bpf_lookup_elem(fd, &next_key, &value);
+                ind = next_key.index;
+                data[ind] = value;
+                if (value && ind > max_ind)
+                        max_ind = ind;
                 if (value > max_value)
                         max_value = value;
+                key = next_key;
         }
 
         printf("           syscall write() stats\n");
@@ -48,6 +68,35 @@ static void print_hist(int fd)
                        MAX_STARS, starstr);
         }
 }
+
+static void print_hist(int fd)
+{
+        struct hist_key key = {}, next_key;
+        static struct task tasks[1024];
+        int task_cnt = 0;
+        int i;
+
+        while (bpf_get_next_key(fd, &key, &next_key) == 0) {
+                int found = 0;
+
+                for (i = 0; i < task_cnt; i++)
+                        if (memcmp(&tasks[i], &next_key, SIZE) == 0)
+                                found = 1;
+                if (!found)
+                        memcpy(&tasks[task_cnt++], &next_key, SIZE);
+                key = next_key;
+        }
+
+        for (i = 0; i < task_cnt; i++) {
+                printf("\npid %d cmd %s uid %d\n",
+                       (__u32) tasks[i].pid_tgid,
+                       tasks[i].comm,
+                       (__u32) tasks[i].uid_gid);
+                print_hist_for_pid(fd, &tasks[i]);
+        }
+
+}
+
 static void int_exit(int sig)
 {
         print_hist(map_fd[1]);