• Andrii Nakryiko's avatar
    bpf: Implement bpf_prog replacement for an active bpf_cgroup_link · 0c991ebc
    Andrii Nakryiko authored
    Add new operation (LINK_UPDATE), which allows to replace active bpf_prog from
    under given bpf_link. Currently this is only supported for bpf_cgroup_link,
    but will be extended to other kinds of bpf_links in follow-up patches.
    
    For bpf_cgroup_link, implemented functionality matches existing semantics for
    direct bpf_prog attachment (including BPF_F_REPLACE flag). User can either
    unconditionally set new bpf_prog regardless of which bpf_prog is currently
    active under given bpf_link, or, optionally, can specify expected active
    bpf_prog. If active bpf_prog doesn't match expected one, no changes are
    performed, old bpf_link stays intact and attached, operation returns
    a failure.
    
    cgroup_bpf_replace() operation is resolving race between auto-detachment and
    bpf_prog update in the same fashion as it's done for bpf_link detachment,
    except in this case update has no way of succeeding because of target cgroup
    marked as dying. So in this case error is returned.
    Signed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
    Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Link: https://lore.kernel.org/bpf/20200330030001.2312810-3-andriin@fb.com
    0c991ebc
syscall.c 87.2 KB