英文:
How to detach ebpf cgroup programs without using bpftool?
问题
我正在使用Cilium ebpf来将程序附加到cgroups。然而,在我的代码中,我没有正确分离程序,现在有一些cgroup程序在后台运行,我正在尝试寻找其他关闭它们的方法。
我尝试使用bpftool cgroup detach CGROUP ATTACH_TYPE PROG来删除所有内容,当我首次运行bpftool cgroup tree时,树中没有任何内容。然后我运行了bpftool prog show,但仍然有像下面这样的cgroup程序在运行:
1096: cgroup_device tag 47dd357395126b0c gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 504B jited 309B memlock 4096B
1097: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1098: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1099: cgroup_device tag b73cbcf8b8c71a5b gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 496B jited 307B memlock 4096B
1100: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1101: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1102: cgroup_device tag ce28cc67158d681f gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 744B jited 447B memlock 4096B
1103: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1104: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1105: cgroup_device tag 26dcd5a87c1d07a2 gpl
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 440B jited 268B memlock 4096B
1106: cgroup_device tag ab4bc4523b7fe6b4
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 552B jited 353B memlock 4096B
1107: cgroup_device tag 26dcd5a87c1d07a2 gpl
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 440B jited 268B memlock 4096B
1108: cgroup_device tag ab4bc4523b7fe6b4
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 552B jited 353B memlock 4096B
而且,每当我重新启动虚拟机并输入bpftool cgroup tree时,之前为空的树再次出现内容。当调用bpftool cgroup tree时,显示如下:
CgroupPath
ID AttachType AttachFlags Name
/sys/fs/cgroup/system.slice/systemd-udevd.service
1844 ingress
1843 egress
1842 device multi
/sys/fs/cgroup/system.slice/docker-c515f626ae992e61d4894704823a9fbc41ce42fbc7a8e4b26cc7ca07ba5ef1cb.scope
1865 device multi
/sys/fs/cgroup/system.slice/systemd-journald.service
1840 ingress
1839 egress
1838 device multi
/sys/fs/cgroup/system.slice/docker-67d06fd3514a55c180718472791e45aae102830f6d35e1c6acf073598115a5ee.scope
1869 device multi
/sys/fs/cgroup/system.slice/systemd-logind.service
1848 ingress
1847 egress
1846 device multi
我尝试再次使用bpftool cgroup detach CGROUP ATTACH_TYPE PROG来删除所有内容,但这些程序似乎无法消失。为了防止进一步泄漏,我冻结了映射并摆脱了它们。如果我尝试使用bpftool prog detach PROG ATTACH_TYPE [MAP]来删除这些程序,要么无法从映射中分离,要么有多个程序具有相同的句柄。
对于属于Docker容器的cgroups,我可以通过简单删除Docker容器来解决问题。对于其他cgroups,我不确定是否有其他方法可以分离这些程序,而无需使用bpftool。
非常感谢您的任何建议。提前感谢!
英文:
I am using Cilium ebpf to attach programs to cgroups. However, in my code I didn’t detach the program correctly and now I have some cgroup programs running in the background and I am trying to look for other ways to close them.
I tried to delete everything with bpftool cgroup detach CGROUP ATTACH_TYPE PROG, and when I run bpftool cgroup tree at first, I get nothing in the tree. I then ran bpftool prog showbut still got cgroup programs running like the following:
1096: cgroup_device tag 47dd357395126b0c gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 504B jited 309B memlock 4096B
1097: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1098: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1099: cgroup_device tag b73cbcf8b8c71a5b gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 496B jited 307B memlock 4096B
1100: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1101: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1102: cgroup_device tag ce28cc67158d681f gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 744B jited 447B memlock 4096B
1103: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1104: cgroup_skb tag 6deef7357e7b4530 gpl
loaded_at 2023-02-23T13:36:22-0500 uid 0
xlated 64B jited 54B memlock 4096B
1105: cgroup_device tag 26dcd5a87c1d07a2 gpl
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 440B jited 268B memlock 4096B
1106: cgroup_device tag ab4bc4523b7fe6b4
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 552B jited 353B memlock 4096B
1107: cgroup_device tag 26dcd5a87c1d07a2 gpl
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 440B jited 268B memlock 4096B
1108: cgroup_device tag ab4bc4523b7fe6b4
loaded_at 2023-02-23T13:40:36-0500 uid 0
xlated 552B jited 353B memlock 4096B
What's more, whenever I restart my virtual machine and type bpftool cgroup tree, my previously empty tree has content again. Here is what's shown when bpftool cgroup tree is called:
CgroupPath
ID AttachType AttachFlags Name
/sys/fs/cgroup/system.slice/systemd-udevd.service
1844 ingress
1843 egress
1842 device multi
/sys/fs/cgroup/system.slice/docker-c515f626ae992e61d4894704823a9fbc41ce42fbc7a8e4b26cc7ca07ba5ef1cb.scope
1865 device multi
/sys/fs/cgroup/system.slice/systemd-journald.service
1840 ingress
1839 egress
1838 device multi
/sys/fs/cgroup/system.slice/docker-67d06fd3514a55c180718472791e45aae102830f6d35e1c6acf073598115a5ee.scope
1869 device multi
/sys/fs/cgroup/system.slice/systemd-logind.service
1848 ingress
1847 egress
1846 device multi
I tried to delete everything with bpftool cgroup detach CGROUP ATTACH_TYPE PROG again, but these programs don't seem to go away. To prevent further leakage I froze the maps and got rid of them. If I try to delete these programs using bpftool prog detach PROG ATTACH_TYPE [MAP], I get either failure to detach from map or several programs have the same handle.
For the cgroups that belong to docker containers, I can fix the issue by simply removing the docker containers. For the other cgroups, I am unsure whether there are other ways to detach these programs without needing to use bpftool.
Any advice is greatly appreciated. Thanks in advance!
答案1
得分: 0
BPF程序加载到内核并附加到挂钩点。如果您将它们分离,它们仍然保留在内核中,因此您将在bpftool prog show中看到它们。但这些通常不重要,因为它们没有附加到任何地方;最多,它们在内核中消耗一点内存。
请注意,systemd安装了一些BPF cgroup程序。这可能是您在重启后仍然看到一些程序的原因。
英文:
BPF programs are loaded in the kernel and attached to hook points. If you detach them, they remain loaded in the kernel and you will therefore see them in bpftool prog show. Those shouldn't matter however because they are not attached anywhere; at most, they consume a bit of memory in the kernel.
Note that systemd installs some BPF cgroup programs. That's probably why you see some even after a reboot.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论