Implement function cgroupid()

README.md

@@ -139,7 +139,7 @@ bpftrace -e 'hardware:cache-misses:1000000 { @[comm, pid] = count(); }'
 bpftrace -e 'profile:hz:99 /pid == 189/ { @[ustack] = count(); }'
 
 # Files opened, for processes in the root cgroup-v2
-bpftrace -e 'tracepoint:syscalls:sys_enter_open /cgroup == 0x100000001/ { printf("%s\n", str(args->filename)); }'
+bpftrace -e 'tracepoint:syscalls:sys_enter_openat /cgroup == cgroupid("/sys/fs/cgroup/unified/mycg")/ { printf("%s\n", str(args->filename)); }'
 ```
 
 ## Tools

src/ast/codegen_llvm.cpp

@@ -330,6 +330,13 @@ void CodegenLLVM::visit(Call &call)
     addr = bpftrace_.resolve_uname(name, current_attach_point_->target);
     expr_ = b_.getInt64(addr);
   }
+  else if (call.func == "cgroupid")
+  {
+    uint64_t cgroupid;
+    auto &path = static_cast<String&>(*call.vargs->at(0)).str;
+    cgroupid = bpftrace_.resolve_cgroupid(path);
+    expr_ = b_.getInt64(cgroupid);
+  }
   else if (call.func == "join")
   {
     call.vargs->front()->accept(*this);

src/ast/semantic_analyser.cpp

@@ -254,6 +254,12 @@ void SemanticAnalyser::visit(Call &call)
     }
     call.type = SizedType(Type::integer, 8);
   }
+  else if (call.func == "cgroupid") {
+    if (check_nargs(call, 1)) {
+      check_arg(call, Type::string, 0, true);
+    }
+    call.type = SizedType(Type::integer, 8);
+  }
   else if (call.func == "printf" || call.func == "system") {
     check_assignment(call, false, false);
     if (check_varargs(call, 1, 7)) {

src/bpftrace.cpp

@@ -7,9 +7,14 @@
 #include <sys/epoll.h>
 #include <time.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
 #include "bcc_syms.h"
 #include "perf_reader.h"
 
+#include "act_helpers.h"
 #include "bpforc.h"
 #include "bpftrace.h"
 #include "attached_probe.h"
@@ -1282,6 +1287,52 @@ uint64_t BPFtrace::resolve_kname(const std::string &name)
   return addr;
 }
 
+namespace
+{
+
+// Not embedding file_handle directly in cgid_file_handle, because C++
+// has problems with zero-sized array as struct members and
+// file_handle's f_handle is a zero-sized array.
+//
+// Also, not embedding file_handle through the public inheritance,
+// since checking for member offsets with offsetof within a
+// non-standard-layout type is conditionally-supported (so compilers
+// are not required to support it). And we want to do it to make sure
+// we got the wrapper right.
+//
+// Hence open coding the file_handle members directly in
+// cgid_file_handle and the static asserts following it.
+struct cgid_file_handle
+{
+  file_handle *as_file_handle_ptr()
+  {
+    return reinterpret_cast<file_handle*>(this);
+  }
+
+  unsigned int handle_bytes = sizeof(uint64_t);
+  int handle_type;
+  uint64_t cgid;
+};
+
+ACTH_ASSERT_SAME_SIZE(cgid_file_handle, file_handle, uint64_t);
+ACTH_ASSERT_SAME_MEMBER(cgid_file_handle, handle_bytes, file_handle, handle_bytes);
+ACTH_ASSERT_SAME_MEMBER(cgid_file_handle, handle_type, file_handle, handle_type);
+ACTH_ASSERT_SAME_OFFSET(cgid_file_handle, cgid, file_handle, f_handle);
+
+}
+
+uint64_t BPFtrace::resolve_cgroupid(const std::string &path)
+{
+  cgid_file_handle cfh;
+  int mount_id;
+  auto err = name_to_handle_at(AT_FDCWD, path.c_str(), cfh.as_file_handle_ptr(), &mount_id, 0);
+  if (err < 0) {
+    throw std::runtime_error("name_to_handle_at() failed!");
+  }
+
+  return cfh.cgid;
+}
+
 uint64_t BPFtrace::resolve_uname(const std::string &name, const std::string &path)
 {
   uint64_t addr = 0;

src/bpftrace.h

@@ -65,6 +65,7 @@ class BPFtrace
   uint64_t resolve_kname(const std::string &name);
   uint64_t resolve_uname(const std::string &name, const std::string &path);
   std::string resolve_name(uint64_t name_id);
+  uint64_t resolve_cgroupid(const std::string &path);
   std::vector<uint64_t> get_arg_values(std::vector<Field> args, uint8_t* arg_data);
   int pid_;
 

tests/codegen.cpp

@@ -1128,6 +1128,50 @@ TEST(codegen, call_uaddr)
   // TODO: test uaddr()
 }
 
+TEST(codegen, call_cgroup)
+{
+  test("tracepoint:syscalls:sys_enter_openat /cgroup == 0x100000001/ { @x = cgroup }",
+
+R"EXPECTED(; Function Attrs: nounwind
+declare i64 @llvm.bpf.pseudo(i64, i64) #0
+
+; Function Attrs: argmemonly nounwind
+declare void @llvm.lifetime.start.p0i8(i64, i8* nocapture) #1
+
+define i64 @"tracepoint:syscalls:sys_enter_openat"(i8* nocapture readnone) local_unnamed_addr section "s_tracepoint:syscalls:sys_enter_openat_1" {
+entry:
+  %"@x_val" = alloca i64, align 8
+  %"@x_key" = alloca i64, align 8
+  %get_cgroup_id = tail call i64 inttoptr (i64 80 to i64 ()*)()
+  %1 = icmp eq i64 %get_cgroup_id, 4294967297
+  br i1 %1, label %pred_true, label %pred_false
+
+pred_false:                                       ; preds = %entry
+  ret i64 0
+
+pred_true:                                        ; preds = %entry
+  %get_cgroup_id1 = tail call i64 inttoptr (i64 80 to i64 ()*)()
+  %2 = bitcast i64* %"@x_key" to i8*
+  call void @llvm.lifetime.start.p0i8(i64 -1, i8* nonnull %2)
+  store i64 0, i64* %"@x_key", align 8
+  %3 = bitcast i64* %"@x_val" to i8*
+  call void @llvm.lifetime.start.p0i8(i64 -1, i8* nonnull %3)
+  store i64 %get_cgroup_id1, i64* %"@x_val", align 8
+  %pseudo = tail call i64 @llvm.bpf.pseudo(i64 1, i64 1)
+  %update_elem = call i64 inttoptr (i64 2 to i64 (i8*, i8*, i8*, i64)*)(i64 %pseudo, i64* nonnull %"@x_key", i64* nonnull %"@x_val", i64 0)
+  call void @llvm.lifetime.end.p0i8(i64 -1, i8* nonnull %2)
+  call void @llvm.lifetime.end.p0i8(i64 -1, i8* nonnull %3)
+  ret i64 0
+}
+
+; Function Attrs: argmemonly nounwind
+declare void @llvm.lifetime.end.p0i8(i64, i8* nocapture) #1
+
+attributes #0 = { nounwind }
+attributes #1 = { argmemonly nounwind }
+)EXPECTED");
+}
+
 TEST(codegen, call_hist)
 {
   test("kprobe:f { @x = hist(pid) }",