- 09 Sep, 2020 1 commit
-
-
Yonghong Song authored
Commit 41c48f3a ("bpf: Support access to bpf map fields") added support to access map fields with CORE support. For example, struct bpf_map { __u32 max_entries; } __attribute__((preserve_access_index)); struct bpf_array { struct bpf_map map; __u32 elem_size; } __attribute__((preserve_access_index)); struct { __uint(type, BPF_MAP_TYPE_ARRAY); __uint(max_entries, 4); __type(key, __u32); __type(value, __u32); } m_array SEC(".maps"); SEC("cgroup_skb/egress") int cg_skb(void *ctx) { struct bpf_array *array = (struct bpf_array *)&m_array; /* .. array->map.max_entries .. */ } In kernel, bpf_htab has similar structure, struct bpf_htab { struct bpf_map map; ... } In the above cg_skb(), to access array->map.max_entries, with CORE, the clang will generate two builtin's. base = &m_array; /* access array.map */ map_addr = __builtin_preserve_struct_access_info(base, 0, 0); /* access array.map.max_entries */ max_entries_addr = __builtin_preserve_struct_access_info(map_addr, 0, 0); max_entries = *max_entries_addr; In the current llvm, if two builtin's are in the same function or in the same function after inlining, the compiler is smart enough to chain them together and generates like below: base = &m_array; max_entries = *(base + reloc_offset); /* reloc_offset = 0 in this case */ and we are fine. But if we force no inlining for one of functions in test_map_ptr() selftest, e.g., check_default(), the above two __builtin_preserve_* will be in two different functions. In this case, we will have code like: func check_hash(): reloc_offset_map = 0; base = &m_array; map_base = base + reloc_offset_map; check_default(map_base, ...) func check_default(map_base, ...): max_entries = *(map_base + reloc_offset_max_entries); In kernel, map_ptr (CONST_PTR_TO_MAP) does not allow any arithmetic. The above "map_base = base + reloc_offset_map" will trigger a verifier failure. ; VERIFY(check_default(&hash->map, map)); 0: (18) r7 = 0xffffb4fe8018a004 2: (b4) w1 = 110 3: (63) *(u32 *)(r7 +0) = r1 R1_w=invP110 R7_w=map_value(id=0,off=4,ks=4,vs=8,imm=0) R10=fp0 ; VERIFY_TYPE(BPF_MAP_TYPE_HASH, check_hash); 4: (18) r1 = 0xffffb4fe8018a000 6: (b4) w2 = 1 7: (63) *(u32 *)(r1 +0) = r2 R1_w=map_value(id=0,off=0,ks=4,vs=8,imm=0) R2_w=invP1 R7_w=map_value(id=0,off=4,ks=4,vs=8,imm=0) R10=fp0 8: (b7) r2 = 0 9: (18) r8 = 0xffff90bcb500c000 11: (18) r1 = 0xffff90bcb500c000 13: (0f) r1 += r2 R1 pointer arithmetic on map_ptr prohibited To fix the issue, let us permit map_ptr + 0 arithmetic which will result in exactly the same map_ptr. Signed-off-by:
Yonghong Song <yhs@fb.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Andrii Nakryiko <andriin@fb.com> Link: https://lore.kernel.org/bpf/20200908175702.2463625-1-yhs@fb.com
-
- 07 Sep, 2020 3 commits
-
-
Quentin Monnet authored
Synchronise the bpf.h header under tools, to report the fixes recently brought to the documentation for the BPF helpers. Signed-off-by:
Quentin Monnet <quentin@isovalent.com> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20200904161454.31135-4-quentin@isovalent.com
-
Quentin Monnet authored
Fix a formatting error in the description of bpf_load_hdr_opt() (rst2man complains about a wrong indentation, but what is missing is actually a blank line before the bullet list). Fix and harmonise the formatting for other helpers. Signed-off-by:
-
Quentin Monnet authored
Fix a formatting error in the documentation for bpftool-link, so that the man page can build correctly. Signed-off-by:
-
- 04 Sep, 2020 20 commits
-
-
Daniel T. Lee authored
This commit adds xsk_fwd test file to .gitignore which is newly added to samples/bpf. Signed-off-by:
Daniel T. Lee <danieltimlee@gmail.com> Signed-off-by:
-
Daniel T. Lee authored
From commit 52109584 ("libbpf: Deprecate notion of BPF program "title" in favor of "section name""), the term title has been replaced with section name in libbpf. Since the bpf_program__title() has been deprecated, this commit switches this function to bpf_program__section_name(). Due to this commit, the compilation warning issue has also been resolved. Fixes: 52109584 ("libbpf: Deprecate notion of BPF program "title" in favor of "section name"") Signed-off-by:
-
Andrii Nakryiko authored
Detected by LGTM static analyze in Github repo, fix potential multiplication overflow before result is casted to size_t. Fixes: 8505e870 ("libbpf: Implement generalized .BTF.ext func/line info adjustment") Signed-off-by:
-
Andrii Nakryiko authored
Another issue of __u64 needing either %lu or %llu, depending on the architecture. Fix with cast to `unsigned long long`. Fixes: 7e06aad5 ("libbpf: Add multi-prog section support for struct_ops") Signed-off-by:
-
Hao Luo authored
The returned value of bpf_object__open_file() should be checked with libbpf_get_error() rather than NULL. This fix prevents test_progs from crash when test_global_data.o is not present. Signed-off-by:
Hao Luo <haoluo@google.com> Signed-off-by:
-
Alexei Starovoitov authored
Andrii Nakryiko says: ==================== Currently, libbpf supports a limited form of BPF-to-BPF subprogram calls. The restriction is that entry-point BPF program should use *all* of defined sub-programs in BPF .o file. If any of the subprograms is not used, such entry-point BPF program will be rejected by verifier as containing unreachable dead code. This is not a big limitation for cases with single entry-point BPF programs, but is quite a heavy restriction for multi-programs that use only partially overlapping set of subprograms. This patch set removes all such restrictions and adds complete support for using BPF sub-program calls on BPF side. This is achieved through libbpf tracking subprograms individually and detecting which subprograms are used by any given entry-point BPF program, and subsequently only appending and relocating code for just those used subprograms. In addition, libbpf now also supports multiple entry-point BPF programs within the same ELF section. This allows to structure code so that there are few variants of BPF programs of the same type and attaching to the same target (e.g., for tracepoints and kprobes) without the need to worry about ELF section name clashes. This patch set opens way for more wider adoption of BPF subprogram calls, especially for real-world production use-cases with complicated net of subprograms. This will allow to further scale BPF verification process through good use of global functions, which can be verified independently. This is also important prerequisite for static linking which allows static BPF libraries to not worry about naming clashes for section names, as well as use static non-inlined functions (subprograms) without worries of verifier rejecting program due to dead code. Patch set is structured as follows: - patched 1-6 contain all the libbpf changes necessary to support multi-prog sections and bpf2bpf subcalls; - patch 7 adds dedicated selftests validating all combinations of possible sub-calls (within and across sections, static vs global functions); - patch 8 deprecated bpf_program__title() in favor of bpf_program__section_name(). The intent was to also deprecate bpf_object__find_program_by_title() as it's now non-sensical with multiple programs per section. But there were too many selftests uses of this and I didn't want to delay this patches further and make it even bigger, so left it for a follow up cleanup; - patches 9-10 remove uses for title-related APIs from bpftool and bpf_program__title() use from selftests; - patch 11 is converting fexit_bpf2bpf to have explicit subtest (it does contain 4 subtests, which are not handled as sub-tests); - patches 12-14 convert few complicated BPF selftests to use __noinline functions to further validate correctness of libbpf's bpf2bpf processing logic. v2->v3: - explained subprog relocation algorithm in more details (Alexei); - pyperf, strobelight and cls_redirect got new subprog variants, leaving other modes intact (Alexei); v1->v2: - rename DEPRECATED to LIBBPF_DEPRECATED to avoid name clashes; - fix test_subprogs build; - convert a bunch of complicated selftests to __noinline (Alexei). ==================== Signed-off-by: -
Andrii Nakryiko authored
As one of the most complicated and close-to-real-world programs, cls_redirect is a good candidate to exercise libbpf's logic of handling bpf2bpf calls. So add variant with using explicit __noinline for majority of functions except few most basic ones. If those few functions are inlined, verifier starts to complain about program instruction limit of 1mln instructions being exceeded, most probably due to instruction overhead of doing a sub-program call. Convert user-space part of selftest to have to sub-tests: with and without inlining. Signed-off-by:
-
Andrii Nakryiko authored
Update xdp_noinline to use BPF skeleton and force __noinline on helper sub-programs. Also, split existing logic into v4- and v6-only to complicate sub-program calling patterns (partially overlapped sets of functions for entry-level BPF programs). Signed-off-by:
-
Andrii Nakryiko authored
Add use of non-inlined subprogs to few bigger selftests to excercise libbpf's bpf2bpf handling logic. Also split l4lb_all selftest into two sub-tests. Signed-off-by:
-
Andrii Nakryiko authored
There are clearly 4 subtests, so make it official. Signed-off-by:
-
Andrii Nakryiko authored
BPF program title is ambigious and misleading term. It is ELF section name, so let's just call it that and deprecate bpf_program__title() API in favor of bpf_program__section_name(). Additionally, using bpf_object__find_program_by_title() is now inherently dangerous and ambiguous, as multiple BPF program can have the same section name. So deprecate this API as well and recommend to switch to non-ambiguous bpf_object__find_program_by_name(). Internally, clean up usage and mis-usage of BPF program section name for denoting BPF program name. Shorten the field name to prog->sec_name to be consistent with all other prog->sec_* variables. Signed-off-by:
-
Andrii Nakryiko authored
Remove all uses of bpf_program__title() and bpf_program__find_program_by_title(). Signed-off-by:
-
Andrii Nakryiko authored
bpf_program__title() is deprecated, switch to bpf_program__section_name() and avoid compilation warnings. Signed-off-by:
-
Andrii Nakryiko authored
Add a selftest excercising bpf-to-bpf subprogram calls, as well as multiple entry-point BPF programs per section. Also make sure that BPF CO-RE works for such set ups both for sub-programs and for multi-entry sections. Signed-off-by:
-
Andrii Nakryiko authored
Adjust struct_ops handling code to work with multi-program ELF sections properly. Signed-off-by:
-
Andrii Nakryiko authored
Complete multi-prog sections and multi sub-prog support in libbpf by properly adjusting .BTF.ext's line and function information. Mark exposed btf_ext__reloc_func_info() and btf_ext__reloc_func_info() APIs as deprecated. These APIs have simplistic assumption that all sub-programs are going to be appended to all main BPF programs, which doesn't hold in real life. It's unlikely there are any users of this API, as it's very libbpf internals-specific. Signed-off-by:
-
Andrii Nakryiko authored
This patch implements general and correct logic for bpf-to-bpf sub-program calls. Only sub-programs used (called into) from entry-point (main) BPF program are going to be appended at the end of main BPF program. This ensures that BPF verifier won't encounter any dead code due to copying unreferenced sub-program. This change means that each entry-point (main) BPF program might have a different set of sub-programs appended to it and potentially in different order. This has implications on how sub-program call relocations need to be handled, described below. All relocations are now split into two categores: data references (maps and global variables) and code references (sub-program calls). This distinction is important because data references need to be relocated just once per each BPF program and sub-program. These relocation are agnostic to instruction locations, because they are not code-relative and they are relocating against static targets (maps, variables with fixes offsets, etc). Sub-program RELO_CALL relocations, on the other hand, are highly-dependent on code position, because they are recorded as instruction-relative offset. So BPF sub-programs (those that do calls into other sub-programs) can't be relocated once, they need to be relocated each time such a sub-program is appended at the end of the main entry-point BPF program. As mentioned above, each main BPF program might have different subset and differen order of sub-programs, so call relocations can't be done just once. Splitting data reference and calls relocations as described above allows to do this efficiently and cleanly. bpf_object__find_program_by_name() will now ignore non-entry BPF programs. Previously one could have looked up '.text' fake BPF program, but the existence of such BPF program was always an implementation detail and you can't do much useful with it. Now, though, all non-entry sub-programs get their own BPF program with name corresponding to a function name, so there is no more '.text' name for BPF program. This means there is no regression, effectively, w.r.t. API behavior. But this is important aspect to highlight, because it's going to be critical once libbpf implements static linking of BPF programs. Non-entry static BPF programs will be allowed to have conflicting names, but global and main-entry BPF program names should be unique. Just like with normal user-space linking process. So it's important to restrict this aspect right now, keep static and non-entry functions as internal implementation details, and not have to deal with regressions in behavior later. This patch leaves .BTF.ext adjustment as is until next patch. Signed-off-by:
-
Andrii Nakryiko authored
Fix up CO-RE relocation code to handle relocations against ELF sections containing multiple BPF programs. This requires lookup of a BPF program by its section name and instruction index it contains. While it could have been done as a simple loop, it could run into performance issues pretty quickly, as number of CO-RE relocations can be quite large in real-world applications, and each CO-RE relocation incurs BPF program look up now. So instead of simple loop, implement a binary search by section name + insn offset. Signed-off-by:
John Fastabend <john.fastabend@gmail.com> Link: https://lore.kernel.org/bpf/20200903203542.15944-4-andriin@fb.com
-
Andrii Nakryiko authored
Teach libbpf how to parse code sections into potentially multiple bpf_program instances, based on ELF FUNC symbols. Each BPF program will keep track of its position within containing ELF section for translating section instruction offsets into program instruction offsets: regardless of BPF program's location in ELF section, it's first instruction is always at local instruction offset 0, so when libbpf is working with relocations (which use section-based instruction offsets) this is critical to make proper translations. Signed-off-by:
-
Andrii Nakryiko authored
libbpf ELF parsing logic might need symbols available before ELF parsing is completed, so we need to make sure that symbols table section is found in a separate pass before all the subsequent sections are processed. Signed-off-by:
-
- 02 Sep, 2020 6 commits
-
-
Magnus Karlsson authored
Fix use-after-free when a shared umem bind fails. The code incorrectly tried to free the allocated buffer pool both in the bind code and then later also when the socket was released. Fix this by setting the buffer pool pointer to NULL after the bind code has freed the pool, so that the socket release code will not try to free the pool. This is the same solution as the regular, non-shared umem code path has. This was missing from the shared umem path. Fixes: b5aea28d ("xsk: Add shared umem support between queue ids") Reported-by: syzbot+5334f62e4d22804e646a@syzkaller.appspotmail.com Signed-off-by:
Magnus Karlsson <magnus.karlsson@intel.com> Signed-off-by:
-
Gustavo A. R. Silva authored
Currently, dma_map is being checked, when the right object identifier to be null-checked is dma_map->dma_pages, instead. Fix this by null-checking dma_map->dma_pages. Fixes: 921b6869 ("xsk: Enable sharing of dma mappings") Addresses-Coverity-ID: 1496811 ("Logically dead code") Signed-off-by:
Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by:
Björn Töpel <bjorn.topel@intel.com> Link: https://lore.kernel.org/bpf/20200902150750.GA7257@embeddedor
-
Magnus Karlsson authored
Fix possible segfault when entry is inserted into xskmap. This can happen if the socket is in a state where the umem has been set up, the Rx ring created but it has yet to be bound to a device. In this case the pool has not yet been created and we cannot reference it for the existence of the fill ring. Fix this by removing the whole xsk_is_setup_for_bpf_map function. Once upon a time, it was used to make sure that the Rx and fill rings where set up before the driver could call xsk_rcv, since there are no tests for the existence of these rings in the data path. But these days, we have a state variable that we test instead. When it is XSK_BOUND, everything has been set up correctly and the socket has been bound. So no reason to have the xsk_is_setup_for_bpf_map function anymore. Fixes: 7361f9c3 ("xsk: Move fill and completion rings to buffer pool") Reported-by: syzbot+febe51d44243fbc564ee@syzkaller.appspotmail.com Signed-off-by:
-
Magnus Karlsson authored
Fix possible segfault in the xsk diagnostics code when dumping information about the umem. This can happen when a umem has been created, but the socket has not been bound yet. In this case, the xsk buffer pool does not exist yet and we cannot dump the information that was moved from the umem to the buffer pool. Fix this by testing for the existence of the buffer pool and if not there, do not dump any of that information. Fixes: c2d3d6a4 ("xsk: Move queue_id, dev and need_wakeup to buffer pool") Fixes: 7361f9c3 ("xsk: Move fill and completion rings to buffer pool") Reported-by: syzbot+3f04d36b7336f7868066@syzkaller.appspotmail.com Signed-off-by:
-
Yonghong Song authored
Modified existing bpf_iter_test_file.c program to check whether all accessed files from the main thread or not. Modified existing bpf_iter_test_file program to check whether all accessed files from the main thread or not. $ ./test_progs -n 4 ... #4/7 task_file:OK ... #4 bpf_iter:OK Summary: 1/24 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by:
-
Yonghong Song authored
Currently, task_file iterator iterates all files from all tasks. This may potentially visit a lot of duplicated files if there are many tasks sharing the same files, e.g., typical pthreads where these pthreads and the main thread are sharing the same files. This patch changed task_file iterator to skip a particular task if that task shares the same files as its group_leader (the task having the same tgid and also task->tgid == task->pid). This will preserve the same result, visiting all files from all tasks, and will reduce runtime cost significantl, e.g., if there are a lot of pthreads and the process has a lot of open files. Suggested-by:
Josef Bacik <josef@toxicpanda.com> Link: https://lore.kernel.org/bpf/20200902023112.1672792-1-yhs@fb.com
-
- 01 Sep, 2020 10 commits
-
-
David S. Miller authored
Ioana Ciornei says: ==================== dpaa2-eth: add a dpaa2_eth_ prefix to all functions This is just a quick cleanup that aims at adding a dpaa2_eth_ prefix to all functions within the dpaa2-eth driver even if those are static and private to the driver. The main reason for doing this is that looking a perf top, for example, is becoming an inconvenience because one cannot easily determine which entries are dpaa2-eth related or not. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
Ioana Ciornei authored
Some static functions in the dpaa2-eth driver don't have the dpaa2_eth_ prefix and this is becoming an inconvenience when looking at, for example, a perf top output and trying to determine easily which entries are dpaa2-eth related. Ammend this by adding the prefix to all the functions. Signed-off-by:
Ioana Ciornei <ioana.ciornei@nxp.com> Signed-off-by:
-
Ioana Ciornei authored
Some static functions in the dpaa2-eth driver don't have the dpaa2_eth_ prefix and this is becoming an inconvenience when looking at, for example, a perf top output and trying to determine easily which entries are dpaa2-eth related. Ammend this by adding the prefix to all the functions. Signed-off-by:
-
Ioana Ciornei authored
Some static functions in the dpaa2-eth driver don't have the dpaa2_eth_ prefix and this is becoming an inconvenience when looking at, for example, a perf top output and trying to determine easily which entries are dpaa2-eth related. Ammend this by adding the prefix to all the functions. Signed-off-by:
-
Eelco Chaudron authored
If nf_conncount_init fails currently the dispatched work is not canceled, causing problems when the timer fires. This change fixes this by not scheduling the work until all initialization is successful. Fixes: a65878d6 ("net: openvswitch: fixes potential deadlock in dp cleanup code") Reported-by:
kernel test robot <lkp@intel.com> Signed-off-by:
Eelco Chaudron <echaudro@redhat.com> Reviewed-by:
Tonghao Zhang <xiangxia.m.yue@gmail.com> Signed-off-by:
-
Thomas Falcon authored
In some cases, the device or firmware may be busy when the driver attempts to perform the CRQ initialization handshake. If the partner is busy, the hypervisor will return the H_CLOSED return code. The aim of this patch is that, if the device is not ready, to query the device a number of times, with a small wait time in between queries. If all initialization requests fail, the driver will remain in a dormant state, awaiting a signal from the device that it is ready for operation. Signed-off-by:
Thomas Falcon <tlfalcon@linux.ibm.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextDavid S. Miller authored
Daniel Borkmann says: ==================== pull-request: bpf-next 2020-09-01 The following pull-request contains BPF updates for your *net-next* tree. There are two small conflicts when pulling, resolve as follows: 1) Merge conflict in tools/lib/bpf/libbpf.c between 88a82120 ("libbpf: Factor out common ELF operations and improve logging") in bpf-next and 1e891e51 ("libbpf: Fix map index used in error message") in net-next. Resolve by taking the hunk in bpf-next: [...] scn = elf_sec_by_idx(obj, obj->efile.btf_maps_shndx); data = elf_sec_data(obj, scn); if (!scn || !data) { pr_warn("elf: failed to get %s map definitions for %s\n", MAPS_ELF_SEC, obj->path); return -EINVAL; } [...] 2) Merge conflict in drivers/net/ethernet/mellanox/mlx5/core/en/xsk/rx.c between 9647c57b ("xsk: i40e: ice: ixgbe: mlx5: Test for dma_need_sync earlier for better performance") in bpf-next and e20f0dbf ("net/mlx5e: RX, Add a prefetch command for small L1_CACHE_BYTES") in net-next. Resolve the two locations by retaining net_prefetch() and taking xsk_buff_dma_sync_for_cpu() from bpf-next. Should look like: [...] xdp_set_data_meta_invalid(xdp); xsk_buff_dma_sync_for_cpu(xdp, rq->xsk_pool); net_prefetch(xdp->data); [...] We've added 133 non-merge commits during the last 14 day(s) which contain a total of 246 files changed, 13832 insertions(+), 3105 deletions(-). The main changes are: 1) Initial support for sleepable BPF programs along with bpf_copy_from_user() helper for tracing to reliably access user memory, from Alexei Starovoitov. 2) Add BPF infra for writing and parsing TCP header options, from Martin KaFai Lau. 3) bpf_d_path() helper for returning full path for given 'struct path', from Jiri Olsa. 4) AF_XDP support for shared umems between devices and queues, from Magnus Karlsson. 5) Initial prep work for full BPF-to-BPF call support in libbpf, from Andrii Nakryiko. 6) Generalize bpf_sk_storage map & add local storage for inodes, from KP Singh. 7) Implement sockmap/hash updates from BPF context, from Lorenz Bauer. 8) BPF xor verification for scalar types & add BPF link iterator, from Yonghong Song. 9) Use target's prog type for BPF_PROG_TYPE_EXT prog verification, from Udip Pant. 10) Rework BPF tracing samples to use libbpf loader, from Daniel T. Lee. 11) Fix xdpsock sample to really cycle through all buffers, from Weqaar Janjua. 12) Improve type safety for tun/veth XDP frame handling, from Maciej Żenczykowski. 13) Various smaller cleanups and improvements all over the place. ==================== Signed-off-by:
-
YueHaibing authored
Remove unneeded return value cast. This is detected by coccinelle. Signed-off-by:
YueHaibing <yuehaibing@huawei.com> Signed-off-by:
-
YueHaibing authored
Remove dma_alloc_coherent return value cast. This is detected by coccinelle. Signed-off-by:
-
Yutaro Hayakawa authored
Implement the getsockopt SOL_TLS TLS_RX which is currently missing. The primary usecase is to use it in conjunction with TCP_REPAIR to checkpoint/restore the TLS record layer state. TLS connection state usually exists on the user space library. So basically we can easily extract it from there, but when the TLS connections are delegated to the kTLS, it is not the case. We need to have a way to extract the TLS state from the kernel for both of TX and RX side. The new TLS_RX getsockopt copies the crypto_info to user in the same way as TLS_TX does. We have described use cases in our research work in Netdev 0x14 Transport Workshop [1]. Also, there is an TLS implementation called tlse [2] which supports TLS connection migration. They have support of kTLS and their code shows that they are expecting the future support of this option. [1] https://speakerdeck.com/yutarohayakawa/prism-proxies-without-the-pain [2] https://github.com/eduardsui/tlseSigned-off-by:
Yutaro Hayakawa <yhayakawa3720@gmail.com> Reviewed-by:
Jakub Kicinski <kuba@kernel.org> Signed-off-by:
-
