- 03 Jun, 2018 16 commits
-
-
Jesper Dangaard Brouer authored
When passed the XDP_XMIT_FLUSH flag tun_xdp_xmit now performs the same kind of socket wake up as in tun_xdp_flush(). The wake up code from tun_xdp_flush is generalized and shared with tun_xdp_xmit. Signed-off-by:
Jesper Dangaard Brouer <brouer@redhat.com> Acked-by:
Song Liu <songliubraving@fb.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org>
-
Jesper Dangaard Brouer authored
When passed the XDP_XMIT_FLUSH flag ixgbe_xdp_xmit now performs the same kind of ring tail update as in ixgbe_xdp_flush. The update tail code in ixgbe_xdp_flush is generalized and shared with ixgbe_xdp_xmit. Signed-off-by:
-
Jesper Dangaard Brouer authored
When passed the XDP_XMIT_FLUSH flag i40e_xdp_xmit now performs the same kind of ring tail update as in i40e_xdp_flush. The advantage is that all the necessary checks have been performed and xdp_ring can be updated, instead of having to perform the exact same steps/checks in i40e_xdp_flush Signed-off-by:
-
Jesper Dangaard Brouer authored
This patch only change the API and reject any use of flags. This is an intermediate step that allows us to implement the flush flag operation later, for each individual driver in a separate patch. The plan is to implement flush operation via XDP_XMIT_FLUSH flag and then remove XDP_XMIT_FLAGS_NONE when done. Signed-off-by:
-
Alexei Starovoitov authored
Daniel Borkmann says: ==================== This set adds various patches I still had in my queue, first two are test cases to provide coverage for the recent two fixes that went to bpf tree, then a small improvement on the error message for gpl helpers. Next, we expose prog and map id into fdinfo in order to allow for inspection of these objections currently used in applications. Patch after that removes a retpoline call for map lookup/update/delete helpers. A new helper is added in the subsequent patch to lookup the skb's socket's cgroup v2 id which can be used in an efficient way for e.g. lookups on egress side. Next one is a fix to fully clear state info in tunnel/xfrm helpers. Given this is full cap_sys_admin from init ns and has same priv requirements like tracing, bpf-next should be okay. A small bug fix for bpf_asm follows, and next a fix for context access in tracing which was recently reported. Lastly, a small update in the maintainer's file to add patchwork url and missing files. Thanks! v2 -> v3: - Noticed a merge artefact inside uapi header comment, sigh, fixed now. v1 -> v2: - minor fix in getting context access work on 32 bit for tracing - add paragraph to uapi helper doc to better describe kernel build deps for cggroup helper ==================== Signed-off-by: -
Daniel Borkmann authored
Add missing bits under tools/lib/bpf/ and also Q: entry in order to make it easier for people to retrieve current patch queue. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Acked-by:
-
Daniel Borkmann authored
Pull in recent changes from include/uapi/linux/bpf.h. Signed-off-by:
-
Daniel Borkmann authored
Wang reported that all the testcases for BPF_PROG_TYPE_PERF_EVENT program type in test_verifier report the following errors on x86_32: 172/p unpriv: spill/fill of different pointers ldx FAIL Unexpected error message! 0: (bf) r6 = r10 1: (07) r6 += -8 2: (15) if r1 == 0x0 goto pc+3 R1=ctx(id=0,off=0,imm=0) R6=fp-8,call_-1 R10=fp0,call_-1 3: (bf) r2 = r10 4: (07) r2 += -76 5: (7b) *(u64 *)(r6 +0) = r2 6: (55) if r1 != 0x0 goto pc+1 R1=ctx(id=0,off=0,imm=0) R2=fp-76,call_-1 R6=fp-8,call_-1 R10=fp0,call_-1 fp-8=fp 7: (7b) *(u64 *)(r6 +0) = r1 8: (79) r1 = *(u64 *)(r6 +0) 9: (79) r1 = *(u64 *)(r1 +68) invalid bpf_context access off=68 size=8 378/p check bpf_perf_event_data->sample_period byte load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (71) r0 = *(u8 *)(r1 +68) invalid bpf_context access off=68 size=1 379/p check bpf_perf_event_data->sample_period half load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (69) r0 = *(u16 *)(r1 +68) invalid bpf_context access off=68 size=2 380/p check bpf_perf_event_data->sample_period word load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (61) r0 = *(u32 *)(r1 +68) invalid bpf_context access off=68 size=4 381/p check bpf_perf_event_data->sample_period dword load permitted FAIL Failed to load prog 'Permission denied'! 0: (b7) r0 = 0 1: (79) r0 = *(u64 *)(r1 +68) invalid bpf_context access off=68 size=8 Reason is that struct pt_regs on x86_32 doesn't fully align to 8 byte boundary due to its size of 68 bytes. Therefore, bpf_ctx_narrow_access_ok() will then bail out saying that off & (size_default - 1) which is 68 & 7 doesn't cleanly align in the case of sample_period access from struct bpf_perf_event_data, hence verifier wrongly thinks we might be doing an unaligned access here though underlying arch can handle it just fine. Therefore adjust this down to machine size and check and rewrite the offset for narrow access on that basis. We also need to fix corresponding pe_prog_is_valid_access(), since we hit the check for off % size != 0 (e.g. 68 % 8 -> 4) in the first and last test. With that in place, progs for tracing work on x86_32. Reported-by:
Wang YanQing <udknight@gmail.com> Signed-off-by:
-
Daniel Borkmann authored
Range is 0-7, not 0-9, otherwise parser silently excludes it from the strtol() rather than throwing an error. Reported-by:
Marc Boschma <marc@boschma.cx> Signed-off-by:
-
Daniel Borkmann authored
Since the remaining bits are not filled in struct bpf_tunnel_key resp. struct bpf_xfrm_state and originate from uninitialized stack space, we should make sure to clear them before handing control back to the program. Also add a padding element to struct bpf_xfrm_state for future use similar as we have in struct bpf_tunnel_key and clear it as well. struct bpf_xfrm_state { __u32 reqid; /* 0 4 */ __u32 spi; /* 4 4 */ __u16 family; /* 8 2 */ /* XXX 2 bytes hole, try to pack */ union { __u32 remote_ipv4; /* 4 */ __u32 remote_ipv6[4]; /* 16 */ }; /* 12 16 */ /* size: 28, cachelines: 1, members: 4 */ /* sum members: 26, holes: 1, sum holes: 2 */ /* last cacheline: 28 bytes */ }; Signed-off-by: -
Daniel Borkmann authored
Add a new bpf_skb_cgroup_id() helper that allows to retrieve the cgroup id from the skb's socket. This is useful in particular to enable bpf_get_cgroup_classid()-like behavior for cgroup v1 in cgroup v2 by allowing ID based matching on egress. This can in particular be used in combination with applying policy e.g. from map lookups, and also complements the older bpf_skb_under_cgroup() interface. In user space the cgroup id for a given path can be retrieved through the f_handle as demonstrated in [0] recently. [0] https://lkml.org/lkml/2018/5/22/1190Signed-off-by:
-
Daniel Borkmann authored
While some of the BPF map lookup helpers provide a ->map_gen_lookup() callback for inlining the map lookup altogether it is not available for every map, so the remaining ones have to call bpf_map_lookup_elem() helper which does a dispatch to map->ops->map_lookup_elem(). In times of retpolines, this will control and trap speculative execution rather than letting it do its work for the indirect call and will therefore cause a slowdown. Likewise, bpf_map_update_elem() and bpf_map_delete_elem() do not have an inlined version and need to call into their map->ops->map_update_elem() resp. map->ops->map_delete_elem() handlers. Before: # bpftool prog dump xlated id 1 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = map[id:1] 5: (85) call __htab_map_lookup_elem#232656 6: (15) if r0 == 0x0 goto pc+4 7: (71) r1 = *(u8 *)(r0 +35) 8: (55) if r1 != 0x0 goto pc+1 9: (72) *(u8 *)(r0 +35) = 1 10: (07) r0 += 56 11: (15) if r0 == 0x0 goto pc+4 12: (bf) r2 = r0 13: (18) r1 = map[id:1] 15: (85) call bpf_map_delete_elem#215008 <-- indirect call via 16: (95) exit helper After: # bpftool prog dump xlated id 1 0: (bf) r2 = r10 1: (07) r2 += -8 2: (7a) *(u64 *)(r2 +0) = 0 3: (18) r1 = map[id:1] 5: (85) call __htab_map_lookup_elem#233328 6: (15) if r0 == 0x0 goto pc+4 7: (71) r1 = *(u8 *)(r0 +35) 8: (55) if r1 != 0x0 goto pc+1 9: (72) *(u8 *)(r0 +35) = 1 10: (07) r0 += 56 11: (15) if r0 == 0x0 goto pc+4 12: (bf) r2 = r0 13: (18) r1 = map[id:1] 15: (85) call htab_lru_map_delete_elem#238240 <-- direct call 16: (95) exit In all three lookup/update/delete cases however we can use the actual address of the map callback directly if we find that there's only a single path with a map pointer leading to the helper call, meaning when the map pointer has not been poisoned from verifier side. Example code can be seen above for the delete case. Signed-off-by: -
Daniel Borkmann authored
Its trivial and straight forward to expose it for scripts that can then use it along with bpftool in order to inspect an individual application's used maps and progs. Right now we dump some basic information in the fdinfo file but with the help of the map/prog id full introspection becomes possible now. Signed-off-by:
-
Daniel Borkmann authored
Stating 'proprietary program' in the error is just silly since it can also be a different open source license than that which is just not compatible. Reference: https://twitter.com/majek04/status/998531268039102465Signed-off-by:
-
Daniel Borkmann authored
We have one triggering on eBPF but lets also add a cBPF example to make sure we keep tracking them. Also add anther cBPF test running max number of MSH ops. Signed-off-by:
-
Daniel Borkmann authored
Add several test cases where the same or different map pointers originate from different paths in the program and execute a map lookup or tail call at a common location. Signed-off-by:
-
- 02 Jun, 2018 9 commits
-
-
Alexei Starovoitov authored
Martin KaFai Lau says: ==================== ==================== Signed-off-by: -
Martin KaFai Lau authored
The t->type in BTF_KIND_FWD is not used. It must be 0. This patch ensures that and also adds a test case in test_btf.c Signed-off-by:
Martin KaFai Lau <kafai@fb.com> Signed-off-by:
-
Martin KaFai Lau authored
This patch ensures array's t->size is 0. The array size is decided by its individual elem's size and the number of elements. Hence, t->size is not used and it must be 0. A test case is added to test_btf.c Signed-off-by:
-
Daniel Borkmann authored
Prashant Bhole says: ==================== test_sockmap was originally written only to exercise kernel code paths, so there was no strict checking of errors. When the code was modified to run as selftests, due to lack of error handling it was not able to detect test failures. In order to improve, this series fixes error handling, test run time and data verification. Also slightly improved test output by printing parameter values (cork, apply, start, end) so that parameters for all tests are displayed. Changes in v4: - patch1: Ignore RX timoute error only for corked tests - patch3: Setting different timeout for corked tests and reduce run time by reducing number of iterations in some tests Changes in v3: - Skipped error checking for corked tests ==================== Signed-off-by: -
Prashant Bhole authored
Print values of test options like apply, cork, start, end so that individual failed tests can be identified for manual run Acked-by:
John Fastabend <john.fastabend@gmail.com> Signed-off-by:
Prashant Bhole <bhole_prashant_q7@lab.ntt.co.jp> Signed-off-by:
-
Prashant Bhole authored
When data verification is enabled, some tests fail because verification is done incorrectly. Following changes fix it. - Identify the size of data block to be verified - Reset verification counter when data block size is reached - Fixed the value printed in case of verfication failure Fixes: 16962b24 ("bpf: sockmap, add selftests") Acked-by:
-
Prashant Bhole authored
Currently 10us delay is too low for many tests to succeed. It needs to be increased. Also, many corked tests are expected to hit rx timeout irrespective of timeout value. - This patch sets 1000usec timeout value for corked tests because less than that causes broken-pipe error in tx thread. Also sets 1 second timeout for all other tests because less than that results in RX timeout - tests with apply=1 and higher number of iterations were taking lot of time. This patch reduces test run time by reducing iterations. real 0m12.968s user 0m0.219s sys 0m14.337s Fixes: a18fda1a ("bpf: reduce runtime of test_sockmap tests") Signed-off-by:
-
Prashant Bhole authored
In case of selftest mode, temporary cgroup environment is created but cgroup is not joined. It causes test failures. Fixed by joining the cgroup Fixes: 16962b24 ("bpf: sockmap, add selftests") Acked-by:
-
Prashant Bhole authored
Test failures are not identified because exit code of RX/TX threads is not checked. Also threads are not returning correct exit code. - Return exit code from threads depending on test execution status - In main thread, check the exit code of RX/TX threads - Skip error checking for corked tests as they are expected to timeout Fixes: 16962b24 ("bpf: sockmap, add selftests") Signed-off-by:
-
- 30 May, 2018 7 commits
-
-
David Ahern authored
Update bpf_fib_lookup to return -EAFNOSUPPORT for unsupported address families. Allows userspace to probe for support as more are added (e.g., AF_MPLS). Signed-off-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Colin Ian King authored
The assignment dev = dev is redundant and should be removed. Detected by CoverityScan, CID#1469486 ("Evaluation order violation") Signed-off-by:Colin Ian King <colin.king@canonical.com> Acked-by:
-
Andrey Ignatov authored
Add support for recently added BPF_CGROUP_UDP4_SENDMSG and BPF_CGROUP_UDP6_SENDMSG attach types to bpftool, update documentation and bash completion. Signed-off-by:
Andrey Ignatov <rdna@fb.com> Reviewed-by:
Jakub Kicinski <jakub.kicinski@netronome.com> Acked-by:
-
Daniel Borkmann authored
Sean Young says: ==================== The kernel IR decoders (drivers/media/rc/ir-*-decoder.c) support the most widely used IR protocols, but there are many protocols which are not supported[1]. For example, the lirc-remotes[2] repo has over 2700 remotes, many of which are not supported by rc-core. There is a "long tail" of unsupported IR protocols, for which lircd is need to decode the IR . IR encoding is done in such a way that some simple circuit can decode it; therefore, bpf is ideal. In order to support all these protocols, here we have bpf based IR decoding. The idea is that user-space can define a decoder in bpf, attach it to the rc device through the lirc chardev. Separate work is underway to extend ir-keytable to have an extensive library of bpf-based decoders, and a much expanded library of rc keymaps. Another future application would be to compile IRP[3] to a IR BPF program, and so support virtually every remote without having to write a decoder for each. It might also be possible to support non-button devices such as analog directional pads or air conditioning remote controls and decode the target temperature in bpf, and pass that to an input device. [1] http://www.hifi-remote.com/wiki/index.php?title=DecodeIR [2] https://sourceforge.net/p/lirc-remotes/code/ci/master/tree/remotes/ [3] http://www.hifi-remote.com/wiki/index.php?title=IRP_Notation Changes since v4: - Renamed rc_dev_bpf_{attach,detach,query} to lirc_bpf_{attach,detach,query} - Fixed error path in lirc_bpf_query - Rebased on bpf-next Changes since v3: - Implemented review comments from Quentin Monnet and Y Song (thanks!) - More helpful and better formatted bpf helper documentation - Changed back to bpf_prog_array rather than open-coded implementation - scancodes can be 64 bit - bpf gets passed values in microseconds, not nanoseconds. microseconds is more than than enough (IR receivers support carriers upto 70kHz, at which point a single period is already 14 microseconds). Also, this makes it much more consistent with lirc mode2. - Since it looks much more like lirc mode2, rename the program type to BPF_PROG_TYPE_LIRC_MODE2. - Rebased on bpf-next Changes since v2: - Fixed locking issues - Improved self-test to cover more cases - Rebased on bpf-next again Changes since v1: - Code review comments from Y Song <ys114321@gmail.com> and Randy Dunlap <rdunlap@infradead.org> - Re-wrote sample bpf to be selftest - Renamed RAWIR_DECODER -> RAWIR_EVENT (Kconfig, context, bpf prog type) - Rebase on bpf-next - Introduced bpf_rawir_event context structure with simpler access checking ==================== Signed-off-by:
-
Sean Young authored
This is simple test over rc-loopback. Acked-by:
Yonghong Song <yhs@fb.com> Signed-off-by:
Sean Young <sean@mess.org> Signed-off-by:
-
Sean Young authored
Add support for BPF_PROG_LIRC_MODE2. This type of BPF program can call rc_keydown() to reported decoded IR scancodes, or rc_repeat() to report that the last key should be repeated. The bpf program can be attached to using the bpf(BPF_PROG_ATTACH) syscall; the target_fd must be the /dev/lircN device. Acked-by:
-
Sean Young authored
This makes is it possible for bpf prog detach to return -ENOENT. Acked-by:
-
- 29 May, 2018 4 commits
-
-
David Ahern authored
Verify flags argument contains only known flags. Allows programs to probe for support as more are added. Signed-off-by:
-
David Ahern authored
MPLS support will not be submitted this dev cycle, but in working on it I do see a few changes are needed to the API. For now, drop mpls from the API. Since the fields in question are unions, the mpls fields can be added back later without affecting the uapi. Signed-off-by:
-
YueHaibing authored
The local variable is only used while CONFIG_IPV6 enabled net/core/filter.c: In function ‘sk_msg_convert_ctx_access’: net/core/filter.c:6489:6: warning: unused variable ‘off’ [-Wunused-variable] int off; ^ This puts it into #ifdef. Fixes: 303def35 ("bpf: allow sk_msg programs to read sock fields") Signed-off-by:YueHaibing <yuehaibing@huawei.com> Acked-by:
Arnd Bergmann <arnd@arndb.de> Acked-by:
-
Quentin Monnet authored
These are minor edits for the eBPF helpers documentation in include/uapi/linux/bpf.h. The main fix consists in removing "BPF_FIB_LOOKUP_", because it ends with a non-escaped underscore that gets interpreted by rst2man and produces the following message in the resulting manual page: DOCUTILS SYSTEM MESSAGES System Message: ERROR/3 (/tmp/bpf-helpers.rst:, line 1514) Unknown target name: "bpf_fib_lookup". Other edits consist in: - Improving formatting for flag values for "bpf_fib_lookup()" helper. - Emphasising a parameter name in description of the return value for "bpf_get_stack()" helper. - Removing unnecessary blank lines between "Description" and "Return" sections for the few helpers that would use it, for consistency. Signed-off-by:Quentin Monnet <quentin.monnet@netronome.com> Acked-by:
-
- 28 May, 2018 4 commits
-
-
Daniel Borkmann authored
Andrey Ignatov says: ==================== v3 -> v4: * handle static key correctly for CONFIG_CGROUP_BPF=n. v2 -> v3: * place BPF logic under static key in udp_sendmsg, udpv6_sendmsg; * rebase. v1 -> v2: * return ENOTSUPP if bpf_prog rewrote IPv6-only with IPv4-mapped IPv6; * add test for IPv4-mapped IPv6 use-case; * fix build for CONFIG_CGROUP_BPF=n; * rebase. This path set adds BPF hooks for sys_sendmsg similar to existing hooks for sys_bind and sys_connect. Hooks allow to override source IP (including the case when it's set via cmsg(3)) and destination IP:port for unconnected UDP (slow path). TCP and connected UDP (fast path) are not affected. This makes UDP support complete: connected UDP is handled by sys_connect hooks, unconnected by sys_sendmsg ones. Similar to sys_connect hooks, sys_sendmsg ones can be used to make system calls such as sendmsg(2) and sendto(2) return EPERM. Please see patch 0002 for more details. ==================== Signed-off-by: -
Andrey Ignatov authored
Add selftest for BPF_CGROUP_UDP4_SENDMSG and BPF_CGROUP_UDP6_SENDMSG attach types. Try to sendmsg(2) to specific IP:port and test that: * source IP is overridden as expected. * remote IP:port pair is overridden as expected; Both UDPv4 and UDPv6 are tested. Output: # test_sock_addr.sh 2>/dev/null Wait for testing IPv4/IPv6 to become available ... OK ... pre-existing test-cases skipped ... Test case: sendmsg4: load prog with wrong expected attach type .. [PASS] Test case: sendmsg4: attach prog with wrong attach type .. [PASS] Test case: sendmsg4: rewrite IP & port (asm) .. [PASS] Test case: sendmsg4: rewrite IP & port (C) .. [PASS] Test case: sendmsg4: deny call .. [PASS] Test case: sendmsg6: load prog with wrong expected attach type .. [PASS] Test case: sendmsg6: attach prog with wrong attach type .. [PASS] Test case: sendmsg6: rewrite IP & port (asm) .. [PASS] Test case: sendmsg6: rewrite IP & port (C) .. [PASS] Test case: sendmsg6: IPv4-mapped IPv6 .. [PASS] Test case: sendmsg6: deny call .. [PASS] Summary: 27 PASSED, 0 FAILED Signed-off-by:
-
Andrey Ignatov authored
test_sock_addr was not easy to extend since it was focused on sys_bind and sys_connect quite a bit. Reorganized it so that it'll be easier to cover new test-cases for `BPF_PROG_TYPE_CGROUP_SOCK_ADDR`: - decouple test-cases so that only one BPF prog is tested at a time; - check programmatically that local IP:port for sys_bind, source IP and destination IP:port for sys_connect are rewritten property by tested BPF programs. The output of new version: # test_sock_addr.sh 2>/dev/null Wait for testing IPv4/IPv6 to become available ... OK Test case: bind4: load prog with wrong expected attach type .. [PASS] Test case: bind4: attach prog with wrong attach type .. [PASS] Test case: bind4: rewrite IP & TCP port in .. [PASS] Test case: bind4: rewrite IP & UDP port in .. [PASS] Test case: bind6: load prog with wrong expected attach type .. [PASS] Test case: bind6: attach prog with wrong attach type .. [PASS] Test case: bind6: rewrite IP & TCP port in .. [PASS] Test case: bind6: rewrite IP & UDP port in .. [PASS] Test case: connect4: load prog with wrong expected attach type .. [PASS] Test case: connect4: attach prog with wrong attach type .. [PASS] Test case: connect4: rewrite IP & TCP port .. [PASS] Test case: connect4: rewrite IP & UDP port .. [PASS] Test case: connect6: load prog with wrong expected attach type .. [PASS] Test case: connect6: attach prog with wrong attach type .. [PASS] Test case: connect6: rewrite IP & TCP port .. [PASS] Test case: connect6: rewrite IP & UDP port .. [PASS] Summary: 16 PASSED, 0 FAILED (stderr contains errors from libbpf when testing load/attach with invalid arguments) Signed-off-by:
-
Andrey Ignatov authored
libbpf can guess prog type and expected attach type based on section name. Add hints for "cgroup/sendmsg4" and "cgroup/sendmsg6" section names. Signed-off-by:
-
