ce, but
the code in question doesn't support that particular flag. EINVAL
seemed more appropriate. Happy to change it if you prefer.
>And check f_flags, not flags:
>
> if (f_flags != O_RDWR)
> ret = -EACCESS;
> else
> ret = bpf_link_new_fd(raw);
I'll res
links, so this
change is unlikely to break users.
Fixes: 70ed506c3bbc ("bpf: Introduce pinnable bpf_link abstraction")
Signed-off-by: Lorenz Bauer
---
kernel/bpf/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/inode.c b/kernel/bpf/inode.c
index 1
t; After 3d368ab87cf6681f9 ("net: initialize net->net_cookie at netns setup")
> net->net_cookie is directly available.
The patch set is at
https://lore.kernel.org/bpf/20210219154330.93615-1-...@cloudflare.com/
but I decided to abandon it. I can work around my issue by comparing
the n
amespace of the network
> namespace?
>
> Christian
Hi Christian,
I've decided to drop the patch set for now, but that was my intention, yes. Is
there a downside I'm not aware of?
Lorenz
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
Make sure that SO_NETNS_COOKIE returns a non-zero value, and
that sockets from different namespaces have a distinct cookie
value.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/net/.gitignore| 1 +
tools/testing/selftests/net/Makefile | 2 +-
tools/testing/selftests
Check that NS_GET_COOKIE returns a non-zero value, and that distinct
network namespaces have different cookies.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/nsfs/.gitignore | 1 +
tools/testing/selftests/nsfs/Makefile | 2 +-
tools/testing/selftests/nsfs/netns.c| 57
Network namespaces have a globally unique non-zero identifier aka a
cookie, in line with socket cookies. Add an ioctl to retrieve the
cookie from user space without going via BPF.
Cc: linux-...@vger.kernel.org
Signed-off-by: Lorenz Bauer
---
fs/nsfs.c | 9 +
include
abled, SO_NETNS_COOKIE returns the cookie of init_net.
The BPF helpers change slightly: instead of returning 0 when network
namespaces are disabled we return the init_net cookie as for the
socket option.
Cc: linux-...@vger.kernel.org
Signed-off-by: Lorenz Bauer
---
arch/alpha/include/uapi/asm/socket.h
Cc: linux-kernel@vger.kernel.org
Cc: linux-kselft...@vger.kernel.org
Cc: linux-m...@vger.kernel.org
Cc: linux-par...@vger.kernel.org
Cc: net...@vger.kernel.org
Cc: sparcli...@vger.kernel.org
Lorenz Bauer (4):
net: add SO_NETNS_COOKIE socket option
nsfs: add an ioctl to discover the network namespa
p_area_alloc although
that might conflict with Fixes tag.
Lorenz
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
gs to
BPF_PROG_ATTACH")
Reported-by: Jiri Benc
Signed-off-by: Lorenz Bauer
---
tools/bpf/bpftool/prog.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c
index d942c1e3372c..acdb2c245f0a 100644
--- a/tools/bpf/bpftool/prog.c
+++ b
I used
what is easier to type out.
Fixes: 0365351524d7 ("net: Allow iterating sockmap and sockhash")
Reported-by: kernel test robot
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 8
1 file changed, 8 insertions(+)
diff --git a/net/core/sock_map.c b/net/core/sock_map
tps://godbolt.org/z/77P6P9
Seems like red hat GCC has some special sauce that fixes this behaviour?
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
ught the key arg should be used as read-only in the map's helper.
> or there is map type's helper that modifies the key?
I don't know, that's what I meant by more difficult. If map keys are
always read-only like you say this would be straight forward to do
(famous last w
l warning.c
jkbs@toad ~/tmp $
Maybe this is https://gcc.gnu.org/bugzilla/show_bug.cgi?id=18501 ? The
problem is still there on gcc 10. Compiling test_progs with clang does
issue a warning FWIW, but it seems like other things break when doing
that.
--
Lorenz Bauer | Systems Eng
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
sk_fullsock. Doing this allows calling
map_update_elem on sockmap from bpf_iter context, which uses
BTF pointers.
Signed-off-by: Lorenz Bauer
Acked-by: Martin KaFai Lau
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
rnatively, allow specialising map_ops per context.
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
sk_fullsock. Doing this allows calling
map_update_elem on sockmap from bpf_iter context, which uses
BTF pointers.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
uitable().
> sk_type is not in sock_common.
Oh my, thanks!
--
Lorenz Bauer | Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK
www.cloudflare.com
Since we can now call map_update_elem(sockmap) from bpf_iter context
it's possible to copy a sockmap or sockhash in the kernel. Add a
selftest which exercises this.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 14 +-
.../selftests/bpf/
We compare socket cookies to ensure that insertion into a sockmap worked.
Pull this out into a helper function for use in other tests.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 50 +--
1 file changed, 36 insertions(+), 14 deletions(-)
diff
The shared header to define SOCKMAP_MAX_ENTRIES is a bit overkill.
Dynamically allocate the sock_fd array based on bpf_map__max_entries
instead.
Suggested-by: Yonghong Song
Signed-off-by: Lorenz Bauer
Acked-by: Yonghong Song
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 36
uses BTF pointers.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 2 +-
net/core/sock_map.c | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index d4ba29fb17a6..5bd0239da8b6 100644
--- a/kernel/bpf/verifier.c
+++ b
designated initializers. Use __BPF_ARG_TYPE_MAX to size
the array instead.
Signed-off-by: Lorenz Bauer
Suggested-by: Alexei Starovoitov
---
kernel/bpf/verifier.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 15ab889b0a3f
contexts.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 78 +++
.../bpf/progs/test_sockmap_invalid_update.c | 23 ++
.../selftests/bpf/progs/test_sockmap_update.c | 48
3 files changed, 149 insertions(+)
create mode 100644
tools
native type for the map" instead of "pointer to memory"
for sockmap and sockhash. This means we don't have to modify the
function prototype at all
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 35 +++
1 file changed, 35 insertion
Merge the two very similar functions sock_map_update_elem and
sock_hash_update_elem into one.
Acked-by: John Fastabend
Acked-by: Yonghong Song
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 49 +++--
1 file changed, 7 insertions(+), 42 deletions
y: Yonghong Song
Acked-by: John Fastabend
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h | 7 +++
kernel/bpf/syscall.c | 5 +++--
net/core/sock_map.c | 6 ++
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index cef4ef0d2b
cted by the verifier.
I've audited the enabled contexts to make sure they can't run in
a locked context. It's possible that CGROUP_SKB and others are
safe as well, but the auditing here is much more difficult. In
any case, we can extend the safe contexts when the need arises.
S
s always fully initialized, and
that psock->sk_proto is always the "original" struct proto.
The latter allows us to use psock->sk_proto when initializing
IPv6 TCP / UDP callbacks for sockmap.
Acked-by: John Fastabend
Signed-off-by: Lorenz Bauer
---
include/linux/skmsg.h | 17 -
On Thu, 20 Aug 2020 at 17:10, Yonghong Song wrote:
>
>
>
> On 8/20/20 6:57 AM, Lorenz Bauer wrote:
> > The verifier assumes that map values are simple blobs of memory, and
> > therefore treats ARG_PTR_TO_MAP_VALUE, etc. as such. However, there are
> > map types wher
On Thu, 20 Aug 2020 at 15:49, Yonghong Song wrote:
>
>
>
> On 8/20/20 4:58 AM, Lorenz Bauer wrote:
> > On Wed, 19 Aug 2020 at 21:46, Yonghong Song wrote:
> >>
> >>
> >>
> >> On 8/19/20 2:24 AM, Lorenz Bauer wrote:
> >>> Ad
native type for the map" instead of "pointer to memory"
for sockmap and sockhash. This means we don't have to modify the
function prototype at all
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 37 +
1 file changed, 37 insertion
Don't go via map->ops to call sock_map_update_elem, since we know
what function to call in bpf_map_update_value. Since we currently
don't allow calling map_update_elem from BPF context, we can remove
ops->map_update_elem and rename the function to sock_map_update_elem_sys.
Signe
7;t just lock_sock like in
sock_map_sk_acquire because that might sleep. So instead we disable
softirq processing and use bh_lock_sock to prevent further
modification.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 41 +++--
net/core/sock_map.
Add a test which copies a socket from a sockmap into another sockmap
or sockhash. This excercises bpf_map_update_elem support from BPF
context. Compare the socket cookies from source and destination to
ensure that the copy succeeded.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests
s always fully initialized, and
that psock->sk_proto is always the "original" struct proto.
The latter allows us to use psock->sk_proto when initializing
IPv6 TCP / UDP callbacks for sockmap.
Signed-off-by: Lorenz Bauer
---
include/linux/skmsg.h | 17 ---
Merge the two very similar functions sock_map_update_elem and
sock_hash_update_elem into one.
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 49 +++--
1 file changed, 7 insertions(+), 42 deletions(-)
diff --git a/net/core/sock_map.c b/net/core
On Wed, 19 Aug 2020 at 21:13, Yonghong Song wrote:
>
>
>
> On 8/19/20 2:24 AM, Lorenz Bauer wrote:
> > The verifier assumes that map values are simple blobs of memory, and
> > therefore treats ARG_PTR_TO_MAP_VALUE, etc. as such. However, there are
> > map types wher
On Wed, 19 Aug 2020 at 21:46, Yonghong Song wrote:
>
>
>
> On 8/19/20 2:24 AM, Lorenz Bauer wrote:
> > Add a test which copies a socket from a sockmap into another sockmap
> > or sockhash. This excercises bpf_map_update_elem support from BPF
> > context. Compare the
On Wed, 19 Aug 2020 at 23:41, John Fastabend wrote:
>
> John Fastabend wrote:
> > Lorenz Bauer wrote:
> > > Allow calling bpf_map_update_elem on sockmap and sockhash from a BPF
> > > context. The synchronization required for this is a bit fiddly: we
> > > n
s always fully initialized, and
that psock->sk_proto is always the "original" struct proto.
The latter allows us to use psock->sk_proto when initializing
IPv6 TCP / UDP callbacks for sockmap.
Signed-off-by: Lorenz Bauer
---
include/linux/skmsg.h | 17 ---
we can't just lock_sock like in
sock_map_sk_acquire because that might sleep. So instead we disable
softirq processing and use bh_lock_sock to prevent further
modification.
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 6 --
net/core/sock_map.c | 24
2
native type for the map" instead of "pointer to memory"
for sockmap and sockhash. This means we don't have to modify the
function prototype at all
Signed-off-by: Lorenz Bauer
---
kernel/bpf/verifier.c | 40
1 file changed, 40 insertion
Merge the two very similar functions sock_map_update_elem and
sock_hash_update_elem into one.
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 53 -
1 file changed, 9 insertions(+), 44 deletions(-)
diff --git a/net/core/sock_map.c b/net/core
the function to
sock_map_update_elem_sys.
Signed-off-by: Lorenz Bauer
---
include/linux/bpf.h | 7 +++
kernel/bpf/syscall.c | 5 +++--
net/core/sock_map.c | 6 ++
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index cef4ef0d2b4e..cf3416d1b8c2 1006
Add a test which copies a socket from a sockmap into another sockmap
or sockhash. This excercises bpf_map_update_elem support from BPF
context. Compare the socket cookies from source and destination to
ensure that the copy succeeded.
Signed-off-by: Lorenz Bauer
---
.../selftests/bpf/prog_tests
m fds.
Reported-by: Martin KaFai Lau
Signed-off-by: Lorenz Bauer
Fixes: bb0de3131f4c ("bpf: sockmap: Require attach_bpf_fd when detaching a
program")
---
tools/testing/selftests/bpf/test_maps.c | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/tools/testin
On Wed, 17 Jun 2020 at 07:49, John Fastabend wrote:
>
> Alexei Starovoitov wrote:
> > On Tue, Jun 16, 2020 at 1:30 AM Lorenz Bauer wrote:
> > >
> > > On Tue, 16 Jun 2020 at 04:55, Alexei Starovoitov
> > > wrote:
> > > >
> > > &g
On Tue, 16 Jun 2020 at 04:55, Alexei Starovoitov
wrote:
>
> On Mon, Jun 15, 2020 at 7:43 AM Lorenz Bauer wrote:
> >
> > On Fri, 12 Jun 2020 at 23:36, Alexei Starovoitov
> > wrote:
> > >
> > > On Fri, Jun 12, 2020 at 9:02 AM Lorenz Bauer wrote:
>
On Fri, 12 Jun 2020 at 23:36, Alexei Starovoitov
wrote:
>
> On Fri, Jun 12, 2020 at 9:02 AM Lorenz Bauer wrote:
> >
> > Using BPF_PROG_ATTACH on a flow dissector program supports neither flags
> > nor target_fd but accepts any value. Return EINVAL if either are non-zer
Using BPF_PROG_ATTACH on a sockmap program currently understands no
flags, but accepts any value. Return EINVAL if any flags are specified.
Signed-off-by: Lorenz Bauer
Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface")
---
net/core/sock_map.c | 3 +++
1 file
Using BPF_PROG_ATTACH on a flow dissector program supports neither flags
nor target_fd but accepts any value. Return EINVAL if either are non-zero.
Signed-off-by: Lorenz Bauer
Fixes: b27f7bb590ba ("flow_dissector: Move out netns_bpf prog callbacks")
---
kernel/bpf/net_namespace.c
quot;)
Signed-off-by: Lorenz Bauer
---
net/core/sock_map.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 00a26cf2cfe9..35cea36f3892 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -424,10
commit 324bda9e6c5a ("bpf: multi program support for cgroup+bpf")
Signed-off-by: Lorenz Bauer
Fixes: af6eea57437a ("bpf: Implement bpf_link-based cgroup BPF program
attachment")
---
kernel/bpf/cgroup.c| 2 +-
.../testing/selftests/bpf/pr
larger than data_size_in due
to bpf_xdp_adjust_head() and friends.
bpf_test_finish doesn’t clamp size to data_size_out, which is what I
was expecting.
What is the correct way to use this interface?
Best,
Lorenz
--
Lorenz Bauer | Systems Engineer
25 Lavington St., London SE1 0NZ
62 matches
Mail list logo