Andrii Nakryiko wrote:
> On Mon, Jun 22, 2020 at 12:42 PM John Fastabend
> wrote:
> >
> > Andrii Nakryiko wrote:
> > > On Mon, Jun 22, 2020 at 11:30 AM John Fastabend
> > > wrote:
> > > >
> > > > Andrii Nakryiko wrote:
> > >
N but not SYS_ADMIN).
>
> Cc: Alexei Starovoitov
> Cc: Daniel Borkmann
> Reported-by: John Stultz
> Fixes: 2c78ee898d8f ("bpf: Implement CAP_BPF")
> Signed-off-by: Maciej Żenczykowski
Thanks so much for helping narrow this regression down and submitting this fix!
It's much appreciated!
Tested-by: John Stultz
thanks
-john
Andrii Nakryiko wrote:
> On Mon, Jun 22, 2020 at 11:30 AM John Fastabend
> wrote:
> >
> > Andrii Nakryiko wrote:
> > > On Fri, Jun 19, 2020 at 3:21 PM Daniel Borkmann
> > > wrote:
> > > >
> > > > On 6/19/20 8:41 PM, Andrii Nakr
Andrii Nakryiko wrote:
> On Fri, Jun 19, 2020 at 3:21 PM Daniel Borkmann wrote:
> >
> > On 6/19/20 8:41 PM, Andrii Nakryiko wrote:
> > > On Fri, Jun 19, 2020 at 6:08 AM Daniel Borkmann
> > > wrote:
> > >> On 6/19/20 2:39 AM, John Fastabend wrote:
Yonghong Song wrote:
>
>
> On 6/18/20 7:04 PM, Alexei Starovoitov wrote:
> > On Thu, Jun 18, 2020 at 5:26 PM John Fastabend
> > wrote:
> >>
> >> foo(int a, __int128 b)
> >>
> >> would put a in r0 and b in r2 and r3 leaving a hole in r
John Fastabend wrote:
> Andrii Nakryiko wrote:
> > On Thu, Jun 18, 2020 at 11:58 AM John Fastabend
> > wrote:
[...]
> > That would be great. Self-tests do work, but having more testing with
> > real-world application would certainly help as well.
>
> Thanks
Andrii Nakryiko wrote:
> On Thu, Jun 18, 2020 at 3:50 PM John Fastabend
> wrote:
> >
> > Jiri Olsa wrote:
> > > On Wed, Jun 17, 2020 at 04:20:54PM -0700, John Fastabend wrote:
> > > > Jiri Olsa wrote:
> > > > > This way we can have trampoli
Andrii Nakryiko wrote:
> On Thu, Jun 18, 2020 at 12:09 PM John Fastabend
> wrote:
> >
> > Andrii Nakryiko wrote:
> > > Add selftest that validates variable-length data reading and
> > > concatentation
> > > with one big shared data array. This is
Andrii Nakryiko wrote:
> On Thu, Jun 18, 2020 at 11:58 AM John Fastabend
> wrote:
> >
> > Andrii Nakryiko wrote:
> > > On Wed, Jun 17, 2020 at 11:49 PM John Fastabend
> > > wrote:
> > > >
> > > > Andrii Nakryiko wrote:
> > >
Jiri Olsa wrote:
> On Wed, Jun 17, 2020 at 04:20:54PM -0700, John Fastabend wrote:
> > Jiri Olsa wrote:
> > > This way we can have trampoline on function
> > > that has arguments with types like:
> > >
> > > kuid_t uid
> > > kgid_t
John Fastabend wrote:
> Jiri Olsa wrote:
> > The btfid tool will be used during the vmlinux linking,
> > so it's necessary it's ready for it.
> >
> > Signed-off-by: Jiri Olsa
> > ---
> > Makefile | 22 ++
> > t
going to nitpick if its in this series or a stand-alone patch
but do want to see it. So far the Documentation on BTF is fairly
good and I want to avoid these kind of gaps.
Thanks!
John
@ -48,7 +48,7 @@
#include
#include
#include
-#include
+#include
#include
#include
Here is the error. Is it something about my setup? bpftool/btf.c uses
. Because this in top-level Makefile we probably don't want to
push extra setup onto folks.
In file included from btfid.c:51:
/
Andrii Nakryiko wrote:
> Add selftest that validates variable-length data reading and concatentation
> with one big shared data array. This is a common pattern in production use for
> monitoring and tracing applications, that potentially can read a lot of data,
> but usually reads much less. Such p
Andrii Nakryiko wrote:
> On Wed, Jun 17, 2020 at 11:49 PM John Fastabend
> wrote:
> >
> > Andrii Nakryiko wrote:
> > > Switch most of BPF helper definitions from returning int to long. These
> > > definitions are coming from comments in BPF UAPI h
Andrii Nakryiko wrote:
> Switch most of BPF helper definitions from returning int to long. These
> definitions are coming from comments in BPF UAPI header and are used to
> generate bpf_helper_defs.h (under libbpf) to be later included and used from
> BPF programs.
>
> In actual in-kernel implemen
Martin KaFai Lau
> ---
> net/core/bpf_sk_storage.c | 41 +++
> 1 file changed, 37 insertions(+), 4 deletions(-)
>
Acked-by: John Fastabend
l-doc (Nikita Vetoshkin )
>
> Signed-off-by: Dmitry Yakunin
> Acked-by: Martin KaFai Lau
> ---
Acked-by: John Fastabend
Dmitry Yakunin wrote:
> This is preparation for usage in bpf_setsockopt.
>
> Signed-off-by: Dmitry Yakunin
> Acked-by: Martin KaFai Lau
> ---
Acked-by: John Fastabend
Dmitry Yakunin wrote:
> This is preparation for usage in bpf_setsockopt.
>
> Signed-off-by: Dmitry Yakunin
> Acked-by: Martin KaFai Lau
> ---
Acked-by: John Fastabend
Jiri Olsa wrote:
> This way we can have trampoline on function
> that has arguments with types like:
>
> kuid_t uid
> kgid_t gid
>
> which unwind into small structs like:
>
> typedef struct {
> uid_t val;
> } kuid_t;
>
> typedef struct {
> gid_t val;
> } kgid_t;
>
>
sockmap and flow_dissector have the same semantics as cgroup
> > > > and lirc2 requires a bunch of changes (probably a new function for
> > > > sockmap)
> > >
> > > making flow dissector pass prog_fd as cg and lirc is certainly my
> > > preference.
> > > Especially since tests are passing fd user code is likely doing the same,
> > > so breakage is unlikely. Also it wasn't done that long ago, so
> > > we can backport far enough.
> > > It will remove cap_net_admin ugly check in bpf_prog_detach()
> > > which is the only exception now in cap model.
> >
> > SGTM. What about sockmap though? The code for that has been around for ages.
>
> you mean the second patch that enforces sock_map_get_from_fd doesn't
> use attach_flags?
> I think it didn't break anything, so enforcing is fine.
I'm ok with enforcing it.
>
> or the detach part that doesn't use prog_fd ?
> I'm not sure what's the best here.
> At least from cap perspective it's fine because map_fd is there.
>
> John, wdyt?
I think we can keep the current detach without the prog_fd as-is. And
then add logic so that if the prog_fd is included we check it?
> kernel/bpf/devmap.c | 10 ++
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
Acked-by: John Fastabend
t;
> > Fixes: 34cc0b338a61 ("xdp: Xdp_frame add member frame_sz and handle in
> > convert_to_xdp_frame")
> > Signed-off-by: Hangbin Liu
>
> Thanks for spotting and fixing this! :-)
>
> Acked-by: Jesper Dangaard Brouer
>
Acked-by: John Fastabend
emset(rec, 0, size);
> + rec = calloc(n_cpus + 1, sizeof(struct record));
> if (!rec) {
> fprintf(stderr, "Mem alloc error\n");
> exit(EXIT_FAIL_MEM);
> --
> 2.17.1
>
Acked-by: John Fastabend
/* Alloc main stats_record structure */
> - rec = malloc(sizeof(*rec));
> - memset(rec, 0, sizeof(*rec));
> + rec = calloc(1, sizeof(*rec));
> if (!rec) {
> fprintf(stderr, "Mem alloc error\n");
> exit(EXIT_FAIL_MEM);
> --
> 2.17.1
>
Acked-by: John Fastabend
fe_ptr)
> if (unlikely(ret < 0))
> goto fail;
>
> - return 0;
> + return ret;
> fail:
> memset(dst, 0, size);
> return ret;
> --
> 2.24.1
>
Acked-by: John Fastabend
h a calloc()
> >
> > Fixes: 0fca931a6f21 ("samples/bpf: program demonstrating access to
> > xdp_rxq_info")
> > Signed-off-by: Gaurav Singh
>
> Acked-by: Jesper Dangaard Brouer
>
Acked-by: John Fastabend
DP;
> > }
> >
> > +static bool sock_map_redirect_allowed(const struct sock *sk)
> > +{
> > + return sk_is_tcp(sk) && sk->sk_state != TCP_LISTEN;
> > +}
> > +
> > static bool sock_map_sk_is_suitable(const struct sock *sk)
> > {
> > return sk_is_tcp(sk) || sk_is_udp(sk);
>
> Acked-by: Jakub Sitnicki
Thanks.
Acked-by: John Fastabend
Alexei Starovoitov wrote:
> On Fri, Jun 12, 2020 at 3:18 AM Jakub Sitnicki wrote:
> >
> > On Wed, 10 Jun 2020 12:19:43 +0200
> > Sabrina Dubroca wrote:
> >
> > > If the peer is closed, we will never get more data, so
> > > tcp_bpf_wait_data will get stuck forever. In case we passed
> > > MSG_DONT
On 2020-06-12 12:24, Matthew Wilcox wrote:
On Fri, May 29, 2020 at 04:43:08PM -0700, John Hubbard wrote:
+CASE 5: Pinning in order to write to the data within the page
+-
+Even though neither DMA nor Direct IO is involved, just a
Alexei Starovoitov wrote:
> On Tue, Jun 9, 2020 at 10:51 AM John Fastabend
> wrote:
> >
> > Jakub Sitnicki wrote:
> > > We can end up modifying the sockhash bucket list from two CPUs when a
> > > sockhash is being destroyed (sock_hash_free) on one CPU,
so that we can unlink the socket from the map when
> holding the sock lock.
>
> Fixes: 90db6d772f74 ("bpf, sockmap: Remove bucket->lock from
> sock_{hash|map}_free")
> Reported-by: Eric Dumazet
> Signed-off-by: Jakub Sitnicki
> ---
> net/core/sock_map.c | 23 +--
> 1 file changed, 21 insertions(+), 2 deletions(-)
Thanks.
Acked-by: John Fastabend
sock_hash_free_elem(htab, elem);
> }
> }
>
> --
> 2.25.4
>
In Cilium we pin the map and never release it thanks for catching this.
Acked-by: John Fastabend
__audit_syscall_exit+0x1e4/0x290
> [20759.307235] __x64_sys_recvfrom+0x24/0x30
> [20759.312226] do_syscall_64+0x55/0x1b0
> [20759.316852] entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> Signed-off-by: dihu
> ---
> net/ipv4/tcp_bpf.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Thanks, looks good to me.
Acked-by: John Fastabend
responsibility, and I
have every confidence that he will do a great job in that capacity
for our community.
Thanks, Michal!
John
--
John W. LinvilleSomeday the world will need a hero, and you
linvi...@tuxdriver.com might be all we have. Be ready.
Jakub Sitnicki wrote:
> On Wed, Jun 03, 2020 at 08:35 PM CEST, John Fastabend wrote:
> > Jakub Sitnicki wrote:
>
> [...]
>
> >> I'm not sure that the check for map->refcnt when sock is unlinking
> >> itself from the map will do it. I worry we will then
Jakub Sitnicki wrote:
> On Wed, Jun 03, 2020 at 08:13 AM CEST, Eric Dumazet wrote:
> > On 3/10/20 9:41 AM, John Fastabend wrote:
> >> The bucket->lock is not needed in the sock_hash_free and sock_map_free
> >> calls, in fact it is causing a splat due to being inside r
John Fastabend wrote:
> Jakub Sitnicki wrote:
> > On Fri, 29 May 2020 16:06:59 -0700
> > John Fastabend wrote:
> >
> > > KTLS uses a stream parser to collect TLS messages and send them to
> > > the upper layer tls receive handler. This ensures the tls
Jakub Sitnicki wrote:
> On Fri, 29 May 2020 16:06:59 -0700
> John Fastabend wrote:
>
> > KTLS uses a stream parser to collect TLS messages and send them to
> > the upper layer tls receive handler. This ensures the tls receiver
> > has a full TLS header to parse when
Jakub Sitnicki wrote:
> On Fri, 29 May 2020 16:06:41 -0700
> John Fastabend wrote:
>
> > We will need this block of code called from tls context shortly
> > lets refactor the redirect logic so its easy to use. This also
> > cleans up the switch stmt so we h
07108/
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: k...@vger.kernel.org
Cc: virtualizat...@lists.linux-foundation.org
Cc: netdev@vger.kernel.org
Signed-off-by: John Hubbard
---
drivers/vhost/vhost.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/vhost/vhost.c
.
[1] https://lore.kernel.org/r/20200527194953.11130-1-jhubb...@nvidia.com
[2] https://lore.kernel.org/r/20200529070343.gl14...@quack2.suse.cz
John Hubbard (2):
docs: mm/gup: pin_user_pages.rst: add a "case 5"
vhost: convert get_user_pages() --> pin_user_pages()
Doc
unpin" case.
Add a fifth case, to help explain that there is a general pattern
that requires pin_user_pages*() API calls.
Cc: Vlastimil Babka
Cc: Jan Kara
Cc: Jérôme Glisse
Cc: Dave Chinner
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
Cc: linux-fsde...@vger.kernel.org
Signed-of
ta within the pages
+set_page_dirty_lock()
+put_page()
+
I'll send a v2 shortly.
thanks,
--
John Hubbard
NVIDIA
unpin" case.
Add a fifth case, to help explain that there is a general pattern
that requires pin_user_pages*() API calls.
Cc: Vlastimil Babka
Cc: Jan Kara
Cc: Jérôme Glisse
Cc: Dave Chinner
Cc: Jonathan Corbet
Cc: linux-...@vger.kernel.org
Cc: linux-fsde...@vger.kernel.org
Signed-of
07108/
Cc: Michael S. Tsirkin
Cc: Jason Wang
Cc: k...@vger.kernel.org
Cc: virtualizat...@lists.linux-foundation.org
Cc: netdev@vger.kernel.org
Signed-off-by: John Hubbard
---
drivers/vhost/vhost.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/vhost/vhost.c
does also include cross-compiling for a few other arches. Any run-time
testing would be greatly appreciated.
[1] https://lore.kernel.org/r/20200529070343.gl14...@quack2.suse.cz
John Hubbard (2):
docs: mm/gup: pin_user_pages.rst: add a "case 5"
vhost: convert get_user_pages(
erse order TCP -> TLS -> BPF.
Discovered while testing OpenSSL 3.0 Alpha2.0 release.
Fixes: d829e9c4112b5 ("tls: convert to generic sk_msg interface")
Signed-off-by: John Fastabend
---
include/linux/skmsg.h |8
include/net/tls.h |9 ++
This adds a test for bpf ingress policy. To ensure data writes happen
as expected with extra TLS headers we run these tests with data
verification enabled by default. This will test receive packets have
"PASS" stamped into the front of the payload.
Signed-off-by: John
Signed-off-by: John Fastabend
---
net/core/skmsg.c | 55 +-
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index c479372..9d72f71 100644
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -682,
verdict program. This analogous to how we handle
a similar conflict on the TX side.
Note, this is a fix but it doesn't make sense to push this late to
bpf tree so targeting bpf-next and keeping fixes tags.
---
John Fastabend (3):
bpf: refactor sockmap redirect code so its easy to
ss_msg,
> + struct sk_msg, list))
> +break;
Thanks. Change looks good but spacing is a bit off . Can we
turn those spaces into tabs? Otherwise adding fixes tag and
my ack would be great.
Fixes: 02c558b2d5d67 ("bpf: sockmap, support for msg_peek in sk_msg with
redirect ingress")
Acked-by: John Fastabend
Andrii Nakryiko wrote:
> On Mon, May 25, 2020 at 3:57 PM John Fastabend
> wrote:
> >
> > Daniel Borkmann wrote:
> > > On 5/24/20 6:50 PM, John Fastabend wrote:
> > > > Add these generic helpers that may be useful to use from sk_msg
> > > > pr
Daniel Borkmann wrote:
> On 5/24/20 6:50 PM, John Fastabend wrote:
> > Often it is useful when applying policy to know something about the
> > task. If the administrator has CAP_SYS_ADMIN rights then they can
> > use kprobe + networking hook and link the two programs toget
Daniel Borkmann wrote:
> On 5/24/20 6:50 PM, John Fastabend wrote:
> > Add these generic helpers that may be useful to use from sk_msg programs.
> > The helpers do not depend on ctx so we can simply add them here,
> >
> > BPF_FUNC_perf_event_output
> &g
Lets test using probe* in SCHED_CLS network programs as well just
to be sure these keep working. Its cheap to add the extra test
and provides a second context to test outside of sk_msg after
we generalized probe* helpers to all networking types.
Acked-by: Yonghong Song
Signed-off-by: John
-by: John Fastabend
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 35 +++
.../selftests/bpf/progs/test_skmsg_load_helpers.c | 47
2 files changed, 82 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/test_skmsg_load_helpers.c
diff
Add helpers to use local socket storage.
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
include/uapi/linux/bpf.h |2 ++
net/core/filter.c | 15 +++
tools/include/uapi/linux/bpf.h |2 ++
3 files changed, 19 insertions(+)
diff --git a/include
ing,
BPF_FUNC_get_current_task
BPF_FUNC_current_task_under_cgroup
BPF_FUNC_probe_read_user
BPF_FUNC_probe_read_kernel
BPF_FUNC_probe_read_user_str
BPF_FUNC_probe_read_kernel_str
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
kernel/bpf/helpers.c | 24
kernel/tr
BPF_FUNC_get_current_ancestor_cgroup_id
BPF_FUNC_get_cgroup_classid
Acked-by: Yonghong Song
Signed-off-by: John Fastabend
---
net/core/filter.c | 16
1 file changed, 16 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 822d662..a56046a 100644
--- a/net/core
check
instead of CAP_SYS_ADMIN.
Drop old probe helpers, probe_read() and probe_read_str()
Added tests.
Thanks to Daniel, Yonghong, and Andrii for review and feedback.
---
John Fastabend (5):
bpf, sk_msg: add some generic helpers that may be useful from sk_msg
bpf: extend bpf_base_f
Daniel Borkmann wrote:
> On 5/22/20 6:24 AM, John Fastabend wrote:
> > Often it is useful when applying policy to know something about the
> > task. If the administrator has CAP_SYS_ADMIN rights then they can
> > use kprobe + networking hook and link the two programs toget
-by: John Fastabend
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 35 +++
.../selftests/bpf/progs/test_skmsg_load_helpers.c | 47
2 files changed, 82 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/test_skmsg_load_helpers.c
diff
Lets test using probe* in SCHED_CLS network programs as well just
to be sure these keep working. Its cheap to add the extra test
and provides a second context to test outside of sk_msg after
we generalized probe* helpers to all networking types.
Acked-by: Yonghong Song
Signed-off-by: John
ing,
BPF_FUNC_get_current_task
BPF_FUNC_current_task_under_cgroup
BPF_FUNC_probe_read_user
BPF_FUNC_probe_read_kernel
BPF_FUNC_probe_read_user_str
BPF_FUNC_probe_read_kernel_str
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
0 files changed
diff --git a/kernel/bpf/helpers.c b/kernel/
Add helpers to use local socket storage.
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
0 files changed
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index b9b8a0f..d394b09 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -3641,6 +3641,8
BPF_FUNC_get_current_ancestor_cgroup_id
BPF_FUNC_get_cgroup_classid
Acked-by: Yonghong Song
Signed-off-by: John Fastabend
---
0 files changed
diff --git a/net/core/filter.c b/net/core/filter.c
index 822d662..a56046a 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -6443,6 +6443,22
nstead of CAP_SYS_ADMIN.
Drop old probe helpers, probe_read() and probe_read_str()
Added tests.
Thanks to Daniel, Yonghong, and Andrii for review and feedback.
---
John Fastabend (5):
bpf: sk_msg add some generic helpers that may be useful from sk_msg
bpf: extend bpf_base_func_prot
would fix the issue above and
also keep the original behavior.
And then while reviewing I also wonder do we have the same issue described
here in netclasid_cgroup.c with the cgrp_attach()? It would be best to keep
netcls and netprio in sync in this regard imo. At least netcls calls
cgroup_sk_alloc_disable in the write_classid() hook so I suspect it makes
sense to also add that to the attach hook?
Thanks,
John
r one.
Acked-by: Andrii Nakryiko
Signed-off-by: John Fastabend
---
.../selftests/bpf/progs/test_sk_lookup_kern.c |1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c
b/tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c
index d2
When we have pointer type that is known to be non-null we only follow
the non-null branch. This adds tests to cover the map_value pointer
returned from a map lookup. To force an error if both branches are
followed we do an ALU op on R10.
Acked-by: Andrii Nakryiko
Signed-off-by: John Fastabend
.
Signed-off-by: John Fastabend
---
.../testing/selftests/bpf/verifier/ref_tracking.c | 33
1 file changed, 33 insertions(+)
diff --git a/tools/testing/selftests/bpf/verifier/ref_tracking.c
b/tools/testing/selftests/bpf/verifier/ref_tracking.c
index 604b461..056e027 100644
messages hopefully its better now.
---
John Fastabend (4):
bpf: verifier track null pointer branch_taken with JNE and JEQ
bpf: selftests, verifier case for non null pointer check branch taken
bpf: selftests, verifier case for non null pointer map value branch
bpf: s
ve passes
as expected.
Suggested-by: Alexei Starovoitov
Reported-by: Andrey Ignatov
Signed-off-by: John Fastabend
---
kernel/bpf/verifier.c | 36 +---
1 file changed, 33 insertions(+), 3 deletions(-)
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
Andrii Nakryiko wrote:
> On Thu, May 21, 2020 at 7:36 AM John Fastabend
> wrote:
> >
> > Lets test using probe* in SCHED_CLS network programs as well just
> > to be sure these keep working. Its cheap to add the extra test
> > and provides a second context to test
John Fastabend wrote:
> Andrii Nakryiko wrote:
> > On Thu, May 21, 2020 at 7:36 AM John Fastabend
> > wrote:
> > >
> > > The test itself is not particularly useful but it encodes a common
> > > pattern we have.
> > >
> > > Namely
Andrii Nakryiko wrote:
> On Thu, May 21, 2020 at 7:36 AM John Fastabend
> wrote:
> >
> > The test itself is not particularly useful but it encodes a common
> > pattern we have.
> >
> > Namely do a sk storage lookup then depending on data here deci
Yonghong Song wrote:
>
>
> On 5/21/20 7:35 AM, John Fastabend wrote:
> > The test itself is not particularly useful but it encodes a common
> > pattern we have.
> >
> > Namely do a sk storage lookup then depending on data here decide if
> > we need to do
Lets test using probe* in SCHED_CLS network programs as well just
to be sure these keep working. Its cheap to add the extra test
and provides a second context to test outside of sk_msg after
we generalized probe* helpers to all networking types.
Signed-off-by: John Fastabend
---
.../testing
-by: John Fastabend
---
.../selftests/bpf/prog_tests/sockmap_basic.c | 57
.../selftests/bpf/progs/test_skmsg_load_helpers.c | 48 +
2 files changed, 105 insertions(+)
create mode 100644 tools/testing/selftests/bpf/progs/test_skmsg_load_helpers.c
ing,
BPF_FUNC_get_current_task
BPF_FUNC_current_task_under_cgroup
BPF_FUNC_probe_read_user
BPF_FUNC_probe_read_kernel
BPF_FUNC_probe_read_user_str
BPF_FUNC_probe_read_kernel_str
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
kernel/bpf/helpers.c | 27 +++
ker
Add helpers to use local socket storage.
Signed-off-by: John Fastabend
Acked-by: Yonghong Song
---
include/uapi/linux/bpf.h |2 ++
net/core/filter.c | 15 +++
tools/include/uapi/linux/bpf.h |2 ++
3 files changed, 19 insertions(+)
diff --git a/include
BPF_FUNC_get_current_ancestor_cgroup_id
BPF_FUNC_get_cgroup_classid
Acked-by: Yonghong Song
Signed-off-by: John Fastabend
---
net/core/filter.c | 16
1 file changed, 16 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index 822d662..a56046a 100644
--- a/net/core
now in bpf-next so use perfmon_capable() check
instead of CAP_SYS_ADMIN.
Drop old probe helpers, probe_read() and probe_read_str()
Added tests.
Thanks to Daniel and Yonghong for review and feedback.
---
John Fastabend (5):
bpf: sk_msg add some generic helpers that may be useful from
;)
Cc: David S. Miller
Cc: Jakub Kicinski
Cc: netdev@vger.kernel.org
Cc: linux-r...@vger.kernel.org
Cc: rds-de...@oss.oracle.com
Signed-off-by: John Hubbard
---
net/rds/info.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rds/info.c b/net/rds/info.c
index
David Ahern wrote:
> On 5/18/20 12:10 PM, John Fastabend wrote:
> >>
> >> host ingress to VM is one use case; VM to VM on the same host is another.
> >
> > But host ingress to VM would still work with tail calls because the XDP
> > packet came from anot
Andrii Nakryiko wrote:
> On Mon, May 18, 2020 at 1:05 PM John Fastabend
> wrote:
> >
> > Current verifier when considering which branch may be taken on a
> > conditional test with pointer returns -1 meaning either branch may
> > be taken. But, we track if pointers
John Fastabend wrote:
> Current verifier when considering which branch may be taken on a
> conditional test with pointer returns -1 meaning either branch may
> be taken. But, we track if pointers can be NULL by using dedicated
> types for valid pointers (pointers that can not be NULL).
When we have pointer type that is known to be non-null we only follow
the non-null branch. This adds tests to cover the map_value pointer
returned from a map lookup. To force an error if both branches are
followed we do an ALU op on R10.
Signed-off-by: John Fastabend
---
.../testing/selftests
r one.
Signed-off-by: John Fastabend
---
.../selftests/bpf/progs/test_sk_lookup_kern.c |1 +
1 file changed, 1 insertion(+)
diff --git a/tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c
b/tools/testing/selftests/bpf/progs/test_sk_lookup_kern.c
index d2b38fa..e83d0b4 100644
--- a/
much in
the way of test overhead.
---
John Fastabend (4):
bpf: verifier track null pointer branch_taken with JNE and JEQ
bpf: selftests, verifier case for non null pointer check branch taken
bpf: selftests, verifier case for non null pointer map value branch
bpf: selftests
0x0'.
After the above additional logic is added the C code above passes
as expected.
This makes the assumption that all pointer types PTR_TO_* that can be null
have an equivalent type PTR_TO_*_OR_NULL logic.
Suggested-by: Alexei Starovoitov
Reported-by: Andrey Ignatov
Signed-off-by: John F
When we have pointer type that is known to be non-null we only follow
the non-null branch. This adds tests to cover this case for reference
tracking.
Signed-off-by: John Fastabend
---
.../testing/selftests/bpf/verifier/ref_tracking.c | 16
1 file changed, 16 insertions
David Ahern wrote:
> On 5/15/20 4:54 PM, John Fastabend wrote:
> > Hi David,
> >
> > Another way to set up egress programs that I had been thinking about is to
> > build a prog_array map with a slot per interface then after doing the
> > redirect (or I guess
Miller
Cc: Jakub Kicinski
Cc: netdev@vger.kernel.org
Cc: linux-r...@vger.kernel.org
Cc: rds-de...@oss.oracle.com
Signed-off-by: John Hubbard
---
net/rds/info.c | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/net/rds/info.c b/net/rds/info.c
index 03f6fd56d237..e1d63563e8
awhile
on my todo list so could add that for other use cases as well if that
was the only problem.
Sorry for the late reply it took me a bit of time to mull over the
patches.
Thanks,
John
Lets test using probe* in SCHED_CLS network programs as well just
to be sure these keep working. Its cheap to add the extra test
and provides a second context to test outside of sk_msg after
we generalized probe* helpers to all networking types.
Signed-off-by: John Fastabend
---
.../testing
BPF_FUNC_get_current_ancestor_cgroup_id
BPF_FUNC_get_cgroup_classid
Acked-by: Yonghong Song
Signed-off-by: John Fastabend
---
net/core/filter.c | 16
1 file changed, 16 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c
index f8a3c7e..7dac2b6 100644
--- a/net/core
ing,
BPF_FUNC_get_current_task
BPF_FUNC_current_task_under_cgroup
BPF_FUNC_probe_read_user
BPF_FUNC_probe_read_kernel
BPF_FUNC_probe_read_user_str
BPF_FUNC_probe_read_kernel_str
Signed-off-by: John Fastabend
---
kernel/bpf/helpers.c | 27 +++
kernel/trace/bpf_trace.c |
401 - 500 of 4010 matches
Mail list logo
