1. 24 5月, 2018 17 次提交
    • M
      bpf: Split lwt inout verifier structures · cd3092c7
      Mathieu Xhonneux 提交于
      The new bpf_lwt_push_encap helper should only be accessible within the
      LWT BPF IN hook, and not the OUT one, as this may lead to a skb under
      panic.
      
      At the moment, both LWT BPF IN and OUT share the same list of helpers,
      whose calls are authorized by the verifier. This patch separates the
      verifier ops for the IN and OUT hooks, and allows the IN hook to call the
      bpf_lwt_push_encap helper.
      
      This patch is also the occasion to put all lwt_*_func_proto functions
      together for clarity. At the moment, socks_op_func_proto is in the middle
      of lwt_inout_func_proto and lwt_xmit_func_proto.
      Signed-off-by: NMathieu Xhonneux <m.xhonneux@gmail.com>
      Acked-by: NDavid Lebrun <dlebrun@google.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      cd3092c7
    • M
      bpf: Add IPv6 Segment Routing helpers · fe94cc29
      Mathieu Xhonneux 提交于
      The BPF seg6local hook should be powerful enough to enable users to
      implement most of the use-cases one could think of. After some thinking,
      we figured out that the following actions should be possible on a SRv6
      packet, requiring 3 specific helpers :
          - bpf_lwt_seg6_store_bytes: Modify non-sensitive fields of the SRH
          - bpf_lwt_seg6_adjust_srh: Allow to grow or shrink a SRH
                                     (to add/delete TLVs)
          - bpf_lwt_seg6_action: Apply some SRv6 network programming actions
                                 (specifically End.X, End.T, End.B6 and
                                  End.B6.Encap)
      
      The specifications of these helpers are provided in the patch (see
      include/uapi/linux/bpf.h).
      
      The non-sensitive fields of the SRH are the following : flags, tag and
      TLVs. The other fields can not be modified, to maintain the SRH
      integrity. Flags, tag and TLVs can easily be modified as their validity
      can be checked afterwards via seg6_validate_srh. It is not allowed to
      modify the segments directly. If one wants to add segments on the path,
      he should stack a new SRH using the End.B6 action via
      bpf_lwt_seg6_action.
      
      Growing, shrinking or editing TLVs via the helpers will flag the SRH as
      invalid, and it will have to be re-validated before re-entering the IPv6
      layer. This flag is stored in a per-CPU buffer, along with the current
      header length in bytes.
      
      Storing the SRH len in bytes in the control block is mandatory when using
      bpf_lwt_seg6_adjust_srh. The Header Ext. Length field contains the SRH
      len rounded to 8 bytes (a padding TLV can be inserted to ensure the 8-bytes
      boundary). When adding/deleting TLVs within the BPF program, the SRH may
      temporary be in an invalid state where its length cannot be rounded to 8
      bytes without remainder, hence the need to store the length in bytes
      separately. The caller of the BPF program can then ensure that the SRH's
      final length is valid using this value. Again, a final SRH modified by a
      BPF program which doesn’t respect the 8-bytes boundary will be discarded
      as it will be considered as invalid.
      
      Finally, a fourth helper is provided, bpf_lwt_push_encap, which is
      available from the LWT BPF IN hook, but not from the seg6local BPF one.
      This helper allows to encapsulate a Segment Routing Header (either with
      a new outer IPv6 header, or by inlining it directly in the existing IPv6
      header) into a non-SRv6 packet. This helper is required if we want to
      offer the possibility to dynamically encapsulate a SRH for non-SRv6 packet,
      as the BPF seg6local hook only works on traffic already containing a SRH.
      This is the BPF equivalent of the seg6 LWT infrastructure, which achieves
      the same purpose but with a static SRH per route.
      
      These helpers require CONFIG_IPV6=y (and not =m).
      Signed-off-by: NMathieu Xhonneux <m.xhonneux@gmail.com>
      Acked-by: NDavid Lebrun <dlebrun@google.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      fe94cc29
    • M
      ipv6: sr: export function lookup_nexthop · 1c1e761e
      Mathieu Xhonneux 提交于
      The function lookup_nexthop is essential to implement most of the seg6local
      actions. As we want to provide a BPF helper allowing to apply some of these
      actions on the packet being processed, the helper should be able to call
      this function, hence the need to make it public.
      
      Moreover, if one argument is incorrect or if the next hop can not be found,
      an error should be returned by the BPF helper so the BPF program can adapt
      its processing of the packet (return an error, properly force the drop,
      ...). This patch hence makes this function return dst->error to indicate a
      possible error.
      Signed-off-by: NMathieu Xhonneux <m.xhonneux@gmail.com>
      Acked-by: NDavid Lebrun <dlebrun@google.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      1c1e761e
    • M
      ipv6: sr: make seg6.h includable without IPv6 · 63526e1c
      Mathieu Xhonneux 提交于
      include/net/seg6.h cannot be included in a source file if CONFIG_IPV6 is
      not enabled:
         include/net/seg6.h: In function 'seg6_pernet':
      >> include/net/seg6.h:52:14: error: 'struct net' has no member named
                                              'ipv6'; did you mean 'ipv4'?
           return net->ipv6.seg6_data;
                       ^~~~
                       ipv4
      
      This commit makes seg6_pernet return NULL if IPv6 is not compiled, hence
      allowing seg6.h to be included regardless of the configuration.
      Signed-off-by: NMathieu Xhonneux <m.xhonneux@gmail.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      63526e1c
    • D
      Merge branch 'bpf-multi-prog-improvements' · 30cfe3b4
      Daniel Borkmann 提交于
      Sandipan Das says:
      
      ====================
      [1] Support for bpf-to-bpf function calls in the powerpc64 JIT compiler.
      
      [2] Provide a way for resolving function calls because of the way JITed
          images are allocated in powerpc64.
      
      [3] Fix to get JITed instruction dumps for multi-function programs from
          the bpf system call.
      
      [4] Fix for bpftool to show delimited multi-function JITed image dumps.
      
      v4:
       - Incorporate review comments from Jakub.
       - Fix JSON output for bpftool.
      
      v3:
       - Change base tree tag to bpf-next.
       - Incorporate review comments from Alexei, Daniel and Jakub.
       - Make sure that the JITed image does not grow or shrink after
         the last pass due to the way the instruction sequence used
         to load a callee's address maybe optimized.
       - Make additional changes to the bpf system call and bpftool to
         make multi-function JITed dumps easier to correlate.
      
      v2:
       - Incorporate review comments from Jakub.
      ====================
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      30cfe3b4
    • S
      tools: bpftool: add delimiters to multi-function JITed dumps · f7f62c71
      Sandipan Das 提交于
      This splits up the contiguous JITed dump obtained via the bpf
      system call into more relatable chunks for each function in
      the program. If the kernel symbols corresponding to these are
      known, they are printed in the header for each JIT image dump
      otherwise the masked start address is printed.
      
      Before applying this patch:
      
        # bpftool prog dump jited id 1
      
           0:	push   %rbp
           1:	mov    %rsp,%rbp
        ...
          70:	leaveq
          71:	retq
          72:	push   %rbp
          73:	mov    %rsp,%rbp
        ...
          dd:	leaveq
          de:	retq
      
        # bpftool -p prog dump jited id 1
      
        [{
                "pc": "0x0",
                "operation": "push",
                "operands": ["%rbp"
                ]
            },{
        ...
            },{
                "pc": "0x71",
                "operation": "retq",
                "operands": [null
                ]
            },{
                "pc": "0x72",
                "operation": "push",
                "operands": ["%rbp"
                ]
            },{
        ...
            },{
                "pc": "0xde",
                "operation": "retq",
                "operands": [null
                ]
            }
        ]
      
      After applying this patch:
      
        # echo 0 > /proc/sys/net/core/bpf_jit_kallsyms
        # bpftool prog dump jited id 1
      
        0xffffffffc02c7000:
           0:	push   %rbp
           1:	mov    %rsp,%rbp
        ...
          70:	leaveq
          71:	retq
      
        0xffffffffc02cf000:
           0:	push   %rbp
           1:	mov    %rsp,%rbp
        ...
          6b:	leaveq
          6c:	retq
      
        # bpftool -p prog dump jited id 1
      
        [{
                "name": "0xffffffffc02c7000",
                "insns": [{
                        "pc": "0x0",
                        "operation": "push",
                        "operands": ["%rbp"
                        ]
                    },{
        ...
                    },{
                        "pc": "0x71",
                        "operation": "retq",
                        "operands": [null
                        ]
                    }
                ]
            },{
                "name": "0xffffffffc02cf000",
                "insns": [{
                        "pc": "0x0",
                        "operation": "push",
                        "operands": ["%rbp"
                        ]
                    },{
        ...
                    },{
                        "pc": "0x6c",
                        "operation": "retq",
                        "operands": [null
                        ]
                    }
                ]
            }
        ]
      
        # echo 1 > /proc/sys/net/core/bpf_jit_kallsyms
        # bpftool prog dump jited id 1
      
        bpf_prog_b811aab41a39ad3d_foo:
           0:	push   %rbp
           1:	mov    %rsp,%rbp
        ...
          70:	leaveq
          71:	retq
      
        bpf_prog_cf418ac8b67bebd9_F:
           0:	push   %rbp
           1:	mov    %rsp,%rbp
        ...
          6b:	leaveq
          6c:	retq
      
        # bpftool -p prog dump jited id 1
      
        [{
                "name": "bpf_prog_b811aab41a39ad3d_foo",
                "insns": [{
                        "pc": "0x0",
                        "operation": "push",
                        "operands": ["%rbp"
                        ]
                    },{
        ...
                    },{
                        "pc": "0x71",
                        "operation": "retq",
                        "operands": [null
                        ]
                    }
                ]
            },{
                "name": "bpf_prog_cf418ac8b67bebd9_F",
                "insns": [{
                        "pc": "0x0",
                        "operation": "push",
                        "operands": ["%rbp"
                        ]
                    },{
        ...
                    },{
                        "pc": "0x6c",
                        "operation": "retq",
                        "operands": [null
                        ]
                    }
                ]
            }
        ]
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      f7f62c71
    • S
      tools: bpf: sync bpf uapi header · bd980d43
      Sandipan Das 提交于
      Syncing the bpf.h uapi header with tools so that struct
      bpf_prog_info has the two new fields for passing on the
      JITed image lengths of each function in a multi-function
      program.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      bd980d43
    • S
      bpf: get JITed image lengths of functions via syscall · 815581c1
      Sandipan Das 提交于
      This adds new two new fields to struct bpf_prog_info. For
      multi-function programs, these fields can be used to pass
      a list of the JITed image lengths of each function for a
      given program to userspace using the bpf system call with
      the BPF_OBJ_GET_INFO_BY_FD command.
      
      This can be used by userspace applications like bpftool
      to split up the contiguous JITed dump, also obtained via
      the system call, into more relatable chunks corresponding
      to each function.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      815581c1
    • S
      bpf: fix multi-function JITed dump obtained via syscall · 4d56a76e
      Sandipan Das 提交于
      Currently, for multi-function programs, we cannot get the JITed
      instructions using the bpf system call's BPF_OBJ_GET_INFO_BY_FD
      command. Because of this, userspace tools such as bpftool fail
      to identify a multi-function program as being JITed or not.
      
      With the JIT enabled and the test program running, this can be
      verified as follows:
      
        # cat /proc/sys/net/core/bpf_jit_enable
        1
      
      Before applying this patch:
      
        # bpftool prog list
        1: kprobe  name foo  tag b811aab41a39ad3d  gpl
                loaded_at 2018-05-16T11:43:38+0530  uid 0
                xlated 216B  not jited  memlock 65536B
        ...
      
        # bpftool prog dump jited id 1
        no instructions returned
      
      After applying this patch:
      
        # bpftool prog list
        1: kprobe  name foo  tag b811aab41a39ad3d  gpl
                loaded_at 2018-05-16T12:13:01+0530  uid 0
                xlated 216B  jited 308B  memlock 65536B
        ...
      
        # bpftool prog dump jited id 1
           0:   nop
           4:   nop
           8:   mflr    r0
           c:   std     r0,16(r1)
          10:   stdu    r1,-112(r1)
          14:   std     r31,104(r1)
          18:   addi    r31,r1,48
          1c:   li      r3,10
        ...
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      4d56a76e
    • S
      tools: bpftool: resolve calls without using imm field · f84192ee
      Sandipan Das 提交于
      Currently, we resolve the callee's address for a JITed function
      call by using the imm field of the call instruction as an offset
      from __bpf_call_base. If bpf_jit_kallsyms is enabled, we further
      use this address to get the callee's kernel symbol's name.
      
      For some architectures, such as powerpc64, the imm field is not
      large enough to hold this offset. So, instead of assigning this
      offset to the imm field, the verifier now assigns the subprog
      id. Also, a list of kernel symbol addresses for all the JITed
      functions is provided in the program info. We now use the imm
      field as an index for this list to lookup a callee's symbol's
      address and resolve its name.
      Suggested-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      f84192ee
    • S
      tools: bpf: sync bpf uapi header · dd0c5f07
      Sandipan Das 提交于
      Syncing the bpf.h uapi header with tools so that struct
      bpf_prog_info has the two new fields for passing on the
      addresses of the kernel symbols corresponding to each
      function in a program.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      dd0c5f07
    • S
      bpf: get kernel symbol addresses via syscall · dbecd738
      Sandipan Das 提交于
      This adds new two new fields to struct bpf_prog_info. For
      multi-function programs, these fields can be used to pass
      a list of kernel symbol addresses for all functions in a
      given program to userspace using the bpf system call with
      the BPF_OBJ_GET_INFO_BY_FD command.
      
      When bpf_jit_kallsyms is enabled, we can get the address
      of the corresponding kernel symbol for a callee function
      and resolve the symbol's name. The address is determined
      by adding the value of the call instruction's imm field
      to __bpf_call_base. This offset gets assigned to the imm
      field by the verifier.
      
      For some architectures, such as powerpc64, the imm field
      is not large enough to hold this offset.
      
      We resolve this by:
      
      [1] Assigning the subprog id to the imm field of a call
          instruction in the verifier instead of the offset of
          the callee's symbol's address from __bpf_call_base.
      
      [2] Determining the address of a callee's corresponding
          symbol by using the imm field as an index for the
          list of kernel symbol addresses now available from
          the program info.
      Suggested-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      dbecd738
    • S
      bpf: powerpc64: add JIT support for multi-function programs · 8484ce83
      Sandipan Das 提交于
      This adds support for bpf-to-bpf function calls in the powerpc64
      JIT compiler. The JIT compiler converts the bpf call instructions
      to native branch instructions. After a round of the usual passes,
      the start addresses of the JITed images for the callee functions
      are known. Finally, to fixup the branch target addresses, we need
      to perform an extra pass.
      
      Because of the address range in which JITed images are allocated
      on powerpc64, the offsets of the start addresses of these images
      from __bpf_call_base are as large as 64 bits. So, for a function
      call, we cannot use the imm field of the instruction to determine
      the callee's address. Instead, we use the alternative method of
      getting it from the list of function addresses in the auxiliary
      data of the caller by using the off field as an index.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      8484ce83
    • S
      bpf: powerpc64: pad function address loads with NOPs · 4ea69b2f
      Sandipan Das 提交于
      For multi-function programs, loading the address of a callee
      function to a register requires emitting instructions whose
      count varies from one to five depending on the nature of the
      address.
      
      Since we come to know of the callee's address only before the
      extra pass, the number of instructions required to load this
      address may vary from what was previously generated. This can
      make the JITed image grow or shrink.
      
      To avoid this, we should generate a constant five-instruction
      when loading function addresses by padding the optimized load
      sequence with NOPs.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      4ea69b2f
    • S
      bpf: support 64-bit offsets for bpf function calls · 2162fed4
      Sandipan Das 提交于
      The imm field of a bpf instruction is a signed 32-bit integer.
      For JITed bpf-to-bpf function calls, it holds the offset of the
      start address of the callee's JITed image from __bpf_call_base.
      
      For some architectures, such as powerpc64, this offset may be
      as large as 64 bits and cannot be accomodated in the imm field
      without truncation.
      
      We resolve this by:
      
      [1] Additionally using the auxiliary data of each function to
          keep a list of start addresses of the JITed images for all
          functions determined by the verifier.
      
      [2] Retaining the subprog id inside the off field of the call
          instructions and using it to index into the list mentioned
          above and lookup the callee's address.
      
      To make sure that the existing JIT compilers continue to work
      without requiring changes, we keep the imm field as it is.
      Signed-off-by: NSandipan Das <sandipan@linux.vnet.ibm.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      2162fed4
    • M
      bpf: btf: Avoid variable length array · a2889a4c
      Martin KaFai Lau 提交于
      Sparse warning:
      kernel/bpf/btf.c:1985:34: warning: Variable length array is used.
      
      This patch directly uses ARRAY_SIZE().
      
      Fixes: f80442a4 ("bpf: btf: Change how section is supported in btf_header")
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      a2889a4c
    • S
      tools/lib/libbpf.c: fix string format to allow build on arm32 · a1c81810
      Sirio Balmelli 提交于
      On arm32, 'cd tools/testing/selftests/bpf && make' fails with:
      
      libbpf.c:80:10: error: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘int64_t {aka long long int}’ [-Werror=format=]
         (func)("libbpf: " fmt, ##__VA_ARGS__); \
                ^
      libbpf.c:83:30: note: in expansion of macro ‘__pr’
       #define pr_warning(fmt, ...) __pr(__pr_warning, fmt, ##__VA_ARGS__)
                                    ^~~~
      libbpf.c:1072:3: note: in expansion of macro ‘pr_warning’
         pr_warning("map:%s value_type:%s has BTF type_size:%ld != value_size:%u\n",
      
      To fix, typecast 'key_size' and amend format string.
      Signed-off-by: NSirio Balmelli <sirio@b-ad.ch>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      a1c81810
  2. 23 5月, 2018 9 次提交
    • S
      selftests/bpf: Makefile fix "missing" headers on build with -idirafter · 167381f3
      Sirio Balmelli 提交于
      Selftests fail to build on several distros/architectures because of
      	missing headers files.
      
      On a Ubuntu/x86_64 some missing headers are:
      	asm/byteorder.h, asm/socket.h, asm/sockios.h
      
      On a Debian/arm32 build already fails at sys/cdefs.h
      
      In both cases, these already exist in /usr/include/<arch-specific-dir>,
      but Clang does not include these when using '-target bpf' flag,
      since it is no longer compiling against the host architecture.
      
      The solution is to:
      
      - run Clang without '-target bpf' and extract the include chain for the
      current system
      
      - add these to the bpf build with '-idirafter'
      
      The choice of -idirafter is to catch this error without injecting
      unexpected include behavior: if an arch-specific tree is built
      for bpf in the future, this will be correctly found by Clang.
      Signed-off-by: NSirio Balmelli <sirio@b-ad.ch>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      167381f3
    • D
      Merge branch 'btf-uapi-cleanups' · ff4fb475
      Daniel Borkmann 提交于
      Martin KaFai Lau says:
      
      ====================
      This patch set makes some changes to cleanup the unused
      bits in BTF uapi.  It also makes the btf_header extensible.
      
      Please see individual patches for details.
      
      v2:
      - Remove NR_SECS from patch 2
      - Remove "unsigned" check on array->index_type from patch 3
      - Remove BTF_INT_VARARGS and further limit BTF_INT_ENCODING
        from 8 bits to 4 bits in patch 4
      - Adjustments in test_btf.c to reflect changes in v2
      ====================
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      ff4fb475
    • M
      bpf: btf: Add tests for the btf uapi changes · 61746dbe
      Martin KaFai Lau 提交于
      This patch does the followings:
      1. Modify libbpf and test_btf to reflect the uapi changes in btf
      2. Add test for the btf_header changes
      3. Add tests for array->index_type
      4. Add err_str check to the tests
      5. Fix a 4 bytes hole in "struct test #1" by swapping "m" and "n"
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      61746dbe
    • M
      bpf: btf: Sync bpf.h and btf.h to tools · f03b15d3
      Martin KaFai Lau 提交于
      This patch sync the uapi bpf.h and btf.h to tools.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      f03b15d3
    • M
      bpf: btf: Rename btf_key_id and btf_value_id in bpf_map_info · 9b2cf328
      Martin KaFai Lau 提交于
      In "struct bpf_map_info", the name "btf_id", "btf_key_id" and "btf_value_id"
      could cause confusion because the "id" of "btf_id" means the BPF obj id
      given to the BTF object while
      "btf_key_id" and "btf_value_id" means the BTF type id within
      that BTF object.
      
      To make it clear, btf_key_id and btf_value_id are
      renamed to btf_key_type_id and btf_value_type_id.
      Suggested-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      9b2cf328
    • M
      bpf: btf: Remove unused bits from uapi/linux/btf.h · aea2f7b8
      Martin KaFai Lau 提交于
      This patch does the followings:
      1. Limit BTF_MAX_TYPES and BTF_MAX_NAME_OFFSET to 64k.  We can
         raise it later.
      
      2. Remove the BTF_TYPE_PARENT and BTF_STR_TBL_ELF_ID.  They are
         currently encoded at the highest bit of a u32.
         It is because the current use case does not require supporting
         parent type (i.e type_id referring to a type in another BTF file).
         It also does not support referring to a string in ELF.
      
         The BTF_TYPE_PARENT and BTF_STR_TBL_ELF_ID checks are replaced
         by BTF_TYPE_ID_CHECK and BTF_STR_OFFSET_CHECK which are
         defined in btf.c instead of uapi/linux/btf.h.
      
      3. Limit the BTF_INFO_KIND from 5 bits to 4 bits which is enough.
         There is unused bits headroom if we ever needed it later.
      
      4. The root bit in BTF_INFO is also removed because it is not
         used in the current use case.
      
      5. Remove BTF_INT_VARARGS since func type is not supported now.
         The BTF_INT_ENCODING is limited to 4 bits instead of 8 bits.
      
      The above can be added back later because the verifier
      ensures the unused bits are zeros.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      aea2f7b8
    • M
      bpf: btf: Check array->index_type · 4ef5f574
      Martin KaFai Lau 提交于
      Instead of ingoring the array->index_type field.  Enforce that
      it must be a BTF_KIND_INT in size 1/2/4/8 bytes.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      4ef5f574
    • M
      bpf: btf: Change how section is supported in btf_header · f80442a4
      Martin KaFai Lau 提交于
      There are currently unused section descriptions in the btf_header.  Those
      sections are here to support future BTF use cases.  For example, the
      func section (func_off) is to support function signature (e.g. the BPF
      prog function signature).
      
      Instead of spelling out all potential sections up-front in the btf_header.
      This patch makes changes to btf_header such that extending it (e.g. adding
      a section) is possible later.  The unused ones can be removed for now and
      they can be added back later.
      
      This patch:
      1. adds a hdr_len to the btf_header.  It will allow adding
      sections (and other info like parent_label and parent_name)
      later.  The check is similar to the existing bpf_attr.
      If a user passes in a longer hdr_len, the kernel
      ensures the extra tailing bytes are 0.
      
      2. allows the section order in the BTF object to be
      different from its sec_off order in btf_header.
      
      3. each sec_off is followed by a sec_len.  It must not have gap or
      overlapping among sections.
      
      The string section is ensured to be at the end due to the 4 bytes
      alignment requirement of the type section.
      
      The above changes will allow enough flexibility to
      add new sections (and other info) to the btf_header later.
      
      This patch also removes an unnecessary !err check
      at the end of btf_parse().
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      f80442a4
    • M
      bpf: Expose check_uarg_tail_zero() · dcab51f1
      Martin KaFai Lau 提交于
      This patch exposes check_uarg_tail_zero() which will
      be reused by a later BTF patch.  Its name is changed to
      bpf_check_uarg_tail_zero().
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      dcab51f1
  3. 22 5月, 2018 13 次提交
  4. 19 5月, 2018 1 次提交
    • D
      Merge branch 'bpf-sk-msg-fields' · d849f9f9
      Daniel Borkmann 提交于
      John Fastabend says:
      
      ====================
      In this series we add the ability for sk msg programs to read basic
      sock information about the sock they are attached to. The second
      patch adds the tests to the selftest test_verifier.
      
      One observation that I had from writing this seriess is lots of the
      ./net/core/filter.c code is almost duplicated across program types.
      I thought about building a template/macro that we could use as a
      single block of code to read sock data out for multiple programs,
      but I wasn't convinced it was worth it yet. The result was using a
      macro saved a couple lines of code per block but made the code
      a bit harder to read IMO. We can probably revisit the idea later
      if we get more duplication.
      
      v2: add errstr field to negative test_verifier test cases to ensure
          we get the expected err string back from the verifier.
      ====================
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      d849f9f9