1. 02 7月, 2017 7 次提交
    • L
      bpf: Sample BPF program to set congestion control · bb56d444
      Lawrence Brakmo 提交于
      Sample BPF program that sets congestion control to dctcp when both hosts
      are within the same datacenter. In this example that is assumed to be
      when they have the first 5.5 bytes of their IPv6 address are the same.
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bb56d444
    • L
      bpf: Sample BPF program to set buffer sizes · d9925368
      Lawrence Brakmo 提交于
      This patch contains a BPF program to set initial receive window to
      40 packets and send and receive buffers to 1.5MB. This would usually
      be done after doing appropriate checks that indicate the hosts are
      far enough away (i.e. large RTT).
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d9925368
    • L
      bpf: Add setsockopt helper function to bpf · 8c4b4c7e
      Lawrence Brakmo 提交于
      Added support for calling a subset of socket setsockopts from
      BPF_PROG_TYPE_SOCK_OPS programs. The code was duplicated rather
      than making the changes to call the socket setsockopt function because
      the changes required would have been larger.
      
      The ops supported are:
        SO_RCVBUF
        SO_SNDBUF
        SO_MAX_PACING_RATE
        SO_PRIORITY
        SO_RCVLOWAT
        SO_MARK
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8c4b4c7e
    • L
      bpf: Sample bpf program to set initial window · c400296b
      Lawrence Brakmo 提交于
      The sample bpf program, tcp_rwnd_kern.c, sets the initial
      advertized window to 40 packets in an environment where
      distinct IPv6 prefixes indicate that both hosts are not
      in the same data center.
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      c400296b
    • L
      bpf: Sample bpf program to set SYN/SYN-ACK RTOs · 61bc4d8d
      Lawrence Brakmo 提交于
      The sample BPF program, tcp_synrto_kern.c, sets the SYN and SYN-ACK
      RTOs to 10ms when both hosts are within the same datacenter (i.e.
      small RTTs) in an environment where common IPv6 prefixes indicate
      both hosts are in the same data center.
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      61bc4d8d
    • L
      bpf: program to load and attach sock_ops BPF progs · ae16189e
      Lawrence Brakmo 提交于
      The program load_sock_ops can be used to load sock_ops bpf programs and
      to attach it to an existing (v2) cgroup. It can also be used to detach
      sock_ops programs.
      
      Examples:
          load_sock_ops [-l] <cg-path> <prog filename>
      	Load and attaches a sock_ops program at the specified cgroup.
      	If "-l" is used, the program will continue to run to output the
      	BPF log buffer.
      	If the specified filename does not end in ".o", it appends
      	"_kern.o" to the name.
      
          load_sock_ops -r <cg-path>
      	Detaches the currently attached sock_ops program from the
      	specified cgroup.
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ae16189e
    • L
      bpf: BPF support for sock_ops · 40304b2a
      Lawrence Brakmo 提交于
      Created a new BPF program type, BPF_PROG_TYPE_SOCK_OPS, and a corresponding
      struct that allows BPF programs of this type to access some of the
      socket's fields (such as IP addresses, ports, etc.). It uses the
      existing bpf cgroups infrastructure so the programs can be attached per
      cgroup with full inheritance support. The program will be called at
      appropriate times to set relevant connections parameters such as buffer
      sizes, SYN and SYN-ACK RTOs, etc., based on connection information such
      as IP addresses, port numbers, etc.
      
      Alghough there are already 3 mechanisms to set parameters (sysctls,
      route metrics and setsockopts), this new mechanism provides some
      distinct advantages. Unlike sysctls, it can set parameters per
      connection. In contrast to route metrics, it can also use port numbers
      and information provided by a user level program. In addition, it could
      set parameters probabilistically for evaluation purposes (i.e. do
      something different on 10% of the flows and compare results with the
      other 90% of the flows). Also, in cases where IPv6 addresses contain
      geographic information, the rules to make changes based on the distance
      (or RTT) between the hosts are much easier than route metric rules and
      can be global. Finally, unlike setsockopt, it oes not require
      application changes and it can be updated easily at any time.
      
      Although the bpf cgroup framework already contains a sock related
      program type (BPF_PROG_TYPE_CGROUP_SOCK), I created the new type
      (BPF_PROG_TYPE_SOCK_OPS) beccause the existing type expects to be called
      only once during the connections's lifetime. In contrast, the new
      program type will be called multiple times from different places in the
      network stack code.  For example, before sending SYN and SYN-ACKs to set
      an appropriate timeout, when the connection is established to set
      congestion control, etc. As a result it has "op" field to specify the
      type of operation requested.
      
      The purpose of this new program type is to simplify setting connection
      parameters, such as buffer sizes, TCP's SYN RTO, etc. For example, it is
      easy to use facebook's internal IPv6 addresses to determine if both hosts
      of a connection are in the same datacenter. Therefore, it is easy to
      write a BPF program to choose a small SYN RTO value when both hosts are
      in the same datacenter.
      
      This patch only contains the framework to support the new BPF program
      type, following patches add the functionality to set various connection
      parameters.
      
      This patch defines a new BPF program type: BPF_PROG_TYPE_SOCKET_OPS
      and a new bpf syscall command to load a new program of this type:
      BPF_PROG_LOAD_SOCKET_OPS.
      
      Two new corresponding structs (one for the kernel one for the user/BPF
      program):
      
      /* kernel version */
      struct bpf_sock_ops_kern {
              struct sock *sk;
              __u32  op;
              union {
                      __u32 reply;
                      __u32 replylong[4];
              };
      };
      
      /* user version
       * Some fields are in network byte order reflecting the sock struct
       * Use the bpf_ntohl helper macro in samples/bpf/bpf_endian.h to
       * convert them to host byte order.
       */
      struct bpf_sock_ops {
              __u32 op;
              union {
                      __u32 reply;
                      __u32 replylong[4];
              };
              __u32 family;
              __u32 remote_ip4;     /* In network byte order */
              __u32 local_ip4;      /* In network byte order */
              __u32 remote_ip6[4];  /* In network byte order */
              __u32 local_ip6[4];   /* In network byte order */
              __u32 remote_port;    /* In network byte order */
              __u32 local_port;     /* In host byte horder */
      };
      
      Currently there are two types of ops. The first type expects the BPF
      program to return a value which is then used by the caller (or a
      negative value to indicate the operation is not supported). The second
      type expects state changes to be done by the BPF program, for example
      through a setsockopt BPF helper function, and they ignore the return
      value.
      
      The reply fields of the bpf_sockt_ops struct are there in case a bpf
      program needs to return a value larger than an integer.
      Signed-off-by: NLawrence Brakmo <brakmo@fb.com>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      40304b2a
  2. 30 6月, 2017 1 次提交
  3. 22 6月, 2017 1 次提交
    • Y
      samples/bpf: fix a build problem · 00a3855d
      Yonghong Song 提交于
      tracex5_kern.c build failed with the following error message:
        ../samples/bpf/tracex5_kern.c:12:10: fatal error: 'syscall_nrs.h' file not found
        #include "syscall_nrs.h"
      The generated file syscall_nrs.h is put in build/samples/bpf directory,
      but this directory is not in include path, hence build failed.
      
      The fix is to add $(obj) into the clang compilation path.
      Signed-off-by: NYonghong Song <yhs@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      00a3855d
  4. 17 6月, 2017 2 次提交
  5. 15 6月, 2017 2 次提交
  6. 05 6月, 2017 1 次提交
  7. 01 6月, 2017 1 次提交
    • J
      samples/bpf: bpf_load.c order of prog_fd[] should correspond with ELF order · 7bc57950
      Jesper Dangaard Brouer 提交于
      An eBPF ELF file generated with LLVM can contain several program
      section, which can be used for bpf tail calls.  The bpf prog file
      descriptors are accessible via array prog_fd[].
      
      At-least XDP samples assume ordering, and uses prog_fd[0] is the main
      XDP program to attach.  The actual order of array prog_fd[] depend on
      whether or not a bpf program section is referencing any maps or not.
      Not using a map result in being loaded/processed after all other
      prog section.  Thus, this can lead to some very strange and hard to
      debug situation, as the user can only see a FD and cannot correlated
      that with the ELF section name.
      
      The fix is rather simple, and even removes duplicate memcmp code.
      Simply load program sections as the last step, instead of
      load_and_attach while processing the relocation section.
      
      When working with tail calls, it become even more essential that the
      order of prog_fd[] is consistant, like the current dependency of the
      map_fd[] order.
      Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7bc57950
  8. 12 5月, 2017 2 次提交
  9. 03 5月, 2017 4 次提交
  10. 02 5月, 2017 1 次提交
    • D
      bpf, samples: fix build warning in cookie_uid_helper_example · eb6211d3
      Daniel Borkmann 提交于
      Fix the following warnings triggered by 51570a5a ("A Sample of
      using socket cookie and uid for traffic monitoring"):
      
        In file included from /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:54:0:
        /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c: In function 'prog_load':
        /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:119:27: warning: overflow in implicit constant conversion [-Woverflow]
           -32 + offsetof(struct stats, uid)),
                                 ^
        /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
         .off   = OFF,     \
                  ^
        /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:121:27: warning: overflow in implicit constant conversion [-Woverflow]
           -32 + offsetof(struct stats, packets), 1),
                                 ^
        /home/foo/net-next/samples/bpf/libbpf.h:155:12: note: in definition of macro 'BPF_ST_MEM'
         .off   = OFF,     \
                  ^
        /home/foo/net-next/samples/bpf/cookie_uid_helper_example.c:129:27: warning: overflow in implicit constant conversion [-Woverflow]
           -32 + offsetof(struct stats, bytes)),
                                 ^
        /home/foo/net-next/samples/bpf/libbpf.h:135:12: note: in definition of macro 'BPF_STX_MEM'
         .off   = OFF,     \
                  ^
        HOSTLD  /home/foo/net-next/samples/bpf/per_socket_stats_example
      
      Fixes: 51570a5a ("A Sample of using socket cookie and uid for traffic monitoring")
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      eb6211d3
  11. 01 5月, 2017 3 次提交
  12. 28 4月, 2017 1 次提交
  13. 26 4月, 2017 1 次提交
  14. 25 4月, 2017 3 次提交
  15. 23 4月, 2017 1 次提交
  16. 18 4月, 2017 3 次提交
    • M
      bpf: lru: Add map-in-map LRU example · 3a5795b8
      Martin KaFai Lau 提交于
      This patch adds a map-in-map LRU example.
      If we know only a subset of cores will use the
      LRU, we can allocate a common LRU list per targeting core
      and store it into an array-of-hashs.
      
      It allows using the common LRU map with map-update performance
      comparable to the BPF_F_NO_COMMON_LRU map but without wasting memory
      on the unused cores that we know they will never access the LRU map.
      
      BPF_F_NO_COMMON_LRU:
      > map_perf_test 32 8 10000000 10000000 | awk '{sum += $3}END{print sum}'
      9234314 (9.23M/s)
      
      map-in-map LRU:
      > map_perf_test 512 8 1260000 80000000 | awk '{sum += $3}END{print sum}'
      9962743 (9.96M/s)
      
      Notes that the max_entries for the map-in-map LRU test is 1260000 which
      is the max_entries for each inner LRU map.  8 processes have been
      started, so 8 * 1260000 = 10080000 (~10M) which is close to what is
      used in the BPF_F_NO_COMMON_LRU test.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3a5795b8
    • M
      bpf: Allow bpf sample programs (*_user.c) to change bpf_map_def · 9fd63d05
      Martin KaFai Lau 提交于
      The current bpf_map_def is statically defined during compile
      time.  This patch allows the *_user.c program to change it during
      runtime.  It is done by adding load_bpf_file_fixup_map() which
      takes a callback.  The callback will be called before creating
      each map so that it has a chance to modify the bpf_map_def.
      
      The current usecase is to change max_entries in map_perf_test.
      It is interesting to test with a much bigger map size in
      some cases (e.g. the following patch on bpf_lru_map.c).
      However,  it is hard to find one size to fit all testing
      environment.  Hence, it is handy to take the max_entries
      as a cmdline arg and then configure the bpf_map_def during
      runtime.
      
      This patch adds two cmdline args.  One is to configure
      the map's max_entries.  Another is to configure the max_cnt
      which controls how many times a syscall is called.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9fd63d05
    • M
      bpf: lru: Refactor LRU map tests in map_perf_test · bf8db5d2
      Martin KaFai Lau 提交于
      One more LRU test will be added later in this patch series.
      In this patch, we first move all existing LRU map tests into
      a single syscall (connect) first so that the future new
      LRU test can be added without hunting another syscall.
      
      One of the map name is also changed from percpu_lru_hash_map
      to nocommon_lru_hash_map to avoid the confusion with percpu_hash_map.
      Signed-off-by: NMartin KaFai Lau <kafai@fb.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      bf8db5d2
  17. 08 4月, 2017 1 次提交
    • C
      Sample program using SO_COOKIE · 00f660ea
      Chenbo Feng 提交于
      Added a per socket traffic monitoring option to illustrate the usage
      of new getsockopt SO_COOKIE. The program is based on the socket traffic
      monitoring program using xt_eBPF and in the new option the data entry
      can be directly accessed using socket cookie. The cookie retrieved
      allow us to lookup an element in the eBPF for a specific socket.
      Signed-off-by: NChenbo Feng <fengc@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      00f660ea
  18. 03 4月, 2017 1 次提交
  19. 24 3月, 2017 1 次提交
  20. 23 3月, 2017 1 次提交
  21. 17 3月, 2017 1 次提交
    • A
      samples/bpf: add map_lookup microbenchmark · 95ff141e
      Alexei Starovoitov 提交于
      $ map_perf_test 128
      speed of HASH bpf_map_lookup_elem() in lookups per second
      	w/o JIT		w/JIT
      before	46M		58M
      after	42M		74M
      
      perf report
      before:
          54.23%  map_perf_test  [kernel.kallsyms]  [k] __htab_map_lookup_elem
          14.24%  map_perf_test  [kernel.kallsyms]  [k] lookup_elem_raw
           8.84%  map_perf_test  [kernel.kallsyms]  [k] htab_map_lookup_elem
           5.93%  map_perf_test  [kernel.kallsyms]  [k] bpf_map_lookup_elem
           2.30%  map_perf_test  [kernel.kallsyms]  [k] bpf_prog_da4fc6a3f41761a2
           1.49%  map_perf_test  [kernel.kallsyms]  [k] kprobe_ftrace_handler
      
      after:
          60.03%  map_perf_test  [kernel.kallsyms]  [k] __htab_map_lookup_elem
          18.07%  map_perf_test  [kernel.kallsyms]  [k] lookup_elem_raw
           2.91%  map_perf_test  [kernel.kallsyms]  [k] bpf_prog_da4fc6a3f41761a2
           1.94%  map_perf_test  [kernel.kallsyms]  [k] _einittext
           1.90%  map_perf_test  [kernel.kallsyms]  [k] __audit_syscall_exit
           1.72%  map_perf_test  [kernel.kallsyms]  [k] kprobe_ftrace_handler
      
      Notice that bpf_map_lookup_elem() and htab_map_lookup_elem() are trivial
      functions, yet they take sizeable amount of cpu time.
      htab_map_gen_lookup() removes bpf_map_lookup_elem() and converts
      htab_map_lookup_elem() into three BPF insns which causing cpu time
      for bpf_prog_da4fc6a3f41761a2() slightly increase.
      
      $ map_perf_test 256
      speed of ARRAY bpf_map_lookup_elem() in lookups per second
      	w/o JIT		w/JIT
      before	97M		174M
      after	64M		280M
      
      before:
          37.33%  map_perf_test  [kernel.kallsyms]  [k] array_map_lookup_elem
          13.95%  map_perf_test  [kernel.kallsyms]  [k] bpf_map_lookup_elem
           6.54%  map_perf_test  [kernel.kallsyms]  [k] bpf_prog_da4fc6a3f41761a2
           4.57%  map_perf_test  [kernel.kallsyms]  [k] kprobe_ftrace_handler
      
      after:
          32.86%  map_perf_test  [kernel.kallsyms]  [k] bpf_prog_da4fc6a3f41761a2
           6.54%  map_perf_test  [kernel.kallsyms]  [k] kprobe_ftrace_handler
      
      array_map_gen_lookup() removes calls to array_map_lookup_elem()
      and bpf_map_lookup_elem() and replaces them with 7 bpf insns.
      
      The performance without JIT is slower, since executing extra insns
      in the interpreter is slower than running native C code,
      but with JIT the performance gains are obvious,
      since native C->x86 code is replaced with fewer bpf->x86 instructions.
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      95ff141e
  22. 08 3月, 2017 1 次提交
    • J
      livepatch: allow removal of a disabled patch · 3ec24776
      Josh Poimboeuf 提交于
      Currently we do not allow patch module to unload since there is no
      method to determine if a task is still running in the patched code.
      
      The consistency model gives us the way because when the unpatching
      finishes we know that all tasks were marked as safe to call an original
      function. Thus every new call to the function calls the original code
      and at the same time no task can be somewhere in the patched code,
      because it had to leave that code to be marked as safe.
      
      We can safely let the patch module go after that.
      
      Completion is used for synchronization between module removal and sysfs
      infrastructure in a similar way to commit 942e4431 ("module: Fix
      mod->mkobj.kobj potentially freed too early").
      
      Note that we still do not allow the removal for immediate model, that is
      no consistency model. The module refcount may increase in this case if
      somebody disables and enables the patch several times. This should not
      cause any harm.
      
      With this change a call to try_module_get() is moved to
      __klp_enable_patch from klp_register_patch to make module reference
      counting symmetric (module_put() is in a patch disable path) and to
      allow to take a new reference to a disabled module when being enabled.
      
      Finally, we need to be very careful about possible races between
      klp_unregister_patch(), kobject_put() functions and operations
      on the related sysfs files.
      
      kobject_put(&patch->kobj) must be called without klp_mutex. Otherwise,
      it might be blocked by enabled_store() that needs the mutex as well.
      In addition, enabled_store() must check if the patch was not
      unregisted in the meantime.
      
      There is no need to do the same for other kobject_put() callsites
      at the moment. Their sysfs operations neither take the lock nor
      they access any data that might be freed in the meantime.
      
      There was an attempt to use kobjects the right way and prevent these
      races by design. But it made the patch definition more complicated
      and opened another can of worms. See
      https://lkml.kernel.org/r/1464018848-4303-1-git-send-email-pmladek@suse.com
      
      [Thanks to Petr Mladek for improving the commit message.]
      Signed-off-by: NMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: NJosh Poimboeuf <jpoimboe@redhat.com>
      Reviewed-by: NPetr Mladek <pmladek@suse.com>
      Acked-by: NMiroslav Benes <mbenes@suse.cz>
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      3ec24776