1. 14 8月, 2016 31 次提交
  2. 13 8月, 2016 9 次提交
    • D
      Merge branch 'bpf-improvements' · 1c238763
      David S. Miller 提交于
      Alexei Starovoitov says:
      
      ====================
      bpf improvements
      
      Two bpf improvements:
      1. allow bpf helpers like bpf_map_lookup_elem() access packet data directly
        for XDP programs
      2. enable bpf_get_prandom_u32() for tracing programs
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1c238763
    • A
      bpf: allow bpf_get_prandom_u32() to be used in tracing · 8937bd80
      Alexei Starovoitov 提交于
      bpf_get_prandom_u32() was initially introduced for socket filters
      and later requested numberous times to be added to tracing bpf programs
      for the same reason as in socket filters: to be able to randomly
      select incoming events.
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8937bd80
    • A
      samples/bpf: add verifier tests for the helper access to the packet · 1633ac0a
      Aaron Yue 提交于
      test various corner cases of the helper function access to the packet
      via crafted XDP programs.
      Signed-off-by: NAaron Yue <haoxuany@fb.com>
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1633ac0a
    • A
      bpf: allow helpers access the packet directly · 6841de8b
      Alexei Starovoitov 提交于
      The helper functions like bpf_map_lookup_elem(map, key) were only
      allowing 'key' to point to the initialized stack area.
      That is causing performance degradation when programs need to process
      millions of packets per second and need to copy contents of the packet
      into the stack just to pass the stack pointer into the lookup() function.
      Allow such helpers read from the packet directly.
      All helpers that expect ARG_PTR_TO_MAP_KEY, ARG_PTR_TO_MAP_VALUE,
      ARG_PTR_TO_STACK assume byte aligned pointer, so no alignment concerns,
      only need to check that helper will not be accessing beyond
      the packet range verified by the prior 'if (ptr < data_end)' condition.
      For now allow this feature for XDP programs only. Later it can be
      relaxed for the clsact programs as well.
      Signed-off-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6841de8b
    • W
      sit: make function ipip6_valid_ip_proto() static · 03ff4979
      Wei Yongjun 提交于
      Fixes the following sparse warning:
      
      net/ipv6/sit.c:1129:6: warning:
       symbol 'ipip6_valid_ip_proto' was not declared. Should it be static?
      Signed-off-by: NWei Yongjun <weiyj.lk@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      03ff4979
    • D
      Merge branch 'bpf-under-cgroup' · 7cac5303
      David S. Miller 提交于
      Sargun Dhillon says:
      
      ====================
      Add test_current_task_under_cgroup bpf helper and test
      
      This patchset includes a helper and an example to determine whether the probe is
      currently executing in the context of a specific cgroup based on a cgroup bpf
      map / array. The helper checks the cgroupsv2 hierarchy based on the handle in
      the map and if the current cgroup is equal to it, or a descendant of it. The
      helper was tested with the example program, and it was verified that the correct
      behaviour occurs in the interrupt context.
      
      In an earlier version of this patchset I had added an "opensnoop"-like tool, and
      I realized I was basically reimplementing a lot of the code that already exists
      in the bcc repo. So, instead I decided to write a test that creates a new mount
      namespace, mounts up the cgroupv2 hierarchy, and does some basic tests.  I used
      the sync syscall as a canary for these tests because it's a simple, 0-arg
      syscall. Once this patch is accepted, adding support to opensnoop will be easy.
      
      I also added a task_under_cgroup_hierarchy function in cgroups.h, as this
      pattern is used in a couple places. Converting those can be done in a later
      patchset.
      
      Thanks to Alexei, Tejun, and Daniel for providing review.
      
      v1->v2: Clean up
      v2->v3: Move around ifdefs out of *.c files, add an "integration" test
      v3->v4: De-genercize arraymap fetching function;
      	rename helper from in_cgroup to under_cgroup (makes much more sense)
      	Split adding cgroups task_under_cgroup_hierarchy function
      v4->v5: Fix formatting
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      7cac5303
    • S
      samples/bpf: Add test_current_task_under_cgroup test · 9e6e60ec
      Sargun Dhillon 提交于
      This test has a BPF program which writes the last known pid to call the
      sync syscall within a given cgroup to a map.
      
      The user mode program creates its own mount namespace, and mounts the
      cgroupsv2  hierarchy in there, as on all current test systems
      (Ubuntu 16.04, Debian), the cgroupsv2 vfs is unmounted by default.
      Once it does this, it proceeds to test.
      
      The test checks for positive and negative condition. It ensures that
      when it's part of a given cgroup, its pid is captured in the map,
      and that when it leaves the cgroup, this doesn't happen.
      
      It populate a cgroups arraymap prior to execution in userspace. This means
      that the program must be run in the same cgroups namespace as the programs
      that are being traced.
      Signed-off-by: NSargun Dhillon <sargun@sargun.me>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Tejun Heo <tj@kernel.org>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9e6e60ec
    • S
      bpf: Add bpf_current_task_under_cgroup helper · 60d20f91
      Sargun Dhillon 提交于
      This adds a bpf helper that's similar to the skb_in_cgroup helper to check
      whether the probe is currently executing in the context of a specific
      subset of the cgroupsv2 hierarchy. It does this based on membership test
      for a cgroup arraymap. It is invalid to call this in an interrupt, and
      it'll return an error. The helper is primarily to be used in debugging
      activities for containers, where you may have multiple programs running in
      a given top-level "container".
      Signed-off-by: NSargun Dhillon <sargun@sargun.me>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Tejun Heo <tj@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      60d20f91
    • S
      cgroup: Add task_under_cgroup_hierarchy cgroup inline function to headers · aed704b7
      Sargun Dhillon 提交于
      This commit adds an inline function to cgroup.h to check whether a given
      task is under a given cgroup hierarchy. This is to avoid having to put
      ifdefs in .c files to gate access to cgroups. When cgroups are disabled
      this always returns true.
      Signed-off-by: NSargun Dhillon <sargun@sargun.me>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Tejun Heo <tj@kernel.org>
      Acked-by: NTejun Heo <tj@kernel.org>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      aed704b7