Commit 9e0703a2 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 



Daniel Borkmann says:

====================
pull-request: bpf-next 2020-01-27

The following pull-request contains BPF updates for your *net-next* tree.

We've added 20 non-merge commits during the last 5 day(s) which contain
a total of 24 files changed, 433 insertions(+), 104 deletions(-).

The main changes are:

1) Make BPF trampolines and dispatcher aware for the stack unwinder, from Jiri Olsa.

2) Improve handling of failed CO-RE relocations in libbpf, from Andrii Nakryiko.

3) Several fixes to BPF sockmap and reuseport selftests, from Lorenz Bauer.

4) Various cleanups in BPF devmap's XDP flush code, from John Fastabend.

5) Fix BPF flow dissector when used with port ranges, from Yoshiki Komachi.

6) Fix bpffs' map_seq_next callback to always inc position index, from Vasily Averin.

7) Allow overriding LLVM tooling for runqslower utility, from Andrey Ignatov.

8) Silence false-positive lockdep splats in devmap hash lookup, from Amol Grover.

9) Fix fentry/fexit selftests to initialize a variable before use, from John Sperbeck.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c312840c 82650dab

drivers/net/veth.c

+5 −1
Original line number Diff line number Diff line
@@ -377,6 +377,7 @@ static int veth_xdp_xmit(struct net_device *dev, int n, 
	unsigned int max_len;

	struct veth_rq *rq;



	rcu_read_lock();

	if (unlikely(flags & ~XDP_XMIT_FLAGS_MASK)) {

		ret = -EINVAL;

		goto drop;
@@ -418,11 +419,14 @@ static int veth_xdp_xmit(struct net_device *dev, int n, 
	if (flags & XDP_XMIT_FLUSH)

		__veth_xdp_flush(rq);



	if (likely(!drops))

	if (likely(!drops)) {

		rcu_read_unlock();

		return n;

	}



	ret = n - drops;

drop:

	rcu_read_unlock();

	atomic64_add(drops, &priv->dropped);



	return ret;

drivers/net/virtio_net.c

+1 −1
Original line number Diff line number Diff line
@@ -501,7 +501,7 @@ static int virtnet_xdp_xmit(struct net_device *dev, 
	/* Only allow ndo_xdp_xmit if XDP is loaded on dev, as this

	 * indicate XDP resources have been successfully allocated.

	 */

	xdp_prog = rcu_dereference(rq->xdp_prog);

	xdp_prog = rcu_access_pointer(rq->xdp_prog);

	if (!xdp_prog)

		return -ENXIO;

include/linux/bpf.h

+11 −1
Original line number Diff line number Diff line
@@ -525,7 +525,6 @@ struct bpf_trampoline *bpf_trampoline_lookup(u64 key); 
int bpf_trampoline_link_prog(struct bpf_prog *prog);

int bpf_trampoline_unlink_prog(struct bpf_prog *prog);

void bpf_trampoline_put(struct bpf_trampoline *tr);

void *bpf_jit_alloc_exec_page(void);

#define BPF_DISPATCHER_INIT(name) {			\

	.mutex = __MUTEX_INITIALIZER(name.mutex),	\

	.func = &name##func,				\
@@ -557,6 +556,13 @@ void *bpf_jit_alloc_exec_page(void); 
#define BPF_DISPATCHER_PTR(name) (&name)

void bpf_dispatcher_change_prog(struct bpf_dispatcher *d, struct bpf_prog *from,

				struct bpf_prog *to);

struct bpf_image {

	struct latch_tree_node tnode;

	unsigned char data[];

};

#define BPF_IMAGE_SIZE (PAGE_SIZE - sizeof(struct bpf_image))

bool is_bpf_image_address(unsigned long address);

void *bpf_image_alloc(void);

#else

static inline struct bpf_trampoline *bpf_trampoline_lookup(u64 key)

{
@@ -578,6 +584,10 @@ static inline void bpf_trampoline_put(struct bpf_trampoline *tr) {} 
static inline void bpf_dispatcher_change_prog(struct bpf_dispatcher *d,

					      struct bpf_prog *from,

					      struct bpf_prog *to) {}

static inline bool is_bpf_image_address(unsigned long address)

{

	return false;

}

#endif



struct bpf_func_info_aux {

kernel/bpf/btf.c

+16 −0
Original line number Diff line number Diff line
@@ -3669,6 +3669,19 @@ struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog) 
	}

}



static bool is_string_ptr(struct btf *btf, const struct btf_type *t)

{

	/* t comes in already as a pointer */

	t = btf_type_by_id(btf, t->type);



	/* allow const */

	if (BTF_INFO_KIND(t->info) == BTF_KIND_CONST)

		t = btf_type_by_id(btf, t->type);



	/* char, signed char, unsigned char */

	return btf_type_is_int(t) && t->size == 1;

}



bool btf_ctx_access(int off, int size, enum bpf_access_type type,

		    const struct bpf_prog *prog,

		    struct bpf_insn_access_aux *info)
@@ -3735,6 +3748,9 @@ bool btf_ctx_access(int off, int size, enum bpf_access_type type, 
		 */

		return true;



	if (is_string_ptr(btf, t))

		return true;



	/* this is a pointer to another type */

	info->reg_type = PTR_TO_BTF_ID;

kernel/bpf/devmap.c

+16 −13
Original line number Diff line number Diff line
@@ -190,10 +190,12 @@ static void dev_map_free(struct bpf_map *map) 


	/* At this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,

	 * so the programs (can be more than one that used this map) were

	 * disconnected from events. Wait for outstanding critical sections in

	 * these programs to complete. The rcu critical section only guarantees

	 * no further reads against netdev_map. It does __not__ ensure pending

	 * flush operations (if any) are complete.

	 * disconnected from events. The following synchronize_rcu() guarantees

	 * both rcu read critical sections complete and waits for

	 * preempt-disable regions (NAPI being the relevant context here) so we

	 * are certain there will be no further reads against the netdev_map and

	 * all flush operations are complete. Flush operations can only be done

	 * from NAPI context for this reason.

	 */



	spin_lock(&dev_map_lock);
@@ -263,7 +265,8 @@ struct bpf_dtab_netdev *__dev_map_hash_lookup_elem(struct bpf_map *map, u32 key) 
	struct hlist_head *head = dev_map_index_hash(dtab, key);

	struct bpf_dtab_netdev *dev;



	hlist_for_each_entry_rcu(dev, head, index_hlist)

	hlist_for_each_entry_rcu(dev, head, index_hlist,

				 lockdep_is_held(&dtab->index_lock))

		if (dev->idx == key)

			return dev;
@@ -363,16 +366,17 @@ error: 
 * from NET_RX_SOFTIRQ. Either way the poll routine must complete before the

 * net device can be torn down. On devmap tear down we ensure the flush list

 * is empty before completing to ensure all flush operations have completed.

 * When drivers update the bpf program they may need to ensure any flush ops

 * are also complete. Using synchronize_rcu or call_rcu will suffice for this

 * because both wait for napi context to exit.

 */

void __dev_flush(void)

{

	struct list_head *flush_list = this_cpu_ptr(&dev_flush_list);

	struct xdp_dev_bulk_queue *bq, *tmp;



	rcu_read_lock();

	list_for_each_entry_safe(bq, tmp, flush_list, flush_node)

		bq_xmit_all(bq, XDP_XMIT_FLUSH);

	rcu_read_unlock();

}



/* rcu_read_lock (from syscall and BPF contexts) ensures that if a delete and/or
@@ -502,12 +506,11 @@ static int dev_map_delete_elem(struct bpf_map *map, void *key) 
		return -EINVAL;



	/* Use call_rcu() here to ensure any rcu critical sections have

	 * completed, but this does not guarantee a flush has happened

	 * yet. Because driver side rcu_read_lock/unlock only protects the

	 * running XDP program. However, for pending flush operations the

	 * dev and ctx are stored in another per cpu map. And additionally,

	 * the driver tear down ensures all soft irqs are complete before

	 * removing the net device in the case of dev_put equals zero.

	 * completed as well as any flush operations because call_rcu

	 * will wait for preempt-disable region to complete, NAPI in this

	 * context.  And additionally, the driver tear down ensures all

	 * soft irqs are complete before removing the net device in the

	 * case of dev_put equals zero.

	 */

	old_dev = xchg(&dtab->netdev_map[k], NULL);

	if (old_dev)

CRA Git | Maintained and supported by SUSTech CRA and CCSE