• Kumar Kartikeya Dwivedi's avatar
    bpf: Introduce bpf_obj_new · 958cf2e2
    Kumar Kartikeya Dwivedi authored
    Introduce type safe memory allocator bpf_obj_new for BPF programs. The
    kernel side kfunc is named bpf_obj_new_impl, as passing hidden arguments
    to kfuncs still requires having them in prototype, unlike BPF helpers
    which always take 5 arguments and have them checked using bpf_func_proto
    in verifier, ignoring unset argument types.
    
    Introduce __ign suffix to ignore a specific kfunc argument during type
    checks, then use this to introduce support for passing type metadata to
    the bpf_obj_new_impl kfunc.
    
    The user passes BTF ID of the type it wants to allocates in program BTF,
    the verifier then rewrites the first argument as the size of this type,
    after performing some sanity checks (to ensure it exists and it is a
    struct type).
    
    The second argument is also fixed up and passed by the verifier. This is
    the btf_struct_meta for the type being allocated. It would be needed
    mostly for the offset array which is required for zero initializing
    special fields while leaving the rest of storage in unitialized state.
    
    It would also be needed in the next patch to perform proper destruction
    of the object's special fields.
    
    Under the hood, bpf_obj_new will call bpf_mem_alloc and bpf_mem_free,
    using the any context BPF memory allocator introduced recently. To this
    end, a global instance of the BPF memory allocator is initialized on
    boot to be used for this purpose. This 'bpf_global_ma' serves all
    allocations for bpf_obj_new. In the future, bpf_obj_new variants will
    allow specifying a custom allocator.
    
    Note that now that bpf_obj_new can be used to allocate objects that can
    be linked to BPF linked list (when future linked list helpers are
    available), we need to also free the elements using bpf_mem_free.
    However, since the draining of elements is done outside the
    bpf_spin_lock, we need to do migrate_disable around the call since
    bpf_list_head_free can be called from map free path where migration is
    enabled. Otherwise, when called from BPF programs migration is already
    disabled.
    
    A convenience macro is included in the bpf_experimental.h header to hide
    over the ugly details of the implementation, leading to user code
    looking similar to a language level extension which allocates and
    constructs fields of a user type.
    
    struct bar {
    	struct bpf_list_node node;
    };
    
    struct foo {
    	struct bpf_spin_lock lock;
    	struct bpf_list_head head __contains(bar, node);
    };
    
    void prog(void) {
    	struct foo *f;
    
    	f = bpf_obj_new(typeof(*f));
    	if (!f)
    		return;
    	...
    }
    
    A key piece of this story is still missing, i.e. the free function,
    which will come in the next patch.
    Signed-off-by: default avatarKumar Kartikeya Dwivedi <memxor@gmail.com>
    Link: https://lore.kernel.org/r/20221118015614.2013203-14-memxor@gmail.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
    958cf2e2
bpf.h 86.1 KB