- 03 Aug, 2020 3 commits
-
-
Andrii Nakryiko authored
Add public APIs to parse BTF from raw data file (e.g., /sys/kernel/btf/vmlinux), as well as generic btf__parse(), which will try to determine correct format, currently either raw or ELF. Signed-off-by:
Andrii Nakryiko <andriin@fb.com> Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20200802013219.864880-2-andriin@fb.com
-
Tianjia Zhang authored
In case of btf_id does not exist, a negative error code -ENOENT should be returned. Fixes: c93cc690 ("bpftool: add ability to dump BTF types") Signed-off-by:
Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by:
Tobias Klauser <tklauser@distanz.ch> Acked-by:
John Fastabend <john.fastabend@gmail.com> Link: https://lore.kernel.org/bpf/20200802111540.5384-1-tianjia.zhang@linux.alibaba.com
-
Andrii Nakryiko authored
The '&&' command seems to have a bad effect when $(cmd_$(1)) exits with non-zero effect: the command failure is masked (despite `set -e`) and all but the first command of $(dep-cmd) is executed (successfully, as they are mostly printfs), thus overall returning 0 in the end. This means in practice that despite compilation errors, tools's build Makefile will return success. We see this very reliably with libbpf's Makefile, which doesn't get compilation error propagated properly. This in turns causes issues with selftests build, as well as bpftool and other projects that rely on building libbpf. The fix is simple: don't use &&. Given `set -e`, we don't need to chain commands with &&. The shell will exit on first failure, giving desired behavior and propagating error properly. Fixes: 275e2d95 ("tools build: Move dependency copy into function") Signed-off-by:
Jiri Olsa <jolsa@redhat.com> Link: https://lore.kernel.org/bpf/20200731024244.872574-1-andriin@fb.com
-
- 02 Aug, 2020 8 commits
-
-
Andrii Nakryiko authored
core_retro selftest uses BPF program that's triggered on sys_enter system-wide, but has no protection from some unrelated process doing syscall while selftest is running. This leads to occasional test failures with unexpected PIDs being returned. Fix that by filtering out all processes that are not test_progs process. Fixes: fcda189a ("selftests/bpf: Add test relying only on CO-RE and no recent kernel features") Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
-
Alexei Starovoitov authored
Andrii Nakryiko says: ==================== This patch set adds new BPF link operation, LINK_DETACH, allowing processes with BPF link FD to force-detach it from respective BPF hook, similarly how BPF link is auto-detached when such BPF hook (e.g., cgroup, net_device, netns, etc) is removed. This facility allows admin to forcefully undo BPF link attachment, while process that created BPF link in the first place is left intact. Once force-detached, BPF link stays valid in the kernel as long as there is at least one FD open against it. It goes into defunct state, just like auto-detached BPF link. bpftool also got `link detach` command to allow triggering this in non-programmatic fashion. v1->v2: - improve error reporting in `bpftool link detach` (Song). ==================== Signed-off-by: -
Andrii Nakryiko authored
Add info on link detach sub-command to man page. Add detach to bash-completion as well. Signed-off-by:
Song Liu <songliubraving@fb.com> Acked-by: John Fastabend <john.fastabend@gmail.com. Link: https://lore.kernel.org/bpf/20200731182830.286260-6-andriin@fb.com
-
Andrii Nakryiko authored
Add ability to force-detach BPF link. Also add missing error message, if specified link ID is wrong. Signed-off-by:
-
Andrii Nakryiko authored
Add bpf_link__detach() testing to selftests for cgroup, netns, and xdp bpf_links. Signed-off-by:
-
Andrii Nakryiko authored
Add low-level bpf_link_detach() API. Also add higher-level bpf_link__detach() one. Signed-off-by:
-
Andrii Nakryiko authored
Add LINK_DETACH command to force-detach bpf_link without destroying it. It has the same behavior as auto-detaching of bpf_link due to cgroup dying for bpf_cgroup_link or net_device being destroyed for bpf_xdp_link. In such case, bpf_link is still a valid kernel object, but is defuncts and doesn't hold BPF program attached to corresponding BPF hook. This functionality allows users with enough access rights to manually force-detach attached bpf_link without killing respective owner process. This patch implements LINK_DETACH for cgroup, xdp, and netns links, mostly re-using existing link release handling code. Signed-off-by:
-
John Fastabend authored
Nearly every user of cgroup helpers does the same sequence of API calls. So push these into a single helper cgroup_setup_and_join. The cases that do a bit of extra logic are test_progs which currently uses an env variable to decide if it needs to setup the cgroup environment or can use an existingi environment. And then tests that are doing cgroup tests themselves. We skip these cases for now. Signed-off-by:
-
- 31 Jul, 2020 3 commits
-
-
Tiezhu Yang authored
There exists an error "404 Not Found" when I click the html link of "Documentation/networking/filter.rst" in the BPF documentation [1], fix it. Additionally, use the new links about "BPF and XDP Reference Guide" and "bpf(2)" to avoid redirects. [1] https://www.kernel.org/doc/html/latest/bpf/ Fixes: d9b9170a ("docs: bpf: Rename README.rst to index.rst") Fixes: cb3f0d56 ("docs: networking: convert filter.txt to ReST") Signed-off-by:
Tiezhu Yang <yangtiezhu@loongson.cn> Signed-off-by:
-
Jerry Crunchtime authored
The o32, n32 and n64 calling conventions require the return value to be stored in $v0 which maps to $2 register, i.e., the register 2. Fixes: c1932cdb ("bpf: Add MIPS support to samples/bpf.") Signed-off-by:
Jerry Crunchtime <jerry.c.t@web.de> Signed-off-by:
-
Jakub Sitnicki authored
When BPF sk lookup invokes reuseport handling for the selected socket, it should ignore the fact that reuseport group can contain connected UDP sockets. With BPF sk lookup this is not relevant as we are not scoring sockets to find the best match, which might be a connected UDP socket. Fix it by unconditionally accepting the socket selected by reuseport. This fixes the following two failures reported by test_progs. # ./test_progs -t sk_lookup ... #73/14 UDP IPv4 redir and reuseport with conns:FAIL ... #73/20 UDP IPv6 redir and reuseport with conns:FAIL ... Fixes: a57066b1 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") Reported-by:
Alexei Starovoitov <alexei.starovoitov@gmail.com> Signed-off-by:
Jakub Sitnicki <jakub@cloudflare.com> Signed-off-by:
-
- 30 Jul, 2020 9 commits
-
-
Andrii Nakryiko authored
Most of libbpf "constructors" on failure return ERR_PTR(err) result encoded as a pointer. It's a common mistake to eventually pass such malformed pointers into xxx__destroy()/xxx__free() "destructors". So instead of fixing up clean up code in selftests and user programs, handle such error pointers in destructors themselves. This works beautifully for NULL pointers passed to destructors, so might as well just work for error pointers. Suggested-by:
-
Jakub Sitnicki authored
Setting IFA_F_NODAD flag for IPv6 addresses to add to loopback is unnecessary. Duplicate Address Detection does not happen on loopback device. Also, passing 'nodad' flag to 'ip address' breaks libbpf CI, which runs in an environment with BusyBox implementation of 'ip' command, that doesn't understand this flag. Fixes: 0ab5539f ("selftests/bpf: Tests for BPF_SK_LOOKUP attach point") Reported-by:
Andrii Nakryiko <andrii.nakryiko@gmail.com> Signed-off-by:
Andrii Nakryiko <andrii@fb.com> Acked-by:
-
Andrii Nakryiko authored
Check that link is NULL or proper pointer before invoking bpf_link__destroy(). Not doing this causes crash in test_progs, when cg_storage_multi selftest fails. Fixes: 3573f384 ("selftests/bpf: Test CGROUP_STORAGE behavior on shared egress + ingress") Signed-off-by:
-
Hangbin Liu authored
This patch add xdpdrv mode for test_xdp_redirect.sh since veth has support native mode. After update here is the test result: # ./test_xdp_redirect.sh selftests: test_xdp_redirect xdpgeneric [PASS] selftests: test_xdp_redirect xdpdrv [PASS] Signed-off-by:
Hangbin Liu <liuhangbin@gmail.com> Signed-off-by:
William Tu <u9012063@gmail.com> Link: https://lore.kernel.org/bpf/20200729085658.403794-1-liuhangbin@gmail.com
-
Stanislav Fomichev authored
Augment udp_limit test to set and verify socket storage value. That should be enough to exercise the changes from the previous patch. Signed-off-by:
Stanislav Fomichev <sdf@google.com> Signed-off-by:
-
Stanislav Fomichev authored
This lets us use socket storage from the following hooks: * BPF_CGROUP_INET_SOCK_CREATE * BPF_CGROUP_INET_SOCK_RELEASE * BPF_CGROUP_INET4_POST_BIND * BPF_CGROUP_INET6_POST_BIND Using existing 'bpf_sk_storage_get_proto' doesn't work because second argument is ARG_PTR_TO_SOCKET. Even though BPF_PROG_TYPE_CGROUP_SOCK hooks operate on 'struct bpf_sock', the verifier still considers it as a PTR_TO_CTX. That's why I'm adding another 'bpf_sk_storage_get_cg_sock_proto' definition strictly for BPF_PROG_TYPE_CGROUP_SOCK which accepts ARG_PTR_TO_CTX which is really 'struct sock' for this program type. Signed-off-by:
-
Yonghong Song authored
Commit afbf21dc ("bpf: Support readonly/readwrite buffers in verifier") added readonly/readwrite buffer support which is currently used by bpf_iter tracing programs. It has a bug with incorrect parameter ordering which later fixed by Commit f6dfbe31 ("bpf: Fix swapped arguments in calls to check_buffer_access"). This patch added a test case with a negative offset access which will trigger the error path. Without Commit f6dfbe31, running the test case in the patch, the error message looks like: R1_w=rdwr_buf(id=0,off=0,imm=0) R10=fp0 ; value_sum += *(__u32 *)(value - 4); 2: (61) r1 = *(u32 *)(r1 -4) R1 invalid (null) buffer access: off=-4, size=4 With the above commit, the error message looks like: R1_w=rdwr_buf(id=0,off=0,imm=0) R10=fp0 ; value_sum += *(__u32 *)(value - 4); 2: (61) r1 = *(u32 *)(r1 -4) R1 invalid rdwr buffer access: off=-4, size=4 Signed-off-by:
Yonghong Song <yhs@fb.com> Signed-off-by:
-
Yonghong Song authored
Newline characters are added in two verifier error messages, refactored in Commit afbf21dc ("bpf: Support readonly/readwrite buffers in verifier"). This way, they do not mix with messages afterwards. Signed-off-by:
-
Jean-Philippe Brucker authored
When a tracing BPF program attempts to read memory without using the bpf_probe_read() helper, the verifier marks the load instruction with the BPF_PROBE_MEM flag. Since the arm64 JIT does not currently recognize this flag it falls back to the interpreter. Add support for BPF_PROBE_MEM, by appending an exception table to the BPF program. If the load instruction causes a data abort, the fixup infrastructure finds the exception table and fixes up the fault, by clearing the destination register and jumping over the faulting instruction. To keep the compact exception table entry format, inspect the pc in fixup_exception(). A more generic solution would add a "handler" field to the table entry, like on x86 and s390. Signed-off-by:
Jean-Philippe Brucker <jean-philippe@linaro.org> Signed-off-by:
-
- 28 Jul, 2020 6 commits
-
-
Andrii Nakryiko authored
Entire net/core subsystem is not built without CONFIG_NET. linux/netdevice.h just assumes that it's always there, so the easiest way to fix this is to conditionally compile out bpf_xdp_link_attach() use in bpf/syscall.c. Fixes: aa8d3a71 ("bpf, xdp: Add bpf_link-based XDP attachment API") Reported-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
-
John Fastabend authored
Using localhost requires the host to have a /etc/hosts file with that specific line in it. By default my dev box did not, they used ip6-localhost, so the test was failing. To fix remove the need for any /etc/hosts and use ::1. I could just add the line, but this seems easier. Signed-off-by:
-
Peilin Ye authored
xsk_getsockopt() is copying uninitialized stack memory to userspace when 'extra_stats' is 'false'. Fix it. Doing '= {};' is sufficient since currently 'struct xdp_statistics' is defined as follows: struct xdp_statistics { __u64 rx_dropped; __u64 rx_invalid_descs; __u64 tx_invalid_descs; __u64 rx_ring_full; __u64 rx_fill_ring_empty_descs; __u64 tx_ring_empty_descs; }; When being copied to the userspace, 'stats' will not contain any uninitialized 'holes' between struct fields. Fixes: 8aa5a335 ("xsk: Add new statistics") Suggested-by:Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Peilin Ye <yepeilin.cs@gmail.com> Signed-off-by:
Björn Töpel <bjorn.topel@intel.com> Acked-by:
Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/bpf/20200728053604.404631-1-yepeilin.cs@gmail.com
-
Colin Ian King authored
There are a couple of arguments of the boolean flag zero_size_allowed and the char pointer buf_info when calling to function check_buffer_access that are swapped by mistake. Fix these by swapping them to correct the argument ordering. Fixes: afbf21dc ("bpf: Support readonly/readwrite buffers in verifier") Addresses-Coverity: ("Array compared to 0") Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Andrii Nakryiko authored
Add bpf_iter__bpf_map_elem and bpf_iter__bpf_sk_storage_map to bpf_iter.h. Fixes: 3b1c420b ("selftests/bpf: Add a test for bpf sk_storage_map iterator") Fixes: 2a7c2fff ("selftests/bpf: Add test for bpf hash map iterators") Signed-off-by:
-
Andrii Nakryiko authored
Due to bpf tree fix merge, bpf_ringbuf_output() signature ended up with int as a return type, while all other helpers got converted to returning long. So fix it in bpf-next now. Fixes: b0659d8a ("bpf: Fix definition of bpf_ringbuf_output() helper in UAPI comments") Signed-off-by:
-
- 27 Jul, 2020 2 commits
-
-
Quentin Monnet authored
Assign "lsm" as a printed name for BPF_PROG_TYPE_LSM in bpftool, so that it can use it when listing programs loaded on the system or when probing features. Signed-off-by:
Quentin Monnet <quentin@isovalent.com> Signed-off-by:
-
Quentin Monnet authored
For probing program and map types, bpftool loops on type values and uses the relevant type name in prog_type_name[] or map_type_name[]. To ensure the name exists, we exit from the loop if we go over the size of the array. However, this is not enough in the case where the arrays have "holes" in them, program or map types for which they have no name, but not at the end of the list. This is currently the case for BPF_PROG_TYPE_LSM, not known to bpftool and which name is a null string. When probing for features, bpftool attempts to strlen() that name and segfaults. Let's fix it by skipping probes for "unknown" program and map types, with an informational message giving the numeral value in that case. Fixes: 93a3545d ("tools/bpftool: Add name mappings for SK_LOOKUP prog and attach type") Reported-by:
Paul Chaignon <paul@cilium.io> Signed-off-by:
-
- 26 Jul, 2020 9 commits
-
-
Alexei Starovoitov authored
Andrii Nakryiko says: ==================== Following cgroup and netns examples, implement bpf_link support for XDP. The semantics is described in patch #2. Program and link attachments are mutually exclusive, in the sense that neither link can replace attached program nor program can replace attached link. Link can't replace attached link as well, as is the case for any other bpf_link implementation. Patch #1 refactors existing BPF program-based attachment API and centralizes high-level query/attach decisions in generic kernel code, while drivers are kept simple and are instructed with low-level decisions about attaching and detaching specific bpf_prog. This also makes QUERY command unnecessary, and patch #8 removes support for it from all kernel drivers. If that's a bad idea, we can drop that patch altogether. With refactoring in patch #1, adding bpf_xdp_link is completely transparent to drivers, they are still functioning at the level of "effective" bpf_prog, that should be called in XDP data path. Corresponding libbpf support for BPF XDP link is added in patch #5. v3->v4: - fix a compilation warning in one of drivers (Jakub); v2->v3: - fix build when CONFIG_BPF_SYSCALL=n (kernel test robot); v1->v2: - fix prog refcounting bug (David); - split dev_change_xdp_fd() changes into 2 patches (David); - add extack messages to all user-induced errors (David). ==================== Signed-off-by: -
Andrii Nakryiko authored
Now that BPF program/link management is centralized in generic net_device code, kernel code never queries program id from drivers, so XDP_QUERY_PROG/XDP_QUERY_PROG_HW commands are unnecessary. This patch removes all the implementations of those commands in kernel, along the xdp_attachment_query(). This patch was compile-tested on allyesconfig. Signed-off-by:
-
Andrii Nakryiko authored
Add selftest validating all the attachment logic around BPF XDP link. Test also link updates and get_obj_info() APIs. Signed-off-by:
-
Andrii Nakryiko authored
Sync UAPI header and add support for using bpf_link-based XDP attachment. Make xdp/ prog type set expected attach type. Kernel didn't enforce attach_type for XDP programs before, so there is no backwards compatiblity issues there. Also fix section_names selftest to recognize that xdp prog types now have expected attach type. Signed-off-by:
-
Andrii Nakryiko authored
Implement XDP link-specific show_fdinfo and link_info to emit ifindex. Signed-off-by:
-
Andrii Nakryiko authored
Add support for LINK_UPDATE command for BPF XDP link to enable reliable replacement of underlying BPF program. Signed-off-by:
-
Andrii Nakryiko authored
Add bpf_link-based API (bpf_xdp_link) to attach BPF XDP program through BPF_LINK_CREATE command. bpf_xdp_link is mutually exclusive with direct BPF program attachment, previous BPF program should be detached prior to attempting to create a new bpf_xdp_link attachment (for a given XDP mode). Once BPF link is attached, it can't be replaced by other BPF program attachment or link attachment. It will be detached only when the last BPF link FD is closed. bpf_xdp_link will be auto-detached when net_device is shutdown, similarly to how other BPF links behave (cgroup, flow_dissector). At that point bpf_link will become defunct, but won't be destroyed until last FD is closed. Signed-off-by:
-
Andrii Nakryiko authored
Further refactor XDP attachment code. dev_change_xdp_fd() is split into two parts: getting bpf_progs from FDs and attachment logic, working with bpf_progs. This makes attachment logic a bit more straightforward and prepares code for bpf_xdp_link inclusion, which will share the common logic. Signed-off-by:
-
Andrii Nakryiko authored
Instead of delegating to drivers, maintain information about which BPF programs are attached in which XDP modes (generic/skb, driver, or hardware) locally in net_device. This effectively obsoletes XDP_QUERY_PROG command. Such re-organization simplifies existing code already. But it also allows to further add bpf_link-based XDP attachments without drivers having to know about any of this at all, which seems like a good setup. XDP_SETUP_PROG/XDP_SETUP_PROG_HW are just low-level commands to driver to install/uninstall active BPF program. All the higher-level concerns about prog/link interaction will be contained within generic driver-agnostic logic. All the XDP_QUERY_PROG calls to driver in dev_xdp_uninstall() were removed. It's not clear for me why dev_xdp_uninstall() were passing previous prog_flags when resetting installed programs. That seems unnecessary, plus most drivers don't populate prog_flags anyways. Having XDP_SETUP_PROG vs XDP_SETUP_PROG_HW should be enough of an indicator of what is required of driver to correctly reset active BPF program. dev_xdp_uninstall() is also generalized as an iteration over all three supported mode. Signed-off-by:
-
