tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf

Daniel Borkmann says:

====================
pull-request: bpf 2018-02-09

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) Two fixes for BPF sockmap in order to break up circular map references
from programs attached to sockmap, and detaching related sockets in
case of socket close() event. For the latter we get rid of the
smap_state_change() and plug into ULP infrastructure, which will later
also be used for additional features anyway such as TX hooks. For the
second issue, dependency chain is broken up via map release callback
to free parse/verdict programs, all from John.

2) Fix a libbpf relocation issue that was found while implementing XDP
support for Suricata project. Issue was that when clang was invoked
with default target instead of bpf target, then various other e.g.
debugging relevant sections are added to the ELF file that contained
relocation entries pointing to non-BPF related sections which libbpf
trips over instead of skipping them. Test cases for libbpf are added
as well, from Jesper.

3) Various misc fixes for bpftool and one for libbpf: a small addition
to libbpf to make sure it recognizes all standard section prefixes.
Then, the Makefile in bpftool/Documentation is improved to explicitly
check for rst2man being installed on the system as we otherwise risk
installing empty man pages; the man page for bpftool-map is corrected
and a set of missing bash completions added in order to avoid shipping
bpftool where the completions are only partially working, from Quentin.

4) Fix applying the relocation to immediate load instructions in the
nfp JIT which were missing a shift, from Jakub.

5) Two fixes for the BPF kernel selftests: handle CONFIG_BPF_JIT_ALWAYS_ON=y
gracefully in test_bpf.ko module and mark them as FLAG_EXPECTED_FAIL
in this case; and explicitly delete the veth devices in the two tests
test_xdp_{meta,redirect}.sh before dismantling the netnses as when
selftests are run in batch mode, then workqueue to handle destruction
might not have finished yet and thus veth creation in next test under
same dev name would fail, from Yonghong.

6) Fix test_kmod.sh to check the test_bpf.ko module path before performing
an insmod, and fallback to modprobe. Especially the latter is useful
when having a device under test that has the modules installed instead,
from Naresh.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 437a4db6 08f51385

+557 -111
+1 -1
drivers/net/ethernet/netronome/nfp/nfp_asm.c
··· 107 107 if (!unreg_is_imm(reg)) 108 108 reg = FIELD_GET(OP_IMMED_B_SRC, instr); 109 109 110 - return (reg & 0xff) | FIELD_GET(OP_IMMED_IMM, instr); 110 + return (reg & 0xff) | FIELD_GET(OP_IMMED_IMM, instr) << 8; 111 111 } 112 112 113 113 void immed_set_value(u64 *instr, u16 immed)
+8
include/net/tcp.h
··· 1983 1983 #define TCP_ULP_MAX 128 1984 1984 #define TCP_ULP_BUF_MAX (TCP_ULP_NAME_MAX*TCP_ULP_MAX) 1985 1985 1986 + enum { 1987 + TCP_ULP_TLS, 1988 + TCP_ULP_BPF, 1989 + }; 1990 + 1986 1991 struct tcp_ulp_ops { 1987 1992 struct list_head list; 1988 1993 ··· 1996 1991 /* cleanup ulp */ 1997 1992 void (*release)(struct sock *sk); 1998 1993 1994 + int uid; 1999 1995 char name[TCP_ULP_NAME_MAX]; 1996 + bool user_visible; 2000 1997 struct module *owner; 2001 1998 }; 2002 1999 int tcp_register_ulp(struct tcp_ulp_ops *type); 2003 2000 void tcp_unregister_ulp(struct tcp_ulp_ops *type); 2004 2001 int tcp_set_ulp(struct sock *sk, const char *name); 2002 + int tcp_set_ulp_id(struct sock *sk, const int ulp); 2005 2003 void tcp_get_available_ulp(char *buf, size_t len); 2006 2004 void tcp_cleanup_ulp(struct sock *sk); 2007 2005
+115 -72
kernel/bpf/sockmap.c
··· 86 86 struct work_struct tx_work; 87 87 struct work_struct gc_work; 88 88 89 + struct proto *sk_proto; 90 + void (*save_close)(struct sock *sk, long timeout); 89 91 void (*save_data_ready)(struct sock *sk); 90 92 void (*save_write_space)(struct sock *sk); 91 - void (*save_state_change)(struct sock *sk); 92 93 }; 93 94 94 95 static inline struct smap_psock *smap_psock_sk(const struct sock *sk) ··· 97 96 return rcu_dereference_sk_user_data(sk); 98 97 } 99 98 99 + static struct proto tcp_bpf_proto; 100 + static int bpf_tcp_init(struct sock *sk) 101 + { 102 + struct smap_psock *psock; 103 + 104 + rcu_read_lock(); 105 + psock = smap_psock_sk(sk); 106 + if (unlikely(!psock)) { 107 + rcu_read_unlock(); 108 + return -EINVAL; 109 + } 110 + 111 + if (unlikely(psock->sk_proto)) { 112 + rcu_read_unlock(); 113 + return -EBUSY; 114 + } 115 + 116 + psock->save_close = sk->sk_prot->close; 117 + psock->sk_proto = sk->sk_prot; 118 + sk->sk_prot = &tcp_bpf_proto; 119 + rcu_read_unlock(); 120 + return 0; 121 + } 122 + 123 + static void bpf_tcp_release(struct sock *sk) 124 + { 125 + struct smap_psock *psock; 126 + 127 + rcu_read_lock(); 128 + psock = smap_psock_sk(sk); 129 + 130 + if (likely(psock)) { 131 + sk->sk_prot = psock->sk_proto; 132 + psock->sk_proto = NULL; 133 + } 134 + rcu_read_unlock(); 135 + } 136 + 137 + static void smap_release_sock(struct smap_psock *psock, struct sock *sock); 138 + 139 + static void bpf_tcp_close(struct sock *sk, long timeout) 140 + { 141 + void (*close_fun)(struct sock *sk, long timeout); 142 + struct smap_psock_map_entry *e, *tmp; 143 + struct smap_psock *psock; 144 + struct sock *osk; 145 + 146 + rcu_read_lock(); 147 + psock = smap_psock_sk(sk); 148 + if (unlikely(!psock)) { 149 + rcu_read_unlock(); 150 + return sk->sk_prot->close(sk, timeout); 151 + } 152 + 153 + /* The psock may be destroyed anytime after exiting the RCU critial 154 + * section so by the time we use close_fun the psock may no longer 155 + * be valid. However, bpf_tcp_close is called with the sock lock 156 + * held so the close hook and sk are still valid. 157 + */ 158 + close_fun = psock->save_close; 159 + 160 + write_lock_bh(&sk->sk_callback_lock); 161 + list_for_each_entry_safe(e, tmp, &psock->maps, list) { 162 + osk = cmpxchg(e->entry, sk, NULL); 163 + if (osk == sk) { 164 + list_del(&e->list); 165 + smap_release_sock(psock, sk); 166 + } 167 + } 168 + write_unlock_bh(&sk->sk_callback_lock); 169 + rcu_read_unlock(); 170 + close_fun(sk, timeout); 171 + } 172 + 100 173 enum __sk_action { 101 174 __SK_DROP = 0, 102 175 __SK_PASS, 103 176 __SK_REDIRECT, 104 177 }; 178 + 179 + static struct tcp_ulp_ops bpf_tcp_ulp_ops __read_mostly = { 180 + .name = "bpf_tcp", 181 + .uid = TCP_ULP_BPF, 182 + .user_visible = false, 183 + .owner = NULL, 184 + .init = bpf_tcp_init, 185 + .release = bpf_tcp_release, 186 + }; 187 + 188 + static int bpf_tcp_ulp_register(void) 189 + { 190 + tcp_bpf_proto = tcp_prot; 191 + tcp_bpf_proto.close = bpf_tcp_close; 192 + return tcp_register_ulp(&bpf_tcp_ulp_ops); 193 + } 105 194 106 195 static int smap_verdict_func(struct smap_psock *psock, struct sk_buff *skb) 107 196 { ··· 255 164 256 165 sk->sk_err = err; 257 166 sk->sk_error_report(sk); 258 - } 259 - 260 - static void smap_release_sock(struct smap_psock *psock, struct sock *sock); 261 - 262 - /* Called with lock_sock(sk) held */ 263 - static void smap_state_change(struct sock *sk) 264 - { 265 - struct smap_psock_map_entry *e, *tmp; 266 - struct smap_psock *psock; 267 - struct socket_wq *wq; 268 - struct sock *osk; 269 - 270 - rcu_read_lock(); 271 - 272 - /* Allowing transitions into an established syn_recv states allows 273 - * for early binding sockets to a smap object before the connection 274 - * is established. 275 - */ 276 - switch (sk->sk_state) { 277 - case TCP_SYN_SENT: 278 - case TCP_SYN_RECV: 279 - case TCP_ESTABLISHED: 280 - break; 281 - case TCP_CLOSE_WAIT: 282 - case TCP_CLOSING: 283 - case TCP_LAST_ACK: 284 - case TCP_FIN_WAIT1: 285 - case TCP_FIN_WAIT2: 286 - case TCP_LISTEN: 287 - break; 288 - case TCP_CLOSE: 289 - /* Only release if the map entry is in fact the sock in 290 - * question. There is a case where the operator deletes 291 - * the sock from the map, but the TCP sock is closed before 292 - * the psock is detached. Use cmpxchg to verify correct 293 - * sock is removed. 294 - */ 295 - psock = smap_psock_sk(sk); 296 - if (unlikely(!psock)) 297 - break; 298 - write_lock_bh(&sk->sk_callback_lock); 299 - list_for_each_entry_safe(e, tmp, &psock->maps, list) { 300 - osk = cmpxchg(e->entry, sk, NULL); 301 - if (osk == sk) { 302 - list_del(&e->list); 303 - smap_release_sock(psock, sk); 304 - } 305 - } 306 - write_unlock_bh(&sk->sk_callback_lock); 307 - break; 308 - default: 309 - psock = smap_psock_sk(sk); 310 - if (unlikely(!psock)) 311 - break; 312 - smap_report_sk_error(psock, EPIPE); 313 - break; 314 - } 315 - 316 - wq = rcu_dereference(sk->sk_wq); 317 - if (skwq_has_sleeper(wq)) 318 - wake_up_interruptible_all(&wq->wait); 319 - rcu_read_unlock(); 320 167 } 321 168 322 169 static void smap_read_sock_strparser(struct strparser *strp, ··· 351 322 return; 352 323 sk->sk_data_ready = psock->save_data_ready; 353 324 sk->sk_write_space = psock->save_write_space; 354 - sk->sk_state_change = psock->save_state_change; 355 325 psock->save_data_ready = NULL; 356 326 psock->save_write_space = NULL; 357 - psock->save_state_change = NULL; 358 327 strp_stop(&psock->strp); 359 328 psock->strp_enabled = false; 360 329 } ··· 377 350 if (psock->refcnt) 378 351 return; 379 352 353 + tcp_cleanup_ulp(sock); 380 354 smap_stop_sock(psock, sock); 381 355 clear_bit(SMAP_TX_RUNNING, &psock->state); 382 356 rcu_assign_sk_user_data(sock, NULL); ··· 455 427 return; 456 428 psock->save_data_ready = sk->sk_data_ready; 457 429 psock->save_write_space = sk->sk_write_space; 458 - psock->save_state_change = sk->sk_state_change; 459 430 sk->sk_data_ready = smap_data_ready; 460 431 sk->sk_write_space = smap_write_space; 461 - sk->sk_state_change = smap_state_change; 462 432 psock->strp_enabled = true; 463 433 } 464 434 ··· 534 508 535 509 if (attr->value_size > KMALLOC_MAX_SIZE) 536 510 return ERR_PTR(-E2BIG); 511 + 512 + err = bpf_tcp_ulp_register(); 513 + if (err && err != -EEXIST) 514 + return ERR_PTR(err); 537 515 538 516 stab = kzalloc(sizeof(*stab), GFP_USER); 539 517 if (!stab) ··· 619 589 write_unlock_bh(&sock->sk_callback_lock); 620 590 } 621 591 rcu_read_unlock(); 622 - 623 - if (stab->bpf_verdict) 624 - bpf_prog_put(stab->bpf_verdict); 625 - if (stab->bpf_parse) 626 - bpf_prog_put(stab->bpf_parse); 627 592 628 593 sock_map_remove_complete(stab); 629 594 } ··· 779 754 goto out_progs; 780 755 } 781 756 757 + err = tcp_set_ulp_id(sock, TCP_ULP_BPF); 758 + if (err) 759 + goto out_progs; 760 + 782 761 set_bit(SMAP_TX_RUNNING, &psock->state); 783 762 } 784 763 ··· 895 866 return err; 896 867 } 897 868 869 + static void sock_map_release(struct bpf_map *map, struct file *map_file) 870 + { 871 + struct bpf_stab *stab = container_of(map, struct bpf_stab, map); 872 + struct bpf_prog *orig; 873 + 874 + orig = xchg(&stab->bpf_parse, NULL); 875 + if (orig) 876 + bpf_prog_put(orig); 877 + orig = xchg(&stab->bpf_verdict, NULL); 878 + if (orig) 879 + bpf_prog_put(orig); 880 + } 881 + 898 882 const struct bpf_map_ops sock_map_ops = { 899 883 .map_alloc = sock_map_alloc, 900 884 .map_free = sock_map_free, ··· 915 873 .map_get_next_key = sock_map_get_next_key, 916 874 .map_update_elem = sock_map_update_elem, 917 875 .map_delete_elem = sock_map_delete_elem, 876 + .map_release = sock_map_release, 918 877 }; 919 878 920 879 BPF_CALL_4(bpf_sock_map_update, struct bpf_sock_ops_kern *, bpf_sock,
+26 -5
lib/test_bpf.c
··· 83 83 __u32 result; 84 84 } test[MAX_SUBTESTS]; 85 85 int (*fill_helper)(struct bpf_test *self); 86 + int expected_errcode; /* used when FLAG_EXPECTED_FAIL is set in the aux */ 86 87 __u8 frag_data[MAX_DATA]; 87 88 int stack_depth; /* for eBPF only, since tests don't call verifier */ 88 89 }; ··· 2027 2026 }, 2028 2027 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2029 2028 { }, 2030 - { } 2029 + { }, 2030 + .fill_helper = NULL, 2031 + .expected_errcode = -EINVAL, 2031 2032 }, 2032 2033 { 2033 2034 "check: div_k_0", ··· 2039 2036 }, 2040 2037 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2041 2038 { }, 2042 - { } 2039 + { }, 2040 + .fill_helper = NULL, 2041 + .expected_errcode = -EINVAL, 2043 2042 }, 2044 2043 { 2045 2044 "check: unknown insn", ··· 2052 2047 }, 2053 2048 CLASSIC | FLAG_EXPECTED_FAIL, 2054 2049 { }, 2055 - { } 2050 + { }, 2051 + .fill_helper = NULL, 2052 + .expected_errcode = -EINVAL, 2056 2053 }, 2057 2054 { 2058 2055 "check: out of range spill/fill", ··· 2064 2057 }, 2065 2058 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2066 2059 { }, 2067 - { } 2060 + { }, 2061 + .fill_helper = NULL, 2062 + .expected_errcode = -EINVAL, 2068 2063 }, 2069 2064 { 2070 2065 "JUMPS + HOLES", ··· 2158 2149 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2159 2150 { }, 2160 2151 { }, 2152 + .fill_helper = NULL, 2153 + .expected_errcode = -EINVAL, 2161 2154 }, 2162 2155 { 2163 2156 "check: LDX + RET X", ··· 2170 2159 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2171 2160 { }, 2172 2161 { }, 2162 + .fill_helper = NULL, 2163 + .expected_errcode = -EINVAL, 2173 2164 }, 2174 2165 { /* Mainly checking JIT here. */ 2175 2166 "M[]: alt STX + LDX", ··· 2346 2333 CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 2347 2334 { }, 2348 2335 { }, 2336 + .fill_helper = NULL, 2337 + .expected_errcode = -EINVAL, 2349 2338 }, 2350 2339 { /* Passes checker but fails during runtime. */ 2351 2340 "LD [SKF_AD_OFF-1]", ··· 5410 5395 { }, 5411 5396 { }, 5412 5397 .fill_helper = bpf_fill_maxinsns4, 5398 + .expected_errcode = -EINVAL, 5413 5399 }, 5414 5400 { /* Mainly checking JIT here. */ 5415 5401 "BPF_MAXINSNS: Very long jump", ··· 5466 5450 { 5467 5451 "BPF_MAXINSNS: Jump, gap, jump, ...", 5468 5452 { }, 5453 + #ifdef CONFIG_BPF_JIT_ALWAYS_ON 5454 + CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, 5455 + #else 5469 5456 CLASSIC | FLAG_NO_DATA, 5457 + #endif 5470 5458 { }, 5471 5459 { { 0, 0xababcbac } }, 5472 5460 .fill_helper = bpf_fill_maxinsns11, 5461 + .expected_errcode = -ENOTSUPP, 5473 5462 }, 5474 5463 { 5475 5464 "BPF_MAXINSNS: ld_abs+get_processor_id", ··· 6365 6344 6366 6345 *err = bpf_prog_create(&fp, &fprog); 6367 6346 if (tests[which].aux & FLAG_EXPECTED_FAIL) { 6368 - if (*err == -EINVAL) { 6347 + if (*err == tests[which].expected_errcode) { 6369 6348 pr_cont("PASS\n"); 6370 6349 /* Verifier rejected filter as expected. */ 6371 6350 *err = 0;
+54 -5
net/ipv4/tcp_ulp.c
··· 29 29 return NULL; 30 30 } 31 31 32 + static struct tcp_ulp_ops *tcp_ulp_find_id(const int ulp) 33 + { 34 + struct tcp_ulp_ops *e; 35 + 36 + list_for_each_entry_rcu(e, &tcp_ulp_list, list) { 37 + if (e->uid == ulp) 38 + return e; 39 + } 40 + 41 + return NULL; 42 + } 43 + 32 44 static const struct tcp_ulp_ops *__tcp_ulp_find_autoload(const char *name) 33 45 { 34 46 const struct tcp_ulp_ops *ulp = NULL; ··· 63 51 return ulp; 64 52 } 65 53 54 + static const struct tcp_ulp_ops *__tcp_ulp_lookup(const int uid) 55 + { 56 + const struct tcp_ulp_ops *ulp; 57 + 58 + rcu_read_lock(); 59 + ulp = tcp_ulp_find_id(uid); 60 + if (!ulp || !try_module_get(ulp->owner)) 61 + ulp = NULL; 62 + rcu_read_unlock(); 63 + return ulp; 64 + } 65 + 66 66 /* Attach new upper layer protocol to the list 67 67 * of available protocols. 68 68 */ ··· 83 59 int ret = 0; 84 60 85 61 spin_lock(&tcp_ulp_list_lock); 86 - if (tcp_ulp_find(ulp->name)) { 87 - pr_notice("%s already registered or non-unique name\n", 88 - ulp->name); 62 + if (tcp_ulp_find(ulp->name)) 89 63 ret = -EEXIST; 90 - } else { 64 + else 91 65 list_add_tail_rcu(&ulp->list, &tcp_ulp_list); 92 - } 93 66 spin_unlock(&tcp_ulp_list_lock); 94 67 95 68 return ret; ··· 142 121 return -EEXIST; 143 122 144 123 ulp_ops = __tcp_ulp_find_autoload(name); 124 + if (!ulp_ops) 125 + return -ENOENT; 126 + 127 + if (!ulp_ops->user_visible) { 128 + module_put(ulp_ops->owner); 129 + return -ENOENT; 130 + } 131 + 132 + err = ulp_ops->init(sk); 133 + if (err) { 134 + module_put(ulp_ops->owner); 135 + return err; 136 + } 137 + 138 + icsk->icsk_ulp_ops = ulp_ops; 139 + return 0; 140 + } 141 + 142 + int tcp_set_ulp_id(struct sock *sk, int ulp) 143 + { 144 + struct inet_connection_sock *icsk = inet_csk(sk); 145 + const struct tcp_ulp_ops *ulp_ops; 146 + int err; 147 + 148 + if (icsk->icsk_ulp_ops) 149 + return -EEXIST; 150 + 151 + ulp_ops = __tcp_ulp_lookup(ulp); 145 152 if (!ulp_ops) 146 153 return -ENOENT; 147 154
+2
net/tls/tls_main.c
··· 484 484 485 485 static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { 486 486 .name = "tls", 487 + .uid = TCP_ULP_TLS, 488 + .user_visible = true, 487 489 .owner = THIS_MODULE, 488 490 .init = tls_init, 489 491 };
+5
tools/bpf/bpftool/Documentation/Makefile
··· 23 23 man: man8 24 24 man8: $(DOC_MAN8) 25 25 26 + RST2MAN_DEP := $(shell command -v rst2man 2>/dev/null) 27 + 26 28 $(OUTPUT)%.8: %.rst 29 + ifndef RST2MAN_DEP 30 + $(error "rst2man not found, but required to generate man pages") 31 + endif 27 32 $(QUIET_GEN)rst2man $< > $@ 28 33 29 34 clean:
+2 -2
tools/bpf/bpftool/Documentation/bpftool-cgroup.rst
··· 26 26 | **bpftool** **cgroup help** 27 27 | 28 28 | *PROG* := { **id** *PROG_ID* | **pinned** *FILE* | **tag** *PROG_TAG* } 29 - | *ATTACH_TYPE* := { *ingress* | *egress* | *sock_create* | *sock_ops* | *device* } 30 - | *ATTACH_FLAGS* := { *multi* | *override* } 29 + | *ATTACH_TYPE* := { **ingress** | **egress** | **sock_create** | **sock_ops** | **device** } 30 + | *ATTACH_FLAGS* := { **multi** | **override** } 31 31 32 32 DESCRIPTION 33 33 ===========
+2 -1
tools/bpf/bpftool/Documentation/bpftool-map.rst
··· 31 31 | **bpftool** **map help** 32 32 | 33 33 | *MAP* := { **id** *MAP_ID* | **pinned** *FILE* } 34 - | *VALUE* := { *BYTES* | *MAP* | *PROGRAM* } 34 + | *PROG* := { **id** *PROG_ID* | **pinned** *FILE* | **tag** *PROG_TAG* } 35 + | *VALUE* := { *BYTES* | *MAP* | *PROG* } 35 36 | *UPDATE_FLAGS* := { **any** | **exist** | **noexist** } 36 37 37 38 DESCRIPTION
+66 -6
tools/bpf/bpftool/bash-completion/bpftool
··· 52 52 done 53 53 } 54 54 55 - # Takes a list of words in argument; adds them all to COMPREPLY if none of them 56 - # is already present on the command line. Returns no value. 57 - _bpftool_one_of_list() 55 + # Takes a list of words as argument; if any of those words is present on the 56 + # command line, return 0. Otherwise, return 1. 57 + _bpftool_search_list() 58 58 { 59 59 local w idx 60 60 for w in $*; do 61 61 for (( idx=3; idx < ${#words[@]}-1; idx++ )); do 62 - [[ $w == ${words[idx]} ]] && return 1 62 + [[ $w == ${words[idx]} ]] && return 0 63 63 done 64 64 done 65 + return 1 66 + } 67 + 68 + # Takes a list of words in argument; adds them all to COMPREPLY if none of them 69 + # is already present on the command line. Returns no value. 70 + _bpftool_one_of_list() 71 + { 72 + _bpftool_search_list $* && return 1 65 73 COMPREPLY+=( $( compgen -W "$*" -- "$cur" ) ) 66 74 } 67 75 ··· 238 230 fi 239 231 return 0 240 232 ;; 233 + load) 234 + _filedir 235 + return 0 236 + ;; 241 237 *) 242 238 [[ $prev == $object ]] && \ 243 - COMPREPLY=( $( compgen -W 'dump help pin show list' -- \ 244 - "$cur" ) ) 239 + COMPREPLY=( $( compgen -W 'dump help pin load \ 240 + show list' -- "$cur" ) ) 245 241 ;; 246 242 esac 247 243 ;; ··· 356 344 [[ $prev == $object ]] && \ 357 345 COMPREPLY=( $( compgen -W 'delete dump getnext help \ 358 346 lookup pin show list update' -- "$cur" ) ) 347 + ;; 348 + esac 349 + ;; 350 + cgroup) 351 + case $command in 352 + show|list) 353 + _filedir 354 + return 0 355 + ;; 356 + attach|detach) 357 + local ATTACH_TYPES='ingress egress sock_create sock_ops \ 358 + device' 359 + local ATTACH_FLAGS='multi override' 360 + local PROG_TYPE='id pinned tag' 361 + case $prev in 362 + $command) 363 + _filedir 364 + return 0 365 + ;; 366 + ingress|egress|sock_create|sock_ops|device) 367 + COMPREPLY=( $( compgen -W "$PROG_TYPE" -- \ 368 + "$cur" ) ) 369 + return 0 370 + ;; 371 + id) 372 + _bpftool_get_prog_ids 373 + return 0 374 + ;; 375 + *) 376 + if ! _bpftool_search_list "$ATTACH_TYPES"; then 377 + COMPREPLY=( $( compgen -W "$ATTACH_TYPES" -- \ 378 + "$cur" ) ) 379 + elif [[ "$command" == "attach" ]]; then 380 + # We have an attach type on the command line, 381 + # but it is not the previous word, or 382 + # "id|pinned|tag" (we already checked for 383 + # that). This should only leave the case when 384 + # we need attach flags for "attach" commamnd. 385 + _bpftool_one_of_list "$ATTACH_FLAGS" 386 + fi 387 + return 0 388 + ;; 389 + esac 390 + ;; 391 + *) 392 + [[ $prev == $object ]] && \ 393 + COMPREPLY=( $( compgen -W 'help attach detach \ 394 + show list' -- "$cur" ) ) 359 395 ;; 360 396 esac 361 397 ;;
+4 -3
tools/include/uapi/linux/bpf_common.h
··· 15 15 16 16 /* ld/ldx fields */ 17 17 #define BPF_SIZE(code) ((code) & 0x18) 18 - #define BPF_W 0x00 19 - #define BPF_H 0x08 20 - #define BPF_B 0x10 18 + #define BPF_W 0x00 /* 32-bit */ 19 + #define BPF_H 0x08 /* 16-bit */ 20 + #define BPF_B 0x10 /* 8-bit */ 21 + /* eBPF BPF_DW 0x18 64-bit */ 21 22 #define BPF_MODE(code) ((code) & 0xe0) 22 23 #define BPF_IMM 0x00 23 24 #define BPF_ABS 0x20
+44 -12
tools/lib/bpf/libbpf.c
··· 319 319 320 320 prog->section_name = strdup(section_name); 321 321 if (!prog->section_name) { 322 - pr_warning("failed to alloc name for prog under section %s\n", 323 - section_name); 322 + pr_warning("failed to alloc name for prog under section(%d) %s\n", 323 + idx, section_name); 324 324 goto errout; 325 325 } 326 326 ··· 742 742 return 0; 743 743 } 744 744 745 + static bool section_have_execinstr(struct bpf_object *obj, int idx) 746 + { 747 + Elf_Scn *scn; 748 + GElf_Shdr sh; 749 + 750 + scn = elf_getscn(obj->efile.elf, idx); 751 + if (!scn) 752 + return false; 753 + 754 + if (gelf_getshdr(scn, &sh) != &sh) 755 + return false; 756 + 757 + if (sh.sh_flags & SHF_EXECINSTR) 758 + return true; 759 + 760 + return false; 761 + } 762 + 745 763 static int bpf_object__elf_collect(struct bpf_object *obj) 746 764 { 747 765 Elf *elf = obj->efile.elf; ··· 781 763 782 764 idx++; 783 765 if (gelf_getshdr(scn, &sh) != &sh) { 784 - pr_warning("failed to get section header from %s\n", 785 - obj->path); 766 + pr_warning("failed to get section(%d) header from %s\n", 767 + idx, obj->path); 786 768 err = -LIBBPF_ERRNO__FORMAT; 787 769 goto out; 788 770 } 789 771 790 772 name = elf_strptr(elf, ep->e_shstrndx, sh.sh_name); 791 773 if (!name) { 792 - pr_warning("failed to get section name from %s\n", 793 - obj->path); 774 + pr_warning("failed to get section(%d) name from %s\n", 775 + idx, obj->path); 794 776 err = -LIBBPF_ERRNO__FORMAT; 795 777 goto out; 796 778 } 797 779 798 780 data = elf_getdata(scn, 0); 799 781 if (!data) { 800 - pr_warning("failed to get section data from %s(%s)\n", 801 - name, obj->path); 782 + pr_warning("failed to get section(%d) data from %s(%s)\n", 783 + idx, name, obj->path); 802 784 err = -LIBBPF_ERRNO__FORMAT; 803 785 goto out; 804 786 } 805 - pr_debug("section %s, size %ld, link %d, flags %lx, type=%d\n", 806 - name, (unsigned long)data->d_size, 787 + pr_debug("section(%d) %s, size %ld, link %d, flags %lx, type=%d\n", 788 + idx, name, (unsigned long)data->d_size, 807 789 (int)sh.sh_link, (unsigned long)sh.sh_flags, 808 790 (int)sh.sh_type); 809 791 ··· 843 825 } else if (sh.sh_type == SHT_REL) { 844 826 void *reloc = obj->efile.reloc; 845 827 int nr_reloc = obj->efile.nr_reloc + 1; 828 + int sec = sh.sh_info; /* points to other section */ 829 + 830 + /* Only do relo for section with exec instructions */ 831 + if (!section_have_execinstr(obj, sec)) { 832 + pr_debug("skip relo %s(%d) for section(%d)\n", 833 + name, idx, sec); 834 + continue; 835 + } 846 836 847 837 reloc = realloc(reloc, 848 838 sizeof(*obj->efile.reloc) * nr_reloc); ··· 866 840 obj->efile.reloc[n].shdr = sh; 867 841 obj->efile.reloc[n].data = data; 868 842 } 843 + } else { 844 + pr_debug("skip section(%d) %s\n", idx, name); 869 845 } 870 846 if (err) 871 847 goto out; ··· 1147 1119 1148 1120 prog = bpf_object__find_prog_by_idx(obj, idx); 1149 1121 if (!prog) { 1150 - pr_warning("relocation failed: no %d section\n", 1151 - idx); 1122 + pr_warning("relocation failed: no section(%d)\n", idx); 1152 1123 return -LIBBPF_ERRNO__RELOC; 1153 1124 } 1154 1125 ··· 1843 1816 BPF_PROG_SEC("socket", BPF_PROG_TYPE_SOCKET_FILTER), 1844 1817 BPF_PROG_SEC("kprobe/", BPF_PROG_TYPE_KPROBE), 1845 1818 BPF_PROG_SEC("kretprobe/", BPF_PROG_TYPE_KPROBE), 1819 + BPF_PROG_SEC("classifier", BPF_PROG_TYPE_SCHED_CLS), 1820 + BPF_PROG_SEC("action", BPF_PROG_TYPE_SCHED_ACT), 1846 1821 BPF_PROG_SEC("tracepoint/", BPF_PROG_TYPE_TRACEPOINT), 1847 1822 BPF_PROG_SEC("xdp", BPF_PROG_TYPE_XDP), 1848 1823 BPF_PROG_SEC("perf_event", BPF_PROG_TYPE_PERF_EVENT), 1849 1824 BPF_PROG_SEC("cgroup/skb", BPF_PROG_TYPE_CGROUP_SKB), 1850 1825 BPF_PROG_SEC("cgroup/sock", BPF_PROG_TYPE_CGROUP_SOCK), 1851 1826 BPF_PROG_SEC("cgroup/dev", BPF_PROG_TYPE_CGROUP_DEVICE), 1827 + BPF_PROG_SEC("lwt_in", BPF_PROG_TYPE_LWT_IN), 1828 + BPF_PROG_SEC("lwt_out", BPF_PROG_TYPE_LWT_OUT), 1829 + BPF_PROG_SEC("lwt_xmit", BPF_PROG_TYPE_LWT_XMIT), 1852 1830 BPF_PROG_SEC("sockops", BPF_PROG_TYPE_SOCK_OPS), 1853 1831 BPF_PROG_SEC("sk_skb", BPF_PROG_TYPE_SK_SKB), 1854 1832 };
+11 -1
tools/testing/selftests/bpf/Makefile
··· 13 13 CFLAGS += -Wall -O2 -I$(APIDIR) -I$(LIBDIR) -I$(GENDIR) $(GENFLAGS) -I../../../include 14 14 LDLIBS += -lcap -lelf -lrt -lpthread 15 15 16 + # Order correspond to 'make run_tests' order 16 17 TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \ 17 18 test_align test_verifier_log test_dev_cgroup test_tcpbpf_user 18 19 ··· 23 22 test_l4lb_noinline.o test_xdp_noinline.o test_stacktrace_map.o \ 24 23 sample_map_ret0.o test_tcpbpf_kern.o 25 24 26 - TEST_PROGS := test_kmod.sh test_xdp_redirect.sh test_xdp_meta.sh \ 25 + # Order correspond to 'make run_tests' order 26 + TEST_PROGS := test_kmod.sh \ 27 + test_libbpf.sh \ 28 + test_xdp_redirect.sh \ 29 + test_xdp_meta.sh \ 27 30 test_offload.py 31 + 32 + # Compile but not part of 'make run_tests' 33 + TEST_GEN_PROGS_EXTENDED = test_libbpf_open 28 34 29 35 include ../lib.mk 30 36 31 37 BPFOBJ := $(OUTPUT)/libbpf.a cgroup_helpers.c 32 38 33 39 $(TEST_GEN_PROGS): $(BPFOBJ) 40 + 41 + $(TEST_GEN_PROGS_EXTENDED): $(OUTPUT)/libbpf.a 34 42 35 43 .PHONY: force 36 44
+15 -3
tools/testing/selftests/bpf/test_kmod.sh
··· 10 10 11 11 echo "[ JIT enabled:$1 hardened:$2 ]" 12 12 dmesg -C 13 - insmod $SRC_TREE/lib/test_bpf.ko 2> /dev/null 14 - if [ $? -ne 0 ]; then 15 - rc=1 13 + if [ -f ${SRC_TREE}/lib/test_bpf.ko ]; then 14 + insmod ${SRC_TREE}/lib/test_bpf.ko 2> /dev/null 15 + if [ $? -ne 0 ]; then 16 + rc=1 17 + fi 18 + else 19 + # Use modprobe dry run to check for missing test_bpf module 20 + if ! /sbin/modprobe -q -n test_bpf; then 21 + echo "test_bpf: [SKIP]" 22 + elif /sbin/modprobe -q test_bpf; then 23 + echo "test_bpf: ok" 24 + else 25 + echo "test_bpf: [FAIL]" 26 + rc=1 27 + fi 16 28 fi 17 29 rmmod test_bpf 2> /dev/null 18 30 dmesg | grep FAIL
+49
tools/testing/selftests/bpf/test_libbpf.sh
··· 1 + #!/bin/sh 2 + # SPDX-License-Identifier: GPL-2.0 3 + 4 + export TESTNAME=test_libbpf 5 + 6 + # Determine selftest success via shell exit code 7 + exit_handler() 8 + { 9 + if (( $? == 0 )); then 10 + echo "selftests: $TESTNAME [PASS]"; 11 + else 12 + echo "$TESTNAME: failed at file $LAST_LOADED" 1>&2 13 + echo "selftests: $TESTNAME [FAILED]"; 14 + fi 15 + } 16 + 17 + libbpf_open_file() 18 + { 19 + LAST_LOADED=$1 20 + if [ -n "$VERBOSE" ]; then 21 + ./test_libbpf_open $1 22 + else 23 + ./test_libbpf_open --quiet $1 24 + fi 25 + } 26 + 27 + # Exit script immediately (well catched by trap handler) if any 28 + # program/thing exits with a non-zero status. 29 + set -e 30 + 31 + # (Use 'trap -l' to list meaning of numbers) 32 + trap exit_handler 0 2 3 6 9 33 + 34 + libbpf_open_file test_l4lb.o 35 + 36 + # TODO: fix libbpf to load noinline functions 37 + # [warning] libbpf: incorrect bpf_call opcode 38 + #libbpf_open_file test_l4lb_noinline.o 39 + 40 + # TODO: fix test_xdp_meta.c to load with libbpf 41 + # [warning] libbpf: test_xdp_meta.o doesn't provide kernel version 42 + #libbpf_open_file test_xdp_meta.o 43 + 44 + # TODO: fix libbpf to handle .eh_frame 45 + # [warning] libbpf: relocation failed: no section(10) 46 + #libbpf_open_file ../../../../samples/bpf/tracex3_kern.o 47 + 48 + # Success 49 + exit 0
+150
tools/testing/selftests/bpf/test_libbpf_open.c
··· 1 + /* SPDX-License-Identifier: GPL-2.0 2 + * Copyright (c) 2018 Jesper Dangaard Brouer, Red Hat Inc. 3 + */ 4 + static const char *__doc__ = 5 + "Libbpf test program for loading BPF ELF object files"; 6 + 7 + #include <stdlib.h> 8 + #include <stdio.h> 9 + #include <string.h> 10 + #include <stdarg.h> 11 + #include <bpf/libbpf.h> 12 + #include <getopt.h> 13 + 14 + static const struct option long_options[] = { 15 + {"help", no_argument, NULL, 'h' }, 16 + {"debug", no_argument, NULL, 'D' }, 17 + {"quiet", no_argument, NULL, 'q' }, 18 + {0, 0, NULL, 0 } 19 + }; 20 + 21 + static void usage(char *argv[]) 22 + { 23 + int i; 24 + 25 + printf("\nDOCUMENTATION:\n%s\n\n", __doc__); 26 + printf(" Usage: %s (options-see-below) BPF_FILE\n", argv[0]); 27 + printf(" Listing options:\n"); 28 + for (i = 0; long_options[i].name != 0; i++) { 29 + printf(" --%-12s", long_options[i].name); 30 + printf(" short-option: -%c", 31 + long_options[i].val); 32 + printf("\n"); 33 + } 34 + printf("\n"); 35 + } 36 + 37 + #define DEFINE_PRINT_FN(name, enabled) \ 38 + static int libbpf_##name(const char *fmt, ...) \ 39 + { \ 40 + va_list args; \ 41 + int ret; \ 42 + \ 43 + va_start(args, fmt); \ 44 + if (enabled) { \ 45 + fprintf(stderr, "[" #name "] "); \ 46 + ret = vfprintf(stderr, fmt, args); \ 47 + } \ 48 + va_end(args); \ 49 + return ret; \ 50 + } 51 + DEFINE_PRINT_FN(warning, 1) 52 + DEFINE_PRINT_FN(info, 1) 53 + DEFINE_PRINT_FN(debug, 1) 54 + 55 + #define EXIT_FAIL_LIBBPF EXIT_FAILURE 56 + #define EXIT_FAIL_OPTION 2 57 + 58 + int test_walk_progs(struct bpf_object *obj, bool verbose) 59 + { 60 + struct bpf_program *prog; 61 + int cnt = 0; 62 + 63 + bpf_object__for_each_program(prog, obj) { 64 + cnt++; 65 + if (verbose) 66 + printf("Prog (count:%d) section_name: %s\n", cnt, 67 + bpf_program__title(prog, false)); 68 + } 69 + return 0; 70 + } 71 + 72 + int test_walk_maps(struct bpf_object *obj, bool verbose) 73 + { 74 + struct bpf_map *map; 75 + int cnt = 0; 76 + 77 + bpf_map__for_each(map, obj) { 78 + cnt++; 79 + if (verbose) 80 + printf("Map (count:%d) name: %s\n", cnt, 81 + bpf_map__name(map)); 82 + } 83 + return 0; 84 + } 85 + 86 + int test_open_file(char *filename, bool verbose) 87 + { 88 + struct bpf_object *bpfobj = NULL; 89 + long err; 90 + 91 + if (verbose) 92 + printf("Open BPF ELF-file with libbpf: %s\n", filename); 93 + 94 + /* Load BPF ELF object file and check for errors */ 95 + bpfobj = bpf_object__open(filename); 96 + err = libbpf_get_error(bpfobj); 97 + if (err) { 98 + char err_buf[128]; 99 + libbpf_strerror(err, err_buf, sizeof(err_buf)); 100 + if (verbose) 101 + printf("Unable to load eBPF objects in file '%s': %s\n", 102 + filename, err_buf); 103 + return EXIT_FAIL_LIBBPF; 104 + } 105 + test_walk_progs(bpfobj, verbose); 106 + test_walk_maps(bpfobj, verbose); 107 + 108 + if (verbose) 109 + printf("Close BPF ELF-file with libbpf: %s\n", 110 + bpf_object__name(bpfobj)); 111 + bpf_object__close(bpfobj); 112 + 113 + return 0; 114 + } 115 + 116 + int main(int argc, char **argv) 117 + { 118 + char filename[1024] = { 0 }; 119 + bool verbose = 1; 120 + int longindex = 0; 121 + int opt; 122 + 123 + libbpf_set_print(libbpf_warning, libbpf_info, NULL); 124 + 125 + /* Parse commands line args */ 126 + while ((opt = getopt_long(argc, argv, "hDq", 127 + long_options, &longindex)) != -1) { 128 + switch (opt) { 129 + case 'D': 130 + libbpf_set_print(libbpf_warning, libbpf_info, 131 + libbpf_debug); 132 + break; 133 + case 'q': /* Use in scripting mode */ 134 + verbose = 0; 135 + break; 136 + case 'h': 137 + default: 138 + usage(argv); 139 + return EXIT_FAIL_OPTION; 140 + } 141 + } 142 + if (optind >= argc) { 143 + usage(argv); 144 + printf("ERROR: Expected BPF_FILE argument after options\n"); 145 + return EXIT_FAIL_OPTION; 146 + } 147 + snprintf(filename, sizeof(filename), "%s", argv[optind]); 148 + 149 + return test_open_file(filename, verbose); 150 + }
+1
tools/testing/selftests/bpf/test_xdp_meta.sh
··· 9 9 fi 10 10 11 11 set +e 12 + ip link del veth1 2> /dev/null 12 13 ip netns del ns1 2> /dev/null 13 14 ip netns del ns2 2> /dev/null 14 15 }
+2
tools/testing/selftests/bpf/test_xdp_redirect.sh
··· 19 19 fi 20 20 21 21 set +e 22 + ip link del veth1 2> /dev/null 23 + ip link del veth2 2> /dev/null 22 24 ip netns del ns1 2> /dev/null 23 25 ip netns del ns2 2> /dev/null 24 26 }