On 11/22, Daniel Borkmann wrote:
> On 11/21/23 10:03 PM, Martin KaFai Lau wrote:
> > On 11/13/23 8:54 PM, Stanislav Fomichev wrote:
> > > Commit ef01f4e25c17 ("bpf: restore the ebpf program ID for BPF_AUDIT_UNLOAD
> > > and PERF_BPF_EVENT_PROG_UNLOAD") stopped removing program's id from
> > > idr when the offloaded/bound netdev goes away. I was supposed to
> > > take a look and check in [0], but apparently I did not.
> > >
> > > The purpose of idr removal is to avoid BPF_PROG_GET_NEXT_ID returning
> > > stale ids for the programs that have a dead netdev. This functionality
> >
> > What may be wrong if BPF_PROG_GET_NEXT_ID returns the id?
> > e.g. If the prog is pinned somewhere, it may be useful to know a prog is still loaded in the system.
bpftool is a bit spooked by those prog ids currently: calling GET_INFO_BY_ID
on those programs returns ENODEV. So we can keep those ids around, but
need some tweaks on the bpftool in this case. LMK if any of you prefer
this option.
> Wouldn't this strictly speaking provide an invalid id (== 0) upon unload
> back to audit - see the bpf_audit_prog(prog, BPF_AUDIT_UNLOAD) call location?
Removing from idr shouldn't affect bpf_audit_prog, right? bpf_audit_prog
is using prog->aux->id for its purposes, so as long as we are not resetting
this value - we're good.
