On Mon, Nov 18, 2019 at 10:39 AM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
>
> On 11/18/19 6:39 PM, Andrii Nakryiko wrote:
> > On Thu, Nov 14, 2019 at 5:04 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote:
> >>
> >> This work adds program tracking to prog array maps. This is needed such
> >> that upon prog array updates/deletions we can fix up all programs which
> >> make use of this tail call map. We add ops->map_poke_{un,}track() helpers
> >> to maps to maintain the list of programs and ops->map_poke_run() for
> >> triggering the actual update. bpf_array_aux is extended to contain the
> >> list head and poke_mutex in order to serialize program patching during
> >> updates/deletions. bpf_free_used_maps() will untrack the program shortly
> >> before dropping the reference to the map.
> >>
> >> The prog_array_map_poke_run() is triggered during updates/deletions and
> >> walks the maintained prog list. It checks in their poke_tabs whether the
> >> map and key is matching and runs the actual bpf_arch_text_poke() for
> >> patching in the nop or new jmp location. Depending on the type of update,
> >> we use one of BPF_MOD_{NOP_TO_JUMP,JUMP_TO_NOP,JUMP_TO_JUMP}.
> >>
> >> Signed-off-by: Daniel Borkmann <daniel@xxxxxxxxxxxxx>
> >> ---
> >> include/linux/bpf.h | 36 +++++++++++++
> >> kernel/bpf/arraymap.c | 120 +++++++++++++++++++++++++++++++++++++++++-
> >> kernel/bpf/core.c | 9 +++-
> >> 3 files changed, 162 insertions(+), 3 deletions(-)
> >>
> >> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> >> index 0ff06a0d0058..62a369fb8d98 100644
> >> --- a/include/linux/bpf.h
> >> +++ b/include/linux/bpf.h
> >> @@ -21,6 +21,7 @@ struct bpf_verifier_env;
> >> struct bpf_verifier_log;
> >> struct perf_event;
> >> struct bpf_prog;
> >> +struct bpf_prog_aux;
> >> struct bpf_map;
> >> struct sock;
> >> struct seq_file;
> >> @@ -63,6 +64,12 @@ struct bpf_map_ops {
> >> const struct btf_type *key_type,
> >> const struct btf_type *value_type);
> >>
> >> + /* Prog poke tracking helpers. */
> >> + int (*map_poke_track)(struct bpf_map *map, struct bpf_prog_aux *aux);
> >> + void (*map_poke_untrack)(struct bpf_map *map, struct bpf_prog_aux *aux);
> >> + void (*map_poke_run)(struct bpf_map *map, u32 key, struct bpf_prog *old,
> >> + struct bpf_prog *new);
> >
> > You are passing bpf_prog_aux for track/untrack, but bpf_prog itself
> > for run. Maybe stick to just bpf_prog everywhere?
>
> This needs to be bpf_prog_aux as prog itself is not stable yet and can still
> change, but aux itself is stable.
no one will prevent doing container_of() and get bpf_prog itself, so
it's just an implicit knowledge that bpf_prog might be incomplete yet,
that has to be remembered (btw, might be good to add a brief comment
stating that). But I don't feel strongly either way.
>
> >> +
> >> /* Direct value access helpers. */
> >> int (*map_direct_value_addr)(const struct bpf_map *map,
> >> u64 *imm, u32 off);
> >> @@ -584,6 +591,9 @@ struct bpf_array_aux {
> >> */
> >> enum bpf_prog_type type;
> >> bool jited;
> >> + /* Programs with direct jumps into programs part of this array. */
> >> + struct list_head poke_progs;
> >> + struct mutex poke_mutex;
> >> };
> >>
> >
> > [...]
> >
>
