This patch set prepares ground for link-based multi-prog attachment for future netns attach types, with BPF_SK_LOOKUP attach type in mind [0]. Two changes are needed in order to attach and run a series of BPF programs: 1) an bpf_prog_array of programs to run (patch #2), and 2) a list of attached links to keep track of attachments (patch #3). Nothing changes for BPF flow_dissector. Just as before only one program can be attached to netns. In v3 I've simplified patch #2 that introduces bpf_prog_array to take advantage of the fact that it will hold at most one program for now. In particular, I'm no longer using bpf_prog_array_copy. It turned out to be less suitable for link operations than I thought as it fails to append the same BPF program. bpf_prog_array_replace_item is also gone, because we know we always want to replace the first element in prog_array. Naturally the code that handles bpf_prog_array will need change once more when there is a program type that allows multi-prog attachment. But I feel it will be better to do it gradually and present it together with tests that actually exercise multi-prog code paths. Thanks, -jkbs [0] https://lore.kernel.org/bpf/20200511185218.1422406-1-jakub@xxxxxxxxxxxxxx/ Cc: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> Cc: Martin KaFai Lau <kafai@xxxxxx> Cc: Stanislav Fomichev <sdf@xxxxxxxxxx> v2 -> v3: - Don't check if run_array is null in link update callback. (Martin) - Allow updating the link with the same BPF program. (Andrii) - Add patch #4 with a test for the above case. - Kill bpf_prog_array_replace_item. Access the run_array directly. - Switch from bpf_prog_array_copy() to bpf_prog_array_alloc(1, ...). - Replace rcu_deref_protected & RCU_INIT_POINTER with rcu_replace_pointer. - Drop Andrii's Ack from patch #2. Code changed. v1 -> v2: - Show with a (void) cast that bpf_prog_array_replace_item() return value is ignored on purpose. (Andrii) - Explain why bpf-cgroup cannot replace programs in bpf_prog_array based on bpf_prog pointer comparison in patch #2 description. (Andrii) Jakub Sitnicki (4): flow_dissector: Pull BPF program assignment up to bpf-netns bpf, netns: Keep attached programs in bpf_prog_array bpf, netns: Keep a list of attached bpf_link's selftests/bpf: Test updating flow_dissector link with same program include/net/flow_dissector.h | 3 +- include/net/netns/bpf.h | 7 +- kernel/bpf/net_namespace.c | 162 ++++++++++++------ net/core/flow_dissector.c | 32 ++-- .../bpf/prog_tests/flow_dissector_reattach.c | 32 +++- 5 files changed, 160 insertions(+), 76 deletions(-) -- 2.25.4
