On 23/11/2022 20:46, Alexei Starovoitov wrote: > On 11/22/22 7:18 PM, John Fastabend wrote: >> Alexei Starovoitov wrote: >>> On 11/21/22 5:48 PM, John Fastabend wrote: >>>> Yonghong Song wrote: >>>>> >>>>> >>>>> On 11/20/22 6:10 PM, John Fastabend wrote: >>>>>> Yonghong Song wrote: >>>>>>> Currenty, a non-tracing bpf program typically has a single 'context' argument >>>>>>> with predefined uapi struct type. Following these uapi struct, user is able >>>>>>> to access other fields defined in uapi header. Inside the kernel, the >>>>>>> user-seen 'context' argument is replaced with 'kernel context' (or 'kctx' >>>>>>> in short) which can access more information than what uapi header provides. >>>>>>> To access other info not in uapi header, people typically do two things: >>>>>>> (1). extend uapi to access more fields rooted from 'context'. >>>>>>> (2). use bpf_probe_read_kernl() helper to read particular field based on >>>>>>> kctx. >>>> >>>> [...] >>>> >>>>>> From myside this allows us to pull in the dev info and from that get >>>>>> netns so fixes a gap we had to split into a kprobe + xdp. >>>>>> >>>>>> If we can get a pointer to the recv queue then with a few reads we >>>>>> get the hash, vlan, etc. (see timestapm thread) >>>>> >>>>> Thanks, John. Glad to see it is useful. >>>>> >>>>>> >>>>>> And then last bit is if we can get a ptr to the net ns list, plus >>>>> >>>>> Unfortunately, currently vmlinux btf does not have non-percpu global >>>>> variables, so net_namespace_list is not available to bpf programs. >>>>> But I think we could do the following with a little bit user space >>>>> initial involvement as a workaround. >>>> >>>> What would you think of another kfunc, bpf_get_global_var() to fetch >>>> the global reference and cast it with a type? I think even if you >>>> had it in BTF you would still need some sort of helper otherwise >>>> how would you know what scope of the var should be and get it >>>> correct in type checker as a TRUSTED arg? I think for my use case >>>> UNTRUSTED is find, seeing we do it with probe_reads already, but >>>> getting a TRUSTED arg seems nicer given it can be known correct >>>> from kernel side. >>>> >>>> I was thinking something like, >>>> >>>> struct net *head = bpf_get_global_var(net_namespace_list, >>>> bpf_core_type_id_kernel(struct *net)); >>> >>> We cannot do this as ptr_trusted, since it's an unknown cast. >> >> I think you _could_ do it if the kfunc new to check the case type >> and knew that net_namespace_list should return that specific global. >> The verifier would special code that var and type. > > Hard code it in the verifier just for one or two variables? Ouch. > Let's see whether all export_symbol_gpl can work. > >>> The verifier cannot trust bpf prog to do the right thing. >>> But we can enable this buy adding export_symbol_gpl global vars to BTF. >>> Then they will be trusted and their types correct. >>> Pretty much like per-cpu variables. >>> >> >> Yep this is the more generic way and sounds better to me. Anyone >> working on adding the global var to BTF now? > > Alan Maguire looked at it. cc-ing. > Yep, latest version of Stephen's series is at [1]. As mentioned in [2], I think we want to figure out the right way to handle tristate support for BTF data. That discussion suggests some folks would like fully module-delivered vmlinux BTF, so I think we need to update the naming slightly in that series to accommodate where all vmlinux BTF is delivered via module, rather than just a subset. If there's any other feedback on the var series from your perspective it'd be great to get it soon so we can roll it into the next version. Thanks! [1] https://lore.kernel.org/bpf/20221104231103.752040-1-stephen.s.brennan@xxxxxxxxxx/ [2] https://lore.kernel.org/bpf/43fd3775-e796-6802-17f0-5c9fdbf368f5@xxxxxxxxxx/
