| Message ID | 20210316011420.4177709-1-kafai@fb.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | BPF |
| Headers | show |
| Series | Support calling kernel function | expand |
| Context | Check | Description |
|---|---|---|
| netdev/cover_letter | success | Link |
| netdev/fixes_present | success | Link |
| netdev/patch_count | success | Link |
| netdev/tree_selection | success | Clearly marked for bpf-next |
| netdev/subject_prefix | success | Link |
| netdev/cc_maintainers | warning | 9 maintainers not CCed: dsahern@kernel.org yhs@fb.com kpsingh@kernel.org yoshfuji@linux-ipv6.org andrii@kernel.org john.fastabend@gmail.com songliubraving@fb.com davem@davemloft.net kuba@kernel.org |
| netdev/source_inline | success | Was 0 now: 0 |
| netdev/verify_signedoff | success | Link |
| netdev/module_param | success | Was 0 now: 0 |
| netdev/build_32bit | success | Errors and warnings before: 1 this patch: 1 |
| netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
| netdev/verify_fixes | success | Link |
| netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 57 lines checked |
| netdev/build_allmodconfig_warn | success | Errors and warnings before: 1 this patch: 1 |
| netdev/header_inline | success | Link |
On Tue, Mar 16, 2021 at 12:02 AM Martin KaFai Lau <kafai@fb.com> wrote: > > This patch white list some tcp cong helper functions, tcp_slow_start() > and tcp_cong_avoid_ai(). They are allowed to be directly called by > the bpf-tcp-cc program. > > A few tcp cc implementation functions are also white listed. > A potential use case is the bpf-tcp-cc implementation may only > want to override a subset of a tcp_congestion_ops. For others, > the bpf-tcp-cc can directly call the kernel counter parts instead of > re-implementing (or copy-and-pasting) them to the bpf program. > > They will only be available to the bpf-tcp-cc typed program. > The white listed functions are not bounded to a fixed ABI contract. > When any of them has changed, the bpf-tcp-cc program has to be changed > like any in-tree/out-of-tree kernel tcp-cc implementations do also. > > Signed-off-by: Martin KaFai Lau <kafai@fb.com> > --- Just nits, of course :) Whitelist is a single word, but see also 49decddd39e5 ("Merge tag 'inclusive-terminology' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/linux"), allowlist/denylist is recommended for new code. Acked-by: Andrii Nakryiko <andrii@kernel.org> > net/ipv4/bpf_tcp_ca.c | 41 +++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 41 insertions(+) > > diff --git a/net/ipv4/bpf_tcp_ca.c b/net/ipv4/bpf_tcp_ca.c > index d520e61649c8..ed6e6b5b762b 100644 > --- a/net/ipv4/bpf_tcp_ca.c > +++ b/net/ipv4/bpf_tcp_ca.c > @@ -5,6 +5,7 @@ > #include <linux/bpf_verifier.h> > #include <linux/bpf.h> > #include <linux/btf.h> > +#include <linux/btf_ids.h> > #include <linux/filter.h> > #include <net/tcp.h> > #include <net/bpf_sk_storage.h> > @@ -178,10 +179,50 @@ bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id, > } > } > > +BTF_SET_START(bpf_tcp_ca_kfunc_ids) > +BTF_ID(func, tcp_reno_ssthresh) > +BTF_ID(func, tcp_reno_cong_avoid) > +BTF_ID(func, tcp_reno_undo_cwnd) > +BTF_ID(func, tcp_slow_start) > +BTF_ID(func, tcp_cong_avoid_ai) > +#if IS_BUILTIN(CONFIG_TCP_CONG_CUBIC) > +BTF_ID(func, cubictcp_init) > +BTF_ID(func, cubictcp_recalc_ssthresh) > +BTF_ID(func, cubictcp_cong_avoid) > +BTF_ID(func, cubictcp_state) > +BTF_ID(func, cubictcp_cwnd_event) > +BTF_ID(func, cubictcp_acked) > +#endif > +#if IS_BUILTIN(CONFIG_TCP_CONG_DCTCP) > +BTF_ID(func, dctcp_init) > +BTF_ID(func, dctcp_update_alpha) > +BTF_ID(func, dctcp_cwnd_event) > +BTF_ID(func, dctcp_ssthresh) > +BTF_ID(func, dctcp_cwnd_undo) > +BTF_ID(func, dctcp_state) > +#endif > +#if IS_BUILTIN(CONFIG_TCP_CONG_BBR) > +BTF_ID(func, bbr_init) > +BTF_ID(func, bbr_main) > +BTF_ID(func, bbr_sndbuf_expand) > +BTF_ID(func, bbr_undo_cwnd) > +BTF_ID(func, bbr_cwnd_even), > +BTF_ID(func, bbr_ssthresh) > +BTF_ID(func, bbr_min_tso_segs) > +BTF_ID(func, bbr_set_state) > +#endif > +BTF_SET_END(bpf_tcp_ca_kfunc_ids) see, kfunc here... > + > +static bool bpf_tcp_ca_check_kern_func_call(u32 kfunc_btf_id) ...but more verbose kern_func here. I like kfunc everywhere ;) > +{ > + return btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id); > +} > + > static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = { > .get_func_proto = bpf_tcp_ca_get_func_proto, > .is_valid_access = bpf_tcp_ca_is_valid_access, > .btf_struct_access = bpf_tcp_ca_btf_struct_access, > + .check_kern_func_call = bpf_tcp_ca_check_kern_func_call, > }; > > static int bpf_tcp_ca_init_member(const struct btf_type *t, > -- > 2.30.2 >
diff --git a/net/ipv4/bpf_tcp_ca.c b/net/ipv4/bpf_tcp_ca.c index d520e61649c8..ed6e6b5b762b 100644 --- a/net/ipv4/bpf_tcp_ca.c +++ b/net/ipv4/bpf_tcp_ca.c @@ -5,6 +5,7 @@ #include <linux/bpf_verifier.h> #include <linux/bpf.h> #include <linux/btf.h> +#include <linux/btf_ids.h> #include <linux/filter.h> #include <net/tcp.h> #include <net/bpf_sk_storage.h> @@ -178,10 +179,50 @@ bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id, } } +BTF_SET_START(bpf_tcp_ca_kfunc_ids) +BTF_ID(func, tcp_reno_ssthresh) +BTF_ID(func, tcp_reno_cong_avoid) +BTF_ID(func, tcp_reno_undo_cwnd) +BTF_ID(func, tcp_slow_start) +BTF_ID(func, tcp_cong_avoid_ai) +#if IS_BUILTIN(CONFIG_TCP_CONG_CUBIC) +BTF_ID(func, cubictcp_init) +BTF_ID(func, cubictcp_recalc_ssthresh) +BTF_ID(func, cubictcp_cong_avoid) +BTF_ID(func, cubictcp_state) +BTF_ID(func, cubictcp_cwnd_event) +BTF_ID(func, cubictcp_acked) +#endif +#if IS_BUILTIN(CONFIG_TCP_CONG_DCTCP) +BTF_ID(func, dctcp_init) +BTF_ID(func, dctcp_update_alpha) +BTF_ID(func, dctcp_cwnd_event) +BTF_ID(func, dctcp_ssthresh) +BTF_ID(func, dctcp_cwnd_undo) +BTF_ID(func, dctcp_state) +#endif +#if IS_BUILTIN(CONFIG_TCP_CONG_BBR) +BTF_ID(func, bbr_init) +BTF_ID(func, bbr_main) +BTF_ID(func, bbr_sndbuf_expand) +BTF_ID(func, bbr_undo_cwnd) +BTF_ID(func, bbr_cwnd_even), +BTF_ID(func, bbr_ssthresh) +BTF_ID(func, bbr_min_tso_segs) +BTF_ID(func, bbr_set_state) +#endif +BTF_SET_END(bpf_tcp_ca_kfunc_ids) + +static bool bpf_tcp_ca_check_kern_func_call(u32 kfunc_btf_id) +{ + return btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id); +} + static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = { .get_func_proto = bpf_tcp_ca_get_func_proto, .is_valid_access = bpf_tcp_ca_is_valid_access, .btf_struct_access = bpf_tcp_ca_btf_struct_access, + .check_kern_func_call = bpf_tcp_ca_check_kern_func_call, }; static int bpf_tcp_ca_init_member(const struct btf_type *t,
This patch white list some tcp cong helper functions, tcp_slow_start() and tcp_cong_avoid_ai(). They are allowed to be directly called by the bpf-tcp-cc program. A few tcp cc implementation functions are also white listed. A potential use case is the bpf-tcp-cc implementation may only want to override a subset of a tcp_congestion_ops. For others, the bpf-tcp-cc can directly call the kernel counter parts instead of re-implementing (or copy-and-pasting) them to the bpf program. They will only be available to the bpf-tcp-cc typed program. The white listed functions are not bounded to a fixed ABI contract. When any of them has changed, the bpf-tcp-cc program has to be changed like any in-tree/out-of-tree kernel tcp-cc implementations do also. Signed-off-by: Martin KaFai Lau <kafai@fb.com> --- net/ipv4/bpf_tcp_ca.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+)