[PATCH v2 net] bpf: add bpf_sk_netns_id() helper

f program types. For socket, cls_bpf and cgroup_skb programs this helper can be considered a new feature, whereas for cgroup_sock programs that modify sk->bound_dev_if (like 'ip vrf' does) it's a bug fix, since 'ip vrf' needs to be netns aware. Signed-off-by: Alexei Starovoitov <a...@kernel.org&g

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Fri, Feb 03, 2017 at 05:33:45PM +1300, Eric W. Biederman wrote: > > The point is that we can make the inode number stable across migration > and the user space API for namespaces has been designed with that > possibility in mind. > > What you have proposed is the equivalent of reporting a

[PATCH v3 net] bpf: add bpf_sk_netns_id() helper

f program types. For socket, cls_bpf and cgroup_skb programs this helper can be considered a new feature, whereas for cgroup_sock programs that modify sk->bound_dev_if (like 'ip vrf' does) it's a bug fix, since 'ip vrf' needs to be netns aware. Signed-off-by: Alexei Starovoitov <a...@kernel.org&g

Re: [PATCH net-next 00/10] bnxt_en: Add XDP support.

On Tue, Jan 31, 2017 at 9:33 PM, Andy Gospodarek <a...@greyhouse.net> wrote: > On Tue, Jan 31, 2017 at 10:36 AM, Andy Gospodarek <a...@greyhouse.net> wrote: >> On Mon, Jan 30, 2017 at 08:47:47PM -0800, Alexei Starovoitov wrote: >>> On Mon, Jan 30, 2017 at 08:49:

Re: [PATCH net-next 00/10] bnxt_en: Add XDP support.

On Mon, Jan 30, 2017 at 11:38 PM, Michael Chan wrote: > > I need to first figure out what xdp_adjust_head means. If it is ok, > I'd like to defer it. I'd prefer if it's done asap. mlx4 support added in commit ea3349a03519 ("mlx4: xdp: Reserve headroom for receiving

[PATCH v4 net] bpf: add bpf_sk_netns_id() helper

f program types. For socket, cls_bpf and cgroup_skb programs this helper can be considered a new feature, whereas for cgroup_sock programs that modify sk->bound_dev_if (like 'ip vrf' does) it's a bug fix, since 'ip vrf' needs to be netns aware. Signed-off-by: Alexei Starovoitov <a.

Re: [PATCH v2 net] bpf: add bpf_sk_netns_id() helper

On Sat, Feb 04, 2017 at 08:17:57PM -0800, Andy Lutomirski wrote: > On Sat, Feb 4, 2017 at 8:05 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Sat, Feb 04, 2017 at 07:33:14PM -0800, Andy Lutomirski wrote: > >> On Sat, Feb 4, 2017 at

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 09:05:29PM -0800, Andy Lutomirski wrote: > > I'm not saying that at all. I'm saying that this use case sounds > valid, but maybe it could be solved differently. Here are some ideas: Great. Combining multiple threads. Replied in bpf_sk_netns_id thread.

Re: [PATCH v2 net] bpf: add bpf_sk_netns_id() helper

On Mon, Feb 06, 2017 at 06:57:45PM -0800, Andy Lutomirski wrote: > On Mon, Feb 6, 2017 at 5:42 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Sat, Feb 04, 2017 at 08:17:57PM -0800, Andy Lutomirski wrote: > >> On Sat, Feb 4, 2017 at

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 07:27:01PM -0800, Andy Lutomirski wrote: > On Sat, Feb 4, 2017 at 7:10 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Sat, Feb 04, 2017 at 09:07:19AM -0800, Andy Lutomirski wrote: > >> >> can see a namespaced vie

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 07:22:03PM -0800, Andy Lutomirski wrote: > On Sat, Feb 4, 2017 at 7:18 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Sat, Feb 04, 2017 at 09:08:38AM -0800, Andy Lutomirski wrote: > >> > So use-case would be that someone

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 07:54:20PM -0800, Andy Lutomirski wrote: > > I've repeatedly asked how you plan to make a "don't override" flag > have sensible semantics when someone tries to add a new flag or change > the behavior to "don't override but, rather then rejecting programs > down the

Re: [PATHv3 net-next] bpf: enable verifier to add 0 to packet ptr

// r4 becomes pkt ptr > 272: (0f) r4 += r2// r4 += 0 > addition of negative constant to packet pointer is not allowed > > Signed-off-by: William Tu <u9012...@gmail.com> > Signed-off-by: Mihai Budiu <mbu...@vmware.com> > Cc: Daniel Borkmann <dan...@iogearbox.ne

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 09:07:19AM -0800, Andy Lutomirski wrote: > >> can see a namespaced view of the world. For this to work, presumably > >> we need to make sure that eBPF programs that are installed by programs > >> that are in a container don't see traffic that isn't in that > >> container.

Re: [PATCH v3 net] bpf: add bpf_sk_netns_id() helper

On 2/6/17 3:39 PM, Daniel Borkmann wrote: On 02/04/2017 04:34 AM, Alexei Starovoitov wrote: [...] +BPF_CALL_1(bpf_skb_netns_id, struct sk_buff *, skb) +{ +struct net_device *dev = skb->dev; + +if (!dev) +return 0; +return proc_get_ns_devid_inum(_net(dev)->ns); +} + +

Re: [PATCH net-next v3 04/11] bpf: Use bpf_load_program() from the library

On 2/7/17 1:44 PM, Mickaël Salaün wrote: - union bpf_attr attr; + union bpf_attr attr = {}; - bzero(, sizeof(attr)); I think somebody mentioned that there are compilers out there that don't do it correctly, hence it was done with explicit bzero. Arnaldo, Wang, do you

Re: [net-next PATCH 5/5] virtio_net: XDP support for adjust_head

On Fri, Feb 03, 2017 at 05:42:54AM +0200, Michael S. Tsirkin wrote: > On Thu, Feb 02, 2017 at 03:21:57PM -0800, John Fastabend wrote: > > Add support for XDP adjust head by allocating a 256B header region > > that XDP programs can grow into. This is only enabled when a XDP > > program is loaded. >

Re: [net-next PATCH v2 0/5] XDP adjust head support for virtio

nics, so hard to automate. At least the virtio+xdp gives us ability to test the programs automatically. So virtio+xdp will get the most test coverage and all hw nics will be using it as a yardstick. Very important to make it easy to use. For bpf and generic xdp bits: Acked-by: Alexei Starovoitov

Re: [PATCH net-next] bpf: fix verifier issue at check_packet_ptr_add

On Thu, Feb 02, 2017 at 07:26:44PM -0800, William Tu wrote: > Thanks. below is my program. The verifier fails at line 272, when > writing to ICMP header. > - > ; ebpf_packetEnd = ((void*)(long)skb->data_end); > 206: r2 = *(u32 *)(r6 + 4) > ; ebpf_packetStart =

Re: [PATCH net-next v1 7/7] bpf: Always test unprivileged programs

do_test_single(test, unpriv, , ); + if (!unpriv) { + printf("#%d/p %s ", i, test->descr); + do_test_single(test, false, , ); + } great idea. Acked-by: Alexei Starovoitov <a...@kernel.org> as far as other patches.. we

Re: [RFC PATCH net-next 1/2] bpf: Save original ebpf instructions

On Mon, Feb 06, 2017 at 03:13:15PM +0100, Daniel Borkmann wrote: > On 02/06/2017 11:56 AM, Quentin Monnet wrote: > >2017-02-03 (15:28 -0700) ~ David Ahern > >>On 2/3/17 2:09 PM, Daniel Borkmann wrote: > >>>On 02/03/2017 09:38 PM, David Ahern wrote: > Similar to

Re: [PATCH net] bpf: expose netns inode to bpf programs

On Sat, Feb 04, 2017 at 09:08:38AM -0800, Andy Lutomirski wrote: > > So use-case would be that someone wants to attach the very same > > prog via tc to various netdevs sitting in different netns, and > > that prog looks up a map, controlled by initns, with skb->netns_inum > > as key and the

Re: [PATCH v2 net] bpf: add bpf_sk_netns_id() helper

On Sat, Feb 04, 2017 at 09:15:10AM -0800, Andy Lutomirski wrote: > On Fri, Feb 3, 2017 at 5:22 PM, Alexei Starovoitov <a...@fb.com> wrote: > > Note that all bpf programs types are global. > > I don't think this has a clear enough meaning to work with. In Please clarify what

Re: [PATCH v2 net] bpf: add bpf_sk_netns_id() helper

On Sat, Feb 04, 2017 at 07:33:14PM -0800, Andy Lutomirski wrote: > On Sat, Feb 4, 2017 at 7:25 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Sat, Feb 04, 2017 at 09:15:10AM -0800, Andy Lutomirski wrote: > >> On Fri, Feb 3, 2017 at 5:22 PM, Alex

Re: [PATCH net-next v2 3/3] bpf: Always test unprivileged programs

The geteuid() check is replaced with a capability check. Handling capabilities requires the libcap dependency. Signed-off-by: Mickaël Salaün <m...@digikod.net> Cc: Alexei Starovoitov <a...@fb.com> Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Shuah Khan <sh...@kernel.org> Acked-b

Re: [PATCH net-next 0/9] mlx4: order-0 allocations and page recycling

On Tue, Feb 07, 2017 at 08:26:23AM -0800, Eric Dumazet wrote: > On Tue, 2017-02-07 at 08:06 -0800, Eric Dumazet wrote: > Awesome that you've started working on this. I think it's correct approach and mlx5 should be cleaned up in similar way. Long term we should be able to move all page alloc/free

Re: [PATCH net-next] bpf: fix verifier issue at check_packet_ptr_add

On Thu, Feb 02, 2017 at 09:31:06PM -0800, William Tu wrote: > > Yes, this is auto-generated. We want to use P4 2016 as front end to > generate ebpf for XDP. P4 2016 front-end ? is it public? Is there a 2017 version? ;) just curious. > > > > The line 272 is r4 += r2 > > where R4=imm4 and

Re: [PATCH net-next] bpf: test for AND edge cases

the whole string. In case we find typos or adjust the hint message, we'd need to change the test as well, but I see it's being used as-is in other tests already, so we'll fix all of them at once when time comes. Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [PATCH v4 3/3] samples/bpf: add lpm-trie benchmark

n the first _and_ any subsequent try). > > Signed-off-by: David Herrmann <dh.herrm...@gmail.com> > Reviewed-by: Daniel Mack <dan...@zonque.org> Acked-by: Alexei Starovoitov <a...@kernel.org> Thank you for all the hard work you've put into these patches. All looks great to me.

Re: Potential issues (security and otherwise) with the current cgroup-bpf API

On Thu, Jan 19, 2017 at 08:04:59PM -0800, Andy Lutomirski wrote: > On Thu, Jan 19, 2017 at 6:39 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Wed, Jan 18, 2017 at 06:29:22PM -0800, Andy Lutomirski wrote: > >> I think it could work by making a sing

Re: [PATCH v4 1/3] bpf: add a longest prefix match trie map implementation

code carries more information about the internal implementation. > > Signed-off-by: Daniel Mack <dan...@zonque.org> > Reviewed-by: David Herrmann <dh.herrm...@gmail.com> Looks great to me. Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [patch] samples/bpf: silence shift wrapping warning

On Sat, Jan 21, 2017 at 07:51:43AM +0300, Dan Carpenter wrote: > max_key is a value in the 0-63 range, so on 32 bit systems the shift > could wrap. > > Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> Looks fine. I think 'net-next' is ok. Acked-by: Alexei Starovoito

Re: [PATCH v4 2/3] bpf: Add tests for the lpm trie map

4 and IPv6 addresses and tests > the trie with those. > > Signed-off-by: David Herrmann <dh.herrm...@gmail.com> > Signed-off-by: Daniel Mack <dan...@zonque.org> Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [PATCH] bpf: don't kfree an uninitialized im_node

On Tue, Jan 24, 2017 at 6:16 AM, Colin King wrote: > From: Colin Ian King > > There are some error exit paths to the label 'out' that end up > kfree'ing an uninitialized im_node. Fix this by inititializing > im_node to NULL to avoid kfree'ing

Re: [PATCH v2] bpf: Restrict cgroup bpf hooks to the init netns

On Mon, Jan 23, 2017 at 08:32:02PM -0800, Andy Lutomirski wrote: > On Mon, Jan 23, 2017 at 8:05 PM, David Ahern wrote: > > On 1/23/17 8:37 PM, Andy Lutomirski wrote: > >> Yes, it is a bug because cgroup+bpf causes unwitting programs to be > >> subject to BPF code

Re: [PATCH v2] bpf: Restrict cgroup bpf hooks to the init netns

> netns. > > In a future release, it should be relatively straightforward to make > these hooks be local to a netns and, if needed, to add a flag so > that hooks can be made global if necessary. Global hooks should > presumably be constrained so that they can't write to any ifinde

Re: XDP offload to hypervisor

On Mon, Jan 23, 2017 at 11:40:29PM +0200, Michael S. Tsirkin wrote: > I've been thinking about passing XDP programs from guest to the > hypervisor. Basically, after getting an incoming packet, we could run > an XDP program in host kernel. > > If the result is XDP_DROP or XDP_TX we don't need to

Re: [PATCH net-next] bpf, lpm: fix kfree of im_node in trie_update_elem

ation") > Signed-off-by: Daniel Borkmann <dan...@iogearbox.net> Great catch. Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [PATCH v2] bpf: Restrict cgroup bpf hooks to the init netns

On Mon, Jan 23, 2017 at 06:42:27PM -0800, Andy Lutomirski wrote: > On Mon, Jan 23, 2017 at 6:09 PM, Alexei Starovoitov > <alexei.starovoi...@gmail.com> wrote: > > On Mon, Jan 23, 2017 at 12:36:08PM -0800, Andy Lutomirski wrote: > >> To see how cgroup+bpf interacts with

Re: XDP offload to hypervisor

On Tue, Jan 24, 2017 at 05:33:37AM +0200, Michael S. Tsirkin wrote: > On Mon, Jan 23, 2017 at 05:02:02PM -0800, Alexei Starovoitov wrote: > > Frankly I don't understand the whole virtio nit picking that was happening. > > imo virtio+xdp by itself is only useful for debuggi

Re: [patch] samples/bpf: silence shift wrapping warning

On Mon, Jan 23, 2017 at 5:27 AM, Arnaldo Carvalho de Melo <arnaldo.m...@gmail.com> wrote: > Em Sun, Jan 22, 2017 at 02:51:25PM -0800, Alexei Starovoitov escreveu: >> On Sat, Jan 21, 2017 at 07:51:43AM +0300, Dan Carpenter wrote: >> > max_key is a value in the 0-63 ran

Re: [net PATCH v5 1/6] virtio_net: use dev_kfree_skb for small buffer XDP receive

On Tue, Jan 24, 2017 at 8:02 PM, John Fastabend wrote: > > Finally just to point out here are the drivers with XDP support on latest > net tree, > > mlx/mlx5 > mlx/mlx4 > qlogic/qede > netronome/nfp > virtio_net > > And here is the

Re: [PATCH net] bpf: expose netns inode to bpf programs

On 1/26/17 8:37 AM, Andy Lutomirski wrote: Think of bpf programs as safe kernel modules. They don't have confined boundaries and program authors, if not careful, can shoot themselves in the foot. We're not trying to prevent that because it's impossible to check that the program is sane. Just

Re: [PATCH net] bpf: expose netns inode to bpf programs

On 1/26/17 11:07 AM, Andy Lutomirski wrote: On Thu, Jan 26, 2017 at 10:32 AM, Alexei Starovoitov <a...@fb.com> wrote: On 1/26/17 10:12 AM, Andy Lutomirski wrote: On Thu, Jan 26, 2017 at 9:46 AM, Alexei Starovoitov <a...@fb.com> wrote: On 1/26/17 8:37 AM, Andy Lutomirski wro

Re: [PATCH net-next 1/4] mlx5: Make building eswitch configurable

On 1/29/17 1:11 AM, Saeed Mahameed wrote: ConnectX4/5 and hopefully so on .. provide three different isolated steering layers: 3. vport layer: avaialbe for any PF/VF vport nic driver instance (netdevice), it allows vlan/mac filtering ,RSS hashing and n-tuple steering (for both encapsulated

[PATCH v2 net-next] net: ethtool: convert large order kmalloc allocations to vzalloc

again") and reduce warn_on to warn_on_once. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- Dave, I think by 'careful about size calculations' you mean to take care of zero-length. Please let me know if I misunderstood. I couldn't find any in-tree drivers that have zero lengt

Re: [PATCH net-next 1/4] mlx5: Make building eswitch configurable

On 1/30/17 1:18 PM, Saeed Mahameed wrote: On Mon, Jan 30, 2017 at 6:45 PM, Alexei Starovoitov <a...@fb.com> wrote: On 1/29/17 1:11 AM, Saeed Mahameed wrote: ConnectX4/5 and hopefully so on .. provide three different isolated steering layers: 3. vport layer: avaialbe for any PF/VF vpo

Re: [PATCH v2 net-next] net: ethtool: convert large order kmalloc allocations to vzalloc

On 1/30/17 7:28 PM, Joe Perches wrote: On Mon, 2017-01-30 at 18:25 -0800, Alexei Starovoitov wrote: under memory pressure 'ethtool -S' command may warn: [ 2374.385195] ethtool: page allocation failure: order:4, mode:0x242c0c0 [ 2374.405573] CPU: 12 PID: 40211 Comm: ethtool Not tainted

Re: [RFC PATCH 2/2] ixgbe: add af_packet direct copy support

On 1/27/17 1:34 PM, John Fastabend wrote: + h2 = page_address(rx_buffer->page) + rx_buffer->page_offset - hdrlen; + eth = page_address(rx_buffer->page) + rx_buffer->page_offset, I don't think it compiles ;) + /* This indicates a bug in ixgbe leaving for testing purposes */

Re: [PATCH net-next 00/10] bnxt_en: Add XDP support.

On Mon, Jan 30, 2017 at 08:49:25PM -0500, Michael Chan wrote: > The first 8 patches refactor the code (rx/tx code paths and ring logic) > and add the basic infrastructure to support XDP. The 9th patch adds > basic ndo_xdp to support XDP_DROP and XDP_PASS only. The 10th patch > completes the

Re: [PATCH net-next 1/4] mlx5: Make building eswitch configurable

On 1/27/17 1:15 PM, Saeed Mahameed wrote: It is only mandatory for configurations that needs eswitch, where the driver has no way to know about them, for a good old bare metal box, eswitch is not needed. we can do some work to strip the l2 table logic - needed for PFs to work on multi-host -

Re: [PATCH net-next 1/4] mlx5: Make building eswitch configurable

On 1/28/17 3:20 AM, Saeed Mahameed wrote: On Sat, Jan 28, 2017 at 1:23 AM, Alexei Starovoitov <a...@fb.com> wrote: On 1/27/17 1:15 PM, Saeed Mahameed wrote: It is only mandatory for configurations that needs eswitch, where the driver has no way to know about them, for a good old bare

Re: [PATCH 0/6 v3] kvmalloc

On Wed, Jan 25, 2017 at 5:21 AM, Michal Hocko <mho...@kernel.org> wrote: > On Wed 25-01-17 14:10:06, Michal Hocko wrote: >> On Tue 24-01-17 11:17:21, Alexei Starovoitov wrote: >> > On Tue, Jan 24, 2017 at 04:17:52PM +0100, Michal Hocko wrote: >> > > On Thu 1

Re: [PATCH net] bpf: expose netns inode to bpf programs

On 1/25/17 9:46 PM, Eric W. Biederman wrote: Alexei Starovoitov <a...@fb.com> writes: in cases where bpf programs are looking at sockets and packets that belong to different netns, it could be useful to read netns inode, so that programs can make intelligent decisions. For example to di

[PATCH net] bpf: expose netns inode to bpf programs

tach the same bpf program to sockets in a different netns. Just like tc cls_bpf program can work in different netns as well, so it has to be addressed uniformly across all types of bpf programs. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- with corresponding change in 'ip vrf' that

Re: [PATCH net] bpf: expose netns inode to bpf programs

On 1/26/17 10:12 AM, Andy Lutomirski wrote: On Thu, Jan 26, 2017 at 9:46 AM, Alexei Starovoitov <a...@fb.com> wrote: On 1/26/17 8:37 AM, Andy Lutomirski wrote: Think of bpf programs as safe kernel modules. They don't have confined boundaries and program authors, if not careful, can

Re: [PATCH v2] virtio_net: fix PAGE_SIZE > 64k

On Tue, Jan 24, 2017 at 7:48 PM, John Fastabend wrote: > > It is a concern on my side. I want XDP and Linux stack to work > reasonably well together. btw the micro benchmarks showed that page per packet approach that xdp took in mlx4 should be 10% slower vs normal

Re: [PATCH v2] bpf: Restrict cgroup bpf hooks to the init netns

On Tue, Jan 24, 2017 at 01:24:54PM -0800, Andy Lutomirski wrote: > On Tue, Jan 24, 2017 at 12:29 PM, David Ahern > wrote: > > > > Users do not run around exec'ing commands in random network contexts > > (namespace, vrf, device, whatever) and expect them to just work. >

[PATCH net-next] net: ethtool: silence kmalloc warning

] [] entry_SYSCALL64_slow_path+0x25/0x25 ~1160 mlx5 counters ~= order 4 allocation which is unlikely to succeed under memory pressure. Since 'get stats' command is not critical avoid reclaim and warning. Also convert to safer kmalloc_array. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- Lon

Re: linux-next: build failure after merge of the net tree

On 2/15/17 7:02 PM, Stephen Rothwell wrote: Hi all, On Tue, 14 Feb 2017 09:12:50 +1100 Stephen Rothwell wrote: After merging the net tree, today's linux-next build (powerpc64le perf) failed like this: Warning: tools/include/uapi/linux/bpf.h differs from kernel bpf.c:

Re: linux-next: build failure after merge of the net tree

On 2/15/17 7:27 PM, David Miller wrote: From: Alexei Starovoitov <a...@fb.com> Date: Wed, 15 Feb 2017 19:06:02 -0800 On 2/15/17 7:02 PM, Stephen Rothwell wrote: Hi all, On Tue, 14 Feb 2017 09:12:50 +1100 Stephen Rothwell <s...@canb.auug.org.au> wrote: After merging the net t

Re: [PATCH net-next] bpf: return errno -ENOMEM when exceeding RLIMIT_MEMLOCK

On Tue, Feb 21, 2017 at 02:00:13PM +0100, Jesper Dangaard Brouer wrote: > On Tue, 21 Feb 2017 00:06:11 -0800 > Alexei Starovoitov <alexei.starovoi...@gmail.com> wrote: > > > On Mon, Feb 20, 2017 at 05:25:58PM +0100, Jesper Dangaard Brouer wrote: > > > On M

Re: Questions on XDP

On Sat, Feb 18, 2017 at 3:48 PM, John Fastabend wrote: > > We are running our vswitch in userspace now for many workloads > it would be nice to have these in kernel if possible. ... > Maybe Alex had something else in mind but we have many virtual interfaces > plus

Re: Questions on XDP

On Sat, Feb 18, 2017 at 06:16:47PM -0800, Alexander Duyck wrote: > > I was thinking about the fact that the Mellanox driver is currently > mapping pages as bidirectional, so I was sticking to the device to > device case in regards to that discussion. For virtual interfaces we > don't even need

Re: [PATCH RFC v2 00/12] socket sendmsg MSG_ZEROCOPY

On Wed, Feb 22, 2017 at 11:38:49AM -0500, Willem de Bruijn wrote: > > * Limitations / Known Issues > > - PF_INET6 is not yet supported. we struggled so far to make it work in our setups which are ipv6 only. Looking at patches it seems the code should just work. What particularly is missing ?

Re: [PATCH net 3/6] net/mlx5e: Do not reduce LRO WQE size when not using build_skb

On Wed, Feb 22, 2017 at 7:20 AM, Saeed Mahameed wrote: > From: Tariq Toukan > > When rq_type is Striding RQ, no room of SKB_RESERVE is needed > as SKB allocation is not done via build_skb. > > Fixes: e4b85508072b ("net/mlx5e: Slightly reduce hardware LRO

Re: Questions on XDP

On Sat, Feb 18, 2017 at 10:18 AM, Alexander Duyck wrote: > >> XDP_DROP does not require having one page per frame. > > Agreed. why do you think so? xdp_drop is targeting ddos where in good case all traffic is passed up and in bad case most of the traffic is dropped,

Re: [PATCH net-next] bpf: return errno -ENOMEM when exceeding RLIMIT_MEMLOCK

On Mon, Feb 20, 2017 at 05:25:58PM +0100, Jesper Dangaard Brouer wrote: > On Mon, 20 Feb 2017 16:57:34 +0100 > Daniel Borkmann wrote: > > > On 02/20/2017 04:35 PM, Jesper Dangaard Brouer wrote: > > > It is confusing users of samples/bpf that exceeding the resource > > >

Re: Questions on XDP

On Mon, Feb 20, 2017 at 08:00:57PM -0800, Alexander Duyck wrote: > > I assumed "toy Tx" since I wasn't aware that they were actually > allowing writing to the page. I think that might work for the XDP_TX > case, Take a look at samples/bpf/xdp_tx_iptunnel_kern.c It's close enough approximation

Re: [PATCH v2 net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag

On 2/11/17 9:47 PM, Tejun Heo wrote: On Fri, Feb 10, 2017 at 08:28:24PM -0800, Alexei Starovoitov wrote: If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command to the given cgroup the descendent cgroup will be able to override effective bpf program that was inherited from this cgroup

Re: linux-next: build failure after merge of the net tree

is not my typical workflow. Joe, can you think of a way to make tools/lib/bpf to use tools/include only? Right now we just pull tools/lib/bpf/bpf.o in samples/bpf/Makefile and that's a hack that caused this issue. samples/bpf/ needs to depend on libbpf.a properly. For the patch: Acked-by: Alexei S

Re: [PATCH] bpf: reduce compiler warnings by adding fallthrough comments

by: David Binderman <dcb...@hotmail.com> > >Signed-off-by: Alexander Alemayhu <alexan...@alemayhu.com> > > These fall-through comments are fine for net-next tree. > > Acked-by: Daniel Borkmann <dan...@iogearbox.net> lgtm as well Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [RFC PATCH net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag

On Thu, Feb 09, 2017 at 10:59:23AM -0800, Alexei Starovoitov wrote: > Andy, > does it all make sense? Andy, ping.

Re: [RFC PATCH net-next 1/2] bpf: Save original ebpf instructions

On Thu, Feb 09, 2017 at 12:25:37PM +0100, Daniel Borkmann wrote: > > Correct the overlap both use-cases share is the dump itself. It needs > to be in such a condition for CRIU, that it can be reloaded eventually, I don't think it makes sense to drag criu into this discussion. I expressed my take

Re: [RFC PATCH net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag

On 2/10/17 1:38 PM, Andy Lutomirski wrote: On Thu, Feb 9, 2017 at 10:59 AM, Alexei Starovoitov <a...@fb.com> wrote: If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command to the given cgroup the descendent cgroup will be able to override effective bpf program that was inherite

[PATCH v2 net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag

in such case. Add several testcases and adjust libbpf. Fixes: 3007098494be ("cgroup: add support for eBPF programs") Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- v1->v2: disallowed overridable->non_override transition as suggested by Andy added tests and fixed d

[RFC PATCH net] bpf: introduce BPF_F_ALLOW_OVERRIDE flag

while /A/B runs prog Y. /A/B cannot be changed anymore (since parent disallows override), but can be cleared. After detach /A/B will run prog J. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- Below are few proposals for future extensions and not definitive: 1. we can

Re: [PATCH v3 1/2] bpf: add a longest prefix match trie map implementation

On Wed, Jan 18, 2017 at 03:30:14PM +0100, David Herrmann wrote: > Hi > > On Sat, Jan 14, 2017 at 5:55 PM, Alexei Starovoitov <a...@fb.com> wrote: > > Another alternative is to extend samples/bpf/map_perf_test > > It has perf tests for most map types today (includ

Re: [PATCH] bpf: Fix test_lru_sanity5() in test_lru_map.c

Acked-by: Daniel Borkmann <dan...@iogearbox.net> (Patch is against -net tree.) Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [net PATCH] bpf: fix samples xdp_tx_iptunnel and tc_l2_redirect with fake KBUILD_MODNAME

sper Dangaard Brouer <bro...@redhat.com> Thanks for the fix! Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: Potential issues (security and otherwise) with the current cgroup-bpf API

On Wed, Jan 18, 2017 at 06:29:22PM -0800, Andy Lutomirski wrote: > I think it could work by making a single socket cgroup controller that > handles all cgroup things that are bound to a socket. Using Such 'socket cgroup controller' would limit usability of the feature to sockets and force all

Re: [RFC PATCH 0/5] Add eBPF hooks for cgroups

On Fri, Aug 19, 2016 at 11:19:41AM +0200, Pablo Neira Ayuso wrote: > Hi Daniel, > > On Wed, Aug 17, 2016 at 04:00:43PM +0200, Daniel Mack wrote: > > I'd appreciate some feedback on this. Pablo has some remaining concerns > > about this approach, and I'd like to continue the discussion we had > >

Re: [PATCH] samples/bpf: Add tunnel set/get tests.

d-off-by: William Tu <u9012...@gmail.com> nice test. thanks! Acked-by: Alexei Starovoitov <a...@kernel.org>

Re: [PATCH] bpf: update the comment about the length of analysis

the comment to reflect the change. > > Cc: Alexei Starovoitov <a...@kernel.org> > Cc: Daniel Borkmann <dan...@iogearbox.net> > Signed-off-by: Gary Lin <g...@suse.com> Acked-by: Alexei Starovoitov <a...@kernel.org>

[PATCH v2 net-next 6/6] samples/bpf: add sampleip example

From: Brendan Gregg <bgr...@netflix.com> sample instruction pointer and frequency count in a BPF map Signed-off-by: Brendan Gregg <bgr...@netflix.com> Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- samples/bpf/Makefile| 4 + samples/bpf/sam

[PATCH v2 net-next 5/6] samples/bpf: add perf_event+bpf example

for current process and inherited perf_events to children - PERF_COUNT_SW_CPU_CLOCK on all cpus - PERF_COUNT_SW_CPU_CLOCK for current process Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- samples/bpf/Makefile | 4 + samples/bpf/bpf_helpers.h | 2 + samples/bpf/bpf_

[PATCH v2 net-next 4/6] perf, bpf: add perf events core support for BPF_PROG_TYPE_PERF_EVENT programs

rog, since it's assigned only once before it's accessed. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- include/linux/bpf.h| 4 +++ include/linux/perf_event.h | 2 ++ kernel/events/core.c | 85 +- 3 files changed, 90 i

[PATCH v2 net-next 0/6] perf, bpf: add support for bpf in sw/hw perf_events

as an overflow_handler to sw and hw perf_events. Peter, please review. Patches 5 and 6 are examples from myself and Brendan. v1-v2: fixed issues spotted by Peter and Daniel. Thanks! Alexei Starovoitov (5): bpf: support 8-byte metafield access bpf: introduce BPF_PROG_TYPE_PERF_EVENT program

[PATCH v2 net-next 2/6] bpf: introduce BPF_PROG_TYPE_PERF_EVENT program type

e_data without affecting bpf programs. New fields can be added to the end of struct bpf_perf_event_data in the future. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> --- include/linux/perf_event.h | 5 include

[PATCH v2 net-next 3/6] bpf: perf_event progs should only use preallocated maps

Make sure that BPF_PROG_TYPE_PERF_EVENT programs only use preallocated hash maps, since doing memory allocation in overflow_handler can crash depending on where nmi got triggered. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> ---

[PATCH v2 net-next 1/6] bpf: support 8-byte metafield access

programs. They check for 4-byte only ctx access before these conditions are hit. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> --- kernel/bpf/verifier.c | 9 ++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git

Re: [PATCH v3 3/6] bpf: add BPF_PROG_ATTACH and BPF_PROG_DETACH commands

On 9/5/16 10:09 AM, Daniel Borkmann wrote: On 09/05/2016 04:09 PM, Daniel Mack wrote: On 09/05/2016 03:56 PM, Daniel Borkmann wrote: On 09/05/2016 02:54 PM, Daniel Mack wrote: On 08/30/2016 01:00 AM, Daniel Borkmann wrote: On 08/26/2016 09:58 PM, Daniel Mack wrote: enum bpf_map_type {

Re: [PATCH v3 2/6] cgroup: add support for eBPF programs

On 9/5/16 2:40 PM, Sargun Dhillon wrote: On Mon, Sep 05, 2016 at 04:49:26PM +0200, Daniel Mack wrote: Hi, On 08/30/2016 01:04 AM, Sargun Dhillon wrote: On Fri, Aug 26, 2016 at 09:58:48PM +0200, Daniel Mack wrote: This patch adds two sets of eBPF program pointers to struct cgroup. One for

Re: Centralizing support for TCAM?

On Sat, Sep 03, 2016 at 09:09:50AM +0200, Jiri Pirko wrote: > Fri, Sep 02, 2016 at 08:49:34PM CEST, john.fastab...@gmail.com wrote: > >On 16-09-02 10:18 AM, Florian Fainelli wrote: > >> Hi all, > >> > > > >Hi Florian, > > > >> (apologies for the long CC list and the fact that I can't type

Re: [PATCH, net-next] perf, bpf: fix conditional call to bpf_overflow_handler

gt; Fixes: aa6a5f3cb2b2 ("perf, bpf: add perf events core support for > BPF_PROG_TYPE_PERF_EVENT programs") > --- > kernel/events/core.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > I'm not entirely sure if this is the correct solution, please check b

[PATCH v3 net-next 5/6] samples/bpf: add perf_event+bpf example

for current process and inherited perf_events to children - PERF_COUNT_SW_CPU_CLOCK on all cpus - PERF_COUNT_SW_CPU_CLOCK for current process Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- samples/bpf/Makefile | 4 + samples/bpf/bpf_helpers.h | 2 + samples/bpf/bpf_

[PATCH v3 net-next 6/6] samples/bpf: add sampleip example

From: Brendan Gregg <bgr...@netflix.com> sample instruction pointer and frequency count in a BPF map Signed-off-by: Brendan Gregg <bgr...@netflix.com> Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- samples/bpf/Makefile| 4 + samples/bpf/sam

[PATCH v3 net-next 3/6] bpf: perf_event progs should only use preallocated maps

Make sure that BPF_PROG_TYPE_PERF_EVENT programs only use preallocated hash maps, since doing memory allocation in overflow_handler can crash depending on where nmi got triggered. Signed-off-by: Alexei Starovoitov <a...@kernel.org> Acked-by: Daniel Borkmann <dan...@iogearbox.net> ---

[PATCH v3 net-next 4/6] perf, bpf: add perf events core support for BPF_PROG_TYPE_PERF_EVENT programs

rog, since it's assigned only once before it's accessed. Signed-off-by: Alexei Starovoitov <a...@kernel.org> --- include/linux/bpf.h| 4 +++ include/linux/perf_event.h | 4 +++ kernel/events/core.c | 89 +- 3 files changed, 96 i

[PATCH v3 net-next 0/6] perf, bpf: add support for bpf in sw/hw perf_events

. v2->v3: fixed few more minor issues v1->v2: fixed issues spotted by Peter and Daniel. Thanks! Alexei Starovoitov (5): bpf: support 8-byte metafield access bpf: introduce BPF_PROG_TYPE_PERF_EVENT program type bpf: perf_event progs should only use preallocated maps perf, bpf: add perf

<    3   4   5   6   7   8   9   10   11   12   >