| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Sep 2020 13:35:28 -0700
From: Andrii Nakryiko <andriin@...com>
To: <bpf@...r.kernel.org>, <netdev@...r.kernel.org>, <ast@...com>,
<daniel@...earbox.net>
CC: <andrii.nakryiko@...il.com>, <kernel-team@...com>,
Andrii Nakryiko <andriin@...com>
Subject: [PATCH v3 bpf-next 00/14] Add libbpf full support for BPF-to-BPF calls
Currently, libbpf supports a limited form of BPF-to-BPF subprogram calls. The
restriction is that entry-point BPF program should use *all* of defined
sub-programs in BPF .o file. If any of the subprograms is not used, such
entry-point BPF program will be rejected by verifier as containing unreachable
dead code. This is not a big limitation for cases with single entry-point BPF
programs, but is quite a heavy restriction for multi-programs that use only
partially overlapping set of subprograms.
This patch set removes all such restrictions and adds complete support for
using BPF sub-program calls on BPF side. This is achieved through libbpf
tracking subprograms individually and detecting which subprograms are used by
any given entry-point BPF program, and subsequently only appending and
relocating code for just those used subprograms.
In addition, libbpf now also supports multiple entry-point BPF programs within
the same ELF section. This allows to structure code so that there are few
variants of BPF programs of the same type and attaching to the same target
(e.g., for tracepoints and kprobes) without the need to worry about ELF
section name clashes.
This patch set opens way for more wider adoption of BPF subprogram calls,
especially for real-world production use-cases with complicated net of
subprograms. This will allow to further scale BPF verification process through
good use of global functions, which can be verified independently. This is
also important prerequisite for static linking which allows static BPF
libraries to not worry about naming clashes for section names, as well as use
static non-inlined functions (subprograms) without worries of verifier
rejecting program due to dead code.
Patch set is structured as follows:
- patched 1-6 contain all the libbpf changes necessary to support multi-prog
sections and bpf2bpf subcalls;
- patch 7 adds dedicated selftests validating all combinations of possible
sub-calls (within and across sections, static vs global functions);
- patch 8 deprecated bpf_program__title() in favor of
bpf_program__section_name(). The intent was to also deprecate
bpf_object__find_program_by_title() as it's now non-sensical with multiple
programs per section. But there were too many selftests uses of this and
I didn't want to delay this patches further and make it even bigger, so left
it for a follow up cleanup;
- patches 9-10 remove uses for title-related APIs from bpftool and
bpf_program__title() use from selftests;
- patch 11 is converting fexit_bpf2bpf to have explicit subtest (it does
contain 4 subtests, which are not handled as sub-tests);
- patches 12-14 convert few complicated BPF selftests to use __noinline
functions to further validate correctness of libbpf's bpf2bpf processing
logic.
v2->v3:
- explained subprog relocation algorithm in more details (Alexei);
- pyperf, strobelight and cls_redirect got new subprog variants, leaving
other modes intact (Alexei);
v1->v2:
- rename DEPRECATED to LIBBPF_DEPRECATED to avoid name clashes;
- fix test_subprogs build;
- convert a bunch of complicated selftests to __noinline (Alexei).
Andrii Nakryiko (14):
libbpf: ensure ELF symbols table is found before further ELF
processing
libbpf: parse multi-function sections into multiple BPF programs
libbpf: support CO-RE relocations for multi-prog sections
libbpf: make RELO_CALL work for multi-prog sections and sub-program
calls
libbpf: implement generalized .BTF.ext func/line info adjustment
libbpf: add multi-prog section support for struct_ops
selftests/bpf: add selftest for multi-prog sections and bpf-to-bpf
calls
tools/bpftool: replace bpf_program__title() with
bpf_program__section_name()
selftests/bpf: don't use deprecated libbpf APIs
libbpf: deprecate notion of BPF program "title" in favor of "section
name"
selftests/bpf: turn fexit_bpf2bpf into test with subtests
selftests/bpf: add subprogs to pyperf, strobemeta, and l4lb_noinline
tests
selftests/bpf: modernize xdp_noinline test w/ skeleton and __noinline
selftests/bpf: add __noinline variant of cls_redirect selftest
tools/bpf/bpftool/prog.c | 4 +-
tools/lib/bpf/btf.h | 18 +-
tools/lib/bpf/libbpf.c | 1287 +++++++++++------
tools/lib/bpf/libbpf.h | 5 +-
tools/lib/bpf/libbpf.map | 1 +
tools/lib/bpf/libbpf_common.h | 2 +
.../selftests/bpf/flow_dissector_load.h | 8 +-
.../bpf/prog_tests/bpf_verif_scale.c | 4 +
.../selftests/bpf/prog_tests/cls_redirect.c | 72 +-
.../selftests/bpf/prog_tests/fexit_bpf2bpf.c | 21 +-
.../selftests/bpf/prog_tests/l4lb_all.c | 9 +-
.../bpf/prog_tests/reference_tracking.c | 2 +-
.../selftests/bpf/prog_tests/subprogs.c | 31 +
.../selftests/bpf/prog_tests/xdp_noinline.c | 49 +-
tools/testing/selftests/bpf/progs/pyperf.h | 11 +-
.../selftests/bpf/progs/pyperf_subprogs.c | 5 +
.../testing/selftests/bpf/progs/strobemeta.h | 30 +-
.../selftests/bpf/progs/strobemeta_subprogs.c | 10 +
.../selftests/bpf/progs/test_cls_redirect.c | 105 +-
.../bpf/progs/test_cls_redirect_subprogs.c | 2 +
.../selftests/bpf/progs/test_l4lb_noinline.c | 41 +-
.../selftests/bpf/progs/test_subprogs.c | 103 ++
.../selftests/bpf/progs/test_xdp_noinline.c | 36 +-
.../selftests/bpf/test_socket_cookie.c | 2 +-
24 files changed, 1247 insertions(+), 611 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/subprogs.c
create mode 100644 tools/testing/selftests/bpf/progs/pyperf_subprogs.c
create mode 100644 tools/testing/selftests/bpf/progs/strobemeta_subprogs.c
create mode 100644 tools/testing/selftests/bpf/progs/test_cls_redirect_subprogs.c
create mode 100644 tools/testing/selftests/bpf/progs/test_subprogs.c
--
2.24.1
Powered by blists - more mailing lists