| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Oct 2021 14:14:54 -0700
From: Andrii Nakryiko <andrii.nakryiko@...il.com>
To: Kumar Kartikeya Dwivedi <memxor@...il.com>
Cc: bpf <bpf@...r.kernel.org>, Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <kafai@...com>,
Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
Jesper Dangaard Brouer <brouer@...hat.com>,
Toke Høiland-Jørgensen <toke@...hat.com>,
Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH bpf-next v6 5/9] bpf: Enable TCP congestion control kfunc
from modules
On Wed, Sep 29, 2021 at 11:30 PM Kumar Kartikeya Dwivedi
<memxor@...il.com> wrote:
>
> This commit moves BTF ID lookup into the newly added registration
> helper, in a way that the bbr, cubic, and dctcp implementation set up
> their sets in the bpf_tcp_ca kfunc_btf_set list, while the ones not
> dependent on modules are looked up from the wrapper function.
>
> This lifts the restriction for them to be compiled as built in objects,
> and can be loaded as modules if required. Also modify Makefile.modfinal
> to call resolve_btfids for each module.
>
> Note that since kernel kfunc_ids never overlap with module kfunc_ids, we
> only match the owner for module btf id sets.
>
> See following commits for background on use of:
>
> CONFIG_X86 ifdef:
> 569c484f9995 (bpf: Limit static tcp-cc functions in the .BTF_ids list to x86)
>
> CONFIG_DYNAMIC_FTRACE ifdef:
> 7aae231ac93b (bpf: tcp: Limit calling some tcp cc functions to CONFIG_DYNAMIC_FTRACE)
>
> Signed-off-by: Kumar Kartikeya Dwivedi <memxor@...il.com>
> ---
> include/linux/btf.h | 4 ++++
> kernel/bpf/btf.c | 3 +++
> net/ipv4/bpf_tcp_ca.c | 34 +++-------------------------------
> net/ipv4/tcp_bbr.c | 28 +++++++++++++++++++++++++++-
> net/ipv4/tcp_cubic.c | 26 +++++++++++++++++++++++++-
> net/ipv4/tcp_dctcp.c | 26 +++++++++++++++++++++++++-
> scripts/Makefile.modfinal | 1 +
> 7 files changed, 88 insertions(+), 34 deletions(-)
>
[...]
> BTF_SET_END(bpf_tcp_ca_kfunc_ids)
>
> static bool bpf_tcp_ca_check_kfunc_call(u32 kfunc_btf_id, struct module *owner)
> {
> - return btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id);
> + if (btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id))
> + return true;
> + return __bpf_tcp_ca_check_kfunc_call(kfunc_btf_id, owner);
so here, why it can't be generic
__bpf_check_kfunc_call(&bpf_tcp_ca_kfunc_list, kfunc_btf_id, owner);
?
> }
>
> static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = {
[...]
Powered by blists - more mailing lists