Commit 3f5f728a authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 

Andrii Nakryiko says:

====================
bpf-next 2022-08-17

We've added 45 non-merge commits during the last 14 day(s) which contain
a total of 61 files changed, 986 insertions(+), 372 deletions(-).

The main changes are:

1) New bpf_ktime_get_tai_ns() BPF helper to access CLOCK_TAI, from Kurt
   Kanzenbach and Jesper Dangaard Brouer.

2) Few clean ups and improvements for libbpf 1.0, from Andrii Nakryiko.

3) Expose crash_kexec() as kfunc for BPF programs, from Artem Savkov.

4) Add ability to define sleepable-only kfuncs, from Benjamin Tissoires.

5) Teach libbpf's bpf_prog_load() and bpf_map_create() to gracefully handle
   unsupported names on old kernels, from Hangbin Liu.

6) Allow opting out from auto-attaching BPF programs by libbpf's BPF skeleton,
   from Hao Luo.

7) Relax libbpf's requirement for shared libs to be marked executable, from
   Henqgi Chen.

8) Improve bpf_iter internals handling of error returns, from Hao Luo.

9) Few accommodations in libbpf to support GCC-BPF quirks, from James Hilliard.

10) Fix BPF verifier logic around tracking dynptr ref_obj_id, from Joanne Koong.

11) bpftool improvements to handle full BPF program names better, from Manu
    Bretelle.

12) bpftool fixes around libcap use, from Quentin Monnet.

13) BPF map internals clean ups and improvements around memory allocations,
    from Yafang Shao.

14) Allow to use cgroup_get_from_file() on cgroupv1, allowing BPF cgroup
    iterator to work on cgroupv1, from Yosry Ahmed.

15) BPF verifier internal clean ups, from Dave Marchevsky and Joanne Koong.

16) Various fixes and clean ups for selftests/bpf and vmtest.sh, from Daniel
    Xu, Artem Savkov, Joanne Koong, Andrii Nakryiko, Shibin Koikkara Reeny.

* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (45 commits)
  selftests/bpf: Few fixes for selftests/bpf built in release mode
  libbpf: Clean up deprecated and legacy aliases
  libbpf: Streamline bpf_attr and perf_event_attr initialization
  libbpf: Fix potential NULL dereference when parsing ELF
  selftests/bpf: Tests libbpf autoattach APIs
  libbpf: Allows disabling auto attach
  selftests/bpf: Fix attach point for non-x86 arches in test_progs/lsm
  libbpf: Making bpf_prog_load() ignore name if kernel doesn't support
  selftests/bpf: Update CI kconfig
  selftests/bpf: Add connmark read test
  selftests/bpf: Add existing connection bpf_*_ct_lookup() test
  bpftool: Clear errno after libcap's checks
  bpf: Clear up confusion in bpf_skb_adjust_room()'s documentation
  bpftool: Fix a typo in a comment
  libbpf: Add names for auxiliary maps
  bpf: Use bpf_map_area_alloc consistently on bpf map creation
  bpf: Make __GFP_NOWARN consistent in bpf map creation
  bpf: Use bpf_map_area_free instread of kvfree
  bpf: Remove unneeded memset in queue_stack_map creation
  libbpf: preserve errno across pr_warn/pr_info/pr_debug
  ...
====================

Link: https://lore.kernel.org/r/20220817215656.1180215-1-andrii@kernel.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents fd78d07c df78da27

Documentation/bpf/kfuncs.rst

+15 −0
Original line number Diff line number Diff line
@@ -146,6 +146,21 @@ that operate (change some property, perform some operation) on an object that 
was obtained using an acquire kfunc. Such kfuncs need an unchanged pointer to

ensure the integrity of the operation being performed on the expected object.



2.4.6 KF_SLEEPABLE flag

-----------------------



The KF_SLEEPABLE flag is used for kfuncs that may sleep. Such kfuncs can only

be called by sleepable BPF programs (BPF_F_SLEEPABLE).



2.4.7 KF_DESTRUCTIVE flag

--------------------------



The KF_DESTRUCTIVE flag is used to indicate functions calling which is

destructive to the system. For example such a call can result in system

rebooting or panicking. Due to this additional restrictions apply to these

calls. At the moment they only require CAP_SYS_BOOT capability, but more can be

added later.



2.5 Registering the kfuncs

--------------------------

include/linux/bpf.h

+1 −0
Original line number Diff line number Diff line
@@ -2349,6 +2349,7 @@ extern const struct bpf_func_proto bpf_get_numa_node_id_proto; 
extern const struct bpf_func_proto bpf_tail_call_proto;

extern const struct bpf_func_proto bpf_ktime_get_ns_proto;

extern const struct bpf_func_proto bpf_ktime_get_boot_ns_proto;

extern const struct bpf_func_proto bpf_ktime_get_tai_ns_proto;

extern const struct bpf_func_proto bpf_get_current_pid_tgid_proto;

extern const struct bpf_func_proto bpf_get_current_uid_gid_proto;

extern const struct bpf_func_proto bpf_get_current_comm_proto;

include/linux/btf.h

+2 −0
Original line number Diff line number Diff line
@@ -49,6 +49,8 @@ 
 * for this case.

 */

#define KF_TRUSTED_ARGS (1 << 4) /* kfunc only takes trusted pointer arguments */

#define KF_SLEEPABLE    (1 << 5) /* kfunc may sleep */

#define KF_DESTRUCTIVE  (1 << 6) /* kfunc performs destructive actions */



struct btf;

struct btf_member;

include/net/netfilter/nf_conntrack_core.h

+0 −6
Original line number Diff line number Diff line
@@ -86,10 +86,6 @@ extern spinlock_t nf_conntrack_expect_lock; 


/* ctnetlink code shared by both ctnetlink and nf_conntrack_bpf */



#if (IS_BUILTIN(CONFIG_NF_CONNTRACK) && IS_ENABLED(CONFIG_DEBUG_INFO_BTF)) || \

    (IS_MODULE(CONFIG_NF_CONNTRACK) && IS_ENABLED(CONFIG_DEBUG_INFO_BTF_MODULES) || \

    IS_ENABLED(CONFIG_NF_CT_NETLINK))



static inline void __nf_ct_set_timeout(struct nf_conn *ct, u64 timeout)

{

	if (timeout > INT_MAX)
@@ -101,6 +97,4 @@ int __nf_ct_change_timeout(struct nf_conn *ct, u64 cta_timeout); 
void __nf_ct_change_status(struct nf_conn *ct, unsigned long on, unsigned long off);

int nf_ct_change_status_common(struct nf_conn *ct, unsigned int status);



#endif



#endif /* _NF_CONNTRACK_CORE_H */

include/uapi/linux/bpf.h

+29 −4
Original line number Diff line number Diff line
@@ -2573,10 +2573,12 @@ union bpf_attr { 
 *		There are two supported modes at this time:

 *

 *		* **BPF_ADJ_ROOM_MAC**: Adjust room at the mac layer

 *		  (room space is added or removed below the layer 2 header).

 * 		  (room space is added or removed between the layer 2 and

 * 		  layer 3 headers).

 *

 * 		* **BPF_ADJ_ROOM_NET**: Adjust room at the network layer

 * 		  (room space is added or removed below the layer 3 header).

 * 		  (room space is added or removed between the layer 3 and

 * 		  layer 4 headers).

 *

 *		The following flags are supported at this time:

 *
@@ -3008,8 +3010,18 @@ union bpf_attr { 
 * 		**BPF_F_USER_STACK**

 * 			Collect a user space stack instead of a kernel stack.

 * 		**BPF_F_USER_BUILD_ID**

 * 			Collect buildid+offset instead of ips for user stack,

 * 			only valid if **BPF_F_USER_STACK** is also specified.

 * 			Collect (build_id, file_offset) instead of ips for user

 * 			stack, only valid if **BPF_F_USER_STACK** is also

 * 			specified.

 *

 * 			*file_offset* is an offset relative to the beginning

 * 			of the executable or shared object file backing the vma

 * 			which the *ip* falls in. It is *not* an offset relative

 * 			to that object's base address. Accordingly, it must be

 * 			adjusted by adding (sh_addr - sh_offset), where

 * 			sh_{addr,offset} correspond to the executable section

 * 			containing *file_offset* in the object, for comparisons

 * 			to symbols' st_value to be valid.

 *

 * 		**bpf_get_stack**\ () can collect up to

 * 		**PERF_MAX_STACK_DEPTH** both kernel and user frames, subject
@@ -5331,6 +5343,18 @@ union bpf_attr { 
 *		**-EACCES** if the SYN cookie is not valid.

 *

 *		**-EPROTONOSUPPORT** if CONFIG_IPV6 is not builtin.

 *

 * u64 bpf_ktime_get_tai_ns(void)

 *	Description

 *		A nonsettable system-wide clock derived from wall-clock time but

 *		ignoring leap seconds.  This clock does not experience

 *		discontinuities and backwards jumps caused by NTP inserting leap

 *		seconds as CLOCK_REALTIME does.

 *

 *		See: **clock_gettime**\ (**CLOCK_TAI**)

 *	Return

 *		Current *ktime*.

 *

 */

#define __BPF_FUNC_MAPPER(FN)		\

	FN(unspec),			\
@@ -5541,6 +5565,7 @@ union bpf_attr { 
	FN(tcp_raw_gen_syncookie_ipv6),	\

	FN(tcp_raw_check_syncookie_ipv4),	\

	FN(tcp_raw_check_syncookie_ipv6),	\

	FN(ktime_get_tai_ns),		\

	/* */



/* integer value in 'imm' field of BPF_CALL instruction selects which helper