Message ID | 1704175877-28298-1-git-send-email-alibuda@linux.alibaba.com |
---|---|
Headers |
Return-Path: <linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7301:6f82:b0:100:9c79:88ff with SMTP id tb2csp4291060dyb; Mon, 1 Jan 2024 22:11:57 -0800 (PST) X-Google-Smtp-Source: AGHT+IG8CHr9WDHwqY5lXsIA++t9zm9yYj1vIJbWs64Uq33L6X5gEpdcEnVLExw8m9STC2gAYRCQ X-Received: by 2002:a17:902:e744:b0:1d4:308c:978 with SMTP id p4-20020a170902e74400b001d4308c0978mr6967982plf.112.1704175916908; Mon, 01 Jan 2024 22:11:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704175916; cv=none; d=google.com; s=arc-20160816; b=XgUrsqbojfYOiLmwTHp/1n6IlXQy0Qai7nihRtiEUYsWeqSx8kE6kavQ0/OZuU7h3/ CIYXK3ersjSfHhNkl2QdzUYvVDZomzE3stL62nKyRk++ft4TGj0reuZljjp/PX2eQ2P4 nw8KNsbzQby1s+p+6psreXdu6zRAm7amX0u2L30wR/YTcB4StoD+IPVoaFw2oXI/1gj+ ISzbLIWHqBW/GUko203Ht15XX+VON3feYzJAhDiAdpGLUZO5dYVoAGQRGh70HX/le0pq DI8n3+PdHkJgi5K0OggNtqsiv+BM1YZN/4PPZG6+hdoV6Mj4C4uretJQFlE2qncB90JM uYIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-unsubscribe:list-subscribe:list-id:precedence:message-id:date :subject:cc:to:from; bh=o47Ua5oBOe7p0Sh7qc5FLSMT9fM990UKFRi0hdKXA4w=; fh=0j9hEtKEGSulx/lgeQcpDl+4ujiVFr5DCPGOZLIRfAc=; b=nG4dD7iP0LXOx5/3msjRo0bChcufhLv+tAjM60phT8tgAHaa0VuFW5rU5enBonHi7J 0xUxnkY/qLErcISj/aCG37ule/bFLP6hq/VAEbzULt7PAZbJH7tAo5SEWzf2oXT2Ux2I oet6sxRl6S5vpse1P721DNpuqR4vwJeWndfDYmbpkgYIdjJkstNCj/Z2E7ffx/6qXcT4 Q8vxoxLn/Og4B13UzXUjBiNT1RRKg6j/FBwL4yvV8pikLOmn718UbN5Ay5s5gxKBwOiM 7G2PxHH63LfAjuYi+TPY4+wfiNez+AZy4hG4xmVu2yffYH0lwar6j1aZrGt8oV0r/ydN 9cCw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id l10-20020a170903120a00b001d485a81270si9098623plh.362.2024.01.01.22.11.56 for <ouuuleilei@gmail.com> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Jan 2024 22:11:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-14073-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B220D282114 for <ouuuleilei@gmail.com>; Tue, 2 Jan 2024 06:11:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 7BCB3468E; Tue, 2 Jan 2024 06:11:29 +0000 (UTC) X-Original-To: linux-kernel@vger.kernel.org Received: from out30-133.freemail.mail.aliyun.com (out30-133.freemail.mail.aliyun.com [115.124.30.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0FCB94431; Tue, 2 Jan 2024 06:11:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R141e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018045176;MF=alibuda@linux.alibaba.com;NM=1;PH=DS;RN=13;SR=0;TI=SMTPD_---0VzmJOCt_1704175877; Received: from j66a10360.sqa.eu95.tbsite.net(mailfrom:alibuda@linux.alibaba.com fp:SMTPD_---0VzmJOCt_1704175877) by smtp.aliyun-inc.com; Tue, 02 Jan 2024 14:11:21 +0800 From: "D. Wythe" <alibuda@linux.alibaba.com> To: pablo@netfilter.org, kadlec@netfilter.org, fw@strlen.de Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, coreteam@netfilter.org, netfilter-devel@vger.kernel.org, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, ast@kernel.org Subject: [RFC nf-next v5 0/2] netfilter: bpf: support prog update Date: Tue, 2 Jan 2024 14:11:15 +0800 Message-Id: <1704175877-28298-1-git-send-email-alibuda@linux.alibaba.com> X-Mailer: git-send-email 1.8.3.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: <linux-kernel.vger.kernel.org> List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org> List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org> X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1786957966259782925 X-GMAIL-MSGID: 1786957966259782925 |
Series |
netfilter: bpf: support prog update
|
|
Message
D. Wythe
Jan. 2, 2024, 6:11 a.m. UTC
From: "D. Wythe" <alibuda@linux.alibaba.com>
This patches attempt to implements updating of progs within
bpf netfilter link, allowing user update their ebpf netfilter
prog in hot update manner.
Besides, a corresponding test case has been added to verify
whether the update works.
--
v1:
1. remove unnecessary context, access the prog directly via rcu.
2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu.
3. check the dead flag during the update.
--
v1->v2:
1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct.
--
v2->v3:
1. access nf_link->link.prog via rcu_dereference_raw to avoid warning.
--
v3->v4:
1. remove mutex for link update, as it is unnecessary and can be replaced
by atomic operations.
--
v4->v5:
1. fix error retval check on cmpxhcg
D. Wythe (2):
netfilter: bpf: support prog update
selftests/bpf: Add netfilter link prog update test
net/netfilter/nf_bpf_link.c | 50 ++++++++-----
.../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++
.../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++
3 files changed, 141 insertions(+), 16 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c
create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c
Comments
Just a reminder to avoid forgetting this patch by everyone. đŸ™‚ Best wishes, D. Wythe On 1/2/24 2:11 PM, D. Wythe wrote: > From: "D. Wythe" <alibuda@linux.alibaba.com> > > This patches attempt to implements updating of progs within > bpf netfilter link, allowing user update their ebpf netfilter > prog in hot update manner. > > Besides, a corresponding test case has been added to verify > whether the update works. > -- > v1: > 1. remove unnecessary context, access the prog directly via rcu. > 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu. > 3. check the dead flag during the update. > -- > v1->v2: > 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct. > -- > v2->v3: > 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning. > -- > v3->v4: > 1. remove mutex for link update, as it is unnecessary and can be replaced > by atomic operations. > -- > v4->v5: > 1. fix error retval check on cmpxhcg > > D. Wythe (2): > netfilter: bpf: support prog update > selftests/bpf: Add netfilter link prog update test > > net/netfilter/nf_bpf_link.c | 50 ++++++++----- > .../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++ > .../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++ > 3 files changed, 141 insertions(+), 16 deletions(-) > create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c > create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c >
On 2024-01-02 07:11, D. Wythe wrote: > From: "D. Wythe" <alibuda@linux.alibaba.com> > > This patches attempt to implements updating of progs within > bpf netfilter link, allowing user update their ebpf netfilter > prog in hot update manner. > > Besides, a corresponding test case has been added to verify > whether the update works. > -- > v1: > 1. remove unnecessary context, access the prog directly via rcu. > 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu. > 3. check the dead flag during the update. > -- > v1->v2: > 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct. > -- > v2->v3: > 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning. > -- > v3->v4: > 1. remove mutex for link update, as it is unnecessary and can be replaced > by atomic operations. > -- > v4->v5: > 1. fix error retval check on cmpxhcg > > D. Wythe (2): > netfilter: bpf: support prog update > selftests/bpf: Add netfilter link prog update test > > net/netfilter/nf_bpf_link.c | 50 ++++++++----- > .../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++ > .../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++ > 3 files changed, 141 insertions(+), 16 deletions(-) > create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c > create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c > It seems this patch has been forgotten, hopefully this answer will give it more visibility. I've applied this change on 6.8.0-rc4 and tested BPF_LINK_UPDATE with bpfilter and everything seems alright. Thanks, Quentin
On Wed, Feb 14, 2024 at 05:10:46PM +0100, Quentin Deslandes wrote: > On 2024-01-02 07:11, D. Wythe wrote: > > From: "D. Wythe" <alibuda@linux.alibaba.com> > > > > This patches attempt to implements updating of progs within > > bpf netfilter link, allowing user update their ebpf netfilter > > prog in hot update manner. > > > > Besides, a corresponding test case has been added to verify > > whether the update works. > > -- > > v1: > > 1. remove unnecessary context, access the prog directly via rcu. > > 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu. > > 3. check the dead flag during the update. > > -- > > v1->v2: > > 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct. > > -- > > v2->v3: > > 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning. > > -- > > v3->v4: > > 1. remove mutex for link update, as it is unnecessary and can be replaced > > by atomic operations. > > -- > > v4->v5: > > 1. fix error retval check on cmpxhcg > > > > D. Wythe (2): > > netfilter: bpf: support prog update > > selftests/bpf: Add netfilter link prog update test > > > > net/netfilter/nf_bpf_link.c | 50 ++++++++----- > > .../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++ > > .../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++ > > 3 files changed, 141 insertions(+), 16 deletions(-) > > create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c > > create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c > > > > It seems this patch has been forgotten, hopefully this answer > will give it more visibility. > > I've applied this change on 6.8.0-rc4 and tested BPF_LINK_UPDATE > with bpfilter and everything seems alright. Just post it without RFC tag.
On 2/15/24 12:41 AM, Pablo Neira Ayuso wrote: > On Wed, Feb 14, 2024 at 05:10:46PM +0100, Quentin Deslandes wrote: >> On 2024-01-02 07:11, D. Wythe wrote: >>> From: "D. Wythe" <alibuda@linux.alibaba.com> >>> >>> This patches attempt to implements updating of progs within >>> bpf netfilter link, allowing user update their ebpf netfilter >>> prog in hot update manner. >>> >>> Besides, a corresponding test case has been added to verify >>> whether the update works. >>> -- >>> v1: >>> 1. remove unnecessary context, access the prog directly via rcu. >>> 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu. >>> 3. check the dead flag during the update. >>> -- >>> v1->v2: >>> 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct. >>> -- >>> v2->v3: >>> 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning. >>> -- >>> v3->v4: >>> 1. remove mutex for link update, as it is unnecessary and can be replaced >>> by atomic operations. >>> -- >>> v4->v5: >>> 1. fix error retval check on cmpxhcg >>> >>> D. Wythe (2): >>> netfilter: bpf: support prog update >>> selftests/bpf: Add netfilter link prog update test >>> >>> net/netfilter/nf_bpf_link.c | 50 ++++++++----- >>> .../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++ >>> .../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++ >>> 3 files changed, 141 insertions(+), 16 deletions(-) >>> create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c >>> create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c >>> >> It seems this patch has been forgotten, hopefully this answer >> will give it more visibility. >> >> I've applied this change on 6.8.0-rc4 and tested BPF_LINK_UPDATE >> with bpfilter and everything seems alright. > Just post it without RFC tag. Glad to know that, I will send a formal version soon. D. Wythe
On 2/15/24 12:10 AM, Quentin Deslandes wrote: > On 2024-01-02 07:11, D. Wythe wrote: >> From: "D. Wythe" <alibuda@linux.alibaba.com> >> >> This patches attempt to implements updating of progs within >> bpf netfilter link, allowing user update their ebpf netfilter >> prog in hot update manner. >> >> Besides, a corresponding test case has been added to verify >> whether the update works. >> -- >> v1: >> 1. remove unnecessary context, access the prog directly via rcu. >> 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu. >> 3. check the dead flag during the update. >> -- >> v1->v2: >> 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct. >> -- >> v2->v3: >> 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning. >> -- >> v3->v4: >> 1. remove mutex for link update, as it is unnecessary and can be replaced >> by atomic operations. >> -- >> v4->v5: >> 1. fix error retval check on cmpxhcg >> >> D. Wythe (2): >> netfilter: bpf: support prog update >> selftests/bpf: Add netfilter link prog update test >> >> net/netfilter/nf_bpf_link.c | 50 ++++++++----- >> .../bpf/prog_tests/netfilter_link_update_prog.c | 83 ++++++++++++++++++++++ >> .../bpf/progs/test_netfilter_link_update_prog.c | 24 +++++++ >> 3 files changed, 141 insertions(+), 16 deletions(-) >> create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c >> create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c >> > It seems this patch has been forgotten, hopefully this answer > will give it more visibility. > > I've applied this change on 6.8.0-rc4 and tested BPF_LINK_UPDATE > with bpfilter and everything seems alright. > > Thanks, > Quentin Thanks for your testing. I will send out a formal version soon. Best wishes, D. Wythe