diff options
| author | David S. Miller <davem@davemloft.net> | 2017-10-10 22:30:17 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-10-10 22:30:17 +0300 |
| commit | 67174bb2336061d373bc83ea1c56a4337a40e20f (patch) | |
| tree | f879063be29de0e6d7435759db62f0157c7773ff /net | |
| parent | 442d713baa33db0f78adadee6125c215f10f5a75 (diff) | |
| parent | a2a7d5701052542cd2260e7659b12443e0a74733 (diff) | |
| download | linux-67174bb2336061d373bc83ea1c56a4337a40e20f.tar.xz | |
Merge branch 'bpf-get-rid-of-global-verifier-state-and-reuse-instruction-printer'
Jakub Kicinski says:
====================
bpf: get rid of global verifier state and reuse instruction printer
This set started off as simple extraction of eBPF verifier's instruction
printer into a separate file but evolved into removal of global state.
The purpose of moving instruction printing code is to be able to reuse it
from the bpftool.
As far as the global verifier lock goes, this set removes the global
variables relating to the log buffer, makes the one-time init done
by bpf_get_skb_set_tunnel_proto() not depend on any external locking,
and performs verifier log writeback as data is produced removing the need
for allocating a potentially large temporary buffer.
The final step of actually removing the verifier lock is left to someone
more competent and self-confident :)
Note that struct bpf_verifier_env is just 40B under two pages now,
we should probably switch to vzalloc() when it's expanded again...
v2:
- add a selftest;
- use env buffer and flush on every print (Alexei);
- handle kernel log allocation failures (Daniel);
- put the env log members into a struct (Daniel).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/core/dst.c | 16 | ||||
| -rw-r--r-- | net/core/filter.c | 16 |
2 files changed, 25 insertions, 7 deletions
diff --git a/net/core/dst.c b/net/core/dst.c index a6c47da7d0f8..8b2eafac984d 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -322,3 +322,19 @@ metadata_dst_alloc_percpu(u8 optslen, enum metadata_type type, gfp_t flags) return md_dst; } EXPORT_SYMBOL_GPL(metadata_dst_alloc_percpu); + +void metadata_dst_free_percpu(struct metadata_dst __percpu *md_dst) +{ + int cpu; + +#ifdef CONFIG_DST_CACHE + for_each_possible_cpu(cpu) { + struct metadata_dst *one_md_dst = per_cpu_ptr(md_dst, cpu); + + if (one_md_dst->type == METADATA_IP_TUNNEL) + dst_cache_destroy(&one_md_dst->u.tun_info.dst_cache); + } +#endif + free_percpu(md_dst); +} +EXPORT_SYMBOL_GPL(metadata_dst_free_percpu); diff --git a/net/core/filter.c b/net/core/filter.c index b7e8caa1e790..140fa9f9c0f4 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -43,6 +43,7 @@ #include <linux/timer.h> #include <linux/uaccess.h> #include <asm/unaligned.h> +#include <asm/cmpxchg.h> #include <linux/filter.h> #include <linux/ratelimit.h> #include <linux/seccomp.h> @@ -2987,14 +2988,15 @@ static const struct bpf_func_proto * bpf_get_skb_set_tunnel_proto(enum bpf_func_id which) { if (!md_dst) { - /* Race is not possible, since it's called from verifier - * that is holding verifier mutex. - */ - md_dst = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX, - METADATA_IP_TUNNEL, - GFP_KERNEL); - if (!md_dst) + struct metadata_dst __percpu *tmp; + + tmp = metadata_dst_alloc_percpu(IP_TUNNEL_OPTS_MAX, + METADATA_IP_TUNNEL, + GFP_KERNEL); + if (!tmp) return NULL; + if (cmpxchg(&md_dst, NULL, tmp)) + metadata_dst_free_percpu(tmp); } switch (which) { |