Re: Accessing userspace created persistent eBPF maps from kernel bpf restricted C

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Borkmann <daniel@iogearbox.net>
To: Kiran T <kiran.lkml@gmail.com>, David Miller <davem@davemloft.net>
Cc: Zvi Effron <zeffron@riotgames.com>, xdp-newbies@vger.kernel.org
Subject: Re: Accessing userspace created persistent eBPF maps from kernel bpf restricted C
Date: Fri, 08 Sep 2017 17:35:23 +0200	[thread overview]
Message-ID: <59B2B8BB.4050302@iogearbox.net> (raw)
In-Reply-To: <CABUc5FG9rfn2RYvp4Y12407PGMXPgA-XzibyTn5zqW4O2oSsOA@mail.gmail.com>

On 09/08/2017 07:28 AM, Kiran T wrote:
> On Thu, Sep 7, 2017 at 7:12 PM, David Miller <davem@davemloft.net> wrote:
> ...
>>
>> Pinning is so that an unload of a BPF program doesn't cause it's maps
>> to go away.
>>
>> It's designed so that things like statistics can be persistent across
>> BPF program loads.
>>
>> So you can load and unload a BPF program multiple times, and you won't
>> lose the statistic increments done by earlier instances.
>
> I understand.
> However, I have a use case where  data used to filter perf events can
> change and can
> be loaded as a full map,  much after the bpf program is loaded.  The
> map will be pinned,

If I understand you correctly, you have a map that contains some
kind of filter policy that you check before proceeding. The map
that contains this data is pinned in user space, but not immediately
available at load time, and you want to be able to insert or also
potentially replace this map with a different map when you need to
change the policy. Is the assumption correct that the key/value
format of the policy would be the same and known a-priori, plus the
map types will also be the same?

If I didn't get this wrong, then just use a map in map that was
suggested earlier. So you have a BPF_TYPE_ARRAY_OF_MAPS that is
pinned as well, and when you need to replace the maps at runtime,
then you fetch the fd of the pinned BPF_TYPE_ARRAY_OF_MAPS map
and update it with the inner fd of the pinned map containing the
new policy data. That way, you don't need to reload the BPF program
(which would be atomic as well, though).

In the case where the map could change also in terms of format,
then probably best would be (if you don't want to reload the whole
program and have all contained in it) that you make a tail call
from the main program to a program that processes this specific
map and that program makes another tail call to a different program
that continues processing. So you have a flow where prog A calls
prog B which calls prog C, and prog B is replaceable atomically
during runtime. If there is some need to pass data from A to B
or B to C, then just use a per CPU map as a scratch buffer.

next prev parent reply	other threads:[~2017-09-08 15:35 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-09-07 21:37 Accessing userspace created persistent eBPF maps from kernel bpf restricted C Kiran T
2017-09-07 23:17 ` Zvi Effron
2017-09-08  0:46   ` Kiran T
2017-09-08  0:57     ` Zvi Effron
2017-09-08  2:12     ` David Miller
2017-09-08  5:28       ` Kiran T
2017-09-08  6:11         ` David Miller
2017-09-08  6:34         ` Zvi Effron
2017-09-08 16:42           ` Kiran T
2017-09-08 17:37             ` Zvi Effron
2017-09-08 18:02               ` Y Song
2017-09-08 15:35         ` Daniel Borkmann [this message]
2017-09-08  7:45 ` Jesper Dangaard Brouer
  -- strict thread matches above, loose matches on Subject: below --
2017-09-07 17:38 Kiran T

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=59B2B8BB.4050302@iogearbox.net \
    --to=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=kiran.lkml@gmail.com \
    --cc=xdp-newbies@vger.kernel.org \
    --cc=zeffron@riotgames.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.