Re: [PATCH net-next 2/2] devmap: Allow map lookups from eBPF

["Toke Høiland-Jørgensen" <toke@redhat.com>]

Jesper Dangaard Brouer <brouer@redhat.com> writes:

> On Tue, 04 Jun 2019 17:24:10 +0200
> Toke Høiland-Jørgensen <toke@redhat.com> wrote:
>
>> We don't currently allow lookups into a devmap from eBPF, because the map
>> lookup returns a pointer directly to the dev->ifindex, which shouldn't be
>> modifiable from eBPF.
>> 
>> However, being able to do lookups in devmaps is useful to know (e.g.)
>> whether forwarding to a specific interface is enabled. Currently, programs
>> work around this by keeping a shadow map of another type which indicates
>> whether a map index is valid.
>> 
>> To allow lookups, simply copy the ifindex into a scratch variable and
>> return a pointer to this. If an eBPF program does modify it, this doesn't
>> matter since it will be overridden on the next lookup anyway. While this
>> does add a write to every lookup, the overhead of this is negligible
>> because the cache line is hot when both the write and the subsequent
>> read happens.
>
> When we choose the return value, here the ifindex, then this basically
> becomes UABI, right?

Well, we already have UABI on the insert side, where the value being
inserted has to be an ifindex. And we enforce value_size==4 when
creating the map. So IMO I'm just keeping to the already established
UAPI here.

That being said...

> Can we somehow use BTF to help us to make this extensible?

... this would not necessarily be a bad thing, it just needs to be done
on both the insert and lookup sides.

But I think this is a separate issue, which we need to solve anyway. And
I'm still not convinced that the map value is the right place to specify
what resources we want ;)

-Toke