* [PATCH bpf-next] bpf: Generalize data copying for percpu maps
@ 2025-09-03 17:04 Leon Hwang
2025-09-03 17:36 ` Alexei Starovoitov
0 siblings, 1 reply; 5+ messages in thread
From: Leon Hwang @ 2025-09-03 17:04 UTC (permalink / raw)
To: bpf
Cc: ast, andrii, daniel, martin.lau, eddyz87, song, yonghong.song,
leon.hwang, kernel-patches-bot, Andrii Nakryiko
While adding support for the BPF_F_CPU and BPF_F_ALL_CPUS flags, the data
copying logic of the following percpu map types needs to be updated:
* percpu_array
* percpu_hash
* lru_percpu_hash
* percpu_cgroup_storage
Following Andrii’s suggestion[0], this patch refactors the data copying
logic by introducing two helpers:
* `bpf_percpu_copy_to_user()`
* `bpf_percpu_copy_from_user()`
This prepares the codebase for the upcoming CPU flag support.
[0] https://lore.kernel.org/bpf/20250827164509.7401-1-leon.hwang@linux.dev/
Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
---
include/linux/bpf.h | 29 ++++++++++++++++++++++++++++-
kernel/bpf/arraymap.c | 14 ++------------
kernel/bpf/hashtab.c | 20 +++-----------------
kernel/bpf/local_storage.c | 18 ++++++------------
4 files changed, 39 insertions(+), 42 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index 8f6e87f0f3a89..2dc0299a2da50 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -547,6 +547,34 @@ static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src
bpf_obj_memcpy(map->record, dst, src, map->value_size, true);
}
+#ifdef CONFIG_BPF_SYSCALL
+static inline void bpf_percpu_copy_to_user(struct bpf_map *map, void __percpu *pptr, void *value,
+ u32 size)
+{
+ int cpu, off = 0;
+
+ for_each_possible_cpu(cpu) {
+ copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
+ check_and_init_map_value(map, value + off);
+ off += size;
+ }
+}
+
+void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
+
+static inline void bpf_percpu_copy_from_user(struct bpf_map *map, void __percpu *pptr, void *value,
+ u32 size)
+{
+ int cpu, off = 0;
+
+ for_each_possible_cpu(cpu) {
+ copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
+ bpf_obj_free_fields(map->record, per_cpu_ptr(pptr, cpu));
+ off += size;
+ }
+}
+#endif
+
static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src)
{
unsigned long *src_uptr, *dst_uptr;
@@ -2417,7 +2445,6 @@ struct btf_record *btf_record_dup(const struct btf_record *rec);
bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b);
void bpf_obj_free_timer(const struct btf_record *rec, void *obj);
void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj);
-void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu);
struct bpf_map *bpf_map_get(u32 ufd);
diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
index 3d080916faf97..6be9c54604503 100644
--- a/kernel/bpf/arraymap.c
+++ b/kernel/bpf/arraymap.c
@@ -300,7 +300,6 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
struct bpf_array *array = container_of(map, struct bpf_array, map);
u32 index = *(u32 *)key;
void __percpu *pptr;
- int cpu, off = 0;
u32 size;
if (unlikely(index >= array->map.max_entries))
@@ -313,11 +312,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
size = array->elem_size;
rcu_read_lock();
pptr = array->pptrs[index & array->index_mask];
- for_each_possible_cpu(cpu) {
- copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
- check_and_init_map_value(map, value + off);
- off += size;
- }
+ bpf_percpu_copy_to_user(map, pptr, value, size);
rcu_read_unlock();
return 0;
}
@@ -387,7 +382,6 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
struct bpf_array *array = container_of(map, struct bpf_array, map);
u32 index = *(u32 *)key;
void __percpu *pptr;
- int cpu, off = 0;
u32 size;
if (unlikely(map_flags > BPF_EXIST))
@@ -411,11 +405,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
size = array->elem_size;
rcu_read_lock();
pptr = array->pptrs[index & array->index_mask];
- for_each_possible_cpu(cpu) {
- copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
- bpf_obj_free_fields(array->map.record, per_cpu_ptr(pptr, cpu));
- off += size;
- }
+ bpf_percpu_copy_from_user(map, pptr, value, size);
rcu_read_unlock();
return 0;
}
diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
index 71f9931ac64cd..5f0f3c00dbb74 100644
--- a/kernel/bpf/hashtab.c
+++ b/kernel/bpf/hashtab.c
@@ -944,12 +944,8 @@ static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
} else {
u32 size = round_up(htab->map.value_size, 8);
- int off = 0, cpu;
- for_each_possible_cpu(cpu) {
- copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
- off += size;
- }
+ bpf_percpu_copy_from_user(&htab->map, pptr, value, size);
}
}
@@ -1802,15 +1798,10 @@ __htab_map_lookup_and_delete_batch(struct bpf_map *map,
memcpy(dst_key, l->key, key_size);
if (is_percpu) {
- int off = 0, cpu;
void __percpu *pptr;
pptr = htab_elem_get_ptr(l, map->key_size);
- for_each_possible_cpu(cpu) {
- copy_map_value_long(&htab->map, dst_val + off, per_cpu_ptr(pptr, cpu));
- check_and_init_map_value(&htab->map, dst_val + off);
- off += size;
- }
+ bpf_percpu_copy_to_user(&htab->map, pptr, dst_val, size);
} else {
value = htab_elem_value(l, key_size);
if (is_fd_htab(htab)) {
@@ -2370,7 +2361,6 @@ int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value)
struct htab_elem *l;
void __percpu *pptr;
int ret = -ENOENT;
- int cpu, off = 0;
u32 size;
/* per_cpu areas are zero-filled and bpf programs can only
@@ -2386,11 +2376,7 @@ int bpf_percpu_hash_copy(struct bpf_map *map, void *key, void *value)
* eviction heuristics when user space does a map walk.
*/
pptr = htab_elem_get_ptr(l, map->key_size);
- for_each_possible_cpu(cpu) {
- copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
- check_and_init_map_value(map, value + off);
- off += size;
- }
+ bpf_percpu_copy_to_user(map, pptr, value, size);
ret = 0;
out:
rcu_read_unlock();
diff --git a/kernel/bpf/local_storage.c b/kernel/bpf/local_storage.c
index c93a756e035c0..02c184d20213c 100644
--- a/kernel/bpf/local_storage.c
+++ b/kernel/bpf/local_storage.c
@@ -184,7 +184,7 @@ int bpf_percpu_cgroup_storage_copy(struct bpf_map *_map, void *key,
{
struct bpf_cgroup_storage_map *map = map_to_storage(_map);
struct bpf_cgroup_storage *storage;
- int cpu, off = 0;
+ void __percpu *pptr;
u32 size;
rcu_read_lock();
@@ -199,11 +199,8 @@ int bpf_percpu_cgroup_storage_copy(struct bpf_map *_map, void *key,
* will not leak any kernel data
*/
size = round_up(_map->value_size, 8);
- for_each_possible_cpu(cpu) {
- bpf_long_memcpy(value + off,
- per_cpu_ptr(storage->percpu_buf, cpu), size);
- off += size;
- }
+ pptr = storage->percpu_buf;
+ bpf_percpu_copy_to_user(_map, pptr, value, size);
rcu_read_unlock();
return 0;
}
@@ -213,7 +210,7 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *_map, void *key,
{
struct bpf_cgroup_storage_map *map = map_to_storage(_map);
struct bpf_cgroup_storage *storage;
- int cpu, off = 0;
+ void __percpu *pptr;
u32 size;
if (map_flags != BPF_ANY && map_flags != BPF_EXIST)
@@ -233,11 +230,8 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *_map, void *key,
* so no kernel data leaks possible
*/
size = round_up(_map->value_size, 8);
- for_each_possible_cpu(cpu) {
- bpf_long_memcpy(per_cpu_ptr(storage->percpu_buf, cpu),
- value + off, size);
- off += size;
- }
+ pptr = storage->percpu_buf;
+ bpf_percpu_copy_from_user(_map, pptr, value, size);
rcu_read_unlock();
return 0;
}
--
2.50.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH bpf-next] bpf: Generalize data copying for percpu maps
2025-09-03 17:04 [PATCH bpf-next] bpf: Generalize data copying for percpu maps Leon Hwang
@ 2025-09-03 17:36 ` Alexei Starovoitov
2025-09-03 23:39 ` Andrii Nakryiko
0 siblings, 1 reply; 5+ messages in thread
From: Alexei Starovoitov @ 2025-09-03 17:36 UTC (permalink / raw)
To: Leon Hwang
Cc: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Martin KaFai Lau, Eduard, Song Liu, Yonghong Song,
kernel-patches-bot, Andrii Nakryiko
On Wed, Sep 3, 2025 at 10:04 AM Leon Hwang <leon.hwang@linux.dev> wrote:
>
> While adding support for the BPF_F_CPU and BPF_F_ALL_CPUS flags, the data
> copying logic of the following percpu map types needs to be updated:
>
> * percpu_array
> * percpu_hash
> * lru_percpu_hash
> * percpu_cgroup_storage
>
> Following Andrii’s suggestion[0], this patch refactors the data copying
> logic by introducing two helpers:
>
> * `bpf_percpu_copy_to_user()`
> * `bpf_percpu_copy_from_user()`
>
> This prepares the codebase for the upcoming CPU flag support.
>
> [0] https://lore.kernel.org/bpf/20250827164509.7401-1-leon.hwang@linux.dev/
>
> Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
> ---
> include/linux/bpf.h | 29 ++++++++++++++++++++++++++++-
> kernel/bpf/arraymap.c | 14 ++------------
> kernel/bpf/hashtab.c | 20 +++-----------------
> kernel/bpf/local_storage.c | 18 ++++++------------
> 4 files changed, 39 insertions(+), 42 deletions(-)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 8f6e87f0f3a89..2dc0299a2da50 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -547,6 +547,34 @@ static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src
> bpf_obj_memcpy(map->record, dst, src, map->value_size, true);
> }
>
> +#ifdef CONFIG_BPF_SYSCALL
> +static inline void bpf_percpu_copy_to_user(struct bpf_map *map, void __percpu *pptr, void *value,
> + u32 size)
> +{
> + int cpu, off = 0;
> +
> + for_each_possible_cpu(cpu) {
> + copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> + check_and_init_map_value(map, value + off);
> + off += size;
> + }
> +}
> +
> +void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> +
> +static inline void bpf_percpu_copy_from_user(struct bpf_map *map, void __percpu *pptr, void *value,
> + u32 size)
> +{
> + int cpu, off = 0;
> +
> + for_each_possible_cpu(cpu) {
> + copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
> + bpf_obj_free_fields(map->record, per_cpu_ptr(pptr, cpu));
> + off += size;
> + }
> +}
> +#endif
> +
> static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src)
> {
> unsigned long *src_uptr, *dst_uptr;
> @@ -2417,7 +2445,6 @@ struct btf_record *btf_record_dup(const struct btf_record *rec);
> bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b);
> void bpf_obj_free_timer(const struct btf_record *rec, void *obj);
> void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj);
> -void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu);
>
> struct bpf_map *bpf_map_get(u32 ufd);
> diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
> index 3d080916faf97..6be9c54604503 100644
> --- a/kernel/bpf/arraymap.c
> +++ b/kernel/bpf/arraymap.c
> @@ -300,7 +300,6 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> struct bpf_array *array = container_of(map, struct bpf_array, map);
> u32 index = *(u32 *)key;
> void __percpu *pptr;
> - int cpu, off = 0;
> u32 size;
>
> if (unlikely(index >= array->map.max_entries))
> @@ -313,11 +312,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> size = array->elem_size;
> rcu_read_lock();
> pptr = array->pptrs[index & array->index_mask];
> - for_each_possible_cpu(cpu) {
> - copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> - check_and_init_map_value(map, value + off);
> - off += size;
> - }
> + bpf_percpu_copy_to_user(map, pptr, value, size);
> rcu_read_unlock();
> return 0;
> }
> @@ -387,7 +382,6 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> struct bpf_array *array = container_of(map, struct bpf_array, map);
> u32 index = *(u32 *)key;
> void __percpu *pptr;
> - int cpu, off = 0;
> u32 size;
>
> if (unlikely(map_flags > BPF_EXIST))
> @@ -411,11 +405,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> size = array->elem_size;
> rcu_read_lock();
> pptr = array->pptrs[index & array->index_mask];
> - for_each_possible_cpu(cpu) {
> - copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
> - bpf_obj_free_fields(array->map.record, per_cpu_ptr(pptr, cpu));
> - off += size;
> - }
> + bpf_percpu_copy_from_user(map, pptr, value, size);
> rcu_read_unlock();
> return 0;
> }
> diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
> index 71f9931ac64cd..5f0f3c00dbb74 100644
> --- a/kernel/bpf/hashtab.c
> +++ b/kernel/bpf/hashtab.c
> @@ -944,12 +944,8 @@ static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
> copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
> } else {
> u32 size = round_up(htab->map.value_size, 8);
> - int off = 0, cpu;
>
> - for_each_possible_cpu(cpu) {
> - copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
> - off += size;
> - }
> + bpf_percpu_copy_from_user(&htab->map, pptr, value, size);
This is not a refactor. There is a significant change in the logic.
Why is it needed? Bug fix or introducing a bug?
The names to_user and from_user are wrong.
There is no user space memory involved.
pw-bot: cr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf-next] bpf: Generalize data copying for percpu maps
2025-09-03 17:36 ` Alexei Starovoitov
@ 2025-09-03 23:39 ` Andrii Nakryiko
2025-09-04 2:33 ` Leon Hwang
0 siblings, 1 reply; 5+ messages in thread
From: Andrii Nakryiko @ 2025-09-03 23:39 UTC (permalink / raw)
To: Alexei Starovoitov
Cc: Leon Hwang, bpf, Alexei Starovoitov, Andrii Nakryiko,
Daniel Borkmann, Martin KaFai Lau, Eduard, Song Liu,
Yonghong Song, kernel-patches-bot
On Wed, Sep 3, 2025 at 10:36 AM Alexei Starovoitov
<alexei.starovoitov@gmail.com> wrote:
>
> On Wed, Sep 3, 2025 at 10:04 AM Leon Hwang <leon.hwang@linux.dev> wrote:
> >
> > While adding support for the BPF_F_CPU and BPF_F_ALL_CPUS flags, the data
> > copying logic of the following percpu map types needs to be updated:
> >
> > * percpu_array
> > * percpu_hash
> > * lru_percpu_hash
> > * percpu_cgroup_storage
> >
> > Following Andrii’s suggestion[0], this patch refactors the data copying
as flattering as that is, "Andrii's suggestion" is no justification
why the patch is correct :)
> > logic by introducing two helpers:
> >
> > * `bpf_percpu_copy_to_user()`
> > * `bpf_percpu_copy_from_user()`
> >
> > This prepares the codebase for the upcoming CPU flag support.
> >
> > [0] https://lore.kernel.org/bpf/20250827164509.7401-1-leon.hwang@linux.dev/
> >
> > Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> > Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
> > ---
> > include/linux/bpf.h | 29 ++++++++++++++++++++++++++++-
> > kernel/bpf/arraymap.c | 14 ++------------
> > kernel/bpf/hashtab.c | 20 +++-----------------
> > kernel/bpf/local_storage.c | 18 ++++++------------
> > 4 files changed, 39 insertions(+), 42 deletions(-)
> >
> > diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> > index 8f6e87f0f3a89..2dc0299a2da50 100644
> > --- a/include/linux/bpf.h
> > +++ b/include/linux/bpf.h
> > @@ -547,6 +547,34 @@ static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src
> > bpf_obj_memcpy(map->record, dst, src, map->value_size, true);
> > }
> >
> > +#ifdef CONFIG_BPF_SYSCALL
> > +static inline void bpf_percpu_copy_to_user(struct bpf_map *map, void __percpu *pptr, void *value,
> > + u32 size)
> > +{
> > + int cpu, off = 0;
> > +
> > + for_each_possible_cpu(cpu) {
> > + copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> > + check_and_init_map_value(map, value + off);
I still maintain that this makes zero sense... value+off is memory
that we'll copy_to_user, why are we setting refcount to 1, or
rb_node/list_node to "proper empty node" is absolutely not clear... it
feels like we can drop check_and_init_map_value() altogether and be
absolutely no worse. If anything, memset(0) would be nicer, but I
guess we didn't have it to begin with, so no need to add it now.
> > + off += size;
> > + }
> > +}
> > +
> > +void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> > +
> > +static inline void bpf_percpu_copy_from_user(struct bpf_map *map, void __percpu *pptr, void *value,
> > + u32 size)
> > +{
> > + int cpu, off = 0;
> > +
> > + for_each_possible_cpu(cpu) {
> > + copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
copy_map_value_long is generalization of bpf_long_memcpy, and so it
would be good to call this out to explain why your refactoring is
correct
> > + bpf_obj_free_fields(map->record, per_cpu_ptr(pptr, cpu));
> > + off += size;
> > + }
> > +}
> > +#endif
> > +
> > static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src)
> > {
> > unsigned long *src_uptr, *dst_uptr;
> > @@ -2417,7 +2445,6 @@ struct btf_record *btf_record_dup(const struct btf_record *rec);
> > bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b);
> > void bpf_obj_free_timer(const struct btf_record *rec, void *obj);
> > void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj);
> > -void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> > void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu);
> >
> > struct bpf_map *bpf_map_get(u32 ufd);
> > diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
> > index 3d080916faf97..6be9c54604503 100644
> > --- a/kernel/bpf/arraymap.c
> > +++ b/kernel/bpf/arraymap.c
> > @@ -300,7 +300,6 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> > struct bpf_array *array = container_of(map, struct bpf_array, map);
> > u32 index = *(u32 *)key;
> > void __percpu *pptr;
> > - int cpu, off = 0;
> > u32 size;
> >
> > if (unlikely(index >= array->map.max_entries))
> > @@ -313,11 +312,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> > size = array->elem_size;
> > rcu_read_lock();
> > pptr = array->pptrs[index & array->index_mask];
> > - for_each_possible_cpu(cpu) {
> > - copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> > - check_and_init_map_value(map, value + off);
> > - off += size;
> > - }
> > + bpf_percpu_copy_to_user(map, pptr, value, size);
> > rcu_read_unlock();
> > return 0;
> > }
> > @@ -387,7 +382,6 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> > struct bpf_array *array = container_of(map, struct bpf_array, map);
> > u32 index = *(u32 *)key;
> > void __percpu *pptr;
> > - int cpu, off = 0;
> > u32 size;
> >
> > if (unlikely(map_flags > BPF_EXIST))
> > @@ -411,11 +405,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> > size = array->elem_size;
> > rcu_read_lock();
> > pptr = array->pptrs[index & array->index_mask];
> > - for_each_possible_cpu(cpu) {
> > - copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
> > - bpf_obj_free_fields(array->map.record, per_cpu_ptr(pptr, cpu));
> > - off += size;
> > - }
> > + bpf_percpu_copy_from_user(map, pptr, value, size);
> > rcu_read_unlock();
> > return 0;
> > }
> > diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
> > index 71f9931ac64cd..5f0f3c00dbb74 100644
> > --- a/kernel/bpf/hashtab.c
> > +++ b/kernel/bpf/hashtab.c
> > @@ -944,12 +944,8 @@ static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
> > copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
> > } else {
> > u32 size = round_up(htab->map.value_size, 8);
> > - int off = 0, cpu;
> >
> > - for_each_possible_cpu(cpu) {
> > - copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
> > - off += size;
> > - }
> > + bpf_percpu_copy_from_user(&htab->map, pptr, value, size);
>
> This is not a refactor. There is a significant change in the logic.
> Why is it needed? Bug fix or introducing a bug?
this is preparation for that BPF_F_CPU/BPF_F_ALLCPUS, but I agree that
it would be better to include as preparatory patch in the actual patch
set
>
> The names to_user and from_user are wrong.
> There is no user space memory involved.
This was my suggestion because we either are copying user-supplied
data or copying data back to user. Strictly speaking it's all kernel
memory (copy_from_user/copy_to_user is done afterwards by the caller),
but that's the intent.
Maybe "copy_in" and "copy_out" would be better, I don't know. But
there is certainly a direction here w.r.t. user space provided data
(note, this is not BPF program-side logic).
>
> pw-bot: cr
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf-next] bpf: Generalize data copying for percpu maps
2025-09-03 23:39 ` Andrii Nakryiko
@ 2025-09-04 2:33 ` Leon Hwang
2025-09-04 18:45 ` Andrii Nakryiko
0 siblings, 1 reply; 5+ messages in thread
From: Leon Hwang @ 2025-09-04 2:33 UTC (permalink / raw)
To: Andrii Nakryiko, Alexei Starovoitov
Cc: bpf, Alexei Starovoitov, Andrii Nakryiko, Daniel Borkmann,
Martin KaFai Lau, Eduard, Song Liu, Yonghong Song,
kernel-patches-bot
On 4/9/25 07:39, Andrii Nakryiko wrote:
> On Wed, Sep 3, 2025 at 10:36 AM Alexei Starovoitov
> <alexei.starovoitov@gmail.com> wrote:
>>
>> On Wed, Sep 3, 2025 at 10:04 AM Leon Hwang <leon.hwang@linux.dev> wrote:
>>>
>>> While adding support for the BPF_F_CPU and BPF_F_ALL_CPUS flags, the data
>>> copying logic of the following percpu map types needs to be updated:
>>>
>>> * percpu_array
>>> * percpu_hash
>>> * lru_percpu_hash
>>> * percpu_cgroup_storage
>>>
>>> Following Andrii’s suggestion[0], this patch refactors the data copying
>
> as flattering as that is, "Andrii's suggestion" is no justification
> why the patch is correct :)
>
:)
>>> logic by introducing two helpers:
>>>
>>> * `bpf_percpu_copy_to_user()`
>>> * `bpf_percpu_copy_from_user()`
>>>
>>> This prepares the codebase for the upcoming CPU flag support.
>>>
>>> [0] https://lore.kernel.org/bpf/20250827164509.7401-1-leon.hwang@linux.dev/
>>>
>>> Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
>>> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
>>> ---
>>> include/linux/bpf.h | 29 ++++++++++++++++++++++++++++-
>>> kernel/bpf/arraymap.c | 14 ++------------
>>> kernel/bpf/hashtab.c | 20 +++-----------------
>>> kernel/bpf/local_storage.c | 18 ++++++------------
>>> 4 files changed, 39 insertions(+), 42 deletions(-)
>>>
>>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
>>> index 8f6e87f0f3a89..2dc0299a2da50 100644
>>> --- a/include/linux/bpf.h
>>> +++ b/include/linux/bpf.h
>>> @@ -547,6 +547,34 @@ static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src
>>> bpf_obj_memcpy(map->record, dst, src, map->value_size, true);
>>> }
>>>
>>> +#ifdef CONFIG_BPF_SYSCALL
>>> +static inline void bpf_percpu_copy_to_user(struct bpf_map *map, void __percpu *pptr, void *value,
>>> + u32 size)
>>> +{
>>> + int cpu, off = 0;
>>> +
>>> + for_each_possible_cpu(cpu) {
>>> + copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
>>> + check_and_init_map_value(map, value + off);
>
> I still maintain that this makes zero sense... value+off is memory
> that we'll copy_to_user, why are we setting refcount to 1, or
> rb_node/list_node to "proper empty node" is absolutely not clear... it
> feels like we can drop check_and_init_map_value() altogether and be
> absolutely no worse. If anything, memset(0) would be nicer, but I
> guess we didn't have it to begin with, so no need to add it now.
>
Agreed.
As 'copy_map_value_long()' won't copy those fields,
'check_and_init_map_value()' is unnecessary here.
>>> + off += size;
>>> + }
>>> +}
>>> +
>>> +void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
>>> +
>>> +static inline void bpf_percpu_copy_from_user(struct bpf_map *map, void __percpu *pptr, void *value,
>>> + u32 size)
>>> +{
>>> + int cpu, off = 0;
>>> +
>>> + for_each_possible_cpu(cpu) {
>>> + copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
>
> copy_map_value_long is generalization of bpf_long_memcpy, and so it
> would be good to call this out to explain why your refactoring is
> correct
>
No.
It shouldn't call bpf_long_memcpy() before bpf_obj_free_fields(), or it
will overwrite those fields data used for bpf_obj_free_fields().
It would be better to call bpf_obj_free_fields() then bpf_long_memcpy().
>>> + bpf_obj_free_fields(map->record, per_cpu_ptr(pptr, cpu));
>>> + off += size;
>>> + }
>>> +}
>>> +#endif
>>> +
>>> static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src)
>>> {
>>> unsigned long *src_uptr, *dst_uptr;
>>> @@ -2417,7 +2445,6 @@ struct btf_record *btf_record_dup(const struct btf_record *rec);
>>> bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b);
>>> void bpf_obj_free_timer(const struct btf_record *rec, void *obj);
>>> void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj);
>>> -void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
>>> void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu);
>>>
>>> struct bpf_map *bpf_map_get(u32 ufd);
>>> diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
>>> index 3d080916faf97..6be9c54604503 100644
>>> --- a/kernel/bpf/arraymap.c
>>> +++ b/kernel/bpf/arraymap.c
>>> @@ -300,7 +300,6 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
>>> struct bpf_array *array = container_of(map, struct bpf_array, map);
>>> u32 index = *(u32 *)key;
>>> void __percpu *pptr;
>>> - int cpu, off = 0;
>>> u32 size;
>>>
>>> if (unlikely(index >= array->map.max_entries))
>>> @@ -313,11 +312,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
>>> size = array->elem_size;
>>> rcu_read_lock();
>>> pptr = array->pptrs[index & array->index_mask];
>>> - for_each_possible_cpu(cpu) {
>>> - copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
>>> - check_and_init_map_value(map, value + off);
>>> - off += size;
>>> - }
>>> + bpf_percpu_copy_to_user(map, pptr, value, size);
>>> rcu_read_unlock();
>>> return 0;
>>> }
>>> @@ -387,7 +382,6 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
>>> struct bpf_array *array = container_of(map, struct bpf_array, map);
>>> u32 index = *(u32 *)key;
>>> void __percpu *pptr;
>>> - int cpu, off = 0;
>>> u32 size;
>>>
>>> if (unlikely(map_flags > BPF_EXIST))
>>> @@ -411,11 +405,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
>>> size = array->elem_size;
>>> rcu_read_lock();
>>> pptr = array->pptrs[index & array->index_mask];
>>> - for_each_possible_cpu(cpu) {
>>> - copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
>>> - bpf_obj_free_fields(array->map.record, per_cpu_ptr(pptr, cpu));
>>> - off += size;
>>> - }
>>> + bpf_percpu_copy_from_user(map, pptr, value, size);
>>> rcu_read_unlock();
>>> return 0;
>>> }
>>> diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
>>> index 71f9931ac64cd..5f0f3c00dbb74 100644
>>> --- a/kernel/bpf/hashtab.c
>>> +++ b/kernel/bpf/hashtab.c
>>> @@ -944,12 +944,8 @@ static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
>>> copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
>>> } else {
>>> u32 size = round_up(htab->map.value_size, 8);
>>> - int off = 0, cpu;
>>>
>>> - for_each_possible_cpu(cpu) {
>>> - copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
>>> - off += size;
>>> - }
>>> + bpf_percpu_copy_from_user(&htab->map, pptr, value, size);
>>
>> This is not a refactor. There is a significant change in the logic.
>> Why is it needed? Bug fix or introducing a bug?
>
> this is preparation for that BPF_F_CPU/BPF_F_ALLCPUS, but I agree that
> it would be better to include as preparatory patch in the actual patch
> set
>
Ack.
I'll move this patch into the patch set of BPF_F_CPU/BPF_F_ALLCPUS flags.
>>
>> The names to_user and from_user are wrong.
>> There is no user space memory involved.
>
> This was my suggestion because we either are copying user-supplied
> data or copying data back to user. Strictly speaking it's all kernel
> memory (copy_from_user/copy_to_user is done afterwards by the caller),
> but that's the intent.
>
> Maybe "copy_in" and "copy_out" would be better, I don't know. But
> there is certainly a direction here w.r.t. user space provided data
> (note, this is not BPF program-side logic).
>
'bpf_percpu_copy_data()' and 'bpf_percpu_update_data()' would be better,
as "copy_data" is used in those 'bpf_percpu_*_copy()' functions and
"update_data" is used in those 'bpf_percpu_*_update()' functions.
Thanks,
Leon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH bpf-next] bpf: Generalize data copying for percpu maps
2025-09-04 2:33 ` Leon Hwang
@ 2025-09-04 18:45 ` Andrii Nakryiko
0 siblings, 0 replies; 5+ messages in thread
From: Andrii Nakryiko @ 2025-09-04 18:45 UTC (permalink / raw)
To: Leon Hwang
Cc: Alexei Starovoitov, bpf, Alexei Starovoitov, Andrii Nakryiko,
Daniel Borkmann, Martin KaFai Lau, Eduard, Song Liu,
Yonghong Song, kernel-patches-bot
On Wed, Sep 3, 2025 at 7:34 PM Leon Hwang <leon.hwang@linux.dev> wrote:
>
>
>
> On 4/9/25 07:39, Andrii Nakryiko wrote:
> > On Wed, Sep 3, 2025 at 10:36 AM Alexei Starovoitov
> > <alexei.starovoitov@gmail.com> wrote:
> >>
> >> On Wed, Sep 3, 2025 at 10:04 AM Leon Hwang <leon.hwang@linux.dev> wrote:
> >>>
> >>> While adding support for the BPF_F_CPU and BPF_F_ALL_CPUS flags, the data
> >>> copying logic of the following percpu map types needs to be updated:
> >>>
> >>> * percpu_array
> >>> * percpu_hash
> >>> * lru_percpu_hash
> >>> * percpu_cgroup_storage
> >>>
> >>> Following Andrii’s suggestion[0], this patch refactors the data copying
> >
> > as flattering as that is, "Andrii's suggestion" is no justification
> > why the patch is correct :)
> >
>
> :)
>
> >>> logic by introducing two helpers:
> >>>
> >>> * `bpf_percpu_copy_to_user()`
> >>> * `bpf_percpu_copy_from_user()`
> >>>
> >>> This prepares the codebase for the upcoming CPU flag support.
> >>>
> >>> [0] https://lore.kernel.org/bpf/20250827164509.7401-1-leon.hwang@linux.dev/
> >>>
> >>> Suggested-by: Andrii Nakryiko <andrii.nakryiko@gmail.com>
> >>> Signed-off-by: Leon Hwang <leon.hwang@linux.dev>
> >>> ---
> >>> include/linux/bpf.h | 29 ++++++++++++++++++++++++++++-
> >>> kernel/bpf/arraymap.c | 14 ++------------
> >>> kernel/bpf/hashtab.c | 20 +++-----------------
> >>> kernel/bpf/local_storage.c | 18 ++++++------------
> >>> 4 files changed, 39 insertions(+), 42 deletions(-)
> >>>
> >>> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> >>> index 8f6e87f0f3a89..2dc0299a2da50 100644
> >>> --- a/include/linux/bpf.h
> >>> +++ b/include/linux/bpf.h
> >>> @@ -547,6 +547,34 @@ static inline void copy_map_value_long(struct bpf_map *map, void *dst, void *src
> >>> bpf_obj_memcpy(map->record, dst, src, map->value_size, true);
> >>> }
> >>>
> >>> +#ifdef CONFIG_BPF_SYSCALL
> >>> +static inline void bpf_percpu_copy_to_user(struct bpf_map *map, void __percpu *pptr, void *value,
> >>> + u32 size)
> >>> +{
> >>> + int cpu, off = 0;
> >>> +
> >>> + for_each_possible_cpu(cpu) {
> >>> + copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> >>> + check_and_init_map_value(map, value + off);
> >
> > I still maintain that this makes zero sense... value+off is memory
> > that we'll copy_to_user, why are we setting refcount to 1, or
> > rb_node/list_node to "proper empty node" is absolutely not clear... it
> > feels like we can drop check_and_init_map_value() altogether and be
> > absolutely no worse. If anything, memset(0) would be nicer, but I
> > guess we didn't have it to begin with, so no need to add it now.
> >
>
> Agreed.
>
> As 'copy_map_value_long()' won't copy those fields,
> 'check_and_init_map_value()' is unnecessary here.
>
> >>> + off += size;
> >>> + }
> >>> +}
> >>> +
> >>> +void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> >>> +
> >>> +static inline void bpf_percpu_copy_from_user(struct bpf_map *map, void __percpu *pptr, void *value,
> >>> + u32 size)
> >>> +{
> >>> + int cpu, off = 0;
> >>> +
> >>> + for_each_possible_cpu(cpu) {
> >>> + copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
> >
> > copy_map_value_long is generalization of bpf_long_memcpy, and so it
> > would be good to call this out to explain why your refactoring is
> > correct
> >
>
> No.
>
> It shouldn't call bpf_long_memcpy() before bpf_obj_free_fields(), or it
> will overwrite those fields data used for bpf_obj_free_fields().
I'm not exactly following what you are trying to say here. I didn't
propose to replace copy_map_value_long() with bpf_long_memcpy().
bpf_long_memcpy() works only for those maps where we don't enable
those special bpf_spinlock and other fields. copy_map_value_long() is
a generalization of copying user-provided data into the map, skipping
all those special fields.
Again, confused a bit here, sorry.
>
> It would be better to call bpf_obj_free_fields() then bpf_long_memcpy().
I agree, but not sure it makes any practical difference.
>
> >>> + bpf_obj_free_fields(map->record, per_cpu_ptr(pptr, cpu));
> >>> + off += size;
> >>> + }
> >>> +}
> >>> +#endif
> >>> +
> >>> static inline void bpf_obj_swap_uptrs(const struct btf_record *rec, void *dst, void *src)
> >>> {
> >>> unsigned long *src_uptr, *dst_uptr;
> >>> @@ -2417,7 +2445,6 @@ struct btf_record *btf_record_dup(const struct btf_record *rec);
> >>> bool btf_record_equal(const struct btf_record *rec_a, const struct btf_record *rec_b);
> >>> void bpf_obj_free_timer(const struct btf_record *rec, void *obj);
> >>> void bpf_obj_free_workqueue(const struct btf_record *rec, void *obj);
> >>> -void bpf_obj_free_fields(const struct btf_record *rec, void *obj);
> >>> void __bpf_obj_drop_impl(void *p, const struct btf_record *rec, bool percpu);
> >>>
> >>> struct bpf_map *bpf_map_get(u32 ufd);
> >>> diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c
> >>> index 3d080916faf97..6be9c54604503 100644
> >>> --- a/kernel/bpf/arraymap.c
> >>> +++ b/kernel/bpf/arraymap.c
> >>> @@ -300,7 +300,6 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> >>> struct bpf_array *array = container_of(map, struct bpf_array, map);
> >>> u32 index = *(u32 *)key;
> >>> void __percpu *pptr;
> >>> - int cpu, off = 0;
> >>> u32 size;
> >>>
> >>> if (unlikely(index >= array->map.max_entries))
> >>> @@ -313,11 +312,7 @@ int bpf_percpu_array_copy(struct bpf_map *map, void *key, void *value)
> >>> size = array->elem_size;
> >>> rcu_read_lock();
> >>> pptr = array->pptrs[index & array->index_mask];
> >>> - for_each_possible_cpu(cpu) {
> >>> - copy_map_value_long(map, value + off, per_cpu_ptr(pptr, cpu));
> >>> - check_and_init_map_value(map, value + off);
> >>> - off += size;
> >>> - }
> >>> + bpf_percpu_copy_to_user(map, pptr, value, size);
> >>> rcu_read_unlock();
> >>> return 0;
> >>> }
> >>> @@ -387,7 +382,6 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> >>> struct bpf_array *array = container_of(map, struct bpf_array, map);
> >>> u32 index = *(u32 *)key;
> >>> void __percpu *pptr;
> >>> - int cpu, off = 0;
> >>> u32 size;
> >>>
> >>> if (unlikely(map_flags > BPF_EXIST))
> >>> @@ -411,11 +405,7 @@ int bpf_percpu_array_update(struct bpf_map *map, void *key, void *value,
> >>> size = array->elem_size;
> >>> rcu_read_lock();
> >>> pptr = array->pptrs[index & array->index_mask];
> >>> - for_each_possible_cpu(cpu) {
> >>> - copy_map_value_long(map, per_cpu_ptr(pptr, cpu), value + off);
> >>> - bpf_obj_free_fields(array->map.record, per_cpu_ptr(pptr, cpu));
> >>> - off += size;
> >>> - }
> >>> + bpf_percpu_copy_from_user(map, pptr, value, size);
> >>> rcu_read_unlock();
> >>> return 0;
> >>> }
> >>> diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c
> >>> index 71f9931ac64cd..5f0f3c00dbb74 100644
> >>> --- a/kernel/bpf/hashtab.c
> >>> +++ b/kernel/bpf/hashtab.c
> >>> @@ -944,12 +944,8 @@ static void pcpu_copy_value(struct bpf_htab *htab, void __percpu *pptr,
> >>> copy_map_value(&htab->map, this_cpu_ptr(pptr), value);
> >>> } else {
> >>> u32 size = round_up(htab->map.value_size, 8);
> >>> - int off = 0, cpu;
> >>>
> >>> - for_each_possible_cpu(cpu) {
> >>> - copy_map_value_long(&htab->map, per_cpu_ptr(pptr, cpu), value + off);
> >>> - off += size;
> >>> - }
> >>> + bpf_percpu_copy_from_user(&htab->map, pptr, value, size);
> >>
> >> This is not a refactor. There is a significant change in the logic.
> >> Why is it needed? Bug fix or introducing a bug?
> >
> > this is preparation for that BPF_F_CPU/BPF_F_ALLCPUS, but I agree that
> > it would be better to include as preparatory patch in the actual patch
> > set
> >
>
> Ack.
>
> I'll move this patch into the patch set of BPF_F_CPU/BPF_F_ALLCPUS flags.
>
> >>
> >> The names to_user and from_user are wrong.
> >> There is no user space memory involved.
> >
> > This was my suggestion because we either are copying user-supplied
> > data or copying data back to user. Strictly speaking it's all kernel
> > memory (copy_from_user/copy_to_user is done afterwards by the caller),
> > but that's the intent.
> >
> > Maybe "copy_in" and "copy_out" would be better, I don't know. But
> > there is certainly a direction here w.r.t. user space provided data
> > (note, this is not BPF program-side logic).
> >
>
> 'bpf_percpu_copy_data()' and 'bpf_percpu_update_data()' would be better,
> as "copy_data" is used in those 'bpf_percpu_*_copy()' functions and
> "update_data" is used in those 'bpf_percpu_*_update()' functions.
And I have to keep looking up how "copy_data" is actually used to
remind myself that it's for "lookup" to copy data *to user*, not copy
*from user*. Which is why "copy_in" and "copy_out". But that's ok. My
point is that I don't see copy vs update as a meaningful and clear
distinction.
>
> Thanks,
> Leon
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-09-04 18:45 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-03 17:04 [PATCH bpf-next] bpf: Generalize data copying for percpu maps Leon Hwang
2025-09-03 17:36 ` Alexei Starovoitov
2025-09-03 23:39 ` Andrii Nakryiko
2025-09-04 2:33 ` Leon Hwang
2025-09-04 18:45 ` Andrii Nakryiko
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox