[bpf-next,v3,01/15] net: initial AF_XDP skeleton

Message ID	20180502110136.3738-2-bjorn.topel@gmail.com
State	Accepted, archived
Delegated to:	BPF Maintainers
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@gmail.com> To: bjorn.topel@gmail.com, magnus.karlsson@intel.com, alexander.h.duyck@intel.com, alexander.duyck@gmail.com, john.fastabend@gmail.com, ast@fb.com, brouer@redhat.com, willemdebruijn.kernel@gmail.com, daniel@iogearbox.net, mst@redhat.com, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@intel.com>, michael.lundkvist@ericsson.com, jesse.brandeburg@intel.com, anjali.singhai@intel.com, qi.z.zhang@intel.com Subject: [PATCH bpf-next v3 01/15] net: initial AF_XDP skeleton Date: Wed, 2 May 2018 13:01:22 +0200 Message-Id: <20180502110136.3738-2-bjorn.topel@gmail.com> In-Reply-To: <20180502110136.3738-1-bjorn.topel@gmail.com> References: <20180502110136.3738-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	Introducing AF_XDP support \| expand [bpf-next,v3,00/15] Introducing AF_XDP support [bpf-next,v3,01/15] net: initial AF_XDP skeleton [bpf-next,v3,02/15] xsk: add user memory registration support sockopt [bpf-next,v3,03/15] xsk: add umem fill queue support and mmap [bpf-next,v3,04/15] xsk: add Rx queue setup and mmap support [bpf-next,v3,05/15] xsk: add support for bind for Rx [bpf-next,v3,06/15] xsk: add Rx receive functions and poll support [bpf-next,v3,07/15] bpf: introduce new bpf AF_XDP map type BPF_MAP_TYPE_XSKMAP [bpf-next,v3,08/15] xsk: wire up XDP_DRV side of AF_XDP [bpf-next,v3,09/15] xsk: wire up XDP_SKB side of AF_XDP [bpf-next,v3,10/15] xsk: add umem completion queue support and mmap [bpf-next,v3,11/15] xsk: add Tx queue setup and mmap support [bpf-next,v3,12/15] dev: packet: make packet_direct_xmit a common function [bpf-next,v3,13/15] xsk: support for Tx [bpf-next,v3,14/15] xsk: statistics support [bpf-next,v3,15/15] samples/bpf: sample application and documentation for AF_XDP sockets

Message ID

20180502110136.3738-2-bjorn.topel@gmail.com

State

Accepted, archived

Delegated to:

BPF Maintainers

Headers

From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@gmail.com>
To: bjorn.topel@gmail.com, magnus.karlsson@intel.com,
	alexander.h.duyck@intel.com, alexander.duyck@gmail.com,
	john.fastabend@gmail.com, ast@fb.com, brouer@redhat.com,
	willemdebruijn.kernel@gmail.com, daniel@iogearbox.net,
	mst@redhat.com, netdev@vger.kernel.org
Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= <bjorn.topel@intel.com>,
	michael.lundkvist@ericsson.com, jesse.brandeburg@intel.com, 
	anjali.singhai@intel.com, qi.z.zhang@intel.com
Subject: [PATCH bpf-next v3 01/15] net: initial AF_XDP skeleton
Date: Wed,  2 May 2018 13:01:22 +0200
Message-Id: <20180502110136.3738-2-bjorn.topel@gmail.com>
In-Reply-To: <20180502110136.3738-1-bjorn.topel@gmail.com>
References: <20180502110136.3738-1-bjorn.topel@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

Introducing AF_XDP support | expand

Commit Message

Björn Töpel May 2, 2018, 11:01 a.m. UTC

From: Björn Töpel <bjorn.topel@intel.com>

Buildable skeleton of AF_XDP without any functionality. Just what it
takes to register a new address family.

Signed-off-by: Björn Töpel <bjorn.topel@intel.com>
---
 MAINTAINERS                         |  8 ++++++++
 include/linux/socket.h              |  5 ++++-
 net/Kconfig                         |  1 +
 net/core/sock.c                     | 12 ++++++++----
 net/xdp/Kconfig                     |  7 +++++++
 security/selinux/hooks.c            |  4 +++-
 security/selinux/include/classmap.h |  4 +++-
 7 files changed, 34 insertions(+), 7 deletions(-)
 create mode 100644 net/xdp/Kconfig

Comments

Stephen Hemminger May 23, 2018, 10:50 p.m. UTC | #1

On Wed,  2 May 2018 13:01:22 +0200
Björn Töpel <bjorn.topel@gmail.com> wrote:

> diff --git a/net/xdp/Kconfig b/net/xdp/Kconfig
> new file mode 100644
> index 000000000000..90e4a7152854
> --- /dev/null
> +++ b/net/xdp/Kconfig
> @@ -0,0 +1,7 @@
> +config XDP_SOCKETS
> +	bool "XDP sockets"
> +	depends on BPF_SYSCALL
> +	default n
> +	help
> +	  XDP sockets allows a channel between XDP programs and
> +	  userspace applications.

Why is XDP not supported as a module?
Most distributions will want it to be a module so that it is not loaded
unless used, and AF_XDP could be also be disabled by blacklisting the module.

Björn Töpel May 24, 2018, 6:38 a.m. UTC | #2

2018-05-24 0:50 GMT+02:00 Stephen Hemminger <stephen@networkplumber.org>:
> On Wed,  2 May 2018 13:01:22 +0200
> Björn Töpel <bjorn.topel@gmail.com> wrote:
>
>> diff --git a/net/xdp/Kconfig b/net/xdp/Kconfig
>> new file mode 100644
>> index 000000000000..90e4a7152854
>> --- /dev/null
>> +++ b/net/xdp/Kconfig
>> @@ -0,0 +1,7 @@
>> +config XDP_SOCKETS
>> +     bool "XDP sockets"
>> +     depends on BPF_SYSCALL
>> +     default n
>> +     help
>> +       XDP sockets allows a channel between XDP programs and
>> +       userspace applications.
>
> Why is XDP not supported as a module?
> Most distributions will want it to be a module so that it is not loaded
> unless used, and AF_XDP could be also be disabled by blacklisting the module.

Yes, all good points, and The Grand Plan is adding module support.
Unfortunately, it's not there yet.

Alexei Starovoitov May 24, 2018, 5:57 p.m. UTC | #3

On Wed, May 23, 2018 at 03:50:47PM -0700, Stephen Hemminger wrote:
> Most distributions will want it to be a module so that it is not loaded
> unless used, and AF_XDP could be also be disabled by blacklisting the module.

I think the opposite will be the case. Anyone who cares about performance
would want AF_XDP code to be builtin, since builtin vs module gives additional
performance. All our NIC drivers are builtin, since we see noticeable
perf gains on production workloads.
Hence I'd rather see us spending time on improving AF_XDP instead
of making it a module and forever struggling with maintaining it as a module.

More so I think it's time to get rid of IPV6=m for good. The kernel
is full of ugly hacks and performance degradation due to indirect calls
just because IPV6=m is still supported.
Folks that care about vmlinux size should be using kconfig to compile it out.

diff --git a/MAINTAINERS b/MAINTAINERS
index 537fd17a211b..52d246fd29c9 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -15424,6 +15424,14 @@  T:	git git://linuxtv.org/media_tree.git
 S:	Maintained
 F:	drivers/media/tuners/tuner-xc2028.*
 
+XDP SOCKETS (AF_XDP)
+M:	Björn Töpel <bjorn.topel@intel.com>
+M:	Magnus Karlsson <magnus.karlsson@intel.com>
+L:	netdev@vger.kernel.org
+S:	Maintained
+F:	kernel/bpf/xskmap.c
+F:	net/xdp/
+
 XEN BLOCK SUBSYSTEM
 M:	Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 M:	Roger Pau Monné <roger.pau@citrix.com>
diff --git a/include/linux/socket.h b/include/linux/socket.h
index ea50f4a65816..7ed4713d5337 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -207,8 +207,9 @@  struct ucred {
 				 * PF_SMC protocol family that
 				 * reuses AF_INET address family
 				 */
+#define AF_XDP		44	/* XDP sockets			*/
 
-#define AF_MAX		44	/* For now.. */
+#define AF_MAX		45	/* For now.. */
 
 /* Protocol families, same as address families. */
 #define PF_UNSPEC	AF_UNSPEC
@@ -257,6 +258,7 @@  struct ucred {
 #define PF_KCM		AF_KCM
 #define PF_QIPCRTR	AF_QIPCRTR
 #define PF_SMC		AF_SMC
+#define PF_XDP		AF_XDP
 #define PF_MAX		AF_MAX
 
 /* Maximum queue length specifiable by listen.  */
@@ -338,6 +340,7 @@  struct ucred {
 #define SOL_NFC		280
 #define SOL_KCM		281
 #define SOL_TLS		282
+#define SOL_XDP		283
 
 /* IPX options */
 #define IPX_TYPE	1
diff --git a/net/Kconfig b/net/Kconfig
index 6fa1a4493b8c..86471a1c1ed4 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -59,6 +59,7 @@  source "net/tls/Kconfig"
 source "net/xfrm/Kconfig"
 source "net/iucv/Kconfig"
 source "net/smc/Kconfig"
+source "net/xdp/Kconfig"
 
 config INET
 	bool "TCP/IP networking"
diff --git a/net/core/sock.c b/net/core/sock.c
index b2c3db169ca1..e7d8b6c955c6 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -226,7 +226,8 @@  static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
   x "AF_RXRPC" ,	x "AF_ISDN"     ,	x "AF_PHONET"   , \
   x "AF_IEEE802154",	x "AF_CAIF"	,	x "AF_ALG"      , \
   x "AF_NFC"   ,	x "AF_VSOCK"    ,	x "AF_KCM"      , \
-  x "AF_QIPCRTR",	x "AF_SMC"	,	x "AF_MAX"
+  x "AF_QIPCRTR",	x "AF_SMC"	,	x "AF_XDP"	, \
+  x "AF_MAX"
 
 static const char *const af_family_key_strings[AF_MAX+1] = {
 	_sock_locks("sk_lock-")
@@ -262,7 +263,8 @@  static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
   "rlock-AF_RXRPC" , "rlock-AF_ISDN"     , "rlock-AF_PHONET"   ,
   "rlock-AF_IEEE802154", "rlock-AF_CAIF" , "rlock-AF_ALG"      ,
   "rlock-AF_NFC"   , "rlock-AF_VSOCK"    , "rlock-AF_KCM"      ,
-  "rlock-AF_QIPCRTR", "rlock-AF_SMC"     , "rlock-AF_MAX"
+  "rlock-AF_QIPCRTR", "rlock-AF_SMC"     , "rlock-AF_XDP"      ,
+  "rlock-AF_MAX"
 };
 static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
   "wlock-AF_UNSPEC", "wlock-AF_UNIX"     , "wlock-AF_INET"     ,
@@ -279,7 +281,8 @@  static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
   "wlock-AF_RXRPC" , "wlock-AF_ISDN"     , "wlock-AF_PHONET"   ,
   "wlock-AF_IEEE802154", "wlock-AF_CAIF" , "wlock-AF_ALG"      ,
   "wlock-AF_NFC"   , "wlock-AF_VSOCK"    , "wlock-AF_KCM"      ,
-  "wlock-AF_QIPCRTR", "wlock-AF_SMC"     , "wlock-AF_MAX"
+  "wlock-AF_QIPCRTR", "wlock-AF_SMC"     , "wlock-AF_XDP"      ,
+  "wlock-AF_MAX"
 };
 static const char *const af_family_elock_key_strings[AF_MAX+1] = {
   "elock-AF_UNSPEC", "elock-AF_UNIX"     , "elock-AF_INET"     ,
@@ -296,7 +299,8 @@  static const char *const af_family_elock_key_strings[AF_MAX+1] = {
   "elock-AF_RXRPC" , "elock-AF_ISDN"     , "elock-AF_PHONET"   ,
   "elock-AF_IEEE802154", "elock-AF_CAIF" , "elock-AF_ALG"      ,
   "elock-AF_NFC"   , "elock-AF_VSOCK"    , "elock-AF_KCM"      ,
-  "elock-AF_QIPCRTR", "elock-AF_SMC"     , "elock-AF_MAX"
+  "elock-AF_QIPCRTR", "elock-AF_SMC"     , "elock-AF_XDP"      ,
+  "elock-AF_MAX"
 };
 
 /*
diff --git a/net/xdp/Kconfig b/net/xdp/Kconfig
new file mode 100644
index 000000000000..90e4a7152854
--- /dev/null
+++ b/net/xdp/Kconfig
@@ -0,0 +1,7 @@ 
+config XDP_SOCKETS
+	bool "XDP sockets"
+	depends on BPF_SYSCALL
+	default n
+	help
+	  XDP sockets allows a channel between XDP programs and
+	  userspace applications.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4cafe6a19167..5c508d26b367 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1471,7 +1471,9 @@  static inline u16 socket_type_to_security_class(int family, int type, int protoc
 			return SECCLASS_QIPCRTR_SOCKET;
 		case PF_SMC:
 			return SECCLASS_SMC_SOCKET;
-#if PF_MAX > 44
+		case PF_XDP:
+			return SECCLASS_XDP_SOCKET;
+#if PF_MAX > 45
 #error New address family defined, please update this function.
 #endif
 		}
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 7f0372426494..bd5fe0d3204a 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -240,9 +240,11 @@  struct security_class_mapping secclass_map[] = {
 	  { "manage_subnet", NULL } },
 	{ "bpf",
 	  {"map_create", "map_read", "map_write", "prog_load", "prog_run"} },
+	{ "xdp_socket",
+	  { COMMON_SOCK_PERMS, NULL } },
 	{ NULL }
   };
 
-#if PF_MAX > 44
+#if PF_MAX > 45
 #error New address family defined, please update secclass_map.
 #endif

[bpf-next,v3,01/15] net: initial AF_XDP skeleton

Commit Message

Comments

Patch