mbox series

[SRU,00/13,GCP-5.4] Requested eBPF improvements

Message ID 20200831040333.6058-1-khalid.elmously@canonical.com
Headers show
Series Requested eBPF improvements | expand

Message

Khalid Elmously Aug. 31, 2020, 4:03 a.m. UTC
BugLink: https://bugs.launchpad.net/bugs/1887740

A set of eBPF patches are requested by GKE for 5.4.

The actual backport work was done by Daniel Borkmann himself (who is also the upstream author of most of these patches)

I only made minor fix-ups to the commit messages, and compile- and boot-tested the GCP-5.4 kernel with the changes. No issues were observed.



Daniel Borkmann (7):
  bpf: Enable retrieval of socket cookie for bind/post-bind hook
  bpf: Enable perf event rb output for bpf cgroup progs
  bpf: Add netns cookie and enable it for bpf cgroup hooks
  bpf, net: Fix build issue when net ns not configured
  bpf: Allow to retrieve cgroup v1 classid from v2 hooks
  bpf: Enable retrival of pid/tgid/comm from bpf cgroup hooks
  bpf: Add get{peer, sock}name attach types for sock_addr

Joe Stringer (4):
  bpf: Add socket assign support
  net: Track socket refcounts in skb_steal_sock()
  bpf: Don't refcount LISTEN sockets in sk_assign()
  bpf: Fix use of sk->sk_reuseport from sk_assign

John Fastabend (1):
  bpf, sk_msg: Add some generic helpers that may be useful from sk_msg

Martin KaFai Lau (1):
  bpf: Add BPF_FUNC_jiffies64

 include/linux/bpf-cgroup.h     |   1 +
 include/linux/bpf.h            |   2 +
 include/net/cls_cgroup.h       |   7 +-
 include/net/inet6_hashtables.h |   3 +-
 include/net/inet_hashtables.h  |   3 +-
 include/net/net_namespace.h    |   5 +
 include/net/sock.h             |  46 ++++--
 include/uapi/linux/bpf.h       | 251 ++++++++++++++++++++++++++++++++-
 kernel/bpf/core.c              |   1 +
 kernel/bpf/helpers.c           |  12 ++
 kernel/bpf/syscall.c           |  12 ++
 kernel/bpf/verifier.c          |  46 +++++-
 net/core/filter.c              | 145 ++++++++++++++++++-
 net/core/net_namespace.c       |  15 ++
 net/core/sock.c                |  12 ++
 net/ipv4/af_inet.c             |   8 +-
 net/ipv4/ip_input.c            |   3 +-
 net/ipv4/udp.c                 |   6 +-
 net/ipv6/af_inet6.c            |   9 +-
 net/ipv6/ip6_input.c           |   3 +-
 net/ipv6/udp.c                 |   9 +-
 net/sched/act_bpf.c            |   3 +
 tools/include/uapi/linux/bpf.h | 251 ++++++++++++++++++++++++++++++++-
 23 files changed, 811 insertions(+), 42 deletions(-)

Comments

Stefan Bader Sept. 2, 2020, 8:13 a.m. UTC | #1
On 31.08.20 06:03, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/1887740
> 
> A set of eBPF patches are requested by GKE for 5.4.
> 
> The actual backport work was done by Daniel Borkmann himself (who is also the upstream author of most of these patches)
> 
> I only made minor fix-ups to the commit messages, and compile- and boot-tested the GCP-5.4 kernel with the changes. No issues were observed.
> 
> 
> 
> Daniel Borkmann (7):
>   bpf: Enable retrieval of socket cookie for bind/post-bind hook
>   bpf: Enable perf event rb output for bpf cgroup progs
>   bpf: Add netns cookie and enable it for bpf cgroup hooks
>   bpf, net: Fix build issue when net ns not configured
>   bpf: Allow to retrieve cgroup v1 classid from v2 hooks
>   bpf: Enable retrival of pid/tgid/comm from bpf cgroup hooks
>   bpf: Add get{peer, sock}name attach types for sock_addr
> 
> Joe Stringer (4):
>   bpf: Add socket assign support
>   net: Track socket refcounts in skb_steal_sock()
>   bpf: Don't refcount LISTEN sockets in sk_assign()
>   bpf: Fix use of sk->sk_reuseport from sk_assign
> 
> John Fastabend (1):
>   bpf, sk_msg: Add some generic helpers that may be useful from sk_msg
> 
> Martin KaFai Lau (1):
>   bpf: Add BPF_FUNC_jiffies64
> 
>  include/linux/bpf-cgroup.h     |   1 +
>  include/linux/bpf.h            |   2 +
>  include/net/cls_cgroup.h       |   7 +-
>  include/net/inet6_hashtables.h |   3 +-
>  include/net/inet_hashtables.h  |   3 +-
>  include/net/net_namespace.h    |   5 +
>  include/net/sock.h             |  46 ++++--
>  include/uapi/linux/bpf.h       | 251 ++++++++++++++++++++++++++++++++-
>  kernel/bpf/core.c              |   1 +
>  kernel/bpf/helpers.c           |  12 ++
>  kernel/bpf/syscall.c           |  12 ++
>  kernel/bpf/verifier.c          |  46 +++++-
>  net/core/filter.c              | 145 ++++++++++++++++++-
>  net/core/net_namespace.c       |  15 ++
>  net/core/sock.c                |  12 ++
>  net/ipv4/af_inet.c             |   8 +-
>  net/ipv4/ip_input.c            |   3 +-
>  net/ipv4/udp.c                 |   6 +-
>  net/ipv6/af_inet6.c            |   9 +-
>  net/ipv6/ip6_input.c           |   3 +-
>  net/ipv6/udp.c                 |   9 +-
>  net/sched/act_bpf.c            |   3 +
>  tools/include/uapi/linux/bpf.h | 251 ++++++++++++++++++++++++++++++++-
>  23 files changed, 811 insertions(+), 42 deletions(-)
> 
The regression potential section doe not describe how potential regressions
might look like. Please fix.
(see https://wiki.ubuntu.com/StableReleaseUpdates/#SRU_Bug_Template)

The bug report and the subject were pointing at sources which I think are wrong.
I updated the bug report. There is now a gke-5.4 source in bionic and this is
where the patches should go to.

With above reservations:

Acked-by: Stefan Bader <stefan.bader@canonical.com>
Kleber Souza Sept. 3, 2020, 11 a.m. UTC | #2
On 31.08.20 06:03, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/1887740
> 
> A set of eBPF patches are requested by GKE for 5.4.
> 
> The actual backport work was done by Daniel Borkmann himself (who is also the upstream author of most of these patches)
> 
> I only made minor fix-ups to the commit messages, and compile- and boot-tested the GCP-5.4 kernel with the changes. No issues were observed.

Apart from the missing BugLink's on patches 10-13 (which can be fixed when
applying) the patches look good and were tested by the vendor.

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

> 
> 
> 
> Daniel Borkmann (7):
>   bpf: Enable retrieval of socket cookie for bind/post-bind hook
>   bpf: Enable perf event rb output for bpf cgroup progs
>   bpf: Add netns cookie and enable it for bpf cgroup hooks
>   bpf, net: Fix build issue when net ns not configured
>   bpf: Allow to retrieve cgroup v1 classid from v2 hooks
>   bpf: Enable retrival of pid/tgid/comm from bpf cgroup hooks
>   bpf: Add get{peer, sock}name attach types for sock_addr
> 
> Joe Stringer (4):
>   bpf: Add socket assign support
>   net: Track socket refcounts in skb_steal_sock()
>   bpf: Don't refcount LISTEN sockets in sk_assign()
>   bpf: Fix use of sk->sk_reuseport from sk_assign
> 
> John Fastabend (1):
>   bpf, sk_msg: Add some generic helpers that may be useful from sk_msg
> 
> Martin KaFai Lau (1):
>   bpf: Add BPF_FUNC_jiffies64
> 
>  include/linux/bpf-cgroup.h     |   1 +
>  include/linux/bpf.h            |   2 +
>  include/net/cls_cgroup.h       |   7 +-
>  include/net/inet6_hashtables.h |   3 +-
>  include/net/inet_hashtables.h  |   3 +-
>  include/net/net_namespace.h    |   5 +
>  include/net/sock.h             |  46 ++++--
>  include/uapi/linux/bpf.h       | 251 ++++++++++++++++++++++++++++++++-
>  kernel/bpf/core.c              |   1 +
>  kernel/bpf/helpers.c           |  12 ++
>  kernel/bpf/syscall.c           |  12 ++
>  kernel/bpf/verifier.c          |  46 +++++-
>  net/core/filter.c              | 145 ++++++++++++++++++-
>  net/core/net_namespace.c       |  15 ++
>  net/core/sock.c                |  12 ++
>  net/ipv4/af_inet.c             |   8 +-
>  net/ipv4/ip_input.c            |   3 +-
>  net/ipv4/udp.c                 |   6 +-
>  net/ipv6/af_inet6.c            |   9 +-
>  net/ipv6/ip6_input.c           |   3 +-
>  net/ipv6/udp.c                 |   9 +-
>  net/sched/act_bpf.c            |   3 +
>  tools/include/uapi/linux/bpf.h | 251 ++++++++++++++++++++++++++++++++-
>  23 files changed, 811 insertions(+), 42 deletions(-)
>
Stefan Bader Sept. 4, 2020, 3 p.m. UTC | #3
On 31.08.20 06:03, Khalid Elmously wrote:
> BugLink: https://bugs.launchpad.net/bugs/1887740
> 
> A set of eBPF patches are requested by GKE for 5.4.
> 
> The actual backport work was done by Daniel Borkmann himself (who is also the upstream author of most of these patches)
> 
> I only made minor fix-ups to the commit messages, and compile- and boot-tested the GCP-5.4 kernel with the changes. No issues were observed.
> 
> 
> 
> Daniel Borkmann (7):
>   bpf: Enable retrieval of socket cookie for bind/post-bind hook
>   bpf: Enable perf event rb output for bpf cgroup progs
>   bpf: Add netns cookie and enable it for bpf cgroup hooks
>   bpf, net: Fix build issue when net ns not configured
>   bpf: Allow to retrieve cgroup v1 classid from v2 hooks
>   bpf: Enable retrival of pid/tgid/comm from bpf cgroup hooks
>   bpf: Add get{peer, sock}name attach types for sock_addr
> 
> Joe Stringer (4):
>   bpf: Add socket assign support
>   net: Track socket refcounts in skb_steal_sock()
>   bpf: Don't refcount LISTEN sockets in sk_assign()
>   bpf: Fix use of sk->sk_reuseport from sk_assign
> 
> John Fastabend (1):
>   bpf, sk_msg: Add some generic helpers that may be useful from sk_msg
> 
> Martin KaFai Lau (1):
>   bpf: Add BPF_FUNC_jiffies64
> 
>  include/linux/bpf-cgroup.h     |   1 +
>  include/linux/bpf.h            |   2 +
>  include/net/cls_cgroup.h       |   7 +-
>  include/net/inet6_hashtables.h |   3 +-
>  include/net/inet_hashtables.h  |   3 +-
>  include/net/net_namespace.h    |   5 +
>  include/net/sock.h             |  46 ++++--
>  include/uapi/linux/bpf.h       | 251 ++++++++++++++++++++++++++++++++-
>  kernel/bpf/core.c              |   1 +
>  kernel/bpf/helpers.c           |  12 ++
>  kernel/bpf/syscall.c           |  12 ++
>  kernel/bpf/verifier.c          |  46 +++++-
>  net/core/filter.c              | 145 ++++++++++++++++++-
>  net/core/net_namespace.c       |  15 ++
>  net/core/sock.c                |  12 ++
>  net/ipv4/af_inet.c             |   8 +-
>  net/ipv4/ip_input.c            |   3 +-
>  net/ipv4/udp.c                 |   6 +-
>  net/ipv6/af_inet6.c            |   9 +-
>  net/ipv6/ip6_input.c           |   3 +-
>  net/ipv6/udp.c                 |   9 +-
>  net/sched/act_bpf.c            |   3 +
>  tools/include/uapi/linux/bpf.h | 251 ++++++++++++++++++++++++++++++++-
>  23 files changed, 811 insertions(+), 42 deletions(-)
> 
Applied to bionic/linux-gke-5.4-next. Thanks.

-Stefan