| Message ID | 20210713153758.323614-1-andrew@daynix.com |
|---|---|
| Headers | show |
| Series | ebpf: Added ebpf helper for libvirtd. | expand |
ping On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: > Libvirt usually launches qemu with strict permissions. > To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > > Added property "ebpf_rss_fds" for "virtio-net" that allows to > initialize eBPF RSS context with passed program & maps fds. > > Added qemu-ebpf-rss-helper - simple helper that loads eBPF > context and passes fds through unix socket. > Libvirt should call the helper and pass fds to qemu through > "ebpf_rss_fds" property. > > Added explicit target OS check for libbpf dependency in meson. > eBPF RSS works only with Linux TAP, so there is no reason to > build eBPF loader/helper for non-Linux. > > Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > bypassing unprivileged BPF map update. Also, instead of 3 maps > (config, key and indirection table) there is one map that > combines everything. > > Added helper stamp. To check that helper was build with qemu, > qemu would check helper symbols that should contain the stamp. > It was done similar to qemu modules, but checking was performed > by the helper's ELF parsing. > > Overall, libvirt process should not be aware of the "interface" > of eBPF RSS, it will not be aware of eBPF maps/program "type" and > their quantity. That's why qemu and the helper should be from > the same build and be "synchronized". Technically each qemu may > have its own helper. That's why "query-helper-paths" qmp command > was added. Qemu should return the path to the helper that suits > and libvirt should use "that" helper for "that" emulator. > > qmp sample: > C: { "execute": "query-helper-paths" } > S: { "return": [ > { > "name": "qemu-ebpf-rss-helper", > "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > } > ] > } > > Changes since v1: > * Mmap() used instead if bpf_map_update_elem(). > * Added helper stamp. > > Andrew Melnychenko (5): > ebpf: Added eBPF initialization by fds and map update. > virtio-net: Added property to load eBPF RSS with fds. > qmp: Added the helper stamp check. > ebpf_rss_helper: Added helper for eBPF RSS. > qmp: Added qemu-ebpf-rss-path command. > > ebpf/ebpf_rss-stub.c | 6 + > ebpf/ebpf_rss.c | 120 ++++--- > ebpf/ebpf_rss.h | 8 +- > ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > hw/net/virtio-net.c | 77 ++++- > include/hw/virtio/virtio-net.h | 1 + > meson.build | 47 ++- > monitor/meson.build | 1 + > monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > monitor/qemu-helper-stamp-utils.h | 24 ++ > monitor/qmp-cmds.c | 32 ++ > qapi/misc.json | 33 ++ > tools/ebpf/rss.bpf.c | 67 ++-- > 14 files changed, 990 insertions(+), 410 deletions(-) > create mode 100644 ebpf/qemu-ebpf-rss-helper.c > create mode 100644 monitor/qemu-helper-stamp-utils.c > create mode 100644 monitor/qemu-helper-stamp-utils.h > > -- > 2.31.1 > >
Jason, Can you please review the series? Thanks, Yuri On Thu, Jul 22, 2021 at 11:38 AM Andrew Melnichenko <andrew@daynix.com> wrote: > > ping > > On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: >> >> Libvirt usually launches qemu with strict permissions. >> To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. >> >> Added property "ebpf_rss_fds" for "virtio-net" that allows to >> initialize eBPF RSS context with passed program & maps fds. >> >> Added qemu-ebpf-rss-helper - simple helper that loads eBPF >> context and passes fds through unix socket. >> Libvirt should call the helper and pass fds to qemu through >> "ebpf_rss_fds" property. >> >> Added explicit target OS check for libbpf dependency in meson. >> eBPF RSS works only with Linux TAP, so there is no reason to >> build eBPF loader/helper for non-Linux. >> >> Changed Qemu updates eBPF maps to array mmaping. Mmaping allows >> bypassing unprivileged BPF map update. Also, instead of 3 maps >> (config, key and indirection table) there is one map that >> combines everything. >> >> Added helper stamp. To check that helper was build with qemu, >> qemu would check helper symbols that should contain the stamp. >> It was done similar to qemu modules, but checking was performed >> by the helper's ELF parsing. >> >> Overall, libvirt process should not be aware of the "interface" >> of eBPF RSS, it will not be aware of eBPF maps/program "type" and >> their quantity. That's why qemu and the helper should be from >> the same build and be "synchronized". Technically each qemu may >> have its own helper. That's why "query-helper-paths" qmp command >> was added. Qemu should return the path to the helper that suits >> and libvirt should use "that" helper for "that" emulator. >> >> qmp sample: >> C: { "execute": "query-helper-paths" } >> S: { "return": [ >> { >> "name": "qemu-ebpf-rss-helper", >> "path": "/usr/local/libexec/qemu-ebpf-rss-helper" >> } >> ] >> } >> >> Changes since v1: >> * Mmap() used instead if bpf_map_update_elem(). >> * Added helper stamp. >> >> Andrew Melnychenko (5): >> ebpf: Added eBPF initialization by fds and map update. >> virtio-net: Added property to load eBPF RSS with fds. >> qmp: Added the helper stamp check. >> ebpf_rss_helper: Added helper for eBPF RSS. >> qmp: Added qemu-ebpf-rss-path command. >> >> ebpf/ebpf_rss-stub.c | 6 + >> ebpf/ebpf_rss.c | 120 ++++--- >> ebpf/ebpf_rss.h | 8 +- >> ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ >> ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- >> hw/net/virtio-net.c | 77 ++++- >> include/hw/virtio/virtio-net.h | 1 + >> meson.build | 47 ++- >> monitor/meson.build | 1 + >> monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ >> monitor/qemu-helper-stamp-utils.h | 24 ++ >> monitor/qmp-cmds.c | 32 ++ >> qapi/misc.json | 33 ++ >> tools/ebpf/rss.bpf.c | 67 ++-- >> 14 files changed, 990 insertions(+), 410 deletions(-) >> create mode 100644 ebpf/qemu-ebpf-rss-helper.c >> create mode 100644 monitor/qemu-helper-stamp-utils.c >> create mode 100644 monitor/qemu-helper-stamp-utils.h >> >> -- >> 2.31.1 >>
On Mon, Aug 16, 2021 at 7:58 PM Yuri Benditovich <yuri.benditovich@daynix.com> wrote: > > Jason, > Can you please review the series? WIll do it this week. Thanks > > Thanks, > Yuri > > On Thu, Jul 22, 2021 at 11:38 AM Andrew Melnichenko <andrew@daynix.com> wrote: > > > > ping > > > > On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: > >> > >> Libvirt usually launches qemu with strict permissions. > >> To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > >> > >> Added property "ebpf_rss_fds" for "virtio-net" that allows to > >> initialize eBPF RSS context with passed program & maps fds. > >> > >> Added qemu-ebpf-rss-helper - simple helper that loads eBPF > >> context and passes fds through unix socket. > >> Libvirt should call the helper and pass fds to qemu through > >> "ebpf_rss_fds" property. > >> > >> Added explicit target OS check for libbpf dependency in meson. > >> eBPF RSS works only with Linux TAP, so there is no reason to > >> build eBPF loader/helper for non-Linux. > >> > >> Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > >> bypassing unprivileged BPF map update. Also, instead of 3 maps > >> (config, key and indirection table) there is one map that > >> combines everything. > >> > >> Added helper stamp. To check that helper was build with qemu, > >> qemu would check helper symbols that should contain the stamp. > >> It was done similar to qemu modules, but checking was performed > >> by the helper's ELF parsing. > >> > >> Overall, libvirt process should not be aware of the "interface" > >> of eBPF RSS, it will not be aware of eBPF maps/program "type" and > >> their quantity. That's why qemu and the helper should be from > >> the same build and be "synchronized". Technically each qemu may > >> have its own helper. That's why "query-helper-paths" qmp command > >> was added. Qemu should return the path to the helper that suits > >> and libvirt should use "that" helper for "that" emulator. > >> > >> qmp sample: > >> C: { "execute": "query-helper-paths" } > >> S: { "return": [ > >> { > >> "name": "qemu-ebpf-rss-helper", > >> "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > >> } > >> ] > >> } > >> > >> Changes since v1: > >> * Mmap() used instead if bpf_map_update_elem(). > >> * Added helper stamp. > >> > >> Andrew Melnychenko (5): > >> ebpf: Added eBPF initialization by fds and map update. > >> virtio-net: Added property to load eBPF RSS with fds. > >> qmp: Added the helper stamp check. > >> ebpf_rss_helper: Added helper for eBPF RSS. > >> qmp: Added qemu-ebpf-rss-path command. > >> > >> ebpf/ebpf_rss-stub.c | 6 + > >> ebpf/ebpf_rss.c | 120 ++++--- > >> ebpf/ebpf_rss.h | 8 +- > >> ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > >> ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > >> hw/net/virtio-net.c | 77 ++++- > >> include/hw/virtio/virtio-net.h | 1 + > >> meson.build | 47 ++- > >> monitor/meson.build | 1 + > >> monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > >> monitor/qemu-helper-stamp-utils.h | 24 ++ > >> monitor/qmp-cmds.c | 32 ++ > >> qapi/misc.json | 33 ++ > >> tools/ebpf/rss.bpf.c | 67 ++-- > >> 14 files changed, 990 insertions(+), 410 deletions(-) > >> create mode 100644 ebpf/qemu-ebpf-rss-helper.c > >> create mode 100644 monitor/qemu-helper-stamp-utils.c > >> create mode 100644 monitor/qemu-helper-stamp-utils.h > >> > >> -- > >> 2.31.1 > >> >
在 2021/7/13 下午11:37, Andrew Melnychenko 写道: > Libvirt usually launches qemu with strict permissions. > To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > > Added property "ebpf_rss_fds" for "virtio-net" that allows to > initialize eBPF RSS context with passed program & maps fds. > > Added qemu-ebpf-rss-helper - simple helper that loads eBPF > context and passes fds through unix socket. > Libvirt should call the helper and pass fds to qemu through > "ebpf_rss_fds" property. > > Added explicit target OS check for libbpf dependency in meson. > eBPF RSS works only with Linux TAP, so there is no reason to > build eBPF loader/helper for non-Linux. > > Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > bypassing unprivileged BPF map update. Also, instead of 3 maps > (config, key and indirection table) there is one map that > combines everything. > > Added helper stamp. To check that helper was build with qemu, > qemu would check helper symbols that should contain the stamp. > It was done similar to qemu modules, but checking was performed > by the helper's ELF parsing. > > Overall, libvirt process should not be aware of the "interface" > of eBPF RSS, it will not be aware of eBPF maps/program "type" and > their quantity. That's why qemu and the helper should be from > the same build and be "synchronized". Technically each qemu may > have its own helper. That's why "query-helper-paths" qmp command > was added. Qemu should return the path to the helper that suits > and libvirt should use "that" helper for "that" emulator. > > qmp sample: > C: { "execute": "query-helper-paths" } > S: { "return": [ > { > "name": "qemu-ebpf-rss-helper", > "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > } > ] > } > > Changes since v1: > * Mmap() used instead if bpf_map_update_elem(). Some questions: 1) Is the mmap() part a stable ABI? 2) Is there a change that we may use other kinds of bpf map that can be mmaped? 3) What's the advantages of using bpf mmap() over the rx-filter-event? Thanks > * Added helper stamp. > > Andrew Melnychenko (5): > ebpf: Added eBPF initialization by fds and map update. > virtio-net: Added property to load eBPF RSS with fds. > qmp: Added the helper stamp check. > ebpf_rss_helper: Added helper for eBPF RSS. > qmp: Added qemu-ebpf-rss-path command. > > ebpf/ebpf_rss-stub.c | 6 + > ebpf/ebpf_rss.c | 120 ++++--- > ebpf/ebpf_rss.h | 8 +- > ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > hw/net/virtio-net.c | 77 ++++- > include/hw/virtio/virtio-net.h | 1 + > meson.build | 47 ++- > monitor/meson.build | 1 + > monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > monitor/qemu-helper-stamp-utils.h | 24 ++ > monitor/qmp-cmds.c | 32 ++ > qapi/misc.json | 33 ++ > tools/ebpf/rss.bpf.c | 67 ++-- > 14 files changed, 990 insertions(+), 410 deletions(-) > create mode 100644 ebpf/qemu-ebpf-rss-helper.c > create mode 100644 monitor/qemu-helper-stamp-utils.c > create mode 100644 monitor/qemu-helper-stamp-utils.h >
Libvirt usually launches qemu with strict permissions. To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. Added property "ebpf_rss_fds" for "virtio-net" that allows to initialize eBPF RSS context with passed program & maps fds. Added qemu-ebpf-rss-helper - simple helper that loads eBPF context and passes fds through unix socket. Libvirt should call the helper and pass fds to qemu through "ebpf_rss_fds" property. Added explicit target OS check for libbpf dependency in meson. eBPF RSS works only with Linux TAP, so there is no reason to build eBPF loader/helper for non-Linux. Changed Qemu updates eBPF maps to array mmaping. Mmaping allows bypassing unprivileged BPF map update. Also, instead of 3 maps (config, key and indirection table) there is one map that combines everything. Added helper stamp. To check that helper was build with qemu, qemu would check helper symbols that should contain the stamp. It was done similar to qemu modules, but checking was performed by the helper's ELF parsing. Overall, libvirt process should not be aware of the "interface" of eBPF RSS, it will not be aware of eBPF maps/program "type" and their quantity. That's why qemu and the helper should be from the same build and be "synchronized". Technically each qemu may have its own helper. That's why "query-helper-paths" qmp command was added. Qemu should return the path to the helper that suits and libvirt should use "that" helper for "that" emulator. qmp sample: C: { "execute": "query-helper-paths" } S: { "return": [ { "name": "qemu-ebpf-rss-helper", "path": "/usr/local/libexec/qemu-ebpf-rss-helper" } ] } Changes since v1: * Mmap() used instead if bpf_map_update_elem(). * Added helper stamp. Andrew Melnychenko (5): ebpf: Added eBPF initialization by fds and map update. virtio-net: Added property to load eBPF RSS with fds. qmp: Added the helper stamp check. ebpf_rss_helper: Added helper for eBPF RSS. qmp: Added qemu-ebpf-rss-path command. ebpf/ebpf_rss-stub.c | 6 + ebpf/ebpf_rss.c | 120 ++++--- ebpf/ebpf_rss.h | 8 +- ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- hw/net/virtio-net.c | 77 ++++- include/hw/virtio/virtio-net.h | 1 + meson.build | 47 ++- monitor/meson.build | 1 + monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ monitor/qemu-helper-stamp-utils.h | 24 ++ monitor/qmp-cmds.c | 32 ++ qapi/misc.json | 33 ++ tools/ebpf/rss.bpf.c | 67 ++-- 14 files changed, 990 insertions(+), 410 deletions(-) create mode 100644 ebpf/qemu-ebpf-rss-helper.c create mode 100644 monitor/qemu-helper-stamp-utils.c create mode 100644 monitor/qemu-helper-stamp-utils.h