git.baikalelectronics.ru Git - kernel.git/commit

author	Jakub Sitnicki <jakub@cloudflare.com>
	Thu, 25 Jun 2020 14:13:55 +0000 (16:13 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Tue, 30 Jun 2020 17:45:08 +0000 (10:45 -0700)
commit	015efbf7ddef1aaf687c7e99ab27c08eae104318
tree	fddc7f1a11f4d32deb9a45cb3e5a604ece6f2cb2	tree \| snapshot
parent	c72d9a60c62cb68e20dfeb34b98046ff3b0199ea	commit \| diff

bpf, netns: Keep attached programs in bpf_prog_array

Prepare for having multi-prog attachments for new netns attach types by
storing programs to run in a bpf_prog_array, which is well suited for
iterating over programs and running them in sequence.

After this change bpf(PROG_QUERY) may block to allocate memory in
bpf_prog_array_copy_to_user() for collected program IDs. This forces a
change in how we protect access to the attached program in the query
callback. Because bpf_prog_array_copy_to_user() can sleep, we switch from
an RCU read lock to holding a mutex that serializes updaters.

Because we allow only one BPF flow_dissector program to be attached to
netns at all times, the bpf_prog_array pointed by net->bpf.run_array is
always either detached (null) or one element long.

No functional changes intended.

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Link: https://lore.kernel.org/bpf/20200625141357.910330-3-jakub@cloudflare.com

include/net/netns/bpf.h		diff \| blob \| history
kernel/bpf/net_namespace.c		diff \| blob \| history
net/core/flow_dissector.c		diff \| blob \| history