]> git.baikalelectronics.ru Git - kernel.git/commit
bpf: allow helpers access the packet directly
authorAlexei Starovoitov <ast@fb.com>
Fri, 12 Aug 2016 01:17:16 +0000 (18:17 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sat, 13 Aug 2016 04:56:18 +0000 (21:56 -0700)
commit45ec5c8b9b3337bae278f233fe60509e8cf887b3
tree2a35b03ce74494ad8772ed66f4e32a1e3a25a383
parent2c643ae0e5367bc5d9d70b2f6ded79277f05cf3f
bpf: allow helpers access the packet directly

The helper functions like bpf_map_lookup_elem(map, key) were only
allowing 'key' to point to the initialized stack area.
That is causing performance degradation when programs need to process
millions of packets per second and need to copy contents of the packet
into the stack just to pass the stack pointer into the lookup() function.
Allow such helpers read from the packet directly.
All helpers that expect ARG_PTR_TO_MAP_KEY, ARG_PTR_TO_MAP_VALUE,
ARG_PTR_TO_STACK assume byte aligned pointer, so no alignment concerns,
only need to check that helper will not be accessing beyond
the packet range verified by the prior 'if (ptr < data_end)' condition.
For now allow this feature for XDP programs only. Later it can be
relaxed for the clsact programs as well.

Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
kernel/bpf/verifier.c