Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp667340imm; Thu, 26 Jul 2018 09:53:57 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfRrxmz2qbTzxIsPg3yxY+l0h6V7al/LQbeEuKX4E/s14d772BOJc5ymGzmRapop8ysMmWY X-Received: by 2002:a62:42d7:: with SMTP id h84-v6mr2903125pfd.146.1532624037396; Thu, 26 Jul 2018 09:53:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532624037; cv=none; d=google.com; s=arc-20160816; b=lVHAl+xrrtO9zhFyyGICYIIHc3KyoElSWTtvHqO2HYZYZmrE+anctISZ3Zva7pxkbr 1QK6mTbtSwzxL5j3B4qRLkg61CCDvBegbtPy/Xq3df3jnxnZHFAXBTE2ISE+RVvpM8Wx p1RhoBBruVAQeB8FbZ2pCj6e/joLnhqNTMGyYwODXHfS8ecRZQq1jp9JIddN44k80ScM OdpMIjr1teFilrb0EahcecF/hHvzUNwFxyw0Bhy6CO/OoZh2XEmWIKo7zIEtSHBjitY0 4uOeCiGxJytLeFVeCFNKpwQNNVREnQzTEgwYYKiHo+TH36uzaCOml9PJ2DFEZ+08hV6w h5CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references:message-id :in-reply-to:date:mime-version:dkim-signature :arc-authentication-results; bh=C14wB0B6Vjxk29Z+2i5VLR9Y7UfpstNpOXC4VFZGbDs=; b=Qr6fcui4OjjOlKGLVt6fkfUx7oKXtnNDGkEphzNUTvq6TMN3opLmgS8aNh8qRWGvdd j7Cs02aEykhJQtXS8bBFV1MW+DtZh80h1QNCAzDmtkBO/K7L6dZlfGX5SIu1OXBT0zaT PYefDBGCIyMxxKHxOiTNZfqT4SFd5usl3zmtZBx08CMubghwH5eyz/kUujsiPJ5/TGQ7 UDZY8dVH3rCsihm0mKiHQ1Xw/sulCYybT+e4Fk1RnJxRsmw6Cnypuyj8Y2bDutP/+ybk SF6e5/DNuqZuetNxjRWRrXB/hWVQVmGjhQFWbf1zHiR+yy6gu+VEP0TP7yt4gkCuODq9 Oc2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WpmOdhdK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q185-v6si1751346pga.322.2018.07.26.09.53.41; Thu, 26 Jul 2018 09:53:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=WpmOdhdK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388377AbeGZSIu (ORCPT + 99 others); Thu, 26 Jul 2018 14:08:50 -0400 Received: from mail-vk0-f73.google.com ([209.85.213.73]:47247 "EHLO mail-vk0-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731732AbeGZSIt (ORCPT ); Thu, 26 Jul 2018 14:08:49 -0400 Received: by mail-vk0-f73.google.com with SMTP id b63-v6so884691vkf.14 for ; Thu, 26 Jul 2018 09:51:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:in-reply-to:message-id:references:subject:from:to :cc; bh=C14wB0B6Vjxk29Z+2i5VLR9Y7UfpstNpOXC4VFZGbDs=; b=WpmOdhdKimotsnIn7qu88S/bXh50tUyRa/UrXkN1SxIBq7rhSBjyWP56conyvGP1NA 0MTLxFZcvHHT/H0wWhLo173QBJ5DQHmKW1zPJIuIXzy4JSxMB5VeDOyxugypKEXcbicn 2Q+f3kO3vCzpdLi9MVb+bcSNovg8QvKtHd/bxaj7UTJcTJw5ofxpOu1bLQR36h69Cswx eNUZRAbUXx5N13GLwhRNKGazTRB42Th18BjFqD3EAWuxLqRMI0ytN4eWZBbs4wQw9dkZ jAx/ZdDU7ohWDQk5yeeMdRnBwqPon6eXGWbDmpPgdc9OLuzLNM4tzrHgeDEEbm210+9H 5Ykg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:in-reply-to:message-id :references:subject:from:to:cc; bh=C14wB0B6Vjxk29Z+2i5VLR9Y7UfpstNpOXC4VFZGbDs=; b=b5LICvc7gbZR9KCJqkjwbC9sGYwKCMBhAtLgnTihF/hgwIzIbf+0hR6/06GCZSHguG uaJlDjq8Ro1060KABrDtcQtbPdVJYCMOWhOb4UyVuyNujATOFcGhqmNp9yNK/iP+/Qz5 tcckqQVto7cllDkUKlbdw67qJP10mLQjIzxGYyhmZBT8Rnui+gzjjnw5koZuVJ+Zp7LZ xSXYEryVfL5n7rNAew69KmfTmHsKtjVEE0+otNp3Waen30azqnzQV902obx25Eh4eGg5 DyhCZBI+Hi8h08t2KnrE5mF9TvKkofJWeZ7MoVWItpQzCLDXoTufdfCWx+2ljXQ411Md 4d8g== X-Gm-Message-State: AOUpUlF7wvAUfEjFEPSpydA2IGtb5UFX65hLbHJINT6pt6zTYWLy3dpQ WlNheGN71hzXSjJ3RVUtYFD8TP9mdUo= MIME-Version: 1.0 X-Received: by 2002:a1f:9209:: with SMTP id u9-v6mr1245686vkd.73.1532623869478; Thu, 26 Jul 2018 09:51:09 -0700 (PDT) Date: Thu, 26 Jul 2018 09:51:05 -0700 In-Reply-To: <20180716202301.GB160902@joelaf.mtv.corp.google.com> Message-Id: <20180726165105.8634-1-dancol@google.com> References: <20180716202301.GB160902@joelaf.mtv.corp.google.com> X-Mailer: git-send-email 2.18.0.233.g985f88cf7e-goog Subject: [PATCH v2] Add BPF_SYNCHRONIZE_MAPS bpf(2) command From: Daniel Colascione To: joelaf@google.com Cc: linux-kernel@vger.kernel.org, timmurray@google.com, netdev@vger.kernel.org, Alexei Starovoitov , Lorenzo Colitti , Chenbo Feng , Mathieu Desnoyers , Alexei Starovoitov , Daniel Borkmann , Daniel Colascione Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org BPF_SYNCHRONIZE_MAPS waits for the release of any references to a BPF map made by a BPF program that is running at the time the BPF_SYNCHRONIZE_MAPS command is issued. The purpose of this command is to provide a means for userspace to replace a BPF map with another, newer version, then ensure that no component is still using the "old" map before manipulating the "old" map in some way. Signed-off-by: Daniel Colascione --- include/uapi/linux/bpf.h | 9 +++++++++ kernel/bpf/syscall.c | 13 +++++++++++++ 2 files changed, 22 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index b7db3261c62d..5b27e9117d3e 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -75,6 +75,14 @@ struct bpf_lpm_trie_key { __u8 data[0]; /* Arbitrary size */ }; +/* BPF_SYNCHRONIZE_MAPS waits for the release of any references to a + * BPF map made by a BPF program that is running at the time the + * BPF_SYNCHRONIZE_MAPS command is issued. The purpose of this command + * is to provide a means for userspace to replace a BPF map with + * another, newer version, then ensure that no component is still + * using the "old" map before manipulating the "old" map in some way. + */ + /* BPF syscall commands, see bpf(2) man-page for details. */ enum bpf_cmd { BPF_MAP_CREATE, @@ -98,6 +106,7 @@ enum bpf_cmd { BPF_BTF_LOAD, BPF_BTF_GET_FD_BY_ID, BPF_TASK_FD_QUERY, + BPF_SYNCHRONIZE_MAPS, }; enum bpf_map_type { diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index a31a1ba0f8ea..8bbd1a5d01d1 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -2274,6 +2274,19 @@ SYSCALL_DEFINE3(bpf, int, cmd, union bpf_attr __user *, uattr, unsigned int, siz if (sysctl_unprivileged_bpf_disabled && !capable(CAP_SYS_ADMIN)) return -EPERM; + if (cmd == BPF_SYNCHRONIZE_MAPS) { + if (uattr != NULL || size != 0) + return -EINVAL; + err = security_bpf(cmd, NULL, 0); + if (err < 0) + return err; + /* BPF programs always enter a critical section while + * they have a map reference outstanding. + */ + synchronize_rcu(); + return 0; + } + err = bpf_check_uarg_tail_zero(uattr, sizeof(attr), size); if (err) return err; -- 2.18.0.233.g985f88cf7e-goog