Received: by 2002:a05:7412:cfc7:b0:fc:a2b0:25d7 with SMTP id by7csp1569288rdb;
        Mon, 19 Feb 2024 23:20:09 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCWxOoJ61uY65Jw9ftALUhKgE29wTNWUMqEJD1SYasyBGsj2Fdj/zHJU3QJQcQ2OWO76aL2hHmKm1fAlFlJeJ5syjMtkRVCf6vK40wAzeA==
X-Google-Smtp-Source: AGHT+IHT+hdb7CfWN63Sncx2aLG2cvEOoCv1BLtkiykVYJjwdD8gM1LFsR/CNK2H8hys8dHQphbr
X-Received: by 2002:a17:902:6545:b0:1db:930e:e755 with SMTP id d5-20020a170902654500b001db930ee755mr14732775pln.35.1708413609227;
        Mon, 19 Feb 2024 23:20:09 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1708413609; cv=pass;
        d=google.com; s=arc-20160816;
        b=IfZ0L1kmi4hVFzk8Wx/EawjlfDTrjFa5ct5NwVkzy4cCha3NiETyGg3vGzL7ZYIGc1
         AnPptcCqTRcAPMgnsjJD6LWIafa50vTp76N+JU6IpJqkCP5qVuIK9P+xEGTOTTxeSpbt
         /aAst4QsBvURYYnQ9s2CiNEK76W2TxltwdKBoWQVihP/v/aUsh/93kuR3L0jNxvPHyGp
         lTjdP7UZlUH2mMASiBJoWs6PnLWz6LPwpMFThKLgH95APLnMqZ/WPWWXD2X4o7GhFEc5
         aYiDmkMtRuZFfk8DY5O5PPVRPU68ev6lV4Cn3yfwrVkWv4Z7eEW/dfjJjCbA0DYm8Faq
         1grg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:references:cc:to
         :content-language:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=aRVK0RBqvwU9ESK4wUCOXJ5JGHcyUKkaoM4QJ3fPRkU=;
        fh=3YG67tFmOXzciJRLDm/QibIaBKYuToJeIj72mV8rZFc=;
        b=0exAX19EUnga2AOAHBMVvNfqfrjRK1yjytw5e0xPur2W9x7b4Xs4DQamfl2ffrTrs7
         oYw7x3WVl9bAXQnv/j8urTc4q4IciZ5BBLhPNmHOC4XcMHua6MLyx/MmF1pEN0RW2di1
         lyKO77MvpUGDt2UgQ28UiodjA+Vk8beHKAoeYa2WmxXUyjIVydRNT08JYeXWb5ugUd5B
         u4qeBoyLCSSwZmGev7rKHXQpZ/xQJCH6ZQHYRYj04aGQz0tZ6iqSTjzxoiJcv6L8iW5n
         9Tvgxaa9VetENjGhTHKuvhSIdZdb3+w75lmSEMvX7reaPrJitkdYstUs2pVFD/jK8rNE
         kEuA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@linux.alibaba.com header.s=default header.b=kWA+ZmhB;
       arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com);
       spf=pass (google.com: domain of linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com
Return-Path: <linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1])
        by mx.google.com with ESMTPS id m7-20020a170902db0700b001d987570ba0si5883980plx.135.2024.02.19.23.20.08
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 19 Feb 2024 23:20:09 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.alibaba.com header.s=default header.b=kWA+ZmhB;
       arc=pass (i=1 spf=pass spfdomain=linux.alibaba.com dkim=pass dkdomain=linux.alibaba.com dmarc=pass fromdomain=linux.alibaba.com);
       spf=pass (google.com: domain of linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-72456-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.alibaba.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 1D028B22959
	for <linux.lists.archive@gmail.com>; Tue, 20 Feb 2024 07:16:29 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id C9A325A4E5;
	Tue, 20 Feb 2024 07:16:11 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b="kWA+ZmhB"
Received: from out30-99.freemail.mail.aliyun.com (out30-99.freemail.mail.aliyun.com [115.124.30.99])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9A0772E414;
	Tue, 20 Feb 2024 07:16:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.124.30.99
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1708413371; cv=none; b=HNX3DjHzNe9msufQrBO9WHz3ae0a7uaQvklSCRkvU6OStbxW03ZriicSSpIvJjNVYV26CmGmzhDjDbTNb8s6S69cVXkRlXtQevkRi7bLpUrdLqGH5SIAsyei4+mILxUoyNcnCGjR/MKOFmyqs5iR5mUlSL6svN5IrwlGCN4jKiY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1708413371; c=relaxed/simple;
	bh=cu/T1BOs7iJNYFJOKO7j3SL4H6llYux4Y5Jm+sXsTL4=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=eqIc88PGczjo9tKtzSmCxY7wwKZ4ds5MqfFVbextZGYepvVn75GON6WjZnfs7cdchVJVnb/ho2MMMvC7CMQQGefPmhsiuPTKnIgKiGTGlD3sB63EXu/RVd5pVlZtDdKy1DrpChT2WmuUYdvxgk9S5+Ir4zQo6bHvmC9Clh2lwCE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com; spf=pass smtp.mailfrom=linux.alibaba.com; dkim=pass (1024-bit key) header.d=linux.alibaba.com header.i=@linux.alibaba.com header.b=kWA+ZmhB; arc=none smtp.client-ip=115.124.30.99
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.alibaba.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.alibaba.com
DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=linux.alibaba.com; s=default;
	t=1708413365; h=Message-ID:Date:MIME-Version:Subject:To:From:Content-Type;
	bh=aRVK0RBqvwU9ESK4wUCOXJ5JGHcyUKkaoM4QJ3fPRkU=;
	b=kWA+ZmhB9lo4K/EAOIii30ukVBvjUbQWy+Jvm3l7T3FJYZvcYARr1rVOPZixaFA6y8WnkNybUM2QkZZXxa0G13uR4ogobpgi7vWWA58f7VtCuP/OrrGWtxQTtFdyi8sqFJ7mp1Mkko6MG56dHe0eyWNOodmUIyT1ZZLlrAxp+8o=
X-Alimail-AntiSpam:AC=PASS;BC=-1|-1;BR=01201311R831e4;CH=green;DM=||false|;DS=||;FP=0|-1|-1|-1|0|-1|-1|-1;HT=ay29a033018046060;MF=alibuda@linux.alibaba.com;NM=1;PH=DS;RN=14;SR=0;TI=SMTPD_---0W0w0R3Y_1708413363;
Received: from 30.221.148.206(mailfrom:alibuda@linux.alibaba.com fp:SMTPD_---0W0w0R3Y_1708413363)
          by smtp.aliyun-inc.com;
          Tue, 20 Feb 2024 15:16:05 +0800
Message-ID: <e1c747a9-64b7-471b-8fb8-093b8f080490@linux.alibaba.com>
Date: Tue, 20 Feb 2024 15:16:01 +0800
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [RFC nf-next v5 0/2] netfilter: bpf: support prog update
Content-Language: en-US
To: Pablo Neira Ayuso <pablo@netfilter.org>, Quentin Deslandes <qde@naccy.de>
Cc: kadlec@netfilter.org, fw@strlen.de, bpf@vger.kernel.org,
 linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
 coreteam@netfilter.org, netfilter-devel@vger.kernel.org,
 davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
 pabeni@redhat.com, ast@kernel.org
References: <1704175877-28298-1-git-send-email-alibuda@linux.alibaba.com>
 <70114fff-43bd-4e27-9abf-45345624042c@naccy.de> <ZcztLZPiz+FkF8kF@calendula>
From: "D. Wythe" <alibuda@linux.alibaba.com>
In-Reply-To: <ZcztLZPiz+FkF8kF@calendula>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit



On 2/15/24 12:41 AM, Pablo Neira Ayuso wrote:
> On Wed, Feb 14, 2024 at 05:10:46PM +0100, Quentin Deslandes wrote:
>> On 2024-01-02 07:11, D. Wythe wrote:
>>> From: "D. Wythe" <alibuda@linux.alibaba.com>
>>>
>>> This patches attempt to implements updating of progs within
>>> bpf netfilter link, allowing user update their ebpf netfilter
>>> prog in hot update manner.
>>>
>>> Besides, a corresponding test case has been added to verify
>>> whether the update works.
>>> --
>>> v1:
>>> 1. remove unnecessary context, access the prog directly via rcu.
>>> 2. remove synchronize_rcu(), dealloc the nf_link via kfree_rcu.
>>> 3. check the dead flag during the update.
>>> --
>>> v1->v2:
>>> 1. remove unnecessary nf_prog, accessing nf_link->link.prog in direct.
>>> --
>>> v2->v3:
>>> 1. access nf_link->link.prog via rcu_dereference_raw to avoid warning.
>>> --
>>> v3->v4:
>>> 1. remove mutex for link update, as it is unnecessary and can be replaced
>>> by atomic operations.
>>> --
>>> v4->v5:
>>> 1. fix error retval check on cmpxhcg
>>>
>>> D. Wythe (2):
>>>    netfilter: bpf: support prog update
>>>    selftests/bpf: Add netfilter link prog update test
>>>
>>>   net/netfilter/nf_bpf_link.c                        | 50 ++++++++-----
>>>   .../bpf/prog_tests/netfilter_link_update_prog.c    | 83 ++++++++++++++++++++++
>>>   .../bpf/progs/test_netfilter_link_update_prog.c    | 24 +++++++
>>>   3 files changed, 141 insertions(+), 16 deletions(-)
>>>   create mode 100644 tools/testing/selftests/bpf/prog_tests/netfilter_link_update_prog.c
>>>   create mode 100644 tools/testing/selftests/bpf/progs/test_netfilter_link_update_prog.c
>>>
>> It seems this patch has been forgotten, hopefully this answer
>> will give it more visibility.
>>
>> I've applied this change on 6.8.0-rc4 and tested BPF_LINK_UPDATE
>> with bpfilter and everything seems alright.
> Just post it without RFC tag.

Glad to know that, I will send a formal version soon.

D. Wythe