Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bpf, datapath: unconditionally assume support for direct access to map values #24504

Merged
merged 1 commit into from
Mar 28, 2023
Merged

bpf, datapath: unconditionally assume support for direct access to map values #24504

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
44 changes: 8 additions & 36 deletions bpf/bpf_lxc.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,8 +301,8 @@ struct {
static __always_inline int handle_ipv6_from_lxc(struct __ctx_buff *ctx, __u32 *dst_id,
__s8 *ext_err)
{
struct ct_state ct_state_on_stack __maybe_unused, *ct_state, ct_state_new = {};
struct ipv6_ct_tuple tuple_on_stack __maybe_unused, *tuple;
struct ct_state *ct_state, ct_state_new = {};
struct ipv6_ct_tuple *tuple;
#ifdef ENABLE_ROUTING
union macaddr router_mac = NODE_MAC;
#endif
Expand Down Expand Up @@ -367,15 +367,8 @@ static __always_inline int handle_ipv6_from_lxc(struct __ctx_buff *ctx, __u32 *d
/* The map value is zeroed so the map update didn't happen somehow. */
return DROP_INVALID_TC_BUFFER;

#if HAVE_DIRECT_ACCESS_TO_MAP_VALUES
tuple = (struct ipv6_ct_tuple *)&ct_buffer->tuple;
ct_state = (struct ct_state *)&ct_buffer->ct_state;
#else
memcpy(&tuple_on_stack, &ct_buffer->tuple, sizeof(tuple_on_stack));
tuple = &tuple_on_stack;
memcpy(&ct_state_on_stack, &ct_buffer->ct_state, sizeof(ct_state_on_stack));
ct_state = &ct_state_on_stack;
#endif /* HAVE_DIRECT_ACCESS_TO_MAP_VALUES */
trace.monitor = ct_buffer->monitor;
ret = ct_buffer->ret;
ct_status = (enum ct_status)ret;
Expand Down Expand Up @@ -757,8 +750,8 @@ struct {
static __always_inline int handle_ipv4_from_lxc(struct __ctx_buff *ctx, __u32 *dst_id,
__s8 *ext_err)
{
struct ct_state ct_state_on_stack __maybe_unused, *ct_state, ct_state_new = {};
struct ipv4_ct_tuple tuple_on_stack __maybe_unused, *tuple;
struct ct_state *ct_state, ct_state_new = {};
struct ipv4_ct_tuple *tuple;
#ifdef ENABLE_ROUTING
union macaddr router_mac = NODE_MAC;
#endif
Expand Down Expand Up @@ -819,15 +812,8 @@ static __always_inline int handle_ipv4_from_lxc(struct __ctx_buff *ctx, __u32 *d
/* The map value is zeroed so the map update didn't happen somehow. */
return DROP_INVALID_TC_BUFFER;

#if HAVE_DIRECT_ACCESS_TO_MAP_VALUES
tuple = (struct ipv4_ct_tuple *)&ct_buffer->tuple;
ct_state = (struct ct_state *)&ct_buffer->ct_state;
#else
memcpy(&tuple_on_stack, &ct_buffer->tuple, sizeof(tuple_on_stack));
tuple = &tuple_on_stack;
memcpy(&ct_state_on_stack, &ct_buffer->ct_state, sizeof(ct_state_on_stack));
ct_state = &ct_state_on_stack;
#endif /* HAVE_DIRECT_ACCESS_TO_MAP_VALUES */
trace.monitor = ct_buffer->monitor;
ret = ct_buffer->ret;
ct_status = (enum ct_status)ret;
Expand Down Expand Up @@ -1334,8 +1320,8 @@ ipv6_policy(struct __ctx_buff *ctx, int ifindex, __u32 src_label,
enum ct_status *ct_status, struct ipv6_ct_tuple *tuple_out,
__s8 *ext_err, __u16 *proxy_port, bool from_host __maybe_unused)
{
struct ct_state ct_state_on_stack __maybe_unused, *ct_state, ct_state_new = {};
struct ipv6_ct_tuple tuple_on_stack __maybe_unused, *tuple;
struct ct_state *ct_state, ct_state_new = {};
struct ipv6_ct_tuple *tuple;
int ret, verdict = CTX_ACT_OK, hdrlen, zero = 0;
struct ct_buffer6 *ct_buffer;
void *data, *data_end;
Expand Down Expand Up @@ -1366,15 +1352,8 @@ ipv6_policy(struct __ctx_buff *ctx, int ifindex, __u32 src_label,
/* The map value is zeroed so the map update didn't happen somehow. */
return DROP_INVALID_TC_BUFFER;

#if HAVE_DIRECT_ACCESS_TO_MAP_VALUES
tuple = (struct ipv6_ct_tuple *)&ct_buffer->tuple;
ct_state = (struct ct_state *)&ct_buffer->ct_state;
#else
memcpy(&tuple_on_stack, &ct_buffer->tuple, sizeof(tuple_on_stack));
tuple = &tuple_on_stack;
memcpy(&ct_state_on_stack, &ct_buffer->ct_state, sizeof(ct_state_on_stack));
ct_state = &ct_state_on_stack;
#endif /* HAVE_DIRECT_ACCESS_TO_MAP_VALUES */
monitor = ct_buffer->monitor;
ret = ct_buffer->ret;
*ct_status = (enum ct_status)ret;
Expand Down Expand Up @@ -1641,8 +1620,8 @@ ipv4_policy(struct __ctx_buff *ctx, int ifindex, __u32 src_label, enum ct_status
struct ipv4_ct_tuple *tuple_out, __s8 *ext_err, __u16 *proxy_port,
bool from_host __maybe_unused)
{
struct ct_state ct_state_on_stack __maybe_unused, *ct_state, ct_state_new = {};
struct ipv4_ct_tuple tuple_on_stack __maybe_unused, *tuple;
struct ct_state *ct_state, ct_state_new = {};
struct ipv4_ct_tuple *tuple;
void *data, *data_end;
struct iphdr *ip4;
bool skip_ingress_proxy = false;
Expand Down Expand Up @@ -1681,15 +1660,8 @@ ipv4_policy(struct __ctx_buff *ctx, int ifindex, __u32 src_label, enum ct_status
/* The map value is zeroed so the map update didn't happen somehow. */
return DROP_INVALID_TC_BUFFER;

#if HAVE_DIRECT_ACCESS_TO_MAP_VALUES
tuple = (struct ipv4_ct_tuple *)&ct_buffer->tuple;
ct_state = (struct ct_state *)&ct_buffer->ct_state;
#else
memcpy(&tuple_on_stack, &ct_buffer->tuple, sizeof(tuple_on_stack));
tuple = &tuple_on_stack;
memcpy(&ct_state_on_stack, &ct_buffer->ct_state, sizeof(ct_state_on_stack));
ct_state = &ct_state_on_stack;
#endif /* HAVE_DIRECT_ACCESS_TO_MAP_VALUES */
monitor = ct_buffer->monitor;
ret = ct_buffer->ret;
*ct_status = (enum ct_status)ret;
Expand Down
14 changes: 4 additions & 10 deletions pkg/datapath/linux/probes/probes.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -523,16 +523,10 @@ func writeCommonHeader(writer io.Writer, probes *FeatureProbes) error {
probes.ProgramHelpers[ProgramHelper{ebpf.XDP, asm.FnJiffies64}],
"HAVE_SOCKET_LOOKUP": probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSockAddr, asm.FnSkLookupTcp}] &&
probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSockAddr, asm.FnSkLookupUdp}],
"HAVE_CGROUP_ID": probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSockAddr, asm.FnGetCurrentCgroupId}],
// Before upstream commit d71962f3e627 (4.18), map helpers were not
// allowed to access map values directly. So for those older kernels,
// we need to copy the data to the stack first.
// We don't have a probe for that, but the bpf_fib_lookup helper was
// introduced in the same release.
"HAVE_DIRECT_ACCESS_TO_MAP_VALUES": probes.ProgramHelpers[ProgramHelper{ebpf.SchedCLS, asm.FnFibLookup}],
"HAVE_LARGE_INSN_LIMIT": probes.Misc.HaveLargeInsnLimit,
"HAVE_SET_RETVAL": probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSock, asm.FnSetRetval}],
"HAVE_FIB_NEIGH": probes.ProgramHelpers[ProgramHelper{ebpf.SchedCLS, asm.FnRedirectNeigh}],
"HAVE_CGROUP_ID": probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSockAddr, asm.FnGetCurrentCgroupId}],
"HAVE_LARGE_INSN_LIMIT": probes.Misc.HaveLargeInsnLimit,
"HAVE_SET_RETVAL": probes.ProgramHelpers[ProgramHelper{ebpf.CGroupSock, asm.FnSetRetval}],
"HAVE_FIB_NEIGH": probes.ProgramHelpers[ProgramHelper{ebpf.SchedCLS, asm.FnRedirectNeigh}],
// Check if kernel has d1c362e1dd68 ("bpf: Always return target ifindex
// in bpf_fib_lookup") which is 5.10+. This got merged in the same kernel
// as the new redirect helpers.
Expand Down