doc: add initial BPF and XDP documentation #546
Conversation
| generic and flexible enough that there are many kernel subsystems which use eBPF | ||
| apart from only networking. Nowadays, the Linux kernel runs eBPF only and loaded | ||
| cBPF bytecode is transparently translated into an eBPF representation in the | ||
| kernel before program execution. |
There was a problem hiding this comment.
I think it's probably fine as is, but I'll double check to make sure.
There was a problem hiding this comment.
(an eBPF representation is the correct form)
Documentation/bpf.rst
Outdated
| these packet load instructions are less relevant nowadays. ``BPF_LDX`` class | ||
| holds instructions for byte / half-word / word / double-word loads out of | ||
| memory. Memory in this context is generic can could be stack memory, map value | ||
| data, packet data, etc. |
Documentation/bpf.rst
Outdated
| included into the main programs. For example, Cilium makes heavy use of | ||
| this (see ``bpf/lib/``). However, this still allows for including header | ||
| files, for example, from the kernel or other libraries and resuse their | ||
| static inline functions or macros / definitions. |
Documentation/bpf.rst
Outdated
|
|
||
| The remaining section names are specific for eBPF program code, for example, | ||
| the below code has been modified to contain to two program sections, ``ingress`` | ||
| and ``egress``. The toy example code demonstrates that both can share a map |
There was a problem hiding this comment.
s/to contain to/to contain/ ?
Documentation/bpf.rst
Outdated
| value size. This works, because during execution, eBPF programs are guaranteed | ||
| to never get preempted by the kernel and therefore can use the single map entry | ||
| as a scratch buffer for temporariy data, for example, to extend beyond the stack | ||
| limitation. This also works accross tail calls, since it has the same guarantees |
There was a problem hiding this comment.
s/temporariy/temporary/ ?
Documentation/bpf.rst
Outdated
| program attached. ``ip link | grep xdp`` can thus be used to find all interfaces | ||
| that have XDP running. Further introspection facilities will be provided through | ||
| the detailed view through ``ip -d link`` once the kernel API gains support for | ||
| dumping additional attributes. |
There was a problem hiding this comment.
s/view through/view/ ? The extra through adds nothing extra IMO, but either way is fine.
| For removing the entire ``clsact`` qdisc from the netdevice, which implicitly also | ||
| removes all attached programs from the ``ingress`` and ``egress`` hooks, the | ||
| below command is provided: | ||
|
|
Documentation/bpf.rst
Outdated
| .. _bpf_guide: | ||
|
|
||
| ***************** | ||
| BPF and XDP Guide |
There was a problem hiding this comment.
Maybe rename this to "BPF and XDP Reference Guide" to make it a bit clearer that this is deep dive material for developers and not required for users.
Documentation/bpf.rst
Outdated
| types such as tc and XDP, and to aide developing Cilium's eBPF templates. | ||
|
|
||
| **This purely serves as a developer's guide and is explicitly not a requirement | ||
| for Cilium users to read, since Cilium abstracts eBPF internals away entirely.** |
There was a problem hiding this comment.
Let's move this and make it the first paragraph. You can use:
.. note:: This purely serves as a ...
prefix so it will appear as a note widget so it stands out a bit more.
Documentation/bpf.rst
Outdated
| **This purely serves as a developer's guide and is explicitly not a requirement | ||
| for Cilium users to read, since Cilium abstracts eBPF internals away entirely.** | ||
|
|
||
| The older cBPF architecture is not covered by this document, since Cilium does |
There was a problem hiding this comment.
I would drop the 'since Cilium' part
Documentation/bpf.rst
Outdated
|
|
||
| eBPF does not define itself by only providing its instruction set, but also by | ||
| offering further infrastructure around it such as maps that act as efficient | ||
| key / value stores, helper functions to interact with the kernel, tail calls for |
There was a problem hiding this comment.
helper functions to interact with and leverage kernel functionaly
Documentation/bpf.rst
Outdated
|
|
||
| * In case of networking (e.g., tc and XDP), eBPF programs can be updated atomically | ||
| without having to restart the kernel, system services or containers, and without | ||
| traffic interruptions. |
There was a problem hiding this comment.
Let's add that any program state can be maintained throughout updates via bpf maps.
Documentation/bpf.rst
Outdated
| calls with regard to user space applications. | ||
|
|
||
| * eBPF programs work in concert with the kernel, they make use of existing kernel | ||
| infrastructure and tooling (e.g., iproute2) as well as the safety guarantees that |
There was a problem hiding this comment.
Would be great to add an (e.g. ...) with a couple of examples of used kernel infrastructure.
Documentation/bpf.rst
Outdated
| infrastructure and tooling (e.g., iproute2) as well as the safety guarantees that | ||
| the kernel provides. Unlike kernel modules, eBPF programs are verified through an | ||
| in-kernel verifier in order to ensure that they cannot crash the kernel, always | ||
| terminate, etc. XDP programs, for example, reuse the existing in-kernel drivers |
There was a problem hiding this comment.
Maybe move XDP down until you have properly introduced it. The XDP concept is completely unknown to the reader at this point.
There was a problem hiding this comment.
Given it's kind of used throughout the doc (also in the more generic LLVM / iproute2 section), I tried to introduce XDP and tc terms at the very beginning now, but we could later on also still rearrange this a bit if we think a strict separation seems better.
Documentation/bpf.rst
Outdated
|
|
||
| The execution of an eBPF program inside the kernel is always event driven! For example, | ||
| a networking device that has an eBPF program attached on its ingress path will trigger | ||
| the execution of the program once a packet is received. |
There was a problem hiding this comment.
Add a second example for kprobe attachment.
| handing execution back to the kernel, the exit value is passed as a 32 bit value. | ||
|
|
||
| Registers ``r1`` - ``r5`` are scratch registers, meaning the eBPF program needs to | ||
| either spill them to the eBPF stack or move them to callee saved registers if these |
There was a problem hiding this comment.
Add a sentence to explains spilling.
borkmann
force-pushed
the
doc-bpf-wip
branch
4 times, most recently
from
bfe9836
to
44cd590
Compare
We're currently lacking a guide on this, therefore add a start of it that we can further extend over time. Rendered version from wip branch: http://cilium.readthedocs.io/en/doc-bpf-wip/ Signed-off-by: Daniel Borkmann <daniel@cilium.io>
|
I'll provide more feedback directly as a PR but this is in great shape to go in already. |
|
Perfect, thanks. I'll continue working on the remaining bits. |
We're currently lacking a guide on this, therefore add a start of it
that we can further extend over time.
Rendered version from wip branch:
http://cilium.readthedocs.io/en/doc-bpf-wip/
Signed-off-by: Daniel Borkmann daniel@cilium.io