All of lore.kernel.org
 help / color / mirror / Atom feed
From: Lorenz Bauer <lmb@cloudflare.com>
To: John Fastabend <john.fastabend@gmail.com>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	kernel-team <kernel-team@cloudflare.com>,
	Networking <netdev@vger.kernel.org>, bpf <bpf@vger.kernel.org>
Subject: Re: [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup
Date: Fri, 13 Mar 2020 11:03:26 +0000	[thread overview]
Message-ID: <CACAyw989zaAe2UDHcOPODbSo=WDPpQzD6kX1h5z_4xBfKP+oQg@mail.gmail.com> (raw)
In-Reply-To: <5e6a8e48240a9_6a322aac933b85c029@john-XPS-13-9370.notmuch>

On Thu, 12 Mar 2020 at 19:32, John Fastabend <john.fastabend@gmail.com> wrote:
>
> The restriction that the maps can not grow/shrink is perhaps limiting a
> bit. I can see how resizing might be useful. In my original load balancer
> case a single application owned all the socks so there was no need to
> ever pull them back out of the map. We "knew" where they were. I think
> resize ops could be added without to much redesign. Or a CREATE flag could
> be used to add it as a new entry if needed. At some point I guess someone
> will request it as a feature for Cilium for example. OTOH I'm not sure
> off-hand how to use a dynamically sized table for load balancing. I
> should know the size because I want to say something about the hash
> distribution and if the size is changing do I still know this? I really
> haven't considered it much.

I agree, magically changing the size of a sockmap isn't useful. We don't
want to do load-balancing, but still need stable indices into the map:

- derive some sort of ID from the skb
- look up the ID in the sockmap
- return the socket as the result of the program

If the ID changes we need to coordinate this with the eBPF, or at least
update some other map in a race-free way.

[...]

>
> Rather than expose the fd's to user space would a map copy api be
> useful? I could imagine some useful cases where copy might be used
>
>  map_copy(map *A, map *B, map_key *key)
>
> would need to sort out what to do with key/value size changes. But
> I can imagine for upgrades this might be useful.

I guess that would be a way to approach it. I'd probably find a primitive
to copy a whole map atomically more useful, but haven't really thought
about it much.

>
> Another option I've been considering the need for a garbage collection
> thread trigger at regular intervals. This BPF program could do the
> copy from map to map in kernel space never exposing fds out of kernel

So, have a dummy prog that has both maps, and copies from old to new.
Invoke that from user space via BPF_PROG_TEST_RUN?

I guess that would work, but falls back to being "protected" by
CAP_SYS_ADMIN. It's just more cumbersome than doing it in user space!

Lorenz

-- 
Lorenz Bauer  |  Systems Engineer
6th Floor, County Hall/The Riverside Building, SE1 7PB, UK

www.cloudflare.com

  reply	other threads:[~2020-03-13 11:03 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-10 17:47 [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup Lorenz Bauer
2020-03-10 17:47 ` [PATCH 1/5] bpf: add map_copy_value hook Lorenz Bauer
2020-03-10 17:47 ` [PATCH 2/5] bpf: convert queue and stack map to map_copy_value Lorenz Bauer
2020-03-11 14:00   ` Jakub Sitnicki
2020-03-11 22:31     ` John Fastabend
2020-03-10 17:47 ` [PATCH 3/5] bpf: convert sock map and hash " Lorenz Bauer
2020-03-11 13:55   ` Jakub Sitnicki
2020-03-10 17:47 ` [PATCH 4/5] bpf: sockmap, sockhash: return file descriptors from privileged lookup Lorenz Bauer
2020-03-11 23:27   ` John Fastabend
2020-03-17 10:17     ` Lorenz Bauer
2020-03-17 15:18   ` Jakub Sitnicki
2020-03-17 18:16     ` John Fastabend
2020-03-10 17:47 ` [PATCH 5/5] bpf: sockmap, sockhash: test looking up fds Lorenz Bauer
2020-03-11 13:52   ` Jakub Sitnicki
2020-03-11 17:24     ` Lorenz Bauer
2020-03-11 13:44 ` [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup Jakub Sitnicki
2020-03-11 22:40   ` John Fastabend
2020-03-12  1:58 ` Alexei Starovoitov
2020-03-12  9:16   ` Lorenz Bauer
2020-03-12 17:58     ` Alexei Starovoitov
2020-03-12 19:32       ` John Fastabend
2020-03-13 11:03         ` Lorenz Bauer [this message]
2020-03-13 10:48       ` Lorenz Bauer
2020-03-14  2:58         ` Alexei Starovoitov
2020-03-17  9:55           ` Lorenz Bauer
2020-03-17 19:05             ` John Fastabend
2020-03-20 15:12               ` Lorenz Bauer
2020-04-07  3:08                 ` Alexei Starovoitov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CACAyw989zaAe2UDHcOPODbSo=WDPpQzD6kX1h5z_4xBfKP+oQg@mail.gmail.com' \
    --to=lmb@cloudflare.com \
    --cc=alexei.starovoitov@gmail.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=john.fastabend@gmail.com \
    --cc=kernel-team@cloudflare.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.