util: introduce virbpf helpers

In order to implement devices controller with cgroup v2 we need to
add support for BPF programs, cgroup v2 doesn't have devices controller.

This introduces required helpers wrapping linux syscalls.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Pavel Hrdina 2019-09-09 09:37:32 +02:00
parent 9e4445ebc3
commit 07946d6e39
8 changed files with 718 additions and 0 deletions

View File

@ -881,6 +881,11 @@ AC_CHECK_DECLS([clock_serv_t, host_get_clock_service, clock_get_time],
#include <mach/mach.h>
])
# Check if we have new enough kernel to support BPF devices for cgroups v2
if test "$with_linux" = "yes"; then
AC_CHECK_DECLS([BPF_PROG_QUERY], [], [], [#include <linux/bpf.h>])
fi
# Check if we need to look for ifconfig
if test "$want_ifconfig" = "yes"; then
AC_PATH_PROG([IFCONFIG_PATH], [ifconfig])

View File

@ -135,6 +135,7 @@ typedef enum {
VIR_FROM_DOMAIN_CHECKPOINT = 69, /* Error from domain checkpoint */
VIR_FROM_TPM = 70, /* Error from TPM */
VIR_FROM_BPF = 71, /* Error from BPF code */
# ifdef VIR_ENUM_SENTINELS
VIR_ERR_DOMAIN_LAST

View File

@ -224,6 +224,7 @@
@SRCDIR@/src/util/virauth.c
@SRCDIR@/src/util/virauthconfig.c
@SRCDIR@/src/util/virbitmap.c
@SRCDIR@/src/util/virbpf.c
@SRCDIR@/src/util/vircgroup.c
@SRCDIR@/src/util/vircgroupbackend.c
@SRCDIR@/src/util/vircgroupbackend.h

View File

@ -1584,6 +1584,22 @@ virBitmapToString;
virBitmapUnion;
# util/virbpf.h
virBPFAttachProg;
virBPFCreateMap;
virBPFDeleteElem;
virBPFDetachProg;
virBPFGetMap;
virBPFGetMapInfo;
virBPFGetNextElem;
virBPFGetProg;
virBPFGetProgInfo;
virBPFLoadProg;
virBPFLookupElem;
virBPFQueryProg;
virBPFUpdateElem;
# util/virbuffer.h
virBufferAdd;
virBufferAddBuffer;

View File

@ -21,6 +21,8 @@ UTIL_SOURCES = \
util/virauthconfig.h \
util/virbitmap.c \
util/virbitmap.h \
util/virbpf.c \
util/virbpf.h \
util/virbuffer.c \
util/virbuffer.h \
util/virperf.c \

436
src/util/virbpf.c Normal file
View File

@ -0,0 +1,436 @@
/*
* virbpf.c: methods for eBPF
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <sys/syscall.h>
#include "internal.h"
#include "viralloc.h"
#include "virbpf.h"
#include "virerror.h"
#include "virfile.h"
#include "virlog.h"
#include "virstring.h"
VIR_LOG_INIT("util.bpf");
#define VIR_FROM_THIS VIR_FROM_BPF
#if HAVE_DECL_BPF_PROG_QUERY
int
virBPFCreateMap(unsigned int mapType,
unsigned int keySize,
unsigned int valSize,
unsigned int maxEntries)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_type = mapType;
attr.key_size = keySize;
attr.value_size = valSize;
attr.max_entries = maxEntries;
return syscall(SYS_bpf, BPF_MAP_CREATE, &attr, sizeof(attr));
}
# define LOG_BUF_SIZE (256 * 1024)
int
virBPFLoadProg(struct bpf_insn *insns,
int progType,
unsigned int insnCnt)
{
g_autofree char *logbuf = NULL;
int progfd = -1;
union bpf_attr attr;
logbuf = g_new0(char, LOG_BUF_SIZE);
memset(&attr, 0, sizeof(attr));
attr.prog_type = progType;
attr.insn_cnt = (uint32_t)insnCnt;
attr.insns = (uint64_t)insns;
attr.license = (uint64_t)"GPL";
attr.log_buf = (uint64_t)logbuf;
attr.log_size = LOG_BUF_SIZE;
attr.log_level = 1;
progfd = syscall(SYS_bpf, BPF_PROG_LOAD, &attr, sizeof(attr));
if (progfd < 0)
VIR_DEBUG("%s", logbuf);
return progfd;
}
int
virBPFAttachProg(int progfd,
int targetfd,
int attachType)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.target_fd = targetfd;
attr.attach_bpf_fd = progfd;
attr.attach_type = attachType;
return syscall(SYS_bpf, BPF_PROG_ATTACH, &attr, sizeof(attr));
}
int
virBPFDetachProg(int progfd,
int targetfd,
int attachType)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.target_fd = targetfd;
attr.attach_bpf_fd = progfd;
attr.attach_type = attachType;
return syscall(SYS_bpf, BPF_PROG_DETACH, &attr, sizeof(attr));
}
int
virBPFQueryProg(int targetfd,
unsigned int maxprogids,
int attachType,
unsigned int *progcnt,
void *progids)
{
union bpf_attr attr;
int rc;
memset(&attr, 0, sizeof(attr));
attr.query.target_fd = targetfd;
attr.query.attach_type = attachType;
attr.query.prog_cnt = maxprogids;
attr.query.prog_ids = (uint64_t)progids;
rc = syscall(SYS_bpf, BPF_PROG_QUERY, &attr, sizeof(attr));
if (rc >= 0)
*progcnt = attr.query.prog_cnt;
return rc;
}
int
virBPFGetProg(unsigned int id)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.prog_id = id;
return syscall(SYS_bpf, BPF_PROG_GET_FD_BY_ID, &attr, sizeof(attr));
}
int
virBPFGetProgInfo(int progfd,
struct bpf_prog_info *info,
unsigned int **mapIDs)
{
union bpf_attr attr;
int rc;
memset(&attr, 0, sizeof(attr));
attr.info.bpf_fd = progfd;
attr.info.info_len = sizeof(struct bpf_prog_info);
attr.info.info = (uint64_t)info;
rc = syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr));
if (rc < 0)
return rc;
if (mapIDs && info->nr_map_ids > 0) {
unsigned int maplen = info->nr_map_ids;
g_autofree unsigned int *retmapIDs = NULL;
retmapIDs = g_new0(unsigned int, maplen);
memset(info, 0, sizeof(struct bpf_prog_info));
info->nr_map_ids = maplen;
info->map_ids = (uint64_t)retmapIDs;
memset(&attr, 0, sizeof(attr));
attr.info.bpf_fd = progfd;
attr.info.info_len = sizeof(struct bpf_prog_info);
attr.info.info = (uint64_t)info;
rc = syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr));
if (rc < 0)
return rc;
*mapIDs = g_steal_pointer(&retmapIDs);
}
return rc;
}
int
virBPFGetMap(unsigned int id)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_id = id;
return syscall(SYS_bpf, BPF_MAP_GET_FD_BY_ID, &attr, sizeof(attr));
}
int
virBPFGetMapInfo(int mapfd,
struct bpf_map_info *info)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.info.bpf_fd = mapfd;
attr.info.info_len = sizeof(struct bpf_map_info);
attr.info.info = (uint64_t)info;
return syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr));
}
int
virBPFLookupElem(int mapfd,
void *key,
void *val)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_fd = mapfd;
attr.key = (uint64_t)key;
attr.value = (uint64_t)val;
return syscall(SYS_bpf, BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr));
}
int
virBPFGetNextElem(int mapfd,
void *key,
void *nextKey)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_fd = mapfd;
attr.key = (uint64_t)key;
attr.next_key = (uint64_t)nextKey;
return syscall(SYS_bpf, BPF_MAP_GET_NEXT_KEY, &attr, sizeof(attr));
}
int
virBPFUpdateElem(int mapfd,
void *key,
void *val)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_fd = mapfd;
attr.key = (uint64_t)key;
attr.value = (uint64_t)val;
return syscall(SYS_bpf, BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr));
}
int
virBPFDeleteElem(int mapfd,
void *key)
{
union bpf_attr attr;
memset(&attr, 0, sizeof(attr));
attr.map_fd = mapfd;
attr.key = (uint64_t)key;
return syscall(SYS_bpf, BPF_MAP_DELETE_ELEM, &attr, sizeof(attr));
}
#else /* HAVE_DECL_BPF_PROG_QUERY */
int
virBPFCreateMap(unsigned int mapType G_GNUC_UNUSED,
unsigned int keySize G_GNUC_UNUSED,
unsigned int valSize G_GNUC_UNUSED,
unsigned int maxEntries G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFLoadProg(struct bpf_insn *insns G_GNUC_UNUSED,
int progType G_GNUC_UNUSED,
unsigned int insnCnt G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFAttachProg(int progfd G_GNUC_UNUSED,
int targetfd G_GNUC_UNUSED,
int attachType G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFDetachProg(int progfd G_GNUC_UNUSED,
int targetfd G_GNUC_UNUSED,
int attachType G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFQueryProg(int targetfd G_GNUC_UNUSED,
unsigned int maxprogids G_GNUC_UNUSED,
int attachType G_GNUC_UNUSED,
unsigned int *progcnt G_GNUC_UNUSED,
void *progids G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFGetProg(unsigned int id G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFGetProgInfo(int progfd G_GNUC_UNUSED,
struct bpf_prog_info *info G_GNUC_UNUSED,
unsigned int **mapIDs G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFGetMap(unsigned int id G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFGetMapInfo(int mapfd G_GNUC_UNUSED,
struct bpf_map_info *info G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFLookupElem(int mapfd G_GNUC_UNUSED,
void *key G_GNUC_UNUSED,
void *val G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFGetNextElem(int mapfd G_GNUC_UNUSED,
void *key G_GNUC_UNUSED,
void *nextKey G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFUpdateElem(int mapfd G_GNUC_UNUSED,
void *key G_GNUC_UNUSED,
void *val G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
int
virBPFDeleteElem(int mapfd G_GNUC_UNUSED,
void *key G_GNUC_UNUSED)
{
virReportSystemError(ENOSYS, "%s",
_("BPF not supported with this kernel"));
return -1;
}
#endif /* HAVE_DECL_BPF_PROG_QUERY */

256
src/util/virbpf.h Normal file
View File

@ -0,0 +1,256 @@
/*
* virbpf.h: methods for eBPF
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library. If not, see
* <http://www.gnu.org/licenses/>.
*/
#pragma once
#if HAVE_DECL_BPF_PROG_QUERY
# include <linux/bpf.h>
/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */
# define VIR_BPF_ALU64_REG(op, dst, src) \
((struct bpf_insn) { \
.code = BPF_ALU64 | BPF_OP(op) | BPF_X, \
.dst_reg = dst, \
.src_reg = src, \
.off = 0, \
.imm = 0, \
})
/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
# define VIR_BPF_ALU64_IMM(op, dst, immval) \
((struct bpf_insn) { \
.code = BPF_ALU64 | BPF_OP(op) | BPF_K, \
.dst_reg = dst, \
.src_reg = 0, \
.off = 0, \
.imm = immval, \
})
/* mov of registers, dst_reg = src_reg */
# define VIR_BPF_MOV64_REG(dst, src) \
((struct bpf_insn) { \
.code = BPF_ALU64 | BPF_MOV | BPF_X, \
.dst_reg = dst, \
.src_reg = src, \
.off = 0, \
.imm = 0, \
})
/* mov of immediates, dst_reg = imm32 */
# define VIR_BPF_MOV64_IMM(dst, immval) \
((struct bpf_insn) { \
.code = BPF_ALU64 | BPF_MOV | BPF_K, \
.dst_reg = dst, \
.src_reg = 0, \
.off = 0, \
.imm = immval, \
})
/* helper to encode 16 byte instruction */
# define _VIR_BPF_LD_IMM64_RAW(dst, src, immval) \
((struct bpf_insn) { \
.code = BPF_LD | BPF_DW | BPF_IMM, \
.dst_reg = dst, \
.src_reg = src, \
.off = 0, \
.imm = (uint32_t)immval, \
}), \
((struct bpf_insn) { \
.code = 0, \
.dst_reg = 0, \
.src_reg = 0, \
.off = 0, \
.imm = ((uint64_t)immval) >> 32, \
})
/* encodes single 'load 64-bit immediate' insn, dst_reg = imm ll */
# define VIR_BPF_LD_IMM64(dst, imm) \
_VIR_BPF_LD_IMM64_RAW(dst, 0, imm)
/* pseudo VIR_BPF_LD_IMM64 insn used to refer to process-local map_fd */
# define VIR_BPF_LD_MAP_FD(dst, mapfd) \
_VIR_BPF_LD_IMM64_RAW(dst, 1, mapfd)
/* memory load, dst_reg = *(size *) (src_reg + off16) */
# define VIR_BPF_LDX_MEM(size, dst, src, offval) \
((struct bpf_insn) { \
.code = BPF_LDX | BPF_SIZE(size) | BPF_MEM, \
.dst_reg = dst, \
.src_reg = src, \
.off = offval, \
.imm = 0, \
})
/* memory store of registers, *(size *) (dst_reg + off16) = src_reg */
# define VIR_BPF_STX_MEM(size, dst, src, offval) \
((struct bpf_insn) { \
.code = BPF_STX | BPF_SIZE(size) | BPF_MEM, \
.dst_reg = dst, \
.src_reg = src, \
.off = offval, \
.imm = 0, \
})
/* memory store of immediates, *(size *) (dst_reg + off16) = imm32 */
# define VIR_BPF_ST_MEM(size, dst, immval, offval) \
((struct bpf_insn) { \
.code = BPF_ST | BPF_SIZE(size) | BPF_MEM, \
.dst_reg = dst, \
.src_reg = 0, \
.off = offval, \
.imm = immval, \
})
/* conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
# define VIR_BPF_JMP_REG(op, dst, src, offval) \
((struct bpf_insn) { \
.code = BPF_JMP | BPF_OP(op) | BPF_X, \
.dst_reg = dst, \
.src_reg = src, \
.off = offval, \
.imm = 0, \
})
/* conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
# define VIR_BPF_JMP_IMM(op, dst, immval, offval) \
((struct bpf_insn) { \
.code = BPF_JMP | BPF_OP(op) | BPF_K, \
.dst_reg = dst, \
.src_reg = 0, \
.off = offval, \
.imm = immval, \
})
/* call eBPF function, call imm32 */
# define VIR_BPF_CALL_INSN(func) \
((struct bpf_insn) { \
.code = BPF_JMP | BPF_CALL, \
.dst_reg = 0, \
.src_reg = 0, \
.off = 0, \
.imm = func, \
})
/* program exit */
# define VIR_BPF_EXIT_INSN() \
((struct bpf_insn) { \
.code = BPF_JMP | BPF_EXIT, \
.dst_reg = 0, \
.src_reg = 0, \
.off = 0, \
.imm = 0, \
})
#else /* HAVE_DECL_BPF_PROG_QUERY */
struct bpf_prog_info;
struct bpf_map_info;
struct bpf_insn;
# define VIR_BPF_ALU64_REG(op, dst, src)
# define VIR_BPF_ALU64_IMM(op, dst, immval)
# define VIR_BPF_MOV64_REG(dst, src)
# define VIR_BPF_MOV64_IMM(dst, immval)
# define VIR_BPF_LD_IMM64(dst, imm)
# define VIR_BPF_LD_MAP_FD(dst, mapfd)
# define VIR_BPF_LDX_MEM(size, dst, src, offval)
# define VIR_BPF_STX_MEM(size, dst, src, offval)
# define VIR_BPF_ST_MEM(size, dst, immval, offval)
# define VIR_BPF_JMP_REG(op, dst, src, offval)
# define VIR_BPF_JMP_IMM(op, dst, immval, offval)
# define VIR_BPF_CALL_INSN(func)
# define VIR_BPF_EXIT_INSN()
#endif /* HAVE_DECL_BPF_PROG_QUERY */
int
virBPFCreateMap(unsigned int mapType,
unsigned int keySize,
unsigned int valSize,
unsigned int maxEntries);
int
virBPFGetMapInfo(int mapfd,
struct bpf_map_info *info);
int
virBPFLoadProg(struct bpf_insn *insns,
int progType,
unsigned int insnCnt);
int
virBPFAttachProg(int progfd,
int targetfd,
int attachType);
int
virBPFDetachProg(int progfd,
int targetfd,
int attachType);
int
virBPFQueryProg(int targetfd,
unsigned int maxprogids,
int attachType,
unsigned int *progcnt,
void *progids);
int
virBPFGetProg(unsigned int id);
int
virBPFGetProgInfo(int progfd,
struct bpf_prog_info *info,
unsigned int **mapIDs);
int
virBPFGetMap(unsigned int id);
int
virBPFLookupElem(int mapfd,
void *key,
void *val);
int
virBPFGetNextElem(int mapfd,
void *key,
void *nextKey);
int
virBPFUpdateElem(int mapfd,
void *key,
void *val);
int
virBPFDeleteElem(int mapfd,
void *key);

View File

@ -144,6 +144,7 @@ VIR_ENUM_IMPL(virErrorDomain,
"Domain Checkpoint",
"TPM", /* 70 */
"BPF",
);