BPF updates 06
This is issue 06 of the regular newsletter around BPF written by Alexander Alemayhu. It summarizes ongoing development, presentations, videos and other information related to BPF and XDP. It is released roughly once a week.
Linux 4.12-rc4 was released this week. No new BPF changes were in this release, but several patches were applied on netdev. The highlights are
- The BPF id patches which were ready last week but had to be re-spin because of merge conflicts.
- All perf events now have BPF support.
Other interesting topics
- VF XDP support for the qede driver.
- Better alignment tracking and improvements to the verifier.
See the patches section for all the links.
Videos
Netdev 2.1 - XDP for the Rest of Us By Andy Gospodarek + Jesper Dangaard Brouer
Extensive walk-through of the XDP programs in the prototype-kernel repository. The talk is overall great and covers several BPF and XDP concepts from the programmer perspective. Also nice to hear tips, tricks and pitfalls being covered.
In case you missed it
Cilium v0.9 Released: Hello Kubernetes!
Cilium 0.9.0 was released last week.
XDP Newbies...
Which is a place where people can talk about getting up to speed with setting up an XDP build environment and writing XDP programs.
You can subscribe by sending a email to majordomo@vger.kernel.org
, with a message body containing subscribe xdp-newbies
. No subject is needed, but you can of course add one if you like.
Random cool note
55 pages about how to improve container security. @ciliumproject #BPF, best practices, @coreos clair, #apparmor http://scaledocker.com
Some patches
- Craig Topper, [llvm] r304324 - [BPF] Correct the file name of the -gen-asm-matcher output file to not start with X86.
- Chenbo Feng, [PATCH net-next v2 1/2] bpf: Allow
CGROUP_SKB
eBPF program to accesssk_buff
- Chenbo Feng, [PATCH net-next v2 2/2] bpf: Remove the capability check for cgroup skb eBPF program
- Martin KaFai Lau, [PATCH v3 net-next 0/8] Introduce bpf ID
- [PATCH v3 net-next 1/8] bpf: Introduce bpf_prog ID
- [PATCH v3 net-next 2/8] bpf: Introduce bpf_map ID
- [PATCH v3 net-next 3/8] bpf: Add
BPF_(PROG|MAP)_GET_NEXT_ID
command - [PATCH v3 net-next 4/8] bpf: Add
BPF_PROG_GET_FD_BY_ID
- [PATCH v3 net-next 5/8] bpf: Add
BPF_MAP_GET_FD_BY_ID
- [PATCH v3 net-next 6/8] bpf: Add
jited_len
to structbpf_prog
- [PATCH v3 net-next 7/8] bpf: Add
BPF_OBJ_GET_INFO_BY_FD
- [PATCH v3 net-next 8/8] bpf: Test for bpf ID
- David Miller, [PATCH net-next] bpf: Take advantage of stack_depth tracking in sparc64 JIT
- Alexei Starovoitov, [PATCH v4 net-next 0/3] bpf: Add BPF support to all perf_event
- Yuval Mintz, [PATCH net-next 00/11] qed*: Support VF XDP attachment
- [PATCH net-next 01/11] qed: Add bitmaps for VF CIDs
- [PATCH net-next 02/11] qed: Create L2 queue database
- [PATCH net-next 03/11] qed*: L2 interface to use the SB structures directly
- [PATCH net-next 04/11] qed: Pass vf_params when creating a queue-cid
- [PATCH net-next 05/11] qed: Assign a unique per-queue index to queue-cid
- [PATCH net-next 06/11] qed: Make VF legacy a bitfield
- [PATCH net-next 07/11] qed: IOV db support multiple queues per qzone
- [PATCH net-next 08/11] qed: Multiple qzone queues for VFs
- [PATCH net-next 09/11] qed: VFs to try utilizing the doorbell bar
- [PATCH net-next 10/11] qed: VF XDP support
- [PATCH net-next 11/11] qede: VF XDP support
- Daniel Borkmann, [PATCH net-next] bpf: cgroup skb progs cannot access ld_abs/ind
- Daniel Borkmann, [PATCH net] bpf, arm64: use separate register for state in stxr
- Edward Cree, [RFC PATCH net-next 0/5] bpf: rewrite value tracking in verifier
- [RFC PATCH net-next 1/5] selftests/bpf: add test for mixed signed and unsigned bounds checks
- [RFC PATCH net-next 2/5] bpf/verifier: rework value tracking
- [RFC PATCH net-next 3/5] bpf/verifier: feed pointer-to-unknown-scalar casts into scalar ALU path
- [RFC PATCH net-next 4/5] bpf/verifier: track signed and unsigned min/max values
- [RFC PATCH net-next 5/5] selftests/bpf: change test_verifier expectations
Please note that netdev receives a lot of patches and the list above is not meant to be comprehensive.