diff options
author | Daniel Borkmann <daniel@iogearbox.net> | 2019-05-14 01:18:56 +0200 |
---|---|---|
committer | Alexei Starovoitov <ast@kernel.org> | 2019-05-14 19:47:29 +0200 |
commit | 50b045a8c0ccf44f76640ac3eea8d80ca53979a3 (patch) | |
tree | bf1473714504517bf4c394c7f13ec982ab35da57 /kernel/groups.c | |
parent | bpf: add map_lookup_elem_sys_only for lookups from syscall side (diff) | |
download | linux-50b045a8c0ccf44f76640ac3eea8d80ca53979a3.tar.xz linux-50b045a8c0ccf44f76640ac3eea8d80ca53979a3.zip |
bpf, lru: avoid messing with eviction heuristics upon syscall lookup
One of the biggest issues we face right now with picking LRU map over
regular hash table is that a map walk out of user space, for example,
to just dump the existing entries or to remove certain ones, will
completely mess up LRU eviction heuristics and wrong entries such
as just created ones will get evicted instead. The reason for this
is that we mark an entry as "in use" via bpf_lru_node_set_ref() from
system call lookup side as well. Thus upon walk, all entries are
being marked, so information of actual least recently used ones
are "lost".
In case of Cilium where it can be used (besides others) as a BPF
based connection tracker, this current behavior causes disruption
upon control plane changes that need to walk the map from user space
to evict certain entries. Discussion result from bpfconf [0] was that
we should simply just remove marking from system call side as no
good use case could be found where it's actually needed there.
Therefore this patch removes marking for regular LRU and per-CPU
flavor. If there ever should be a need in future, the behavior could
be selected via map creation flag, but due to mentioned reason we
avoid this here.
[0] http://vger.kernel.org/bpfconf.html
Fixes: 29ba732acbee ("bpf: Add BPF_MAP_TYPE_LRU_HASH")
Fixes: 8f8449384ec3 ("bpf: Add BPF_MAP_TYPE_LRU_PERCPU_HASH")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Diffstat (limited to 'kernel/groups.c')
0 files changed, 0 insertions, 0 deletions