Message ID | 20210713153758.323614-1-andrew@daynix.com |
---|---|
Headers | show |
Series | ebpf: Added ebpf helper for libvirtd. | expand |
ping On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: > Libvirt usually launches qemu with strict permissions. > To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > > Added property "ebpf_rss_fds" for "virtio-net" that allows to > initialize eBPF RSS context with passed program & maps fds. > > Added qemu-ebpf-rss-helper - simple helper that loads eBPF > context and passes fds through unix socket. > Libvirt should call the helper and pass fds to qemu through > "ebpf_rss_fds" property. > > Added explicit target OS check for libbpf dependency in meson. > eBPF RSS works only with Linux TAP, so there is no reason to > build eBPF loader/helper for non-Linux. > > Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > bypassing unprivileged BPF map update. Also, instead of 3 maps > (config, key and indirection table) there is one map that > combines everything. > > Added helper stamp. To check that helper was build with qemu, > qemu would check helper symbols that should contain the stamp. > It was done similar to qemu modules, but checking was performed > by the helper's ELF parsing. > > Overall, libvirt process should not be aware of the "interface" > of eBPF RSS, it will not be aware of eBPF maps/program "type" and > their quantity. That's why qemu and the helper should be from > the same build and be "synchronized". Technically each qemu may > have its own helper. That's why "query-helper-paths" qmp command > was added. Qemu should return the path to the helper that suits > and libvirt should use "that" helper for "that" emulator. > > qmp sample: > C: { "execute": "query-helper-paths" } > S: { "return": [ > { > "name": "qemu-ebpf-rss-helper", > "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > } > ] > } > > Changes since v1: > * Mmap() used instead if bpf_map_update_elem(). > * Added helper stamp. > > Andrew Melnychenko (5): > ebpf: Added eBPF initialization by fds and map update. > virtio-net: Added property to load eBPF RSS with fds. > qmp: Added the helper stamp check. > ebpf_rss_helper: Added helper for eBPF RSS. > qmp: Added qemu-ebpf-rss-path command. > > ebpf/ebpf_rss-stub.c | 6 + > ebpf/ebpf_rss.c | 120 ++++--- > ebpf/ebpf_rss.h | 8 +- > ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > hw/net/virtio-net.c | 77 ++++- > include/hw/virtio/virtio-net.h | 1 + > meson.build | 47 ++- > monitor/meson.build | 1 + > monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > monitor/qemu-helper-stamp-utils.h | 24 ++ > monitor/qmp-cmds.c | 32 ++ > qapi/misc.json | 33 ++ > tools/ebpf/rss.bpf.c | 67 ++-- > 14 files changed, 990 insertions(+), 410 deletions(-) > create mode 100644 ebpf/qemu-ebpf-rss-helper.c > create mode 100644 monitor/qemu-helper-stamp-utils.c > create mode 100644 monitor/qemu-helper-stamp-utils.h > > -- > 2.31.1 > >
Jason, Can you please review the series? Thanks, Yuri On Thu, Jul 22, 2021 at 11:38 AM Andrew Melnichenko <andrew@daynix.com> wrote: > > ping > > On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: >> >> Libvirt usually launches qemu with strict permissions. >> To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. >> >> Added property "ebpf_rss_fds" for "virtio-net" that allows to >> initialize eBPF RSS context with passed program & maps fds. >> >> Added qemu-ebpf-rss-helper - simple helper that loads eBPF >> context and passes fds through unix socket. >> Libvirt should call the helper and pass fds to qemu through >> "ebpf_rss_fds" property. >> >> Added explicit target OS check for libbpf dependency in meson. >> eBPF RSS works only with Linux TAP, so there is no reason to >> build eBPF loader/helper for non-Linux. >> >> Changed Qemu updates eBPF maps to array mmaping. Mmaping allows >> bypassing unprivileged BPF map update. Also, instead of 3 maps >> (config, key and indirection table) there is one map that >> combines everything. >> >> Added helper stamp. To check that helper was build with qemu, >> qemu would check helper symbols that should contain the stamp. >> It was done similar to qemu modules, but checking was performed >> by the helper's ELF parsing. >> >> Overall, libvirt process should not be aware of the "interface" >> of eBPF RSS, it will not be aware of eBPF maps/program "type" and >> their quantity. That's why qemu and the helper should be from >> the same build and be "synchronized". Technically each qemu may >> have its own helper. That's why "query-helper-paths" qmp command >> was added. Qemu should return the path to the helper that suits >> and libvirt should use "that" helper for "that" emulator. >> >> qmp sample: >> C: { "execute": "query-helper-paths" } >> S: { "return": [ >> { >> "name": "qemu-ebpf-rss-helper", >> "path": "/usr/local/libexec/qemu-ebpf-rss-helper" >> } >> ] >> } >> >> Changes since v1: >> * Mmap() used instead if bpf_map_update_elem(). >> * Added helper stamp. >> >> Andrew Melnychenko (5): >> ebpf: Added eBPF initialization by fds and map update. >> virtio-net: Added property to load eBPF RSS with fds. >> qmp: Added the helper stamp check. >> ebpf_rss_helper: Added helper for eBPF RSS. >> qmp: Added qemu-ebpf-rss-path command. >> >> ebpf/ebpf_rss-stub.c | 6 + >> ebpf/ebpf_rss.c | 120 ++++--- >> ebpf/ebpf_rss.h | 8 +- >> ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ >> ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- >> hw/net/virtio-net.c | 77 ++++- >> include/hw/virtio/virtio-net.h | 1 + >> meson.build | 47 ++- >> monitor/meson.build | 1 + >> monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ >> monitor/qemu-helper-stamp-utils.h | 24 ++ >> monitor/qmp-cmds.c | 32 ++ >> qapi/misc.json | 33 ++ >> tools/ebpf/rss.bpf.c | 67 ++-- >> 14 files changed, 990 insertions(+), 410 deletions(-) >> create mode 100644 ebpf/qemu-ebpf-rss-helper.c >> create mode 100644 monitor/qemu-helper-stamp-utils.c >> create mode 100644 monitor/qemu-helper-stamp-utils.h >> >> -- >> 2.31.1 >>
On Mon, Aug 16, 2021 at 7:58 PM Yuri Benditovich <yuri.benditovich@daynix.com> wrote: > > Jason, > Can you please review the series? WIll do it this week. Thanks > > Thanks, > Yuri > > On Thu, Jul 22, 2021 at 11:38 AM Andrew Melnichenko <andrew@daynix.com> wrote: > > > > ping > > > > On Tue, Jul 13, 2021 at 6:38 PM Andrew Melnychenko <andrew@daynix.com> wrote: > >> > >> Libvirt usually launches qemu with strict permissions. > >> To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > >> > >> Added property "ebpf_rss_fds" for "virtio-net" that allows to > >> initialize eBPF RSS context with passed program & maps fds. > >> > >> Added qemu-ebpf-rss-helper - simple helper that loads eBPF > >> context and passes fds through unix socket. > >> Libvirt should call the helper and pass fds to qemu through > >> "ebpf_rss_fds" property. > >> > >> Added explicit target OS check for libbpf dependency in meson. > >> eBPF RSS works only with Linux TAP, so there is no reason to > >> build eBPF loader/helper for non-Linux. > >> > >> Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > >> bypassing unprivileged BPF map update. Also, instead of 3 maps > >> (config, key and indirection table) there is one map that > >> combines everything. > >> > >> Added helper stamp. To check that helper was build with qemu, > >> qemu would check helper symbols that should contain the stamp. > >> It was done similar to qemu modules, but checking was performed > >> by the helper's ELF parsing. > >> > >> Overall, libvirt process should not be aware of the "interface" > >> of eBPF RSS, it will not be aware of eBPF maps/program "type" and > >> their quantity. That's why qemu and the helper should be from > >> the same build and be "synchronized". Technically each qemu may > >> have its own helper. That's why "query-helper-paths" qmp command > >> was added. Qemu should return the path to the helper that suits > >> and libvirt should use "that" helper for "that" emulator. > >> > >> qmp sample: > >> C: { "execute": "query-helper-paths" } > >> S: { "return": [ > >> { > >> "name": "qemu-ebpf-rss-helper", > >> "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > >> } > >> ] > >> } > >> > >> Changes since v1: > >> * Mmap() used instead if bpf_map_update_elem(). > >> * Added helper stamp. > >> > >> Andrew Melnychenko (5): > >> ebpf: Added eBPF initialization by fds and map update. > >> virtio-net: Added property to load eBPF RSS with fds. > >> qmp: Added the helper stamp check. > >> ebpf_rss_helper: Added helper for eBPF RSS. > >> qmp: Added qemu-ebpf-rss-path command. > >> > >> ebpf/ebpf_rss-stub.c | 6 + > >> ebpf/ebpf_rss.c | 120 ++++--- > >> ebpf/ebpf_rss.h | 8 +- > >> ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > >> ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > >> hw/net/virtio-net.c | 77 ++++- > >> include/hw/virtio/virtio-net.h | 1 + > >> meson.build | 47 ++- > >> monitor/meson.build | 1 + > >> monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > >> monitor/qemu-helper-stamp-utils.h | 24 ++ > >> monitor/qmp-cmds.c | 32 ++ > >> qapi/misc.json | 33 ++ > >> tools/ebpf/rss.bpf.c | 67 ++-- > >> 14 files changed, 990 insertions(+), 410 deletions(-) > >> create mode 100644 ebpf/qemu-ebpf-rss-helper.c > >> create mode 100644 monitor/qemu-helper-stamp-utils.c > >> create mode 100644 monitor/qemu-helper-stamp-utils.h > >> > >> -- > >> 2.31.1 > >> >
在 2021/7/13 下午11:37, Andrew Melnychenko 写道: > Libvirt usually launches qemu with strict permissions. > To enable eBPF RSS steering, qemu-ebpf-rss-helper was added. > > Added property "ebpf_rss_fds" for "virtio-net" that allows to > initialize eBPF RSS context with passed program & maps fds. > > Added qemu-ebpf-rss-helper - simple helper that loads eBPF > context and passes fds through unix socket. > Libvirt should call the helper and pass fds to qemu through > "ebpf_rss_fds" property. > > Added explicit target OS check for libbpf dependency in meson. > eBPF RSS works only with Linux TAP, so there is no reason to > build eBPF loader/helper for non-Linux. > > Changed Qemu updates eBPF maps to array mmaping. Mmaping allows > bypassing unprivileged BPF map update. Also, instead of 3 maps > (config, key and indirection table) there is one map that > combines everything. > > Added helper stamp. To check that helper was build with qemu, > qemu would check helper symbols that should contain the stamp. > It was done similar to qemu modules, but checking was performed > by the helper's ELF parsing. > > Overall, libvirt process should not be aware of the "interface" > of eBPF RSS, it will not be aware of eBPF maps/program "type" and > their quantity. That's why qemu and the helper should be from > the same build and be "synchronized". Technically each qemu may > have its own helper. That's why "query-helper-paths" qmp command > was added. Qemu should return the path to the helper that suits > and libvirt should use "that" helper for "that" emulator. > > qmp sample: > C: { "execute": "query-helper-paths" } > S: { "return": [ > { > "name": "qemu-ebpf-rss-helper", > "path": "/usr/local/libexec/qemu-ebpf-rss-helper" > } > ] > } > > Changes since v1: > * Mmap() used instead if bpf_map_update_elem(). Some questions: 1) Is the mmap() part a stable ABI? 2) Is there a change that we may use other kinds of bpf map that can be mmaped? 3) What's the advantages of using bpf mmap() over the rx-filter-event? Thanks > * Added helper stamp. > > Andrew Melnychenko (5): > ebpf: Added eBPF initialization by fds and map update. > virtio-net: Added property to load eBPF RSS with fds. > qmp: Added the helper stamp check. > ebpf_rss_helper: Added helper for eBPF RSS. > qmp: Added qemu-ebpf-rss-path command. > > ebpf/ebpf_rss-stub.c | 6 + > ebpf/ebpf_rss.c | 120 ++++--- > ebpf/ebpf_rss.h | 8 +- > ebpf/qemu-ebpf-rss-helper.c | 130 +++++++ > ebpf/rss.bpf.skeleton.h | 557 +++++++++++++++--------------- > hw/net/virtio-net.c | 77 ++++- > include/hw/virtio/virtio-net.h | 1 + > meson.build | 47 ++- > monitor/meson.build | 1 + > monitor/qemu-helper-stamp-utils.c | 297 ++++++++++++++++ > monitor/qemu-helper-stamp-utils.h | 24 ++ > monitor/qmp-cmds.c | 32 ++ > qapi/misc.json | 33 ++ > tools/ebpf/rss.bpf.c | 67 ++-- > 14 files changed, 990 insertions(+), 410 deletions(-) > create mode 100644 ebpf/qemu-ebpf-rss-helper.c > create mode 100644 monitor/qemu-helper-stamp-utils.c > create mode 100644 monitor/qemu-helper-stamp-utils.h >