bpf: split eBPF out of NET

introduce two configs: - hidden CONFIG_BPF to select eBPF interpreter that classic socket filters depend on - visible CONFIG_BPF_SYSCALL (default off) that tracing and sockets can use that solves several problems: - tracing and others that wish to use eBPF don't need to depend on NET. They can use BPF_SYSCALL to allow loading from userspace or select BPF to use it directly from kernel in NET-less configs. - in 3.18 programs cannot be attached to events yet, so don't force it on - when the rest of eBPF infra is there in 3.19+, it's still useful to switch it off to minimize kernel size bloat-o-meter on x64 shows: add/remove: 0/60 grow/shrink: 0/2 up/down: 0/-15601 (-15601) tested with many different config combinations. Hopefully didn't miss anything. Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexei Starovoitov <ast@plumgrid.com> 2014-10-23 21:41:08 -0400
committer: David S. Miller <davem@davemloft.net> 2014-10-27 19:09:59 -0400
commit: f89b7755f517cdbb755d7543eef986ee9d54e654 (patch)
tree: bf491bea6418b0442900d864237e0028f7c35162
parent: 8ae3c911b9efcca653c552a9c74957a6cb04a87d (diff)
5 files changed, 28 insertions, 5 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 3ee28ae02cc8..2081a4d3d917 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -1341,6 +1341,10 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
 config HAVE_PCSPKR_PLATFORM
        bool
+# interpreter that classic socket filters depend on
+config BPF
+        bool
 menuconfig EXPERT
        bool "Configure standard kernel features (expert users)"
        # Unhide debug options, to make the on-by-default options visible
@@ -1521,6 +1525,16 @@ config EVENTFD
          If unsure, say Y.
+# syscall, maps, verifier
+config BPF_SYSCALL
+        bool "Enable bpf() system call" if EXPERT
+        select ANON_INODES
+        select BPF
+        default n
+        help
+          Enable the bpf() system call that allows to manipulate eBPF
+          programs and maps via file descriptors.
 config SHMEM
        bool "Use full shmem filesystem" if EXPERT
        default y
diff --git a/kernel/Makefile b/kernel/Makefile
index dc5c77544fd6..17ea6d4a9a24 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -86,7 +86,7 @@ obj-$(CONFIG_RING_BUFFER) += trace/
 obj-$(CONFIG_TRACEPOINTS) += trace/
 obj-$(CONFIG_IRQ_WORK) += irq_work.o
 obj-$(CONFIG_CPU_PM) += cpu_pm.o
-obj-$(CONFIG_NET) += bpf/
+obj-$(CONFIG_BPF) += bpf/
 obj-$(CONFIG_PERF_EVENTS) += events/
diff --git a/kernel/bpf/Makefile b/kernel/bpf/Makefile
index 45427239f375..0daf7f6ae7df 100644
--- a/kernel/bpf/Makefile
+++ b/kernel/bpf/Makefile
@@ -1,5 +1,5 @@
-obj-y := core.o syscall.o verifier.o
+obj-y := core.o
+obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o
 ifdef CONFIG_TEST_BPF
-obj-y += test_stub.o
+obj-$(CONFIG_BPF_SYSCALL) += test_stub.o
 endif
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
index f0c30c59b317..d6594e457a25 100644
--- a/kernel/bpf/core.c
+++ b/kernel/bpf/core.c
@@ -655,3 +655,12 @@ void bpf_prog_free(struct bpf_prog *fp)
        schedule_work(&aux->work);
 }
 EXPORT_SYMBOL_GPL(bpf_prog_free);
+/* To execute LD_ABS/LD_IND instructions __bpf_prog_run() may call
+ * skb_copy_bits(), so provide a weak definition of it for NET-less config.
+ */
+int __weak skb_copy_bits(const struct sk_buff *skb, int offset, void *to,
+                         int len)
+{
+        return -EFAULT;
+}
diff --git a/net/Kconfig b/net/Kconfig
index 6272420a721b..99815b5454bf 100644
--- a/net/Kconfig
+++ b/net/Kconfig
@@ -6,7 +6,7 @@ menuconfig NET
        bool "Networking support"
        select NLATTR
        select GENERIC_NET_UTILS
-        select ANON_INODES
+        select BPF
        ---help---
          Unless you really know what you are doing, you should say Y here.
          The reason is that some programs need kernel networking support even
author	Alexei Starovoitov <ast@plumgrid.com>	2014-10-23 21:41:08 -0400
committer	David S. Miller <davem@davemloft.net>	2014-10-27 19:09:59 -0400
commit	f89b7755f517cdbb755d7543eef986ee9d54e654 (patch)
tree	bf491bea6418b0442900d864237e0028f7c35162
parent	8ae3c911b9efcca653c552a9c74957a6cb04a87d (diff)

diff --git a/init/Kconfig b/init/Kconfig index 3ee28ae02cc8..2081a4d3d917 100644 --- a/init/Kconfig +++ b/init/Kconfig
@@ -1341,6 +1341,10 @@ config SYSCTL_ARCH_UNALIGN_ALLOW
1341	config HAVE_PCSPKR_PLATFORM	1341	config HAVE_PCSPKR_PLATFORM
1342	bool	1342	bool
1343		1343
		1344	# interpreter that classic socket filters depend on
		1345	config BPF
		1346	bool
		1347
1344	menuconfig EXPERT	1348	menuconfig EXPERT
1345	bool "Configure standard kernel features (expert users)"	1349	bool "Configure standard kernel features (expert users)"
1346	# Unhide debug options, to make the on-by-default options visible	1350	# Unhide debug options, to make the on-by-default options visible
@@ -1521,6 +1525,16 @@ config EVENTFD
1521		1525
1522	If unsure, say Y.	1526	If unsure, say Y.
1523		1527
		1528	# syscall, maps, verifier
		1529	config BPF_SYSCALL
		1530	bool "Enable bpf() system call" if EXPERT
		1531	select ANON_INODES
		1532	select BPF
		1533	default n
		1534	help
		1535	Enable the bpf() system call that allows to manipulate eBPF
		1536	programs and maps via file descriptors.
		1537
1524	config SHMEM	1538	config SHMEM
1525	bool "Use full shmem filesystem" if EXPERT	1539	bool "Use full shmem filesystem" if EXPERT
1526	default y	1540	default y


diff --git a/kernel/Makefile b/kernel/Makefile index dc5c77544fd6..17ea6d4a9a24 100644 --- a/kernel/Makefile +++ b/kernel/Makefile
@@ -86,7 +86,7 @@ obj-$(CONFIG_RING_BUFFER) += trace/
86	obj-$(CONFIG_TRACEPOINTS) += trace/	86	obj-$(CONFIG_TRACEPOINTS) += trace/
87	obj-$(CONFIG_IRQ_WORK) += irq_work.o	87	obj-$(CONFIG_IRQ_WORK) += irq_work.o
88	obj-$(CONFIG_CPU_PM) += cpu_pm.o	88	obj-$(CONFIG_CPU_PM) += cpu_pm.o
89	obj-$(CONFIG_NET) += bpf/	89	obj-$(CONFIG_BPF) += bpf/
90		90
91	obj-$(CONFIG_PERF_EVENTS) += events/	91	obj-$(CONFIG_PERF_EVENTS) += events/
92		92


diff --git a/kernel/bpf/Makefile b/kernel/bpf/Makefile index 45427239f375..0daf7f6ae7df 100644 --- a/kernel/bpf/Makefile +++ b/kernel/bpf/Makefile
@@ -1,5 +1,5 @@
1	obj-y := core.o syscall.o verifier.o	1	obj-y := core.o
2		2	obj-$(CONFIG_BPF_SYSCALL) += syscall.o verifier.o
3	ifdef CONFIG_TEST_BPF	3	ifdef CONFIG_TEST_BPF
4	obj-y += test_stub.o	4	obj-$(CONFIG_BPF_SYSCALL) += test_stub.o
5	endif	5	endif


diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c index f0c30c59b317..d6594e457a25 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c
@@ -655,3 +655,12 @@ void bpf_prog_free(struct bpf_prog *fp)
655	schedule_work(&aux->work);	655	schedule_work(&aux->work);
656	}	656	}
657	EXPORT_SYMBOL_GPL(bpf_prog_free);	657	EXPORT_SYMBOL_GPL(bpf_prog_free);
		658
		659	/* To execute LD_ABS/LD_IND instructions __bpf_prog_run() may call
		660	* skb_copy_bits(), so provide a weak definition of it for NET-less config.
		661	*/
		662	int __weak skb_copy_bits(const struct sk_buff skb, int offset, void to,
		663	int len)
		664	{
		665	return -EFAULT;
		666	}


diff --git a/net/Kconfig b/net/Kconfig index 6272420a721b..99815b5454bf 100644 --- a/net/Kconfig +++ b/net/Kconfig
@@ -6,7 +6,7 @@ menuconfig NET
6	bool "Networking support"	6	bool "Networking support"
7	select NLATTR	7	select NLATTR
8	select GENERIC_NET_UTILS	8	select GENERIC_NET_UTILS
9	select ANON_INODES	9	select BPF
10	---help---	10	---help---
11	Unless you really know what you are doing, you should say Y here.	11	Unless you really know what you are doing, you should say Y here.
12	The reason is that some programs need kernel networking support even	12	The reason is that some programs need kernel networking support even