Skip to content

libbpf: Add bpf_prog_clone for individual program loading#11035

Open
kernel-patches-daemon-bpf[bot] wants to merge 2 commits intobpf-next_basefrom
series/1053330=>bpf-next
Open

libbpf: Add bpf_prog_clone for individual program loading#11035
kernel-patches-daemon-bpf[bot] wants to merge 2 commits intobpf-next_basefrom
series/1053330=>bpf-next

Conversation

@kernel-patches-daemon-bpf
Copy link

@kernel-patches-daemon-bpf kernel-patches-daemon-bpf bot commented Feb 12, 2026

Pull request for series with
subject: libbpf: Add bpf_prog_clone for individual program loading
version: 1
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Upstream branch: 4475cda
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Upstream branch: 19de32d
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-review-bot
Copy link

kernel-patches-review-bot bot commented Feb 12, 2026 

commit d6e7dcb7bdcb8ab7d01b5f2477b42b88bc56d91d
Author: Mykyta Yatsenko <yatsenko@meta.com>

libbpf: Introduce bpf_prog_clone()

This commit adds a new bpf_prog_clone() API that loads a single BPF program
from a prepared BPF object into the kernel. It creates temporary copies of
program-containing maps to avoid owner compatibility conflicts.

> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 0c8bf0b5cce4..b2d8277a3ef0 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c

[ ... ]

> +static int clone_prog_maps(struct bpf_object *obj, struct bpf_insn *insns,
> +			   size_t insns_cnt, int *temp_fds)
> +{
> +	int i, j, old_fd, new_fd, num_fds = 0;
> +
> +	for (i = 0; i < obj->nr_maps; i++) {
> +		struct bpf_map *map = &obj->maps[i];
> +
> +		if (!map_type_contains_progs(map->def.type))
> +			continue;
> +
> +		old_fd = map->fd;
> +		if (old_fd < 0)
> +			continue;
> +
> +		new_fd = bpf_map_create(map->def.type, map->name,
> +					map->def.key_size, map->def.value_size,
> +					map->def.max_entries, NULL);
> +		if (new_fd < 0)
> +			return -errno;

If bpf_map_create() fails here after successfully creating one or more maps
in previous iterations, the file descriptors stored in temp_fds[] are never
closed. Would it make sense to close temp_fds[0..num_fds-1] before returning
-errno?

> +
> +		for (j = 0; j < insns_cnt; j++) {

[ ... ]

> +		}
> +
> +		temp_fds[num_fds++] = new_fd;
> +	}
> +
> +	return num_fds;
> +}

[ ... ]

AI reviewed your patch. Please fix the bug or email reply why it's not a bug.
See: https://github.com/kernel-patches/vmtest/blob/master/ci/claude/README.md

In-Reply-To-Subject: libbpf: Introduce bpf_prog_clone()
CI run summary: https://github.com/kernel-patches/bpf/actions/runs/21929204831

AI-authorship-score: low
AI-authorship-explanation: The code follows established libbpf patterns, uses domain-appropriate terminology, and lacks typical AI generation artifacts; appears to be human-authored.
issues-found: 1
issue-severity-score: low
issue-severity-explanation: File descriptor leak in clone_prog_maps() on partial failure is a resource leak with low severity since it only occurs under unusual error conditions.

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Forwarding comment 3888110456 via email
In-Reply-To: 20260212-veristat_prepare-v1-1-c351023fb0db@meta.com
Patch: https://patchwork.kernel.org/project/netdevbpf/patch/20260212-veristat_prepare-v1-1-c351023fb0db@meta.com/

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Upstream branch: a86c608
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Upstream branch: a86c608
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 12, 2026

Upstream branch: a86c608
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 13, 2026

Upstream branch: 561085f
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 13, 2026

Upstream branch: f632de6
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

@mykyta5
libbpf: Introduce bpf_prog_clone()
4727d23 
Add bpf_prog_clone() API that loads a single BPF program from a
prepared BPF object into the kernel, returning a file descriptor owned
by the caller.

After bpf_object__prepare(), callers can use bpf_prog_clone() to load
individual programs with custom bpf_prog_load_opts, instead of loading
all programs at once via bpf_object__load(). Non-zero fields in opts
override the defaults derived from the program and object internals;
passing NULL opts populates everything automatically.

Internally, bpf_prog_clone() resolves BTF-based attach targets
(attach_btf_id, attach_btf_obj_fd) and the sleepable flag, fills
func/line info, fd_array, license, and kern_version from the
prepared object before calling bpf_prog_load().

Program-containing maps (PROG_ARRAY, DEVMAP, CPUMAP) track the owner
program type in the kernel. When loading programs with different
attributes (e.g. sleepable vs non-sleepable) from the same prepared
object, the shared map would reject incompatible programs. To handle
this, bpf_prog_clone() creates temporary copies of program-containing
maps for each load and patches the instruction references, so each
program gets a fresh map without owner conflicts.

Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
@mykyta5
selftests/bpf: Use bpf_prog_clone() in veristat
9d06fa6 
Replace veristat's per-program object re-opening with bpf_prog_clone().

Previously, veristat opened a separate bpf_object for every program in a
multi-program object file, iterated all programs to enable only the
target one, and then loaded the entire object.

Use bpf_object__prepare() once, then call bpf_prog_clone() for each
program individually. This lets veristat load programs one at a time from
a single prepared object.

The caller now owns the returned fd and closes it after collecting stats.
Remove the special single-program fast path and the per-file early exit
in handle_verif_mode() so all files are always processed.

Split fixup_obj() into fixup_obj_maps() for object-wide map fixups that
must run before bpf_object__prepare(), and fixup_obj() for per-program
fixups (struct_ops masking, freplace type guessing) that run before each
bpf_prog_clone() call.

Signed-off-by: Mykyta Yatsenko <yatsenko@meta.com>
@kernel-patches-daemon-bpf
Copy link
Author

kernel-patches-daemon-bpf bot commented Feb 13, 2026

Upstream branch: 4c51f90
series: https://patchwork.kernel.org/project/netdevbpf/list/?series=1053330
version: 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bpf-next new V1-ci-pass V1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mykyta5