2 * Copyright (C) 2017-2018 Netronome Systems, Inc.
4 * This software is licensed under the GNU General License Version 2,
5 * June 1991 as shown in the file COPYING in the top-level directory of this
8 * THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
9 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
10 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
12 * OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME
13 * THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16 #include <linux/bpf.h>
17 #include <linux/bpf_verifier.h>
18 #include <linux/bug.h>
19 #include <linux/kdev_t.h>
20 #include <linux/list.h>
21 #include <linux/lockdep.h>
22 #include <linux/netdevice.h>
23 #include <linux/printk.h>
24 #include <linux/proc_ns.h>
25 #include <linux/rhashtable.h>
26 #include <linux/rtnetlink.h>
27 #include <linux/rwsem.h>
29 /* Protects offdevs, members of bpf_offload_netdev and offload members
31 * RTNL lock cannot be taken when holding this lock.
33 static DECLARE_RWSEM(bpf_devs_lock);
35 struct bpf_offload_dev {
36 struct list_head netdevs;
39 struct bpf_offload_netdev {
41 struct net_device *netdev;
42 struct bpf_offload_dev *offdev;
43 struct list_head progs;
44 struct list_head maps;
45 struct list_head offdev_netdevs;
48 static const struct rhashtable_params offdevs_params = {
50 .key_len = sizeof(struct net_device *),
51 .key_offset = offsetof(struct bpf_offload_netdev, netdev),
52 .head_offset = offsetof(struct bpf_offload_netdev, l),
53 .automatic_shrinking = true,
56 static struct rhashtable offdevs;
57 static bool offdevs_inited;
59 static int bpf_dev_offload_check(struct net_device *netdev)
63 if (!netdev->netdev_ops->ndo_bpf)
68 static struct bpf_offload_netdev *
69 bpf_offload_find_netdev(struct net_device *netdev)
71 lockdep_assert_held(&bpf_devs_lock);
75 return rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
78 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr)
80 struct bpf_offload_netdev *ondev;
81 struct bpf_prog_offload *offload;
84 if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
85 attr->prog_type != BPF_PROG_TYPE_XDP)
91 offload = kzalloc(sizeof(*offload), GFP_USER);
97 offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
99 err = bpf_dev_offload_check(offload->netdev);
103 down_write(&bpf_devs_lock);
104 ondev = bpf_offload_find_netdev(offload->netdev);
109 prog->aux->offload = offload;
110 list_add_tail(&offload->offloads, &ondev->progs);
111 dev_put(offload->netdev);
112 up_write(&bpf_devs_lock);
116 up_write(&bpf_devs_lock);
119 dev_put(offload->netdev);
124 static int __bpf_offload_ndo(struct bpf_prog *prog, enum bpf_netdev_command cmd,
125 struct netdev_bpf *data)
127 struct bpf_prog_offload *offload = prog->aux->offload;
128 struct net_device *netdev;
134 netdev = offload->netdev;
138 return netdev->netdev_ops->ndo_bpf(netdev, data);
141 int bpf_prog_offload_verifier_prep(struct bpf_verifier_env *env)
143 struct netdev_bpf data = {};
146 data.verifier.prog = env->prog;
149 err = __bpf_offload_ndo(env->prog, BPF_OFFLOAD_VERIFIER_PREP, &data);
153 env->prog->aux->offload->dev_ops = data.verifier.ops;
154 env->prog->aux->offload->dev_state = true;
160 int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env,
161 int insn_idx, int prev_insn_idx)
163 struct bpf_prog_offload *offload;
166 down_read(&bpf_devs_lock);
167 offload = env->prog->aux->offload;
169 ret = offload->dev_ops->insn_hook(env, insn_idx, prev_insn_idx);
170 up_read(&bpf_devs_lock);
175 static void __bpf_prog_offload_destroy(struct bpf_prog *prog)
177 struct bpf_prog_offload *offload = prog->aux->offload;
178 struct netdev_bpf data = {};
180 data.offload.prog = prog;
182 if (offload->dev_state)
183 WARN_ON(__bpf_offload_ndo(prog, BPF_OFFLOAD_DESTROY, &data));
185 /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
186 bpf_prog_free_id(prog, true);
188 list_del_init(&offload->offloads);
190 prog->aux->offload = NULL;
193 void bpf_prog_offload_destroy(struct bpf_prog *prog)
196 down_write(&bpf_devs_lock);
197 if (prog->aux->offload)
198 __bpf_prog_offload_destroy(prog);
199 up_write(&bpf_devs_lock);
203 static int bpf_prog_offload_translate(struct bpf_prog *prog)
205 struct netdev_bpf data = {};
208 data.offload.prog = prog;
211 ret = __bpf_offload_ndo(prog, BPF_OFFLOAD_TRANSLATE, &data);
217 static unsigned int bpf_prog_warn_on_exec(const void *ctx,
218 const struct bpf_insn *insn)
220 WARN(1, "attempt to execute device eBPF program on the host!");
224 int bpf_prog_offload_compile(struct bpf_prog *prog)
226 prog->bpf_func = bpf_prog_warn_on_exec;
228 return bpf_prog_offload_translate(prog);
231 struct ns_get_path_bpf_prog_args {
232 struct bpf_prog *prog;
233 struct bpf_prog_info *info;
236 static struct ns_common *bpf_prog_offload_info_fill_ns(void *private_data)
238 struct ns_get_path_bpf_prog_args *args = private_data;
239 struct bpf_prog_aux *aux = args->prog->aux;
240 struct ns_common *ns;
244 down_read(&bpf_devs_lock);
247 args->info->ifindex = aux->offload->netdev->ifindex;
248 net = dev_net(aux->offload->netdev);
252 args->info->ifindex = 0;
256 up_read(&bpf_devs_lock);
262 int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
263 struct bpf_prog *prog)
265 struct ns_get_path_bpf_prog_args args = {
269 struct bpf_prog_aux *aux = prog->aux;
270 struct inode *ns_inode;
276 res = ns_get_path_cb(&ns_path, bpf_prog_offload_info_fill_ns, &args);
283 down_read(&bpf_devs_lock);
286 up_read(&bpf_devs_lock);
290 ulen = info->jited_prog_len;
291 info->jited_prog_len = aux->offload->jited_len;
292 if (info->jited_prog_len && ulen) {
293 uinsns = u64_to_user_ptr(info->jited_prog_insns);
294 ulen = min_t(u32, info->jited_prog_len, ulen);
295 if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
296 up_read(&bpf_devs_lock);
301 up_read(&bpf_devs_lock);
303 ns_inode = ns_path.dentry->d_inode;
304 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
305 info->netns_ino = ns_inode->i_ino;
311 const struct bpf_prog_ops bpf_offload_prog_ops = {
314 static int bpf_map_offload_ndo(struct bpf_offloaded_map *offmap,
315 enum bpf_netdev_command cmd)
317 struct netdev_bpf data = {};
318 struct net_device *netdev;
323 data.offmap = offmap;
324 /* Caller must make sure netdev is valid */
325 netdev = offmap->netdev;
327 return netdev->netdev_ops->ndo_bpf(netdev, &data);
330 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr)
332 struct net *net = current->nsproxy->net_ns;
333 struct bpf_offload_netdev *ondev;
334 struct bpf_offloaded_map *offmap;
337 if (!capable(CAP_SYS_ADMIN))
338 return ERR_PTR(-EPERM);
339 if (attr->map_type != BPF_MAP_TYPE_ARRAY &&
340 attr->map_type != BPF_MAP_TYPE_HASH)
341 return ERR_PTR(-EINVAL);
343 offmap = kzalloc(sizeof(*offmap), GFP_USER);
345 return ERR_PTR(-ENOMEM);
347 bpf_map_init_from_attr(&offmap->map, attr);
350 down_write(&bpf_devs_lock);
351 offmap->netdev = __dev_get_by_index(net, attr->map_ifindex);
352 err = bpf_dev_offload_check(offmap->netdev);
356 ondev = bpf_offload_find_netdev(offmap->netdev);
362 err = bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_ALLOC);
366 list_add_tail(&offmap->offloads, &ondev->maps);
367 up_write(&bpf_devs_lock);
373 up_write(&bpf_devs_lock);
379 static void __bpf_map_offload_destroy(struct bpf_offloaded_map *offmap)
381 WARN_ON(bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_FREE));
382 /* Make sure BPF_MAP_GET_NEXT_ID can't find this dead map */
383 bpf_map_free_id(&offmap->map, true);
384 list_del_init(&offmap->offloads);
385 offmap->netdev = NULL;
388 void bpf_map_offload_map_free(struct bpf_map *map)
390 struct bpf_offloaded_map *offmap = map_to_offmap(map);
393 down_write(&bpf_devs_lock);
395 __bpf_map_offload_destroy(offmap);
396 up_write(&bpf_devs_lock);
402 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value)
404 struct bpf_offloaded_map *offmap = map_to_offmap(map);
407 down_read(&bpf_devs_lock);
409 ret = offmap->dev_ops->map_lookup_elem(offmap, key, value);
410 up_read(&bpf_devs_lock);
415 int bpf_map_offload_update_elem(struct bpf_map *map,
416 void *key, void *value, u64 flags)
418 struct bpf_offloaded_map *offmap = map_to_offmap(map);
421 if (unlikely(flags > BPF_EXIST))
424 down_read(&bpf_devs_lock);
426 ret = offmap->dev_ops->map_update_elem(offmap, key, value,
428 up_read(&bpf_devs_lock);
433 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key)
435 struct bpf_offloaded_map *offmap = map_to_offmap(map);
438 down_read(&bpf_devs_lock);
440 ret = offmap->dev_ops->map_delete_elem(offmap, key);
441 up_read(&bpf_devs_lock);
446 int bpf_map_offload_get_next_key(struct bpf_map *map, void *key, void *next_key)
448 struct bpf_offloaded_map *offmap = map_to_offmap(map);
451 down_read(&bpf_devs_lock);
453 ret = offmap->dev_ops->map_get_next_key(offmap, key, next_key);
454 up_read(&bpf_devs_lock);
459 struct ns_get_path_bpf_map_args {
460 struct bpf_offloaded_map *offmap;
461 struct bpf_map_info *info;
464 static struct ns_common *bpf_map_offload_info_fill_ns(void *private_data)
466 struct ns_get_path_bpf_map_args *args = private_data;
467 struct ns_common *ns;
471 down_read(&bpf_devs_lock);
473 if (args->offmap->netdev) {
474 args->info->ifindex = args->offmap->netdev->ifindex;
475 net = dev_net(args->offmap->netdev);
479 args->info->ifindex = 0;
483 up_read(&bpf_devs_lock);
489 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map)
491 struct ns_get_path_bpf_map_args args = {
492 .offmap = map_to_offmap(map),
495 struct inode *ns_inode;
499 res = ns_get_path_cb(&ns_path, bpf_map_offload_info_fill_ns, &args);
506 ns_inode = ns_path.dentry->d_inode;
507 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
508 info->netns_ino = ns_inode->i_ino;
514 static bool __bpf_offload_dev_match(struct bpf_prog *prog,
515 struct net_device *netdev)
517 struct bpf_offload_netdev *ondev1, *ondev2;
518 struct bpf_prog_offload *offload;
520 if (!bpf_prog_is_dev_bound(prog->aux))
523 offload = prog->aux->offload;
526 if (offload->netdev == netdev)
529 ondev1 = bpf_offload_find_netdev(offload->netdev);
530 ondev2 = bpf_offload_find_netdev(netdev);
532 return ondev1 && ondev2 && ondev1->offdev == ondev2->offdev;
535 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev)
539 down_read(&bpf_devs_lock);
540 ret = __bpf_offload_dev_match(prog, netdev);
541 up_read(&bpf_devs_lock);
545 EXPORT_SYMBOL_GPL(bpf_offload_dev_match);
547 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map)
549 struct bpf_offloaded_map *offmap;
552 if (!bpf_map_is_dev_bound(map))
553 return bpf_map_offload_neutral(map);
554 offmap = map_to_offmap(map);
556 down_read(&bpf_devs_lock);
557 ret = __bpf_offload_dev_match(prog, offmap->netdev);
558 up_read(&bpf_devs_lock);
563 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev,
564 struct net_device *netdev)
566 struct bpf_offload_netdev *ondev;
569 ondev = kzalloc(sizeof(*ondev), GFP_KERNEL);
573 ondev->netdev = netdev;
574 ondev->offdev = offdev;
575 INIT_LIST_HEAD(&ondev->progs);
576 INIT_LIST_HEAD(&ondev->maps);
578 down_write(&bpf_devs_lock);
579 err = rhashtable_insert_fast(&offdevs, &ondev->l, offdevs_params);
581 netdev_warn(netdev, "failed to register for BPF offload\n");
582 goto err_unlock_free;
585 list_add(&ondev->offdev_netdevs, &offdev->netdevs);
586 up_write(&bpf_devs_lock);
590 up_write(&bpf_devs_lock);
594 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_register);
596 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
597 struct net_device *netdev)
599 struct bpf_offload_netdev *ondev, *altdev;
600 struct bpf_offloaded_map *offmap, *mtmp;
601 struct bpf_prog_offload *offload, *ptmp;
605 down_write(&bpf_devs_lock);
606 ondev = rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
610 WARN_ON(rhashtable_remove_fast(&offdevs, &ondev->l, offdevs_params));
611 list_del(&ondev->offdev_netdevs);
613 /* Try to move the objects to another netdev of the device */
614 altdev = list_first_entry_or_null(&offdev->netdevs,
615 struct bpf_offload_netdev,
618 list_for_each_entry(offload, &ondev->progs, offloads)
619 offload->netdev = altdev->netdev;
620 list_splice_init(&ondev->progs, &altdev->progs);
622 list_for_each_entry(offmap, &ondev->maps, offloads)
623 offmap->netdev = altdev->netdev;
624 list_splice_init(&ondev->maps, &altdev->maps);
626 list_for_each_entry_safe(offload, ptmp, &ondev->progs, offloads)
627 __bpf_prog_offload_destroy(offload->prog);
628 list_for_each_entry_safe(offmap, mtmp, &ondev->maps, offloads)
629 __bpf_map_offload_destroy(offmap);
632 WARN_ON(!list_empty(&ondev->progs));
633 WARN_ON(!list_empty(&ondev->maps));
636 up_write(&bpf_devs_lock);
638 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_unregister);
640 struct bpf_offload_dev *bpf_offload_dev_create(void)
642 struct bpf_offload_dev *offdev;
645 down_write(&bpf_devs_lock);
646 if (!offdevs_inited) {
647 err = rhashtable_init(&offdevs, &offdevs_params);
649 up_write(&bpf_devs_lock);
652 offdevs_inited = true;
654 up_write(&bpf_devs_lock);
656 offdev = kzalloc(sizeof(*offdev), GFP_KERNEL);
658 return ERR_PTR(-ENOMEM);
660 INIT_LIST_HEAD(&offdev->netdevs);
664 EXPORT_SYMBOL_GPL(bpf_offload_dev_create);
666 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev)
668 WARN_ON(!list_empty(&offdev->netdevs));
671 EXPORT_SYMBOL_GPL(bpf_offload_dev_destroy);
projects / releases.git / blob