2 * Copyright (C) 2017-2018 Netronome Systems, Inc.
4 * This software is licensed under the GNU General License Version 2,
5 * June 1991 as shown in the file COPYING in the top-level directory of this
8 * THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
9 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
10 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
12 * OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME
13 * THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16 #include <linux/bpf.h>
17 #include <linux/bpf_verifier.h>
18 #include <linux/bug.h>
19 #include <linux/kdev_t.h>
20 #include <linux/list.h>
21 #include <linux/lockdep.h>
22 #include <linux/netdevice.h>
23 #include <linux/printk.h>
24 #include <linux/proc_ns.h>
25 #include <linux/rhashtable.h>
26 #include <linux/rtnetlink.h>
27 #include <linux/rwsem.h>
29 /* Protects offdevs, members of bpf_offload_netdev and offload members
31 * RTNL lock cannot be taken when holding this lock.
33 static DECLARE_RWSEM(bpf_devs_lock);
35 struct bpf_offload_dev {
36 struct list_head netdevs;
39 struct bpf_offload_netdev {
41 struct net_device *netdev;
42 struct bpf_offload_dev *offdev;
43 struct list_head progs;
44 struct list_head maps;
45 struct list_head offdev_netdevs;
48 static const struct rhashtable_params offdevs_params = {
50 .key_len = sizeof(struct net_device *),
51 .key_offset = offsetof(struct bpf_offload_netdev, netdev),
52 .head_offset = offsetof(struct bpf_offload_netdev, l),
53 .automatic_shrinking = true,
56 static struct rhashtable offdevs;
57 static bool offdevs_inited;
59 static int bpf_dev_offload_check(struct net_device *netdev)
63 if (!netdev->netdev_ops->ndo_bpf)
68 static struct bpf_offload_netdev *
69 bpf_offload_find_netdev(struct net_device *netdev)
71 lockdep_assert_held(&bpf_devs_lock);
75 return rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
78 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr)
80 struct bpf_offload_netdev *ondev;
81 struct bpf_prog_offload *offload;
84 if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
85 attr->prog_type != BPF_PROG_TYPE_XDP)
91 offload = kzalloc(sizeof(*offload), GFP_USER);
97 offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
99 err = bpf_dev_offload_check(offload->netdev);
103 down_write(&bpf_devs_lock);
104 ondev = bpf_offload_find_netdev(offload->netdev);
109 prog->aux->offload = offload;
110 list_add_tail(&offload->offloads, &ondev->progs);
111 dev_put(offload->netdev);
112 up_write(&bpf_devs_lock);
116 up_write(&bpf_devs_lock);
119 dev_put(offload->netdev);
124 static int __bpf_offload_ndo(struct bpf_prog *prog, enum bpf_netdev_command cmd,
125 struct netdev_bpf *data)
127 struct bpf_prog_offload *offload = prog->aux->offload;
128 struct net_device *netdev;
134 netdev = offload->netdev;
138 return netdev->netdev_ops->ndo_bpf(netdev, data);
141 int bpf_prog_offload_verifier_prep(struct bpf_verifier_env *env)
143 struct netdev_bpf data = {};
146 data.verifier.prog = env->prog;
149 err = __bpf_offload_ndo(env->prog, BPF_OFFLOAD_VERIFIER_PREP, &data);
153 env->prog->aux->offload->dev_ops = data.verifier.ops;
154 env->prog->aux->offload->dev_state = true;
160 int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env,
161 int insn_idx, int prev_insn_idx)
163 struct bpf_prog_offload *offload;
166 down_read(&bpf_devs_lock);
167 offload = env->prog->aux->offload;
169 ret = offload->dev_ops->insn_hook(env, insn_idx, prev_insn_idx);
170 up_read(&bpf_devs_lock);
175 int bpf_prog_offload_finalize(struct bpf_verifier_env *env)
177 struct bpf_prog_offload *offload;
180 down_read(&bpf_devs_lock);
181 offload = env->prog->aux->offload;
183 if (offload->dev_ops->finalize)
184 ret = offload->dev_ops->finalize(env);
188 up_read(&bpf_devs_lock);
193 static void __bpf_prog_offload_destroy(struct bpf_prog *prog)
195 struct bpf_prog_offload *offload = prog->aux->offload;
196 struct netdev_bpf data = {};
198 data.offload.prog = prog;
200 if (offload->dev_state)
201 WARN_ON(__bpf_offload_ndo(prog, BPF_OFFLOAD_DESTROY, &data));
203 /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
204 bpf_prog_free_id(prog, true);
206 list_del_init(&offload->offloads);
208 prog->aux->offload = NULL;
211 void bpf_prog_offload_destroy(struct bpf_prog *prog)
214 down_write(&bpf_devs_lock);
215 if (prog->aux->offload)
216 __bpf_prog_offload_destroy(prog);
217 up_write(&bpf_devs_lock);
221 static int bpf_prog_offload_translate(struct bpf_prog *prog)
223 struct netdev_bpf data = {};
226 data.offload.prog = prog;
229 ret = __bpf_offload_ndo(prog, BPF_OFFLOAD_TRANSLATE, &data);
235 static unsigned int bpf_prog_warn_on_exec(const void *ctx,
236 const struct bpf_insn *insn)
238 WARN(1, "attempt to execute device eBPF program on the host!");
242 int bpf_prog_offload_compile(struct bpf_prog *prog)
244 prog->bpf_func = bpf_prog_warn_on_exec;
246 return bpf_prog_offload_translate(prog);
249 struct ns_get_path_bpf_prog_args {
250 struct bpf_prog *prog;
251 struct bpf_prog_info *info;
254 static struct ns_common *bpf_prog_offload_info_fill_ns(void *private_data)
256 struct ns_get_path_bpf_prog_args *args = private_data;
257 struct bpf_prog_aux *aux = args->prog->aux;
258 struct ns_common *ns;
262 down_read(&bpf_devs_lock);
265 args->info->ifindex = aux->offload->netdev->ifindex;
266 net = dev_net(aux->offload->netdev);
270 args->info->ifindex = 0;
274 up_read(&bpf_devs_lock);
280 int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
281 struct bpf_prog *prog)
283 struct ns_get_path_bpf_prog_args args = {
287 struct bpf_prog_aux *aux = prog->aux;
288 struct inode *ns_inode;
294 res = ns_get_path_cb(&ns_path, bpf_prog_offload_info_fill_ns, &args);
301 down_read(&bpf_devs_lock);
304 up_read(&bpf_devs_lock);
308 ulen = info->jited_prog_len;
309 info->jited_prog_len = aux->offload->jited_len;
310 if (info->jited_prog_len & ulen) {
311 uinsns = u64_to_user_ptr(info->jited_prog_insns);
312 ulen = min_t(u32, info->jited_prog_len, ulen);
313 if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
314 up_read(&bpf_devs_lock);
319 up_read(&bpf_devs_lock);
321 ns_inode = ns_path.dentry->d_inode;
322 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
323 info->netns_ino = ns_inode->i_ino;
329 const struct bpf_prog_ops bpf_offload_prog_ops = {
332 static int bpf_map_offload_ndo(struct bpf_offloaded_map *offmap,
333 enum bpf_netdev_command cmd)
335 struct netdev_bpf data = {};
336 struct net_device *netdev;
341 data.offmap = offmap;
342 /* Caller must make sure netdev is valid */
343 netdev = offmap->netdev;
345 return netdev->netdev_ops->ndo_bpf(netdev, &data);
348 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr)
350 struct net *net = current->nsproxy->net_ns;
351 struct bpf_offload_netdev *ondev;
352 struct bpf_offloaded_map *offmap;
355 if (!capable(CAP_SYS_ADMIN))
356 return ERR_PTR(-EPERM);
357 if (attr->map_type != BPF_MAP_TYPE_ARRAY &&
358 attr->map_type != BPF_MAP_TYPE_HASH)
359 return ERR_PTR(-EINVAL);
361 offmap = kzalloc(sizeof(*offmap), GFP_USER);
363 return ERR_PTR(-ENOMEM);
365 bpf_map_init_from_attr(&offmap->map, attr);
368 down_write(&bpf_devs_lock);
369 offmap->netdev = __dev_get_by_index(net, attr->map_ifindex);
370 err = bpf_dev_offload_check(offmap->netdev);
374 ondev = bpf_offload_find_netdev(offmap->netdev);
380 err = bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_ALLOC);
384 list_add_tail(&offmap->offloads, &ondev->maps);
385 up_write(&bpf_devs_lock);
391 up_write(&bpf_devs_lock);
397 static void __bpf_map_offload_destroy(struct bpf_offloaded_map *offmap)
399 WARN_ON(bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_FREE));
400 /* Make sure BPF_MAP_GET_NEXT_ID can't find this dead map */
401 bpf_map_free_id(&offmap->map, true);
402 list_del_init(&offmap->offloads);
403 offmap->netdev = NULL;
406 void bpf_map_offload_map_free(struct bpf_map *map)
408 struct bpf_offloaded_map *offmap = map_to_offmap(map);
411 down_write(&bpf_devs_lock);
413 __bpf_map_offload_destroy(offmap);
414 up_write(&bpf_devs_lock);
420 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value)
422 struct bpf_offloaded_map *offmap = map_to_offmap(map);
425 down_read(&bpf_devs_lock);
427 ret = offmap->dev_ops->map_lookup_elem(offmap, key, value);
428 up_read(&bpf_devs_lock);
433 int bpf_map_offload_update_elem(struct bpf_map *map,
434 void *key, void *value, u64 flags)
436 struct bpf_offloaded_map *offmap = map_to_offmap(map);
439 if (unlikely(flags > BPF_EXIST))
442 down_read(&bpf_devs_lock);
444 ret = offmap->dev_ops->map_update_elem(offmap, key, value,
446 up_read(&bpf_devs_lock);
451 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key)
453 struct bpf_offloaded_map *offmap = map_to_offmap(map);
456 down_read(&bpf_devs_lock);
458 ret = offmap->dev_ops->map_delete_elem(offmap, key);
459 up_read(&bpf_devs_lock);
464 int bpf_map_offload_get_next_key(struct bpf_map *map, void *key, void *next_key)
466 struct bpf_offloaded_map *offmap = map_to_offmap(map);
469 down_read(&bpf_devs_lock);
471 ret = offmap->dev_ops->map_get_next_key(offmap, key, next_key);
472 up_read(&bpf_devs_lock);
477 struct ns_get_path_bpf_map_args {
478 struct bpf_offloaded_map *offmap;
479 struct bpf_map_info *info;
482 static struct ns_common *bpf_map_offload_info_fill_ns(void *private_data)
484 struct ns_get_path_bpf_map_args *args = private_data;
485 struct ns_common *ns;
489 down_read(&bpf_devs_lock);
491 if (args->offmap->netdev) {
492 args->info->ifindex = args->offmap->netdev->ifindex;
493 net = dev_net(args->offmap->netdev);
497 args->info->ifindex = 0;
501 up_read(&bpf_devs_lock);
507 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map)
509 struct ns_get_path_bpf_map_args args = {
510 .offmap = map_to_offmap(map),
513 struct inode *ns_inode;
517 res = ns_get_path_cb(&ns_path, bpf_map_offload_info_fill_ns, &args);
524 ns_inode = ns_path.dentry->d_inode;
525 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
526 info->netns_ino = ns_inode->i_ino;
532 static bool __bpf_offload_dev_match(struct bpf_prog *prog,
533 struct net_device *netdev)
535 struct bpf_offload_netdev *ondev1, *ondev2;
536 struct bpf_prog_offload *offload;
538 if (!bpf_prog_is_dev_bound(prog->aux))
541 offload = prog->aux->offload;
544 if (offload->netdev == netdev)
547 ondev1 = bpf_offload_find_netdev(offload->netdev);
548 ondev2 = bpf_offload_find_netdev(netdev);
550 return ondev1 && ondev2 && ondev1->offdev == ondev2->offdev;
553 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev)
557 down_read(&bpf_devs_lock);
558 ret = __bpf_offload_dev_match(prog, netdev);
559 up_read(&bpf_devs_lock);
563 EXPORT_SYMBOL_GPL(bpf_offload_dev_match);
565 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map)
567 struct bpf_offloaded_map *offmap;
570 if (!bpf_map_is_dev_bound(map))
571 return bpf_map_offload_neutral(map);
572 offmap = map_to_offmap(map);
574 down_read(&bpf_devs_lock);
575 ret = __bpf_offload_dev_match(prog, offmap->netdev);
576 up_read(&bpf_devs_lock);
581 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev,
582 struct net_device *netdev)
584 struct bpf_offload_netdev *ondev;
587 ondev = kzalloc(sizeof(*ondev), GFP_KERNEL);
591 ondev->netdev = netdev;
592 ondev->offdev = offdev;
593 INIT_LIST_HEAD(&ondev->progs);
594 INIT_LIST_HEAD(&ondev->maps);
596 down_write(&bpf_devs_lock);
597 err = rhashtable_insert_fast(&offdevs, &ondev->l, offdevs_params);
599 netdev_warn(netdev, "failed to register for BPF offload\n");
600 goto err_unlock_free;
603 list_add(&ondev->offdev_netdevs, &offdev->netdevs);
604 up_write(&bpf_devs_lock);
608 up_write(&bpf_devs_lock);
612 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_register);
614 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
615 struct net_device *netdev)
617 struct bpf_offload_netdev *ondev, *altdev;
618 struct bpf_offloaded_map *offmap, *mtmp;
619 struct bpf_prog_offload *offload, *ptmp;
623 down_write(&bpf_devs_lock);
624 ondev = rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
628 WARN_ON(rhashtable_remove_fast(&offdevs, &ondev->l, offdevs_params));
629 list_del(&ondev->offdev_netdevs);
631 /* Try to move the objects to another netdev of the device */
632 altdev = list_first_entry_or_null(&offdev->netdevs,
633 struct bpf_offload_netdev,
636 list_for_each_entry(offload, &ondev->progs, offloads)
637 offload->netdev = altdev->netdev;
638 list_splice_init(&ondev->progs, &altdev->progs);
640 list_for_each_entry(offmap, &ondev->maps, offloads)
641 offmap->netdev = altdev->netdev;
642 list_splice_init(&ondev->maps, &altdev->maps);
644 list_for_each_entry_safe(offload, ptmp, &ondev->progs, offloads)
645 __bpf_prog_offload_destroy(offload->prog);
646 list_for_each_entry_safe(offmap, mtmp, &ondev->maps, offloads)
647 __bpf_map_offload_destroy(offmap);
650 WARN_ON(!list_empty(&ondev->progs));
651 WARN_ON(!list_empty(&ondev->maps));
654 up_write(&bpf_devs_lock);
656 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_unregister);
658 struct bpf_offload_dev *bpf_offload_dev_create(void)
660 struct bpf_offload_dev *offdev;
663 down_write(&bpf_devs_lock);
664 if (!offdevs_inited) {
665 err = rhashtable_init(&offdevs, &offdevs_params);
668 offdevs_inited = true;
670 up_write(&bpf_devs_lock);
672 offdev = kzalloc(sizeof(*offdev), GFP_KERNEL);
674 return ERR_PTR(-ENOMEM);
676 INIT_LIST_HEAD(&offdev->netdevs);
680 EXPORT_SYMBOL_GPL(bpf_offload_dev_create);
682 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev)
684 WARN_ON(!list_empty(&offdev->netdevs));
687 EXPORT_SYMBOL_GPL(bpf_offload_dev_destroy);
projects / linux / blob