2 * Copyright (C) 2017-2018 Netronome Systems, Inc.
4 * This software is licensed under the GNU General License Version 2,
5 * June 1991 as shown in the file COPYING in the top-level directory of this
8 * THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
9 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
10 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
12 * OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME
13 * THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16 #include <linux/bpf.h>
17 #include <linux/bpf_verifier.h>
18 #include <linux/bug.h>
19 #include <linux/kdev_t.h>
20 #include <linux/list.h>
21 #include <linux/lockdep.h>
22 #include <linux/netdevice.h>
23 #include <linux/printk.h>
24 #include <linux/proc_ns.h>
25 #include <linux/rhashtable.h>
26 #include <linux/rtnetlink.h>
27 #include <linux/rwsem.h>
29 /* Protects offdevs, members of bpf_offload_netdev and offload members
31 * RTNL lock cannot be taken when holding this lock.
33 static DECLARE_RWSEM(bpf_devs_lock);
35 struct bpf_offload_dev {
36 const struct bpf_prog_offload_ops *ops;
37 struct list_head netdevs;
41 struct bpf_offload_netdev {
43 struct net_device *netdev;
44 struct bpf_offload_dev *offdev;
45 struct list_head progs;
46 struct list_head maps;
47 struct list_head offdev_netdevs;
50 static const struct rhashtable_params offdevs_params = {
52 .key_len = sizeof(struct net_device *),
53 .key_offset = offsetof(struct bpf_offload_netdev, netdev),
54 .head_offset = offsetof(struct bpf_offload_netdev, l),
55 .automatic_shrinking = true,
58 static struct rhashtable offdevs;
60 static int bpf_dev_offload_check(struct net_device *netdev)
64 if (!netdev->netdev_ops->ndo_bpf)
69 static struct bpf_offload_netdev *
70 bpf_offload_find_netdev(struct net_device *netdev)
72 lockdep_assert_held(&bpf_devs_lock);
74 return rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
77 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr)
79 struct bpf_offload_netdev *ondev;
80 struct bpf_prog_offload *offload;
83 if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
84 attr->prog_type != BPF_PROG_TYPE_XDP)
90 offload = kzalloc(sizeof(*offload), GFP_USER);
96 offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
98 err = bpf_dev_offload_check(offload->netdev);
102 down_write(&bpf_devs_lock);
103 ondev = bpf_offload_find_netdev(offload->netdev);
108 offload->offdev = ondev->offdev;
109 prog->aux->offload = offload;
110 list_add_tail(&offload->offloads, &ondev->progs);
111 dev_put(offload->netdev);
112 up_write(&bpf_devs_lock);
116 up_write(&bpf_devs_lock);
119 dev_put(offload->netdev);
124 int bpf_prog_offload_verifier_prep(struct bpf_prog *prog)
126 struct bpf_prog_offload *offload;
129 down_read(&bpf_devs_lock);
130 offload = prog->aux->offload;
132 ret = offload->offdev->ops->prepare(prog);
133 offload->dev_state = !ret;
135 up_read(&bpf_devs_lock);
140 int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env,
141 int insn_idx, int prev_insn_idx)
143 struct bpf_prog_offload *offload;
146 down_read(&bpf_devs_lock);
147 offload = env->prog->aux->offload;
149 ret = offload->offdev->ops->insn_hook(env, insn_idx,
151 up_read(&bpf_devs_lock);
156 int bpf_prog_offload_finalize(struct bpf_verifier_env *env)
158 struct bpf_prog_offload *offload;
161 down_read(&bpf_devs_lock);
162 offload = env->prog->aux->offload;
164 if (offload->offdev->ops->finalize)
165 ret = offload->offdev->ops->finalize(env);
169 up_read(&bpf_devs_lock);
175 bpf_prog_offload_replace_insn(struct bpf_verifier_env *env, u32 off,
176 struct bpf_insn *insn)
178 const struct bpf_prog_offload_ops *ops;
179 struct bpf_prog_offload *offload;
180 int ret = -EOPNOTSUPP;
182 down_read(&bpf_devs_lock);
183 offload = env->prog->aux->offload;
185 ops = offload->offdev->ops;
186 if (!offload->opt_failed && ops->replace_insn)
187 ret = ops->replace_insn(env, off, insn);
188 offload->opt_failed |= ret;
190 up_read(&bpf_devs_lock);
194 bpf_prog_offload_remove_insns(struct bpf_verifier_env *env, u32 off, u32 cnt)
196 struct bpf_prog_offload *offload;
197 int ret = -EOPNOTSUPP;
199 down_read(&bpf_devs_lock);
200 offload = env->prog->aux->offload;
202 if (!offload->opt_failed && offload->offdev->ops->remove_insns)
203 ret = offload->offdev->ops->remove_insns(env, off, cnt);
204 offload->opt_failed |= ret;
206 up_read(&bpf_devs_lock);
209 static void __bpf_prog_offload_destroy(struct bpf_prog *prog)
211 struct bpf_prog_offload *offload = prog->aux->offload;
213 if (offload->dev_state)
214 offload->offdev->ops->destroy(prog);
216 /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
217 bpf_prog_free_id(prog, true);
219 list_del_init(&offload->offloads);
221 prog->aux->offload = NULL;
224 void bpf_prog_offload_destroy(struct bpf_prog *prog)
226 down_write(&bpf_devs_lock);
227 if (prog->aux->offload)
228 __bpf_prog_offload_destroy(prog);
229 up_write(&bpf_devs_lock);
232 static int bpf_prog_offload_translate(struct bpf_prog *prog)
234 struct bpf_prog_offload *offload;
237 down_read(&bpf_devs_lock);
238 offload = prog->aux->offload;
240 ret = offload->offdev->ops->translate(prog);
241 up_read(&bpf_devs_lock);
246 static unsigned int bpf_prog_warn_on_exec(const void *ctx,
247 const struct bpf_insn *insn)
249 WARN(1, "attempt to execute device eBPF program on the host!");
253 int bpf_prog_offload_compile(struct bpf_prog *prog)
255 prog->bpf_func = bpf_prog_warn_on_exec;
257 return bpf_prog_offload_translate(prog);
260 struct ns_get_path_bpf_prog_args {
261 struct bpf_prog *prog;
262 struct bpf_prog_info *info;
265 static struct ns_common *bpf_prog_offload_info_fill_ns(void *private_data)
267 struct ns_get_path_bpf_prog_args *args = private_data;
268 struct bpf_prog_aux *aux = args->prog->aux;
269 struct ns_common *ns;
273 down_read(&bpf_devs_lock);
276 args->info->ifindex = aux->offload->netdev->ifindex;
277 net = dev_net(aux->offload->netdev);
281 args->info->ifindex = 0;
285 up_read(&bpf_devs_lock);
291 int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
292 struct bpf_prog *prog)
294 struct ns_get_path_bpf_prog_args args = {
298 struct bpf_prog_aux *aux = prog->aux;
299 struct inode *ns_inode;
305 res = ns_get_path_cb(&ns_path, bpf_prog_offload_info_fill_ns, &args);
312 down_read(&bpf_devs_lock);
315 up_read(&bpf_devs_lock);
319 ulen = info->jited_prog_len;
320 info->jited_prog_len = aux->offload->jited_len;
321 if (info->jited_prog_len && ulen) {
322 uinsns = u64_to_user_ptr(info->jited_prog_insns);
323 ulen = min_t(u32, info->jited_prog_len, ulen);
324 if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
325 up_read(&bpf_devs_lock);
330 up_read(&bpf_devs_lock);
332 ns_inode = ns_path.dentry->d_inode;
333 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
334 info->netns_ino = ns_inode->i_ino;
340 const struct bpf_prog_ops bpf_offload_prog_ops = {
343 static int bpf_map_offload_ndo(struct bpf_offloaded_map *offmap,
344 enum bpf_netdev_command cmd)
346 struct netdev_bpf data = {};
347 struct net_device *netdev;
352 data.offmap = offmap;
353 /* Caller must make sure netdev is valid */
354 netdev = offmap->netdev;
356 return netdev->netdev_ops->ndo_bpf(netdev, &data);
359 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr)
361 struct net *net = current->nsproxy->net_ns;
362 struct bpf_offload_netdev *ondev;
363 struct bpf_offloaded_map *offmap;
366 if (!capable(CAP_SYS_ADMIN))
367 return ERR_PTR(-EPERM);
368 if (attr->map_type != BPF_MAP_TYPE_ARRAY &&
369 attr->map_type != BPF_MAP_TYPE_HASH)
370 return ERR_PTR(-EINVAL);
372 offmap = bpf_map_area_alloc(sizeof(*offmap), NUMA_NO_NODE);
374 return ERR_PTR(-ENOMEM);
376 bpf_map_init_from_attr(&offmap->map, attr);
379 down_write(&bpf_devs_lock);
380 offmap->netdev = __dev_get_by_index(net, attr->map_ifindex);
381 err = bpf_dev_offload_check(offmap->netdev);
385 ondev = bpf_offload_find_netdev(offmap->netdev);
391 err = bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_ALLOC);
395 list_add_tail(&offmap->offloads, &ondev->maps);
396 up_write(&bpf_devs_lock);
402 up_write(&bpf_devs_lock);
404 bpf_map_area_free(offmap);
408 static void __bpf_map_offload_destroy(struct bpf_offloaded_map *offmap)
410 WARN_ON(bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_FREE));
411 /* Make sure BPF_MAP_GET_NEXT_ID can't find this dead map */
412 bpf_map_free_id(&offmap->map, true);
413 list_del_init(&offmap->offloads);
414 offmap->netdev = NULL;
417 void bpf_map_offload_map_free(struct bpf_map *map)
419 struct bpf_offloaded_map *offmap = map_to_offmap(map);
422 down_write(&bpf_devs_lock);
424 __bpf_map_offload_destroy(offmap);
425 up_write(&bpf_devs_lock);
428 bpf_map_area_free(offmap);
431 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value)
433 struct bpf_offloaded_map *offmap = map_to_offmap(map);
436 down_read(&bpf_devs_lock);
438 ret = offmap->dev_ops->map_lookup_elem(offmap, key, value);
439 up_read(&bpf_devs_lock);
444 int bpf_map_offload_update_elem(struct bpf_map *map,
445 void *key, void *value, u64 flags)
447 struct bpf_offloaded_map *offmap = map_to_offmap(map);
450 if (unlikely(flags > BPF_EXIST))
453 down_read(&bpf_devs_lock);
455 ret = offmap->dev_ops->map_update_elem(offmap, key, value,
457 up_read(&bpf_devs_lock);
462 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key)
464 struct bpf_offloaded_map *offmap = map_to_offmap(map);
467 down_read(&bpf_devs_lock);
469 ret = offmap->dev_ops->map_delete_elem(offmap, key);
470 up_read(&bpf_devs_lock);
475 int bpf_map_offload_get_next_key(struct bpf_map *map, void *key, void *next_key)
477 struct bpf_offloaded_map *offmap = map_to_offmap(map);
480 down_read(&bpf_devs_lock);
482 ret = offmap->dev_ops->map_get_next_key(offmap, key, next_key);
483 up_read(&bpf_devs_lock);
488 struct ns_get_path_bpf_map_args {
489 struct bpf_offloaded_map *offmap;
490 struct bpf_map_info *info;
493 static struct ns_common *bpf_map_offload_info_fill_ns(void *private_data)
495 struct ns_get_path_bpf_map_args *args = private_data;
496 struct ns_common *ns;
500 down_read(&bpf_devs_lock);
502 if (args->offmap->netdev) {
503 args->info->ifindex = args->offmap->netdev->ifindex;
504 net = dev_net(args->offmap->netdev);
508 args->info->ifindex = 0;
512 up_read(&bpf_devs_lock);
518 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map)
520 struct ns_get_path_bpf_map_args args = {
521 .offmap = map_to_offmap(map),
524 struct inode *ns_inode;
528 res = ns_get_path_cb(&ns_path, bpf_map_offload_info_fill_ns, &args);
535 ns_inode = ns_path.dentry->d_inode;
536 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
537 info->netns_ino = ns_inode->i_ino;
543 static bool __bpf_offload_dev_match(struct bpf_prog *prog,
544 struct net_device *netdev)
546 struct bpf_offload_netdev *ondev1, *ondev2;
547 struct bpf_prog_offload *offload;
549 if (!bpf_prog_is_offloaded(prog->aux))
552 offload = prog->aux->offload;
555 if (offload->netdev == netdev)
558 ondev1 = bpf_offload_find_netdev(offload->netdev);
559 ondev2 = bpf_offload_find_netdev(netdev);
561 return ondev1 && ondev2 && ondev1->offdev == ondev2->offdev;
564 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev)
568 down_read(&bpf_devs_lock);
569 ret = __bpf_offload_dev_match(prog, netdev);
570 up_read(&bpf_devs_lock);
574 EXPORT_SYMBOL_GPL(bpf_offload_dev_match);
576 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map)
578 struct bpf_offloaded_map *offmap;
581 if (!bpf_map_is_offloaded(map))
582 return bpf_map_offload_neutral(map);
583 offmap = map_to_offmap(map);
585 down_read(&bpf_devs_lock);
586 ret = __bpf_offload_dev_match(prog, offmap->netdev);
587 up_read(&bpf_devs_lock);
592 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev,
593 struct net_device *netdev)
595 struct bpf_offload_netdev *ondev;
598 ondev = kzalloc(sizeof(*ondev), GFP_KERNEL);
602 ondev->netdev = netdev;
603 ondev->offdev = offdev;
604 INIT_LIST_HEAD(&ondev->progs);
605 INIT_LIST_HEAD(&ondev->maps);
607 down_write(&bpf_devs_lock);
608 err = rhashtable_insert_fast(&offdevs, &ondev->l, offdevs_params);
610 netdev_warn(netdev, "failed to register for BPF offload\n");
611 goto err_unlock_free;
614 list_add(&ondev->offdev_netdevs, &offdev->netdevs);
615 up_write(&bpf_devs_lock);
619 up_write(&bpf_devs_lock);
623 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_register);
625 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
626 struct net_device *netdev)
628 struct bpf_offload_netdev *ondev, *altdev;
629 struct bpf_offloaded_map *offmap, *mtmp;
630 struct bpf_prog_offload *offload, *ptmp;
634 down_write(&bpf_devs_lock);
635 ondev = rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
639 WARN_ON(rhashtable_remove_fast(&offdevs, &ondev->l, offdevs_params));
640 list_del(&ondev->offdev_netdevs);
642 /* Try to move the objects to another netdev of the device */
643 altdev = list_first_entry_or_null(&offdev->netdevs,
644 struct bpf_offload_netdev,
647 list_for_each_entry(offload, &ondev->progs, offloads)
648 offload->netdev = altdev->netdev;
649 list_splice_init(&ondev->progs, &altdev->progs);
651 list_for_each_entry(offmap, &ondev->maps, offloads)
652 offmap->netdev = altdev->netdev;
653 list_splice_init(&ondev->maps, &altdev->maps);
655 list_for_each_entry_safe(offload, ptmp, &ondev->progs, offloads)
656 __bpf_prog_offload_destroy(offload->prog);
657 list_for_each_entry_safe(offmap, mtmp, &ondev->maps, offloads)
658 __bpf_map_offload_destroy(offmap);
661 WARN_ON(!list_empty(&ondev->progs));
662 WARN_ON(!list_empty(&ondev->maps));
665 up_write(&bpf_devs_lock);
667 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_unregister);
669 struct bpf_offload_dev *
670 bpf_offload_dev_create(const struct bpf_prog_offload_ops *ops, void *priv)
672 struct bpf_offload_dev *offdev;
674 offdev = kzalloc(sizeof(*offdev), GFP_KERNEL);
676 return ERR_PTR(-ENOMEM);
680 INIT_LIST_HEAD(&offdev->netdevs);
684 EXPORT_SYMBOL_GPL(bpf_offload_dev_create);
686 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev)
688 WARN_ON(!list_empty(&offdev->netdevs));
691 EXPORT_SYMBOL_GPL(bpf_offload_dev_destroy);
693 void *bpf_offload_dev_priv(struct bpf_offload_dev *offdev)
697 EXPORT_SYMBOL_GPL(bpf_offload_dev_priv);
699 static int __init bpf_offload_init(void)
701 return rhashtable_init(&offdevs, &offdevs_params);
704 late_initcall(bpf_offload_init);
projects / linux-2.6-block.git / blob