xdp: Support specifying expected existing program when attaching XDP
authorToke Høiland-Jørgensen <toke@redhat.com>
Wed, 25 Mar 2020 17:23:26 +0000 (18:23 +0100)
committerAlexei Starovoitov <ast@kernel.org>
Sat, 28 Mar 2020 21:24:41 +0000 (14:24 -0700)
commit92234c8f15c8d96ad7e52afdc5994cba6be68eb9
tree7c90ed94c5f54397d15f2c475732b416deda33a5
parente9ff9d52540a53ce8c9eff5bf8b66467fe81eb2b
xdp: Support specifying expected existing program when attaching XDP

While it is currently possible for userspace to specify that an existing
XDP program should not be replaced when attaching to an interface, there is
no mechanism to safely replace a specific XDP program with another.

This patch adds a new netlink attribute, IFLA_XDP_EXPECTED_FD, which can be
set along with IFLA_XDP_FD. If set, the kernel will check that the program
currently loaded on the interface matches the expected one, and fail the
operation if it does not. This corresponds to a 'cmpxchg' memory operation.
Setting the new attribute with a negative value means that no program is
expected to be attached, which corresponds to setting the UPDATE_IF_NOEXIST
flag.

A new companion flag, XDP_FLAGS_REPLACE, is also added to explicitly
request checking of the EXPECTED_FD attribute. This is needed for userspace
to discover whether the kernel supports the new attribute.

Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Link: https://lore.kernel.org/bpf/158515700640.92963.3551295145441017022.stgit@toke.dk
include/linux/netdevice.h
include/uapi/linux/if_link.h
net/core/dev.c
net/core/rtnetlink.c