search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
[cris-mirror.git] / kernel / bpf / offload.c
blobc9401075b58c842d7a6e239d51a25283d1f53b3f
1 /*
2 * Copyright (C) 2017 Netronome Systems, Inc.
3 *
4 * This software is licensed under the GNU General License Version 2,
5 * June 1991 as shown in the file COPYING in the top-level directory of this
6 * source tree.
7 *
8 * THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
9 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
10 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
12 * OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME
13 * THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
14 */
15
16 #include <linux/bpf.h>
17 #include <linux/bpf_verifier.h>
18 #include <linux/bug.h>
19 #include <linux/kdev_t.h>
20 #include <linux/list.h>
21 #include <linux/netdevice.h>
22 #include <linux/printk.h>
23 #include <linux/proc_ns.h>
24 #include <linux/rtnetlink.h>
25 #include <linux/rwsem.h>
26
27 /* Protects bpf_prog_offload_devs, bpf_map_offload_devs and offload members
28 * of all progs.
29 * RTNL lock cannot be taken when holding this lock.
30 */
31 static DECLARE_RWSEM(bpf_devs_lock);
32 static LIST_HEAD(bpf_prog_offload_devs);
33 static LIST_HEAD(bpf_map_offload_devs);
34
35 static int bpf_dev_offload_check(struct net_device *netdev)
36 {
37 if (!netdev)
38 return -EINVAL;
39 if (!netdev->netdev_ops->ndo_bpf)
40 return -EOPNOTSUPP;
41 return 0;
42 }
43
44 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr)
45 {
46 struct bpf_prog_offload *offload;
47 int err;
48
49 if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
50 attr->prog_type != BPF_PROG_TYPE_XDP)
51 return -EINVAL;
52
53 if (attr->prog_flags)
54 return -EINVAL;
55
56 offload = kzalloc(sizeof(*offload), GFP_USER);
57 if (!offload)
58 return -ENOMEM;
59
60 offload->prog = prog;
61
62 offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
63 attr->prog_ifindex);
64 err = bpf_dev_offload_check(offload->netdev);
65 if (err)
66 goto err_maybe_put;
67
68 down_write(&bpf_devs_lock);
69 if (offload->netdev->reg_state != NETREG_REGISTERED) {
70 err = -EINVAL;
71 goto err_unlock;
72 }
73 prog->aux->offload = offload;
74 list_add_tail(&offload->offloads, &bpf_prog_offload_devs);
75 dev_put(offload->netdev);
76 up_write(&bpf_devs_lock);
77
78 return 0;
79 err_unlock:
80 up_write(&bpf_devs_lock);
81 err_maybe_put:
82 if (offload->netdev)
83 dev_put(offload->netdev);
84 kfree(offload);
85 return err;
86 }
87
88 static int __bpf_offload_ndo(struct bpf_prog *prog, enum bpf_netdev_command cmd,
89 struct netdev_bpf *data)
90 {
91 struct bpf_prog_offload *offload = prog->aux->offload;
92 struct net_device *netdev;
93
94 ASSERT_RTNL();
95
96 if (!offload)
97 return -ENODEV;
98 netdev = offload->netdev;
99
100 data->command = cmd;
101
102 return netdev->netdev_ops->ndo_bpf(netdev, data);
103 }
104
105 int bpf_prog_offload_verifier_prep(struct bpf_verifier_env *env)
106 {
107 struct netdev_bpf data = {};
108 int err;
109
110 data.verifier.prog = env->prog;
111
112 rtnl_lock();
113 err = __bpf_offload_ndo(env->prog, BPF_OFFLOAD_VERIFIER_PREP, &data);
114 if (err)
115 goto exit_unlock;
116
117 env->prog->aux->offload->dev_ops = data.verifier.ops;
118 env->prog->aux->offload->dev_state = true;
119 exit_unlock:
120 rtnl_unlock();
121 return err;
122 }
123
124 int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env,
125 int insn_idx, int prev_insn_idx)
126 {
127 struct bpf_prog_offload *offload;
128 int ret = -ENODEV;
129
130 down_read(&bpf_devs_lock);
131 offload = env->prog->aux->offload;
132 if (offload)
133 ret = offload->dev_ops->insn_hook(env, insn_idx, prev_insn_idx);
134 up_read(&bpf_devs_lock);
135
136 return ret;
137 }
138
139 static void __bpf_prog_offload_destroy(struct bpf_prog *prog)
140 {
141 struct bpf_prog_offload *offload = prog->aux->offload;
142 struct netdev_bpf data = {};
143
144 data.offload.prog = prog;
145
146 if (offload->dev_state)
147 WARN_ON(__bpf_offload_ndo(prog, BPF_OFFLOAD_DESTROY, &data));
148
149 /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
150 bpf_prog_free_id(prog, true);
151
152 list_del_init(&offload->offloads);
153 kfree(offload);
154 prog->aux->offload = NULL;
155 }
156
157 void bpf_prog_offload_destroy(struct bpf_prog *prog)
158 {
159 rtnl_lock();
160 down_write(&bpf_devs_lock);
161 if (prog->aux->offload)
162 __bpf_prog_offload_destroy(prog);
163 up_write(&bpf_devs_lock);
164 rtnl_unlock();
165 }
166
167 static int bpf_prog_offload_translate(struct bpf_prog *prog)
168 {
169 struct netdev_bpf data = {};
170 int ret;
171
172 data.offload.prog = prog;
173
174 rtnl_lock();
175 ret = __bpf_offload_ndo(prog, BPF_OFFLOAD_TRANSLATE, &data);
176 rtnl_unlock();
177
178 return ret;
179 }
180
181 static unsigned int bpf_prog_warn_on_exec(const void *ctx,
182 const struct bpf_insn *insn)
183 {
184 WARN(1, "attempt to execute device eBPF program on the host!");
185 return 0;
186 }
187
188 int bpf_prog_offload_compile(struct bpf_prog *prog)
189 {
190 prog->bpf_func = bpf_prog_warn_on_exec;
191
192 return bpf_prog_offload_translate(prog);
193 }
194
195 struct ns_get_path_bpf_prog_args {
196 struct bpf_prog *prog;
197 struct bpf_prog_info *info;
198 };
199
200 static struct ns_common *bpf_prog_offload_info_fill_ns(void *private_data)
201 {
202 struct ns_get_path_bpf_prog_args *args = private_data;
203 struct bpf_prog_aux *aux = args->prog->aux;
204 struct ns_common *ns;
205 struct net *net;
206
207 rtnl_lock();
208 down_read(&bpf_devs_lock);
209
210 if (aux->offload) {
211 args->info->ifindex = aux->offload->netdev->ifindex;
212 net = dev_net(aux->offload->netdev);
213 get_net(net);
214 ns = &net->ns;
215 } else {
216 args->info->ifindex = 0;
217 ns = NULL;
218 }
219
220 up_read(&bpf_devs_lock);
221 rtnl_unlock();
222
223 return ns;
224 }
225
226 int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
227 struct bpf_prog *prog)
228 {
229 struct ns_get_path_bpf_prog_args args = {
230 .prog = prog,
231 .info = info,
232 };
233 struct bpf_prog_aux *aux = prog->aux;
234 struct inode *ns_inode;
235 struct path ns_path;
236 char __user *uinsns;
237 void *res;
238 u32 ulen;
239
240 res = ns_get_path_cb(&ns_path, bpf_prog_offload_info_fill_ns, &args);
241 if (IS_ERR(res)) {
242 if (!info->ifindex)
243 return -ENODEV;
244 return PTR_ERR(res);
245 }
246
247 down_read(&bpf_devs_lock);
248
249 if (!aux->offload) {
250 up_read(&bpf_devs_lock);
251 return -ENODEV;
252 }
253
254 ulen = info->jited_prog_len;
255 info->jited_prog_len = aux->offload->jited_len;
256 if (info->jited_prog_len & ulen) {
257 uinsns = u64_to_user_ptr(info->jited_prog_insns);
258 ulen = min_t(u32, info->jited_prog_len, ulen);
259 if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
260 up_read(&bpf_devs_lock);
261 return -EFAULT;
262 }
263 }
264
265 up_read(&bpf_devs_lock);
266
267 ns_inode = ns_path.dentry->d_inode;
268 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
269 info->netns_ino = ns_inode->i_ino;
270 path_put(&ns_path);
271
272 return 0;
273 }
274
275 const struct bpf_prog_ops bpf_offload_prog_ops = {
276 };
277
278 static int bpf_map_offload_ndo(struct bpf_offloaded_map *offmap,
279 enum bpf_netdev_command cmd)
280 {
281 struct netdev_bpf data = {};
282 struct net_device *netdev;
283
284 ASSERT_RTNL();
285
286 data.command = cmd;
287 data.offmap = offmap;
288 /* Caller must make sure netdev is valid */
289 netdev = offmap->netdev;
290
291 return netdev->netdev_ops->ndo_bpf(netdev, &data);
292 }
293
294 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr)
295 {
296 struct net *net = current->nsproxy->net_ns;
297 struct bpf_offloaded_map *offmap;
298 int err;
299
300 if (!capable(CAP_SYS_ADMIN))
301 return ERR_PTR(-EPERM);
302 if (attr->map_type != BPF_MAP_TYPE_ARRAY &&
303 attr->map_type != BPF_MAP_TYPE_HASH)
304 return ERR_PTR(-EINVAL);
305
306 offmap = kzalloc(sizeof(*offmap), GFP_USER);
307 if (!offmap)
308 return ERR_PTR(-ENOMEM);
309
310 bpf_map_init_from_attr(&offmap->map, attr);
311
312 rtnl_lock();
313 down_write(&bpf_devs_lock);
314 offmap->netdev = __dev_get_by_index(net, attr->map_ifindex);
315 err = bpf_dev_offload_check(offmap->netdev);
316 if (err)
317 goto err_unlock;
318
319 err = bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_ALLOC);
320 if (err)
321 goto err_unlock;
322
323 list_add_tail(&offmap->offloads, &bpf_map_offload_devs);
324 up_write(&bpf_devs_lock);
325 rtnl_unlock();
326
327 return &offmap->map;
328
329 err_unlock:
330 up_write(&bpf_devs_lock);
331 rtnl_unlock();
332 kfree(offmap);
333 return ERR_PTR(err);
334 }
335
336 static void __bpf_map_offload_destroy(struct bpf_offloaded_map *offmap)
337 {
338 WARN_ON(bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_FREE));
339 /* Make sure BPF_MAP_GET_NEXT_ID can't find this dead map */
340 bpf_map_free_id(&offmap->map, true);
341 list_del_init(&offmap->offloads);
342 offmap->netdev = NULL;
343 }
344
345 void bpf_map_offload_map_free(struct bpf_map *map)
346 {
347 struct bpf_offloaded_map *offmap = map_to_offmap(map);
348
349 rtnl_lock();
350 down_write(&bpf_devs_lock);
351 if (offmap->netdev)
352 __bpf_map_offload_destroy(offmap);
353 up_write(&bpf_devs_lock);
354 rtnl_unlock();
355
356 kfree(offmap);
357 }
358
359 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value)
360 {
361 struct bpf_offloaded_map *offmap = map_to_offmap(map);
362 int ret = -ENODEV;
363
364 down_read(&bpf_devs_lock);
365 if (offmap->netdev)
366 ret = offmap->dev_ops->map_lookup_elem(offmap, key, value);
367 up_read(&bpf_devs_lock);
368
369 return ret;
370 }
371
372 int bpf_map_offload_update_elem(struct bpf_map *map,
373 void *key, void *value, u64 flags)
374 {
375 struct bpf_offloaded_map *offmap = map_to_offmap(map);
376 int ret = -ENODEV;
377
378 if (unlikely(flags > BPF_EXIST))
379 return -EINVAL;
380
381 down_read(&bpf_devs_lock);
382 if (offmap->netdev)
383 ret = offmap->dev_ops->map_update_elem(offmap, key, value,
384 flags);
385 up_read(&bpf_devs_lock);
386
387 return ret;
388 }
389
390 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key)
391 {
392 struct bpf_offloaded_map *offmap = map_to_offmap(map);
393 int ret = -ENODEV;
394
395 down_read(&bpf_devs_lock);
396 if (offmap->netdev)
397 ret = offmap->dev_ops->map_delete_elem(offmap, key);
398 up_read(&bpf_devs_lock);
399
400 return ret;
401 }
402
403 int bpf_map_offload_get_next_key(struct bpf_map *map, void *key, void *next_key)
404 {
405 struct bpf_offloaded_map *offmap = map_to_offmap(map);
406 int ret = -ENODEV;
407
408 down_read(&bpf_devs_lock);
409 if (offmap->netdev)
410 ret = offmap->dev_ops->map_get_next_key(offmap, key, next_key);
411 up_read(&bpf_devs_lock);
412
413 return ret;
414 }
415
416 struct ns_get_path_bpf_map_args {
417 struct bpf_offloaded_map *offmap;
418 struct bpf_map_info *info;
419 };
420
421 static struct ns_common *bpf_map_offload_info_fill_ns(void *private_data)
422 {
423 struct ns_get_path_bpf_map_args *args = private_data;
424 struct ns_common *ns;
425 struct net *net;
426
427 rtnl_lock();
428 down_read(&bpf_devs_lock);
429
430 if (args->offmap->netdev) {
431 args->info->ifindex = args->offmap->netdev->ifindex;
432 net = dev_net(args->offmap->netdev);
433 get_net(net);
434 ns = &net->ns;
435 } else {
436 args->info->ifindex = 0;
437 ns = NULL;
438 }
439
440 up_read(&bpf_devs_lock);
441 rtnl_unlock();
442
443 return ns;
444 }
445
446 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map)
447 {
448 struct ns_get_path_bpf_map_args args = {
449 .offmap = map_to_offmap(map),
450 .info = info,
451 };
452 struct inode *ns_inode;
453 struct path ns_path;
454 void *res;
455
456 res = ns_get_path_cb(&ns_path, bpf_map_offload_info_fill_ns, &args);
457 if (IS_ERR(res)) {
458 if (!info->ifindex)
459 return -ENODEV;
460 return PTR_ERR(res);
461 }
462
463 ns_inode = ns_path.dentry->d_inode;
464 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
465 info->netns_ino = ns_inode->i_ino;
466 path_put(&ns_path);
467
468 return 0;
469 }
470
471 bool bpf_offload_dev_match(struct bpf_prog *prog, struct bpf_map *map)
472 {
473 struct bpf_offloaded_map *offmap;
474 struct bpf_prog_offload *offload;
475 bool ret;
476
477 if (!bpf_prog_is_dev_bound(prog->aux) || !bpf_map_is_dev_bound(map))
478 return false;
479
480 down_read(&bpf_devs_lock);
481 offload = prog->aux->offload;
482 offmap = map_to_offmap(map);
483
484 ret = offload && offload->netdev == offmap->netdev;
485 up_read(&bpf_devs_lock);
486
487 return ret;
488 }
489
490 static void bpf_offload_orphan_all_progs(struct net_device *netdev)
491 {
492 struct bpf_prog_offload *offload, *tmp;
493
494 list_for_each_entry_safe(offload, tmp, &bpf_prog_offload_devs, offloads)
495 if (offload->netdev == netdev)
496 __bpf_prog_offload_destroy(offload->prog);
497 }
498
499 static void bpf_offload_orphan_all_maps(struct net_device *netdev)
500 {
501 struct bpf_offloaded_map *offmap, *tmp;
502
503 list_for_each_entry_safe(offmap, tmp, &bpf_map_offload_devs, offloads)
504 if (offmap->netdev == netdev)
505 __bpf_map_offload_destroy(offmap);
506 }
507
508 static int bpf_offload_notification(struct notifier_block *notifier,
509 ulong event, void *ptr)
510 {
511 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
512
513 ASSERT_RTNL();
514
515 switch (event) {
516 case NETDEV_UNREGISTER:
517 /* ignore namespace changes */
518 if (netdev->reg_state != NETREG_UNREGISTERING)
519 break;
520
521 down_write(&bpf_devs_lock);
522 bpf_offload_orphan_all_progs(netdev);
523 bpf_offload_orphan_all_maps(netdev);
524 up_write(&bpf_devs_lock);
525 break;
526 default:
527 break;
528 }
529 return NOTIFY_OK;
530 }
531
532 static struct notifier_block bpf_offload_notifier = {
533 .notifier_call = bpf_offload_notification,
534 };
535
536 static int __init bpf_offload_init(void)
537 {
538 register_netdevice_notifier(&bpf_offload_notifier);
539 return 0;
540 }
541
542 subsys_initcall(bpf_offload_init);
CRIS linux kernel tree