search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
accel/amdxdna: use modern PM helpers
[drm/drm-misc.git] / kernel / bpf / devmap.c
blob3aa002a47a96669dca5d4460c49d0eac9492e523
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* Copyright (c) 2017 Covalent IO, Inc. http://covalent.io
3 */
4
5 /* Devmaps primary use is as a backend map for XDP BPF helper call
6 * bpf_redirect_map(). Because XDP is mostly concerned with performance we
7 * spent some effort to ensure the datapath with redirect maps does not use
8 * any locking. This is a quick note on the details.
9 *
10 * We have three possible paths to get into the devmap control plane bpf
11 * syscalls, bpf programs, and driver side xmit/flush operations. A bpf syscall
12 * will invoke an update, delete, or lookup operation. To ensure updates and
13 * deletes appear atomic from the datapath side xchg() is used to modify the
14 * netdev_map array. Then because the datapath does a lookup into the netdev_map
15 * array (read-only) from an RCU critical section we use call_rcu() to wait for
16 * an rcu grace period before free'ing the old data structures. This ensures the
17 * datapath always has a valid copy. However, the datapath does a "flush"
18 * operation that pushes any pending packets in the driver outside the RCU
19 * critical section. Each bpf_dtab_netdev tracks these pending operations using
20 * a per-cpu flush list. The bpf_dtab_netdev object will not be destroyed until
21 * this list is empty, indicating outstanding flush operations have completed.
22 *
23 * BPF syscalls may race with BPF program calls on any of the update, delete
24 * or lookup operations. As noted above the xchg() operation also keep the
25 * netdev_map consistent in this case. From the devmap side BPF programs
26 * calling into these operations are the same as multiple user space threads
27 * making system calls.
28 *
29 * Finally, any of the above may race with a netdev_unregister notifier. The
30 * unregister notifier must search for net devices in the map structure that
31 * contain a reference to the net device and remove them. This is a two step
32 * process (a) dereference the bpf_dtab_netdev object in netdev_map and (b)
33 * check to see if the ifindex is the same as the net_device being removed.
34 * When removing the dev a cmpxchg() is used to ensure the correct dev is
35 * removed, in the case of a concurrent update or delete operation it is
36 * possible that the initially referenced dev is no longer in the map. As the
37 * notifier hook walks the map we know that new dev references can not be
38 * added by the user because core infrastructure ensures dev_get_by_index()
39 * calls will fail at this point.
40 *
41 * The devmap_hash type is a map type which interprets keys as ifindexes and
42 * indexes these using a hashmap. This allows maps that use ifindex as key to be
43 * densely packed instead of having holes in the lookup array for unused
44 * ifindexes. The setup and packet enqueue/send code is shared between the two
45 * types of devmap; only the lookup and insertion is different.
46 */
47 #include <linux/bpf.h>
48 #include <net/xdp.h>
49 #include <linux/filter.h>
50 #include <trace/events/xdp.h>
51 #include <linux/btf_ids.h>
52
53 #define DEV_CREATE_FLAG_MASK \
54 (BPF_F_NUMA_NODE | BPF_F_RDONLY | BPF_F_WRONLY)
55
56 struct xdp_dev_bulk_queue {
57 struct xdp_frame *q[DEV_MAP_BULK_SIZE];
58 struct list_head flush_node;
59 struct net_device *dev;
60 struct net_device *dev_rx;
61 struct bpf_prog *xdp_prog;
62 unsigned int count;
63 };
64
65 struct bpf_dtab_netdev {
66 struct net_device *dev; /* must be first member, due to tracepoint */
67 struct hlist_node index_hlist;
68 struct bpf_prog *xdp_prog;
69 struct rcu_head rcu;
70 unsigned int idx;
71 struct bpf_devmap_val val;
72 };
73
74 struct bpf_dtab {
75 struct bpf_map map;
76 struct bpf_dtab_netdev __rcu **netdev_map; /* DEVMAP type only */
77 struct list_head list;
78
79 /* these are only used for DEVMAP_HASH type maps */
80 struct hlist_head *dev_index_head;
81 spinlock_t index_lock;
82 unsigned int items;
83 u32 n_buckets;
84 };
85
86 static DEFINE_SPINLOCK(dev_map_lock);
87 static LIST_HEAD(dev_map_list);
88
89 static struct hlist_head *dev_map_create_hash(unsigned int entries,
90 int numa_node)
91 {
92 int i;
93 struct hlist_head *hash;
94
95 hash = bpf_map_area_alloc((u64) entries * sizeof(*hash), numa_node);
96 if (hash != NULL)
97 for (i = 0; i < entries; i++)
98 INIT_HLIST_HEAD(&hash[i]);
99
100 return hash;
101 }
102
103 static inline struct hlist_head *dev_map_index_hash(struct bpf_dtab *dtab,
104 int idx)
105 {
106 return &dtab->dev_index_head[idx & (dtab->n_buckets - 1)];
107 }
108
109 static int dev_map_alloc_check(union bpf_attr *attr)
110 {
111 u32 valsize = attr->value_size;
112
113 /* check sanity of attributes. 2 value sizes supported:
114 * 4 bytes: ifindex
115 * 8 bytes: ifindex + prog fd
116 */
117 if (attr->max_entries == 0 || attr->key_size != 4 ||
118 (valsize != offsetofend(struct bpf_devmap_val, ifindex) &&
119 valsize != offsetofend(struct bpf_devmap_val, bpf_prog.fd)) ||
120 attr->map_flags & ~DEV_CREATE_FLAG_MASK)
121 return -EINVAL;
122
123 if (attr->map_type == BPF_MAP_TYPE_DEVMAP_HASH) {
124 /* Hash table size must be power of 2; roundup_pow_of_two()
125 * can overflow into UB on 32-bit arches
126 */
127 if (attr->max_entries > 1UL << 31)
128 return -EINVAL;
129 }
130
131 return 0;
132 }
133
134 static int dev_map_init_map(struct bpf_dtab *dtab, union bpf_attr *attr)
135 {
136 /* Lookup returns a pointer straight to dev->ifindex, so make sure the
137 * verifier prevents writes from the BPF side
138 */
139 attr->map_flags |= BPF_F_RDONLY_PROG;
140 bpf_map_init_from_attr(&dtab->map, attr);
141
142 if (attr->map_type == BPF_MAP_TYPE_DEVMAP_HASH) {
143 /* Hash table size must be power of 2 */
144 dtab->n_buckets = roundup_pow_of_two(dtab->map.max_entries);
145 dtab->dev_index_head = dev_map_create_hash(dtab->n_buckets,
146 dtab->map.numa_node);
147 if (!dtab->dev_index_head)
148 return -ENOMEM;
149
150 spin_lock_init(&dtab->index_lock);
151 } else {
152 dtab->netdev_map = bpf_map_area_alloc((u64) dtab->map.max_entries *
153 sizeof(struct bpf_dtab_netdev *),
154 dtab->map.numa_node);
155 if (!dtab->netdev_map)
156 return -ENOMEM;
157 }
158
159 return 0;
160 }
161
162 static struct bpf_map *dev_map_alloc(union bpf_attr *attr)
163 {
164 struct bpf_dtab *dtab;
165 int err;
166
167 dtab = bpf_map_area_alloc(sizeof(*dtab), NUMA_NO_NODE);
168 if (!dtab)
169 return ERR_PTR(-ENOMEM);
170
171 err = dev_map_init_map(dtab, attr);
172 if (err) {
173 bpf_map_area_free(dtab);
174 return ERR_PTR(err);
175 }
176
177 spin_lock(&dev_map_lock);
178 list_add_tail_rcu(&dtab->list, &dev_map_list);
179 spin_unlock(&dev_map_lock);
180
181 return &dtab->map;
182 }
183
184 static void dev_map_free(struct bpf_map *map)
185 {
186 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
187 u32 i;
188
189 /* At this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,
190 * so the programs (can be more than one that used this map) were
191 * disconnected from events. The following synchronize_rcu() guarantees
192 * both rcu read critical sections complete and waits for
193 * preempt-disable regions (NAPI being the relevant context here) so we
194 * are certain there will be no further reads against the netdev_map and
195 * all flush operations are complete. Flush operations can only be done
196 * from NAPI context for this reason.
197 */
198
199 spin_lock(&dev_map_lock);
200 list_del_rcu(&dtab->list);
201 spin_unlock(&dev_map_lock);
202
203 /* bpf_redirect_info->map is assigned in __bpf_xdp_redirect_map()
204 * during NAPI callback and cleared after the XDP redirect. There is no
205 * explicit RCU read section which protects bpf_redirect_info->map but
206 * local_bh_disable() also marks the beginning an RCU section. This
207 * makes the complete softirq callback RCU protected. Thus after
208 * following synchronize_rcu() there no bpf_redirect_info->map == map
209 * assignment.
210 */
211 synchronize_rcu();
212
213 /* Make sure prior __dev_map_entry_free() have completed. */
214 rcu_barrier();
215
216 if (dtab->map.map_type == BPF_MAP_TYPE_DEVMAP_HASH) {
217 for (i = 0; i < dtab->n_buckets; i++) {
218 struct bpf_dtab_netdev *dev;
219 struct hlist_head *head;
220 struct hlist_node *next;
221
222 head = dev_map_index_hash(dtab, i);
223
224 hlist_for_each_entry_safe(dev, next, head, index_hlist) {
225 hlist_del_rcu(&dev->index_hlist);
226 if (dev->xdp_prog)
227 bpf_prog_put(dev->xdp_prog);
228 dev_put(dev->dev);
229 kfree(dev);
230 }
231 }
232
233 bpf_map_area_free(dtab->dev_index_head);
234 } else {
235 for (i = 0; i < dtab->map.max_entries; i++) {
236 struct bpf_dtab_netdev *dev;
237
238 dev = rcu_dereference_raw(dtab->netdev_map[i]);
239 if (!dev)
240 continue;
241
242 if (dev->xdp_prog)
243 bpf_prog_put(dev->xdp_prog);
244 dev_put(dev->dev);
245 kfree(dev);
246 }
247
248 bpf_map_area_free(dtab->netdev_map);
249 }
250
251 bpf_map_area_free(dtab);
252 }
253
254 static int dev_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
255 {
256 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
257 u32 index = key ? *(u32 *)key : U32_MAX;
258 u32 *next = next_key;
259
260 if (index >= dtab->map.max_entries) {
261 *next = 0;
262 return 0;
263 }
264
265 if (index == dtab->map.max_entries - 1)
266 return -ENOENT;
267 *next = index + 1;
268 return 0;
269 }
270
271 /* Elements are kept alive by RCU; either by rcu_read_lock() (from syscall) or
272 * by local_bh_disable() (from XDP calls inside NAPI). The
273 * rcu_read_lock_bh_held() below makes lockdep accept both.
274 */
275 static void *__dev_map_hash_lookup_elem(struct bpf_map *map, u32 key)
276 {
277 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
278 struct hlist_head *head = dev_map_index_hash(dtab, key);
279 struct bpf_dtab_netdev *dev;
280
281 hlist_for_each_entry_rcu(dev, head, index_hlist,
282 lockdep_is_held(&dtab->index_lock))
283 if (dev->idx == key)
284 return dev;
285
286 return NULL;
287 }
288
289 static int dev_map_hash_get_next_key(struct bpf_map *map, void *key,
290 void *next_key)
291 {
292 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
293 u32 idx, *next = next_key;
294 struct bpf_dtab_netdev *dev, *next_dev;
295 struct hlist_head *head;
296 int i = 0;
297
298 if (!key)
299 goto find_first;
300
301 idx = *(u32 *)key;
302
303 dev = __dev_map_hash_lookup_elem(map, idx);
304 if (!dev)
305 goto find_first;
306
307 next_dev = hlist_entry_safe(rcu_dereference_raw(hlist_next_rcu(&dev->index_hlist)),
308 struct bpf_dtab_netdev, index_hlist);
309
310 if (next_dev) {
311 *next = next_dev->idx;
312 return 0;
313 }
314
315 i = idx & (dtab->n_buckets - 1);
316 i++;
317
318 find_first:
319 for (; i < dtab->n_buckets; i++) {
320 head = dev_map_index_hash(dtab, i);
321
322 next_dev = hlist_entry_safe(rcu_dereference_raw(hlist_first_rcu(head)),
323 struct bpf_dtab_netdev,
324 index_hlist);
325 if (next_dev) {
326 *next = next_dev->idx;
327 return 0;
328 }
329 }
330
331 return -ENOENT;
332 }
333
334 static int dev_map_bpf_prog_run(struct bpf_prog *xdp_prog,
335 struct xdp_frame **frames, int n,
336 struct net_device *tx_dev,
337 struct net_device *rx_dev)
338 {
339 struct xdp_txq_info txq = { .dev = tx_dev };
340 struct xdp_rxq_info rxq = { .dev = rx_dev };
341 struct xdp_buff xdp;
342 int i, nframes = 0;
343
344 for (i = 0; i < n; i++) {
345 struct xdp_frame *xdpf = frames[i];
346 u32 act;
347 int err;
348
349 xdp_convert_frame_to_buff(xdpf, &xdp);
350 xdp.txq = &txq;
351 xdp.rxq = &rxq;
352
353 act = bpf_prog_run_xdp(xdp_prog, &xdp);
354 switch (act) {
355 case XDP_PASS:
356 err = xdp_update_frame_from_buff(&xdp, xdpf);
357 if (unlikely(err < 0))
358 xdp_return_frame_rx_napi(xdpf);
359 else
360 frames[nframes++] = xdpf;
361 break;
362 default:
363 bpf_warn_invalid_xdp_action(NULL, xdp_prog, act);
364 fallthrough;
365 case XDP_ABORTED:
366 trace_xdp_exception(tx_dev, xdp_prog, act);
367 fallthrough;
368 case XDP_DROP:
369 xdp_return_frame_rx_napi(xdpf);
370 break;
371 }
372 }
373 return nframes; /* sent frames count */
374 }
375
376 static void bq_xmit_all(struct xdp_dev_bulk_queue *bq, u32 flags)
377 {
378 struct net_device *dev = bq->dev;
379 unsigned int cnt = bq->count;
380 int sent = 0, err = 0;
381 int to_send = cnt;
382 int i;
383
384 if (unlikely(!cnt))
385 return;
386
387 for (i = 0; i < cnt; i++) {
388 struct xdp_frame *xdpf = bq->q[i];
389
390 prefetch(xdpf);
391 }
392
393 if (bq->xdp_prog) {
394 to_send = dev_map_bpf_prog_run(bq->xdp_prog, bq->q, cnt, dev, bq->dev_rx);
395 if (!to_send)
396 goto out;
397 }
398
399 sent = dev->netdev_ops->ndo_xdp_xmit(dev, to_send, bq->q, flags);
400 if (sent < 0) {
401 /* If ndo_xdp_xmit fails with an errno, no frames have
402 * been xmit'ed.
403 */
404 err = sent;
405 sent = 0;
406 }
407
408 /* If not all frames have been transmitted, it is our
409 * responsibility to free them
410 */
411 for (i = sent; unlikely(i < to_send); i++)
412 xdp_return_frame_rx_napi(bq->q[i]);
413
414 out:
415 bq->count = 0;
416 trace_xdp_devmap_xmit(bq->dev_rx, dev, sent, cnt - sent, err);
417 }
418
419 /* __dev_flush is called from xdp_do_flush() which _must_ be signalled from the
420 * driver before returning from its napi->poll() routine. See the comment above
421 * xdp_do_flush() in filter.c.
422 */
423 void __dev_flush(struct list_head *flush_list)
424 {
425 struct xdp_dev_bulk_queue *bq, *tmp;
426
427 list_for_each_entry_safe(bq, tmp, flush_list, flush_node) {
428 bq_xmit_all(bq, XDP_XMIT_FLUSH);
429 bq->dev_rx = NULL;
430 bq->xdp_prog = NULL;
431 __list_del_clearprev(&bq->flush_node);
432 }
433 }
434
435 /* Elements are kept alive by RCU; either by rcu_read_lock() (from syscall) or
436 * by local_bh_disable() (from XDP calls inside NAPI). The
437 * rcu_read_lock_bh_held() below makes lockdep accept both.
438 */
439 static void *__dev_map_lookup_elem(struct bpf_map *map, u32 key)
440 {
441 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
442 struct bpf_dtab_netdev *obj;
443
444 if (key >= map->max_entries)
445 return NULL;
446
447 obj = rcu_dereference_check(dtab->netdev_map[key],
448 rcu_read_lock_bh_held());
449 return obj;
450 }
451
452 /* Runs in NAPI, i.e., softirq under local_bh_disable(). Thus, safe percpu
453 * variable access, and map elements stick around. See comment above
454 * xdp_do_flush() in filter.c.
455 */
456 static void bq_enqueue(struct net_device *dev, struct xdp_frame *xdpf,
457 struct net_device *dev_rx, struct bpf_prog *xdp_prog)
458 {
459 struct xdp_dev_bulk_queue *bq = this_cpu_ptr(dev->xdp_bulkq);
460
461 if (unlikely(bq->count == DEV_MAP_BULK_SIZE))
462 bq_xmit_all(bq, 0);
463
464 /* Ingress dev_rx will be the same for all xdp_frame's in
465 * bulk_queue, because bq stored per-CPU and must be flushed
466 * from net_device drivers NAPI func end.
467 *
468 * Do the same with xdp_prog and flush_list since these fields
469 * are only ever modified together.
470 */
471 if (!bq->dev_rx) {
472 struct list_head *flush_list = bpf_net_ctx_get_dev_flush_list();
473
474 bq->dev_rx = dev_rx;
475 bq->xdp_prog = xdp_prog;
476 list_add(&bq->flush_node, flush_list);
477 }
478
479 bq->q[bq->count++] = xdpf;
480 }
481
482 static inline int __xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf,
483 struct net_device *dev_rx,
484 struct bpf_prog *xdp_prog)
485 {
486 int err;
487
488 if (!(dev->xdp_features & NETDEV_XDP_ACT_NDO_XMIT))
489 return -EOPNOTSUPP;
490
491 if (unlikely(!(dev->xdp_features & NETDEV_XDP_ACT_NDO_XMIT_SG) &&
492 xdp_frame_has_frags(xdpf)))
493 return -EOPNOTSUPP;
494
495 err = xdp_ok_fwd_dev(dev, xdp_get_frame_len(xdpf));
496 if (unlikely(err))
497 return err;
498
499 bq_enqueue(dev, xdpf, dev_rx, xdp_prog);
500 return 0;
501 }
502
503 static u32 dev_map_bpf_prog_run_skb(struct sk_buff *skb, struct bpf_dtab_netdev *dst)
504 {
505 struct xdp_txq_info txq = { .dev = dst->dev };
506 struct xdp_buff xdp;
507 u32 act;
508
509 if (!dst->xdp_prog)
510 return XDP_PASS;
511
512 __skb_pull(skb, skb->mac_len);
513 xdp.txq = &txq;
514
515 act = bpf_prog_run_generic_xdp(skb, &xdp, dst->xdp_prog);
516 switch (act) {
517 case XDP_PASS:
518 __skb_push(skb, skb->mac_len);
519 break;
520 default:
521 bpf_warn_invalid_xdp_action(NULL, dst->xdp_prog, act);
522 fallthrough;
523 case XDP_ABORTED:
524 trace_xdp_exception(dst->dev, dst->xdp_prog, act);
525 fallthrough;
526 case XDP_DROP:
527 kfree_skb(skb);
528 break;
529 }
530
531 return act;
532 }
533
534 int dev_xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf,
535 struct net_device *dev_rx)
536 {
537 return __xdp_enqueue(dev, xdpf, dev_rx, NULL);
538 }
539
540 int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_frame *xdpf,
541 struct net_device *dev_rx)
542 {
543 struct net_device *dev = dst->dev;
544
545 return __xdp_enqueue(dev, xdpf, dev_rx, dst->xdp_prog);
546 }
547
548 static bool is_valid_dst(struct bpf_dtab_netdev *obj, struct xdp_frame *xdpf)
549 {
550 if (!obj)
551 return false;
552
553 if (!(obj->dev->xdp_features & NETDEV_XDP_ACT_NDO_XMIT))
554 return false;
555
556 if (unlikely(!(obj->dev->xdp_features & NETDEV_XDP_ACT_NDO_XMIT_SG) &&
557 xdp_frame_has_frags(xdpf)))
558 return false;
559
560 if (xdp_ok_fwd_dev(obj->dev, xdp_get_frame_len(xdpf)))
561 return false;
562
563 return true;
564 }
565
566 static int dev_map_enqueue_clone(struct bpf_dtab_netdev *obj,
567 struct net_device *dev_rx,
568 struct xdp_frame *xdpf)
569 {
570 struct xdp_frame *nxdpf;
571
572 nxdpf = xdpf_clone(xdpf);
573 if (!nxdpf)
574 return -ENOMEM;
575
576 bq_enqueue(obj->dev, nxdpf, dev_rx, obj->xdp_prog);
577
578 return 0;
579 }
580
581 static inline bool is_ifindex_excluded(int *excluded, int num_excluded, int ifindex)
582 {
583 while (num_excluded--) {
584 if (ifindex == excluded[num_excluded])
585 return true;
586 }
587 return false;
588 }
589
590 /* Get ifindex of each upper device. 'indexes' must be able to hold at
591 * least MAX_NEST_DEV elements.
592 * Returns the number of ifindexes added.
593 */
594 static int get_upper_ifindexes(struct net_device *dev, int *indexes)
595 {
596 struct net_device *upper;
597 struct list_head *iter;
598 int n = 0;
599
600 netdev_for_each_upper_dev_rcu(dev, upper, iter) {
601 indexes[n++] = upper->ifindex;
602 }
603 return n;
604 }
605
606 int dev_map_enqueue_multi(struct xdp_frame *xdpf, struct net_device *dev_rx,
607 struct bpf_map *map, bool exclude_ingress)
608 {
609 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
610 struct bpf_dtab_netdev *dst, *last_dst = NULL;
611 int excluded_devices[1+MAX_NEST_DEV];
612 struct hlist_head *head;
613 int num_excluded = 0;
614 unsigned int i;
615 int err;
616
617 if (exclude_ingress) {
618 num_excluded = get_upper_ifindexes(dev_rx, excluded_devices);
619 excluded_devices[num_excluded++] = dev_rx->ifindex;
620 }
621
622 if (map->map_type == BPF_MAP_TYPE_DEVMAP) {
623 for (i = 0; i < map->max_entries; i++) {
624 dst = rcu_dereference_check(dtab->netdev_map[i],
625 rcu_read_lock_bh_held());
626 if (!is_valid_dst(dst, xdpf))
627 continue;
628
629 if (is_ifindex_excluded(excluded_devices, num_excluded, dst->dev->ifindex))
630 continue;
631
632 /* we only need n-1 clones; last_dst enqueued below */
633 if (!last_dst) {
634 last_dst = dst;
635 continue;
636 }
637
638 err = dev_map_enqueue_clone(last_dst, dev_rx, xdpf);
639 if (err)
640 return err;
641
642 last_dst = dst;
643 }
644 } else { /* BPF_MAP_TYPE_DEVMAP_HASH */
645 for (i = 0; i < dtab->n_buckets; i++) {
646 head = dev_map_index_hash(dtab, i);
647 hlist_for_each_entry_rcu(dst, head, index_hlist,
648 lockdep_is_held(&dtab->index_lock)) {
649 if (!is_valid_dst(dst, xdpf))
650 continue;
651
652 if (is_ifindex_excluded(excluded_devices, num_excluded,
653 dst->dev->ifindex))
654 continue;
655
656 /* we only need n-1 clones; last_dst enqueued below */
657 if (!last_dst) {
658 last_dst = dst;
659 continue;
660 }
661
662 err = dev_map_enqueue_clone(last_dst, dev_rx, xdpf);
663 if (err)
664 return err;
665
666 last_dst = dst;
667 }
668 }
669 }
670
671 /* consume the last copy of the frame */
672 if (last_dst)
673 bq_enqueue(last_dst->dev, xdpf, dev_rx, last_dst->xdp_prog);
674 else
675 xdp_return_frame_rx_napi(xdpf); /* dtab is empty */
676
677 return 0;
678 }
679
680 int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, struct sk_buff *skb,
681 struct bpf_prog *xdp_prog)
682 {
683 int err;
684
685 err = xdp_ok_fwd_dev(dst->dev, skb->len);
686 if (unlikely(err))
687 return err;
688
689 /* Redirect has already succeeded semantically at this point, so we just
690 * return 0 even if packet is dropped. Helper below takes care of
691 * freeing skb.
692 */
693 if (dev_map_bpf_prog_run_skb(skb, dst) != XDP_PASS)
694 return 0;
695
696 skb->dev = dst->dev;
697 generic_xdp_tx(skb, xdp_prog);
698
699 return 0;
700 }
701
702 static int dev_map_redirect_clone(struct bpf_dtab_netdev *dst,
703 struct sk_buff *skb,
704 struct bpf_prog *xdp_prog)
705 {
706 struct sk_buff *nskb;
707 int err;
708
709 nskb = skb_clone(skb, GFP_ATOMIC);
710 if (!nskb)
711 return -ENOMEM;
712
713 err = dev_map_generic_redirect(dst, nskb, xdp_prog);
714 if (unlikely(err)) {
715 consume_skb(nskb);
716 return err;
717 }
718
719 return 0;
720 }
721
722 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb,
723 struct bpf_prog *xdp_prog, struct bpf_map *map,
724 bool exclude_ingress)
725 {
726 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
727 struct bpf_dtab_netdev *dst, *last_dst = NULL;
728 int excluded_devices[1+MAX_NEST_DEV];
729 struct hlist_head *head;
730 struct hlist_node *next;
731 int num_excluded = 0;
732 unsigned int i;
733 int err;
734
735 if (exclude_ingress) {
736 num_excluded = get_upper_ifindexes(dev, excluded_devices);
737 excluded_devices[num_excluded++] = dev->ifindex;
738 }
739
740 if (map->map_type == BPF_MAP_TYPE_DEVMAP) {
741 for (i = 0; i < map->max_entries; i++) {
742 dst = rcu_dereference_check(dtab->netdev_map[i],
743 rcu_read_lock_bh_held());
744 if (!dst)
745 continue;
746
747 if (is_ifindex_excluded(excluded_devices, num_excluded, dst->dev->ifindex))
748 continue;
749
750 /* we only need n-1 clones; last_dst enqueued below */
751 if (!last_dst) {
752 last_dst = dst;
753 continue;
754 }
755
756 err = dev_map_redirect_clone(last_dst, skb, xdp_prog);
757 if (err)
758 return err;
759
760 last_dst = dst;
761
762 }
763 } else { /* BPF_MAP_TYPE_DEVMAP_HASH */
764 for (i = 0; i < dtab->n_buckets; i++) {
765 head = dev_map_index_hash(dtab, i);
766 hlist_for_each_entry_safe(dst, next, head, index_hlist) {
767 if (is_ifindex_excluded(excluded_devices, num_excluded,
768 dst->dev->ifindex))
769 continue;
770
771 /* we only need n-1 clones; last_dst enqueued below */
772 if (!last_dst) {
773 last_dst = dst;
774 continue;
775 }
776
777 err = dev_map_redirect_clone(last_dst, skb, xdp_prog);
778 if (err)
779 return err;
780
781 last_dst = dst;
782 }
783 }
784 }
785
786 /* consume the first skb and return */
787 if (last_dst)
788 return dev_map_generic_redirect(last_dst, skb, xdp_prog);
789
790 /* dtab is empty */
791 consume_skb(skb);
792 return 0;
793 }
794
795 static void *dev_map_lookup_elem(struct bpf_map *map, void *key)
796 {
797 struct bpf_dtab_netdev *obj = __dev_map_lookup_elem(map, *(u32 *)key);
798
799 return obj ? &obj->val : NULL;
800 }
801
802 static void *dev_map_hash_lookup_elem(struct bpf_map *map, void *key)
803 {
804 struct bpf_dtab_netdev *obj = __dev_map_hash_lookup_elem(map,
805 *(u32 *)key);
806 return obj ? &obj->val : NULL;
807 }
808
809 static void __dev_map_entry_free(struct rcu_head *rcu)
810 {
811 struct bpf_dtab_netdev *dev;
812
813 dev = container_of(rcu, struct bpf_dtab_netdev, rcu);
814 if (dev->xdp_prog)
815 bpf_prog_put(dev->xdp_prog);
816 dev_put(dev->dev);
817 kfree(dev);
818 }
819
820 static long dev_map_delete_elem(struct bpf_map *map, void *key)
821 {
822 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
823 struct bpf_dtab_netdev *old_dev;
824 u32 k = *(u32 *)key;
825
826 if (k >= map->max_entries)
827 return -EINVAL;
828
829 old_dev = unrcu_pointer(xchg(&dtab->netdev_map[k], NULL));
830 if (old_dev) {
831 call_rcu(&old_dev->rcu, __dev_map_entry_free);
832 atomic_dec((atomic_t *)&dtab->items);
833 }
834 return 0;
835 }
836
837 static long dev_map_hash_delete_elem(struct bpf_map *map, void *key)
838 {
839 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
840 struct bpf_dtab_netdev *old_dev;
841 u32 k = *(u32 *)key;
842 unsigned long flags;
843 int ret = -ENOENT;
844
845 spin_lock_irqsave(&dtab->index_lock, flags);
846
847 old_dev = __dev_map_hash_lookup_elem(map, k);
848 if (old_dev) {
849 dtab->items--;
850 hlist_del_init_rcu(&old_dev->index_hlist);
851 call_rcu(&old_dev->rcu, __dev_map_entry_free);
852 ret = 0;
853 }
854 spin_unlock_irqrestore(&dtab->index_lock, flags);
855
856 return ret;
857 }
858
859 static struct bpf_dtab_netdev *__dev_map_alloc_node(struct net *net,
860 struct bpf_dtab *dtab,
861 struct bpf_devmap_val *val,
862 unsigned int idx)
863 {
864 struct bpf_prog *prog = NULL;
865 struct bpf_dtab_netdev *dev;
866
867 dev = bpf_map_kmalloc_node(&dtab->map, sizeof(*dev),
868 GFP_NOWAIT | __GFP_NOWARN,
869 dtab->map.numa_node);
870 if (!dev)
871 return ERR_PTR(-ENOMEM);
872
873 dev->dev = dev_get_by_index(net, val->ifindex);
874 if (!dev->dev)
875 goto err_out;
876
877 if (val->bpf_prog.fd > 0) {
878 prog = bpf_prog_get_type_dev(val->bpf_prog.fd,
879 BPF_PROG_TYPE_XDP, false);
880 if (IS_ERR(prog))
881 goto err_put_dev;
882 if (prog->expected_attach_type != BPF_XDP_DEVMAP ||
883 !bpf_prog_map_compatible(&dtab->map, prog))
884 goto err_put_prog;
885 }
886
887 dev->idx = idx;
888 if (prog) {
889 dev->xdp_prog = prog;
890 dev->val.bpf_prog.id = prog->aux->id;
891 } else {
892 dev->xdp_prog = NULL;
893 dev->val.bpf_prog.id = 0;
894 }
895 dev->val.ifindex = val->ifindex;
896
897 return dev;
898 err_put_prog:
899 bpf_prog_put(prog);
900 err_put_dev:
901 dev_put(dev->dev);
902 err_out:
903 kfree(dev);
904 return ERR_PTR(-EINVAL);
905 }
906
907 static long __dev_map_update_elem(struct net *net, struct bpf_map *map,
908 void *key, void *value, u64 map_flags)
909 {
910 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
911 struct bpf_dtab_netdev *dev, *old_dev;
912 struct bpf_devmap_val val = {};
913 u32 i = *(u32 *)key;
914
915 if (unlikely(map_flags > BPF_EXIST))
916 return -EINVAL;
917 if (unlikely(i >= dtab->map.max_entries))
918 return -E2BIG;
919 if (unlikely(map_flags == BPF_NOEXIST))
920 return -EEXIST;
921
922 /* already verified value_size <= sizeof val */
923 memcpy(&val, value, map->value_size);
924
925 if (!val.ifindex) {
926 dev = NULL;
927 /* can not specify fd if ifindex is 0 */
928 if (val.bpf_prog.fd > 0)
929 return -EINVAL;
930 } else {
931 dev = __dev_map_alloc_node(net, dtab, &val, i);
932 if (IS_ERR(dev))
933 return PTR_ERR(dev);
934 }
935
936 /* Use call_rcu() here to ensure rcu critical sections have completed
937 * Remembering the driver side flush operation will happen before the
938 * net device is removed.
939 */
940 old_dev = unrcu_pointer(xchg(&dtab->netdev_map[i], RCU_INITIALIZER(dev)));
941 if (old_dev)
942 call_rcu(&old_dev->rcu, __dev_map_entry_free);
943 else
944 atomic_inc((atomic_t *)&dtab->items);
945
946 return 0;
947 }
948
949 static long dev_map_update_elem(struct bpf_map *map, void *key, void *value,
950 u64 map_flags)
951 {
952 return __dev_map_update_elem(current->nsproxy->net_ns,
953 map, key, value, map_flags);
954 }
955
956 static long __dev_map_hash_update_elem(struct net *net, struct bpf_map *map,
957 void *key, void *value, u64 map_flags)
958 {
959 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
960 struct bpf_dtab_netdev *dev, *old_dev;
961 struct bpf_devmap_val val = {};
962 u32 idx = *(u32 *)key;
963 unsigned long flags;
964 int err = -EEXIST;
965
966 /* already verified value_size <= sizeof val */
967 memcpy(&val, value, map->value_size);
968
969 if (unlikely(map_flags > BPF_EXIST || !val.ifindex))
970 return -EINVAL;
971
972 spin_lock_irqsave(&dtab->index_lock, flags);
973
974 old_dev = __dev_map_hash_lookup_elem(map, idx);
975 if (old_dev && (map_flags & BPF_NOEXIST))
976 goto out_err;
977
978 dev = __dev_map_alloc_node(net, dtab, &val, idx);
979 if (IS_ERR(dev)) {
980 err = PTR_ERR(dev);
981 goto out_err;
982 }
983
984 if (old_dev) {
985 hlist_del_rcu(&old_dev->index_hlist);
986 } else {
987 if (dtab->items >= dtab->map.max_entries) {
988 spin_unlock_irqrestore(&dtab->index_lock, flags);
989 call_rcu(&dev->rcu, __dev_map_entry_free);
990 return -E2BIG;
991 }
992 dtab->items++;
993 }
994
995 hlist_add_head_rcu(&dev->index_hlist,
996 dev_map_index_hash(dtab, idx));
997 spin_unlock_irqrestore(&dtab->index_lock, flags);
998
999 if (old_dev)
1000 call_rcu(&old_dev->rcu, __dev_map_entry_free);
1001
1002 return 0;
1003
1004 out_err:
1005 spin_unlock_irqrestore(&dtab->index_lock, flags);
1006 return err;
1007 }
1008
1009 static long dev_map_hash_update_elem(struct bpf_map *map, void *key, void *value,
1010 u64 map_flags)
1011 {
1012 return __dev_map_hash_update_elem(current->nsproxy->net_ns,
1013 map, key, value, map_flags);
1014 }
1015
1016 static long dev_map_redirect(struct bpf_map *map, u64 ifindex, u64 flags)
1017 {
1018 return __bpf_xdp_redirect_map(map, ifindex, flags,
1019 BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS,
1020 __dev_map_lookup_elem);
1021 }
1022
1023 static long dev_hash_map_redirect(struct bpf_map *map, u64 ifindex, u64 flags)
1024 {
1025 return __bpf_xdp_redirect_map(map, ifindex, flags,
1026 BPF_F_BROADCAST | BPF_F_EXCLUDE_INGRESS,
1027 __dev_map_hash_lookup_elem);
1028 }
1029
1030 static u64 dev_map_mem_usage(const struct bpf_map *map)
1031 {
1032 struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
1033 u64 usage = sizeof(struct bpf_dtab);
1034
1035 if (map->map_type == BPF_MAP_TYPE_DEVMAP_HASH)
1036 usage += (u64)dtab->n_buckets * sizeof(struct hlist_head);
1037 else
1038 usage += (u64)map->max_entries * sizeof(struct bpf_dtab_netdev *);
1039 usage += atomic_read((atomic_t *)&dtab->items) *
1040 (u64)sizeof(struct bpf_dtab_netdev);
1041 return usage;
1042 }
1043
1044 BTF_ID_LIST_SINGLE(dev_map_btf_ids, struct, bpf_dtab)
1045 const struct bpf_map_ops dev_map_ops = {
1046 .map_meta_equal = bpf_map_meta_equal,
1047 .map_alloc_check = dev_map_alloc_check,
1048 .map_alloc = dev_map_alloc,
1049 .map_free = dev_map_free,
1050 .map_get_next_key = dev_map_get_next_key,
1051 .map_lookup_elem = dev_map_lookup_elem,
1052 .map_update_elem = dev_map_update_elem,
1053 .map_delete_elem = dev_map_delete_elem,
1054 .map_check_btf = map_check_no_btf,
1055 .map_mem_usage = dev_map_mem_usage,
1056 .map_btf_id = &dev_map_btf_ids[0],
1057 .map_redirect = dev_map_redirect,
1058 };
1059
1060 const struct bpf_map_ops dev_map_hash_ops = {
1061 .map_meta_equal = bpf_map_meta_equal,
1062 .map_alloc_check = dev_map_alloc_check,
1063 .map_alloc = dev_map_alloc,
1064 .map_free = dev_map_free,
1065 .map_get_next_key = dev_map_hash_get_next_key,
1066 .map_lookup_elem = dev_map_hash_lookup_elem,
1067 .map_update_elem = dev_map_hash_update_elem,
1068 .map_delete_elem = dev_map_hash_delete_elem,
1069 .map_check_btf = map_check_no_btf,
1070 .map_mem_usage = dev_map_mem_usage,
1071 .map_btf_id = &dev_map_btf_ids[0],
1072 .map_redirect = dev_hash_map_redirect,
1073 };
1074
1075 static void dev_map_hash_remove_netdev(struct bpf_dtab *dtab,
1076 struct net_device *netdev)
1077 {
1078 unsigned long flags;
1079 u32 i;
1080
1081 spin_lock_irqsave(&dtab->index_lock, flags);
1082 for (i = 0; i < dtab->n_buckets; i++) {
1083 struct bpf_dtab_netdev *dev;
1084 struct hlist_head *head;
1085 struct hlist_node *next;
1086
1087 head = dev_map_index_hash(dtab, i);
1088
1089 hlist_for_each_entry_safe(dev, next, head, index_hlist) {
1090 if (netdev != dev->dev)
1091 continue;
1092
1093 dtab->items--;
1094 hlist_del_rcu(&dev->index_hlist);
1095 call_rcu(&dev->rcu, __dev_map_entry_free);
1096 }
1097 }
1098 spin_unlock_irqrestore(&dtab->index_lock, flags);
1099 }
1100
1101 static int dev_map_notification(struct notifier_block *notifier,
1102 ulong event, void *ptr)
1103 {
1104 struct net_device *netdev = netdev_notifier_info_to_dev(ptr);
1105 struct bpf_dtab *dtab;
1106 int i, cpu;
1107
1108 switch (event) {
1109 case NETDEV_REGISTER:
1110 if (!netdev->netdev_ops->ndo_xdp_xmit || netdev->xdp_bulkq)
1111 break;
1112
1113 /* will be freed in free_netdev() */
1114 netdev->xdp_bulkq = alloc_percpu(struct xdp_dev_bulk_queue);
1115 if (!netdev->xdp_bulkq)
1116 return NOTIFY_BAD;
1117
1118 for_each_possible_cpu(cpu)
1119 per_cpu_ptr(netdev->xdp_bulkq, cpu)->dev = netdev;
1120 break;
1121 case NETDEV_UNREGISTER:
1122 /* This rcu_read_lock/unlock pair is needed because
1123 * dev_map_list is an RCU list AND to ensure a delete
1124 * operation does not free a netdev_map entry while we
1125 * are comparing it against the netdev being unregistered.
1126 */
1127 rcu_read_lock();
1128 list_for_each_entry_rcu(dtab, &dev_map_list, list) {
1129 if (dtab->map.map_type == BPF_MAP_TYPE_DEVMAP_HASH) {
1130 dev_map_hash_remove_netdev(dtab, netdev);
1131 continue;
1132 }
1133
1134 for (i = 0; i < dtab->map.max_entries; i++) {
1135 struct bpf_dtab_netdev *dev, *odev;
1136
1137 dev = rcu_dereference(dtab->netdev_map[i]);
1138 if (!dev || netdev != dev->dev)
1139 continue;
1140 odev = unrcu_pointer(cmpxchg(&dtab->netdev_map[i], RCU_INITIALIZER(dev), NULL));
1141 if (dev == odev) {
1142 call_rcu(&dev->rcu,
1143 __dev_map_entry_free);
1144 atomic_dec((atomic_t *)&dtab->items);
1145 }
1146 }
1147 }
1148 rcu_read_unlock();
1149 break;
1150 default:
1151 break;
1152 }
1153 return NOTIFY_OK;
1154 }
1155
1156 static struct notifier_block dev_map_notifier = {
1157 .notifier_call = dev_map_notification,
1158 };
1159
1160 static int __init dev_map_init(void)
1161 {
1162 /* Assure tracepoint shadow struct _bpf_dtab_netdev is in sync */
1163 BUILD_BUG_ON(offsetof(struct bpf_dtab_netdev, dev) !=
1164 offsetof(struct _bpf_dtab_netdev, dev));
1165 register_netdevice_notifier(&dev_map_notifier);
1166
1167 return 0;
1168 }
1169
1170 subsys_initcall(dev_map_init);
Kernel DRM miscellaneous fixes and cross-tree changes