bpf: devmap: Implement devmap prog execution for generic XDP
authorKumar Kartikeya Dwivedi <memxor@gmail.com>
Fri, 2 Jul 2021 11:18:24 +0000 (16:48 +0530)
committerAlexei Starovoitov <ast@kernel.org>
Thu, 8 Jul 2021 03:01:45 +0000 (20:01 -0700)
This lifts the restriction on running devmap BPF progs in generic
redirect mode. To match native XDP behavior, it is invoked right before
generic_xdp_tx is called, and only supports XDP_PASS/XDP_ABORTED/
XDP_DROP actions.

We also return 0 even if devmap program drops the packet, as
semantically redirect has already succeeded and the devmap prog is the
last point before TX of the packet to device where it can deliver a
verdict on the packet.

This also means it must take care of freeing the skb, as
xdp_do_generic_redirect callers only do that in case an error is
returned.

Since devmap entry prog is supported, remove the check in
generic_xdp_install entirely.

Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Link: https://lore.kernel.org/bpf/20210702111825.491065-5-memxor@gmail.com
include/linux/bpf.h
kernel/bpf/devmap.c
net/core/dev.c

index 095aaa104c56edada4d2a6ff849c100e6a027a13..4afbff308ca375bb3e699d46b8a22170131fb4b5 100644 (file)
@@ -1508,7 +1508,6 @@ int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, struct sk_buff *skb,
 int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb,
                           struct bpf_prog *xdp_prog, struct bpf_map *map,
                           bool exclude_ingress);
-bool dev_map_can_have_prog(struct bpf_map *map);
 
 void __cpu_map_flush(void);
 int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_buff *xdp,
index 2546dafd6672abb70ac47c4a481ca7a8ef102b36..fa26eac5e4b652d62ba99b3dc59a5ec51fd9d5ab 100644 (file)
@@ -322,16 +322,6 @@ static int dev_map_hash_get_next_key(struct bpf_map *map, void *key,
        return -ENOENT;
 }
 
-bool dev_map_can_have_prog(struct bpf_map *map)
-{
-       if ((map->map_type == BPF_MAP_TYPE_DEVMAP ||
-            map->map_type == BPF_MAP_TYPE_DEVMAP_HASH) &&
-           map->value_size != offsetofend(struct bpf_devmap_val, ifindex))
-               return true;
-
-       return false;
-}
-
 static int dev_map_bpf_prog_run(struct bpf_prog *xdp_prog,
                                struct xdp_frame **frames, int n,
                                struct net_device *dev)
@@ -499,6 +489,37 @@ static inline int __xdp_enqueue(struct net_device *dev, struct xdp_buff *xdp,
        return 0;
 }
 
+static u32 dev_map_bpf_prog_run_skb(struct sk_buff *skb, struct bpf_dtab_netdev *dst)
+{
+       struct xdp_txq_info txq = { .dev = dst->dev };
+       struct xdp_buff xdp;
+       u32 act;
+
+       if (!dst->xdp_prog)
+               return XDP_PASS;
+
+       __skb_pull(skb, skb->mac_len);
+       xdp.txq = &txq;
+
+       act = bpf_prog_run_generic_xdp(skb, &xdp, dst->xdp_prog);
+       switch (act) {
+       case XDP_PASS:
+               __skb_push(skb, skb->mac_len);
+               break;
+       default:
+               bpf_warn_invalid_xdp_action(act);
+               fallthrough;
+       case XDP_ABORTED:
+               trace_xdp_exception(dst->dev, dst->xdp_prog, act);
+               fallthrough;
+       case XDP_DROP:
+               kfree_skb(skb);
+               break;
+       }
+
+       return act;
+}
+
 int dev_xdp_enqueue(struct net_device *dev, struct xdp_buff *xdp,
                    struct net_device *dev_rx)
 {
@@ -614,6 +635,14 @@ int dev_map_generic_redirect(struct bpf_dtab_netdev *dst, struct sk_buff *skb,
        err = xdp_ok_fwd_dev(dst->dev, skb->len);
        if (unlikely(err))
                return err;
+
+       /* Redirect has already succeeded semantically at this point, so we just
+        * return 0 even if packet is dropped. Helper below takes care of
+        * freeing skb.
+        */
+       if (dev_map_bpf_prog_run_skb(skb, dst) != XDP_PASS)
+               return 0;
+
        skb->dev = dst->dev;
        generic_xdp_tx(skb, xdp_prog);
 
index 4c51d1f816331d96f37da9c930c1cd2d737f27d6..71f7175cad9a4fde18979e3b97c14d5d1e1def05 100644 (file)
@@ -5660,24 +5660,6 @@ static int generic_xdp_install(struct net_device *dev, struct netdev_bpf *xdp)
        struct bpf_prog *new = xdp->prog;
        int ret = 0;
 
-       if (new) {
-               u32 i;
-
-               mutex_lock(&new->aux->used_maps_mutex);
-
-               /* generic XDP does not work with DEVMAPs that can
-                * have a bpf_prog installed on an entry
-                */
-               for (i = 0; i < new->aux->used_map_cnt; i++) {
-                       if (dev_map_can_have_prog(new->aux->used_maps[i])) {
-                               mutex_unlock(&new->aux->used_maps_mutex);
-                               return -EINVAL;
-                       }
-               }
-
-               mutex_unlock(&new->aux->used_maps_mutex);
-       }
-
        switch (xdp->command) {
        case XDP_SETUP_PROG:
                rcu_assign_pointer(dev->xdp_prog, new);