2 * Copyright (C) 2017-2018 Netronome Systems, Inc.
4 * This software is licensed under the GNU General License Version 2,
5 * June 1991 as shown in the file COPYING in the top-level directory of this
8 * THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS"
9 * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING,
10 * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
11 * FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE
12 * OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME
13 * THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16 #include <linux/bpf.h>
17 #include <linux/bpf_verifier.h>
18 #include <linux/bug.h>
19 #include <linux/kdev_t.h>
20 #include <linux/list.h>
21 #include <linux/lockdep.h>
22 #include <linux/netdevice.h>
23 #include <linux/printk.h>
24 #include <linux/proc_ns.h>
25 #include <linux/rhashtable.h>
26 #include <linux/rtnetlink.h>
27 #include <linux/rwsem.h>
29 /* Protects offdevs, members of bpf_offload_netdev and offload members
31 * RTNL lock cannot be taken when holding this lock.
33 static DECLARE_RWSEM(bpf_devs_lock);
35 struct bpf_offload_dev {
36 const struct bpf_prog_offload_ops *ops;
37 struct list_head netdevs;
40 struct bpf_offload_netdev {
42 struct net_device *netdev;
43 struct bpf_offload_dev *offdev;
44 struct list_head progs;
45 struct list_head maps;
46 struct list_head offdev_netdevs;
49 static const struct rhashtable_params offdevs_params = {
51 .key_len = sizeof(struct net_device *),
52 .key_offset = offsetof(struct bpf_offload_netdev, netdev),
53 .head_offset = offsetof(struct bpf_offload_netdev, l),
54 .automatic_shrinking = true,
57 static struct rhashtable offdevs;
58 static bool offdevs_inited;
60 static int bpf_dev_offload_check(struct net_device *netdev)
64 if (!netdev->netdev_ops->ndo_bpf)
69 static struct bpf_offload_netdev *
70 bpf_offload_find_netdev(struct net_device *netdev)
72 lockdep_assert_held(&bpf_devs_lock);
76 return rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
79 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr)
81 struct bpf_offload_netdev *ondev;
82 struct bpf_prog_offload *offload;
85 if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
86 attr->prog_type != BPF_PROG_TYPE_XDP)
92 offload = kzalloc(sizeof(*offload), GFP_USER);
98 offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
100 err = bpf_dev_offload_check(offload->netdev);
104 down_write(&bpf_devs_lock);
105 ondev = bpf_offload_find_netdev(offload->netdev);
110 offload->offdev = ondev->offdev;
111 prog->aux->offload = offload;
112 list_add_tail(&offload->offloads, &ondev->progs);
113 dev_put(offload->netdev);
114 up_write(&bpf_devs_lock);
118 up_write(&bpf_devs_lock);
121 dev_put(offload->netdev);
126 int bpf_prog_offload_verifier_prep(struct bpf_prog *prog)
128 struct bpf_prog_offload *offload;
131 down_read(&bpf_devs_lock);
132 offload = prog->aux->offload;
134 ret = offload->offdev->ops->prepare(prog);
135 offload->dev_state = !ret;
137 up_read(&bpf_devs_lock);
142 int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env,
143 int insn_idx, int prev_insn_idx)
145 struct bpf_prog_offload *offload;
148 down_read(&bpf_devs_lock);
149 offload = env->prog->aux->offload;
151 ret = offload->offdev->ops->insn_hook(env, insn_idx,
153 up_read(&bpf_devs_lock);
158 int bpf_prog_offload_finalize(struct bpf_verifier_env *env)
160 struct bpf_prog_offload *offload;
163 down_read(&bpf_devs_lock);
164 offload = env->prog->aux->offload;
166 if (offload->offdev->ops->finalize)
167 ret = offload->offdev->ops->finalize(env);
171 up_read(&bpf_devs_lock);
176 static void __bpf_prog_offload_destroy(struct bpf_prog *prog)
178 struct bpf_prog_offload *offload = prog->aux->offload;
180 if (offload->dev_state)
181 offload->offdev->ops->destroy(prog);
183 /* Make sure BPF_PROG_GET_NEXT_ID can't find this dead program */
184 bpf_prog_free_id(prog, true);
186 list_del_init(&offload->offloads);
188 prog->aux->offload = NULL;
191 void bpf_prog_offload_destroy(struct bpf_prog *prog)
193 down_write(&bpf_devs_lock);
194 if (prog->aux->offload)
195 __bpf_prog_offload_destroy(prog);
196 up_write(&bpf_devs_lock);
199 static int bpf_prog_offload_translate(struct bpf_prog *prog)
201 struct bpf_prog_offload *offload;
204 down_read(&bpf_devs_lock);
205 offload = prog->aux->offload;
207 ret = offload->offdev->ops->translate(prog);
208 up_read(&bpf_devs_lock);
213 static unsigned int bpf_prog_warn_on_exec(const void *ctx,
214 const struct bpf_insn *insn)
216 WARN(1, "attempt to execute device eBPF program on the host!");
220 int bpf_prog_offload_compile(struct bpf_prog *prog)
222 prog->bpf_func = bpf_prog_warn_on_exec;
224 return bpf_prog_offload_translate(prog);
227 struct ns_get_path_bpf_prog_args {
228 struct bpf_prog *prog;
229 struct bpf_prog_info *info;
232 static struct ns_common *bpf_prog_offload_info_fill_ns(void *private_data)
234 struct ns_get_path_bpf_prog_args *args = private_data;
235 struct bpf_prog_aux *aux = args->prog->aux;
236 struct ns_common *ns;
240 down_read(&bpf_devs_lock);
243 args->info->ifindex = aux->offload->netdev->ifindex;
244 net = dev_net(aux->offload->netdev);
248 args->info->ifindex = 0;
252 up_read(&bpf_devs_lock);
258 int bpf_prog_offload_info_fill(struct bpf_prog_info *info,
259 struct bpf_prog *prog)
261 struct ns_get_path_bpf_prog_args args = {
265 struct bpf_prog_aux *aux = prog->aux;
266 struct inode *ns_inode;
272 res = ns_get_path_cb(&ns_path, bpf_prog_offload_info_fill_ns, &args);
279 down_read(&bpf_devs_lock);
282 up_read(&bpf_devs_lock);
286 ulen = info->jited_prog_len;
287 info->jited_prog_len = aux->offload->jited_len;
288 if (info->jited_prog_len & ulen) {
289 uinsns = u64_to_user_ptr(info->jited_prog_insns);
290 ulen = min_t(u32, info->jited_prog_len, ulen);
291 if (copy_to_user(uinsns, aux->offload->jited_image, ulen)) {
292 up_read(&bpf_devs_lock);
297 up_read(&bpf_devs_lock);
299 ns_inode = ns_path.dentry->d_inode;
300 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
301 info->netns_ino = ns_inode->i_ino;
307 const struct bpf_prog_ops bpf_offload_prog_ops = {
310 static int bpf_map_offload_ndo(struct bpf_offloaded_map *offmap,
311 enum bpf_netdev_command cmd)
313 struct netdev_bpf data = {};
314 struct net_device *netdev;
319 data.offmap = offmap;
320 /* Caller must make sure netdev is valid */
321 netdev = offmap->netdev;
323 return netdev->netdev_ops->ndo_bpf(netdev, &data);
326 struct bpf_map *bpf_map_offload_map_alloc(union bpf_attr *attr)
328 struct net *net = current->nsproxy->net_ns;
329 struct bpf_offload_netdev *ondev;
330 struct bpf_offloaded_map *offmap;
333 if (!capable(CAP_SYS_ADMIN))
334 return ERR_PTR(-EPERM);
335 if (attr->map_type != BPF_MAP_TYPE_ARRAY &&
336 attr->map_type != BPF_MAP_TYPE_HASH)
337 return ERR_PTR(-EINVAL);
339 offmap = kzalloc(sizeof(*offmap), GFP_USER);
341 return ERR_PTR(-ENOMEM);
343 bpf_map_init_from_attr(&offmap->map, attr);
346 down_write(&bpf_devs_lock);
347 offmap->netdev = __dev_get_by_index(net, attr->map_ifindex);
348 err = bpf_dev_offload_check(offmap->netdev);
352 ondev = bpf_offload_find_netdev(offmap->netdev);
358 err = bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_ALLOC);
362 list_add_tail(&offmap->offloads, &ondev->maps);
363 up_write(&bpf_devs_lock);
369 up_write(&bpf_devs_lock);
375 static void __bpf_map_offload_destroy(struct bpf_offloaded_map *offmap)
377 WARN_ON(bpf_map_offload_ndo(offmap, BPF_OFFLOAD_MAP_FREE));
378 /* Make sure BPF_MAP_GET_NEXT_ID can't find this dead map */
379 bpf_map_free_id(&offmap->map, true);
380 list_del_init(&offmap->offloads);
381 offmap->netdev = NULL;
384 void bpf_map_offload_map_free(struct bpf_map *map)
386 struct bpf_offloaded_map *offmap = map_to_offmap(map);
389 down_write(&bpf_devs_lock);
391 __bpf_map_offload_destroy(offmap);
392 up_write(&bpf_devs_lock);
398 int bpf_map_offload_lookup_elem(struct bpf_map *map, void *key, void *value)
400 struct bpf_offloaded_map *offmap = map_to_offmap(map);
403 down_read(&bpf_devs_lock);
405 ret = offmap->dev_ops->map_lookup_elem(offmap, key, value);
406 up_read(&bpf_devs_lock);
411 int bpf_map_offload_update_elem(struct bpf_map *map,
412 void *key, void *value, u64 flags)
414 struct bpf_offloaded_map *offmap = map_to_offmap(map);
417 if (unlikely(flags > BPF_EXIST))
420 down_read(&bpf_devs_lock);
422 ret = offmap->dev_ops->map_update_elem(offmap, key, value,
424 up_read(&bpf_devs_lock);
429 int bpf_map_offload_delete_elem(struct bpf_map *map, void *key)
431 struct bpf_offloaded_map *offmap = map_to_offmap(map);
434 down_read(&bpf_devs_lock);
436 ret = offmap->dev_ops->map_delete_elem(offmap, key);
437 up_read(&bpf_devs_lock);
442 int bpf_map_offload_get_next_key(struct bpf_map *map, void *key, void *next_key)
444 struct bpf_offloaded_map *offmap = map_to_offmap(map);
447 down_read(&bpf_devs_lock);
449 ret = offmap->dev_ops->map_get_next_key(offmap, key, next_key);
450 up_read(&bpf_devs_lock);
455 struct ns_get_path_bpf_map_args {
456 struct bpf_offloaded_map *offmap;
457 struct bpf_map_info *info;
460 static struct ns_common *bpf_map_offload_info_fill_ns(void *private_data)
462 struct ns_get_path_bpf_map_args *args = private_data;
463 struct ns_common *ns;
467 down_read(&bpf_devs_lock);
469 if (args->offmap->netdev) {
470 args->info->ifindex = args->offmap->netdev->ifindex;
471 net = dev_net(args->offmap->netdev);
475 args->info->ifindex = 0;
479 up_read(&bpf_devs_lock);
485 int bpf_map_offload_info_fill(struct bpf_map_info *info, struct bpf_map *map)
487 struct ns_get_path_bpf_map_args args = {
488 .offmap = map_to_offmap(map),
491 struct inode *ns_inode;
495 res = ns_get_path_cb(&ns_path, bpf_map_offload_info_fill_ns, &args);
502 ns_inode = ns_path.dentry->d_inode;
503 info->netns_dev = new_encode_dev(ns_inode->i_sb->s_dev);
504 info->netns_ino = ns_inode->i_ino;
510 static bool __bpf_offload_dev_match(struct bpf_prog *prog,
511 struct net_device *netdev)
513 struct bpf_offload_netdev *ondev1, *ondev2;
514 struct bpf_prog_offload *offload;
516 if (!bpf_prog_is_dev_bound(prog->aux))
519 offload = prog->aux->offload;
522 if (offload->netdev == netdev)
525 ondev1 = bpf_offload_find_netdev(offload->netdev);
526 ondev2 = bpf_offload_find_netdev(netdev);
528 return ondev1 && ondev2 && ondev1->offdev == ondev2->offdev;
531 bool bpf_offload_dev_match(struct bpf_prog *prog, struct net_device *netdev)
535 down_read(&bpf_devs_lock);
536 ret = __bpf_offload_dev_match(prog, netdev);
537 up_read(&bpf_devs_lock);
541 EXPORT_SYMBOL_GPL(bpf_offload_dev_match);
543 bool bpf_offload_prog_map_match(struct bpf_prog *prog, struct bpf_map *map)
545 struct bpf_offloaded_map *offmap;
548 if (!bpf_map_is_dev_bound(map))
549 return bpf_map_offload_neutral(map);
550 offmap = map_to_offmap(map);
552 down_read(&bpf_devs_lock);
553 ret = __bpf_offload_dev_match(prog, offmap->netdev);
554 up_read(&bpf_devs_lock);
559 int bpf_offload_dev_netdev_register(struct bpf_offload_dev *offdev,
560 struct net_device *netdev)
562 struct bpf_offload_netdev *ondev;
565 ondev = kzalloc(sizeof(*ondev), GFP_KERNEL);
569 ondev->netdev = netdev;
570 ondev->offdev = offdev;
571 INIT_LIST_HEAD(&ondev->progs);
572 INIT_LIST_HEAD(&ondev->maps);
574 down_write(&bpf_devs_lock);
575 err = rhashtable_insert_fast(&offdevs, &ondev->l, offdevs_params);
577 netdev_warn(netdev, "failed to register for BPF offload\n");
578 goto err_unlock_free;
581 list_add(&ondev->offdev_netdevs, &offdev->netdevs);
582 up_write(&bpf_devs_lock);
586 up_write(&bpf_devs_lock);
590 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_register);
592 void bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
593 struct net_device *netdev)
595 struct bpf_offload_netdev *ondev, *altdev;
596 struct bpf_offloaded_map *offmap, *mtmp;
597 struct bpf_prog_offload *offload, *ptmp;
601 down_write(&bpf_devs_lock);
602 ondev = rhashtable_lookup_fast(&offdevs, &netdev, offdevs_params);
606 WARN_ON(rhashtable_remove_fast(&offdevs, &ondev->l, offdevs_params));
607 list_del(&ondev->offdev_netdevs);
609 /* Try to move the objects to another netdev of the device */
610 altdev = list_first_entry_or_null(&offdev->netdevs,
611 struct bpf_offload_netdev,
614 list_for_each_entry(offload, &ondev->progs, offloads)
615 offload->netdev = altdev->netdev;
616 list_splice_init(&ondev->progs, &altdev->progs);
618 list_for_each_entry(offmap, &ondev->maps, offloads)
619 offmap->netdev = altdev->netdev;
620 list_splice_init(&ondev->maps, &altdev->maps);
622 list_for_each_entry_safe(offload, ptmp, &ondev->progs, offloads)
623 __bpf_prog_offload_destroy(offload->prog);
624 list_for_each_entry_safe(offmap, mtmp, &ondev->maps, offloads)
625 __bpf_map_offload_destroy(offmap);
628 WARN_ON(!list_empty(&ondev->progs));
629 WARN_ON(!list_empty(&ondev->maps));
632 up_write(&bpf_devs_lock);
634 EXPORT_SYMBOL_GPL(bpf_offload_dev_netdev_unregister);
636 struct bpf_offload_dev *
637 bpf_offload_dev_create(const struct bpf_prog_offload_ops *ops)
639 struct bpf_offload_dev *offdev;
642 down_write(&bpf_devs_lock);
643 if (!offdevs_inited) {
644 err = rhashtable_init(&offdevs, &offdevs_params);
647 offdevs_inited = true;
649 up_write(&bpf_devs_lock);
651 offdev = kzalloc(sizeof(*offdev), GFP_KERNEL);
653 return ERR_PTR(-ENOMEM);
656 INIT_LIST_HEAD(&offdev->netdevs);
660 EXPORT_SYMBOL_GPL(bpf_offload_dev_create);
662 void bpf_offload_dev_destroy(struct bpf_offload_dev *offdev)
664 WARN_ON(!list_empty(&offdev->netdevs));
667 EXPORT_SYMBOL_GPL(bpf_offload_dev_destroy);