From: Stanislav Fomichev <sdf@google.com>
To: bpf@vger.kernel.org
Cc: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
haoluo@google.com, jolsa@kernel.org,
"Toke Høiland-Jørgensen" <toke@redhat.com>
Subject: [PATCH bpf-next v4 06/15] bpf: Support consuming XDP HW metadata from fext programs
Date: Mon, 12 Dec 2022 18:35:56 -0800 [thread overview]
Message-ID: <20221213023605.737383-7-sdf@google.com> (raw)
In-Reply-To: <20221213023605.737383-1-sdf@google.com>
From: Toke Høiland-Jørgensen <toke@redhat.com>
Instead of rejecting the attaching of PROG_TYPE_EXT programs to XDP
programs that consume HW metadata, implement support for propagating the
offload information. The extension program doesn't need to set a flag or
ifindex, it these will just be propagated from the target by the verifier.
We need to create a separate offload object for the extension program,
though, since it can be reattached to a different program later (which
means we can't just inhering the offload information from the target).
An additional check is added on attach that the new target is compatible
with the offload information in the extension prog.
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Stanislav Fomichev <sdf@google.com>
---
include/linux/bpf.h | 7 ++++++
kernel/bpf/offload.c | 52 ++++++++++++++++++++++++++++---------------
kernel/bpf/syscall.c | 8 +++++++
kernel/bpf/verifier.c | 19 +++++++++++-----
4 files changed, 62 insertions(+), 24 deletions(-)
diff --git a/include/linux/bpf.h b/include/linux/bpf.h
index de6279725f41..ed288d18bf8d 100644
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2482,6 +2482,7 @@ void *bpf_dev_bound_resolve_kfunc(struct bpf_prog *prog, u32 func_id);
void unpriv_ebpf_notify(int new_state);
#if defined(CONFIG_NET) && defined(CONFIG_BPF_SYSCALL)
+int __bpf_prog_dev_bound_init(struct bpf_prog *prog, struct net_device *netdev);
int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr);
void bpf_dev_bound_netdev_unregister(struct net_device *dev);
@@ -2516,6 +2517,12 @@ void sock_map_unhash(struct sock *sk);
void sock_map_destroy(struct sock *sk);
void sock_map_close(struct sock *sk, long timeout);
#else
+static inline int __bpf_prog_dev_bound_init(struct bpf_prog *prog,
+ struct net_device *netdev)
+{
+ return -EOPNOTSUPP;
+}
+
static inline int bpf_prog_dev_bound_init(struct bpf_prog *prog,
union bpf_attr *attr)
{
diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c
index 3b6c9023f24d..0646dea1b0e1 100644
--- a/kernel/bpf/offload.c
+++ b/kernel/bpf/offload.c
@@ -188,17 +188,13 @@ static void __bpf_offload_dev_netdev_unregister(struct bpf_offload_dev *offdev,
kfree(ondev);
}
-int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr)
+int __bpf_prog_dev_bound_init(struct bpf_prog *prog, struct net_device *netdev)
{
struct bpf_offload_netdev *ondev;
struct bpf_prog_offload *offload;
int err;
- if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
- attr->prog_type != BPF_PROG_TYPE_XDP)
- return -EINVAL;
-
- if (attr->prog_flags & ~BPF_F_XDP_DEV_BOUND_ONLY)
+ if (!netdev)
return -EINVAL;
offload = kzalloc(sizeof(*offload), GFP_USER);
@@ -206,14 +202,7 @@ int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr)
return -ENOMEM;
offload->prog = prog;
-
- offload->netdev = dev_get_by_index(current->nsproxy->net_ns,
- attr->prog_ifindex);
- err = bpf_dev_offload_check(offload->netdev);
- if (err)
- goto err_maybe_put;
-
- prog->aux->offload_requested = !(attr->prog_flags & BPF_F_XDP_DEV_BOUND_ONLY);
+ offload->netdev = netdev;
down_write(&bpf_devs_lock);
ondev = bpf_offload_find_netdev(offload->netdev);
@@ -236,19 +225,46 @@ int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr)
offload->offdev = ondev->offdev;
prog->aux->offload = offload;
list_add_tail(&offload->offloads, &ondev->progs);
- dev_put(offload->netdev);
up_write(&bpf_devs_lock);
return 0;
err_unlock:
up_write(&bpf_devs_lock);
-err_maybe_put:
- if (offload->netdev)
- dev_put(offload->netdev);
kfree(offload);
return err;
}
+int bpf_prog_dev_bound_init(struct bpf_prog *prog, union bpf_attr *attr)
+{
+ struct net_device *netdev;
+ int err;
+
+ if (attr->prog_type != BPF_PROG_TYPE_SCHED_CLS &&
+ attr->prog_type != BPF_PROG_TYPE_XDP)
+ return -EINVAL;
+
+ if (attr->prog_flags & ~BPF_F_XDP_DEV_BOUND_ONLY)
+ return -EINVAL;
+
+ netdev = dev_get_by_index(current->nsproxy->net_ns, attr->prog_ifindex);
+ if (!netdev)
+ return -EINVAL;
+
+ err = bpf_dev_offload_check(netdev);
+ if (err)
+ goto out;
+
+ prog->aux->offload_requested = !(attr->prog_flags & BPF_F_XDP_DEV_BOUND_ONLY);
+
+ err = __bpf_prog_dev_bound_init(prog, netdev);
+ if (err)
+ goto out;
+
+out:
+ dev_put(netdev);
+ return err;
+}
+
int bpf_prog_offload_verifier_prep(struct bpf_prog *prog)
{
struct bpf_prog_offload *offload;
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 11c558be4992..8686475f0dbe 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -3021,6 +3021,14 @@ static int bpf_tracing_prog_attach(struct bpf_prog *prog,
goto out_put_prog;
}
+ if (bpf_prog_is_dev_bound(prog->aux) &&
+ (bpf_prog_is_offloaded(tgt_prog->aux) ||
+ !bpf_prog_is_dev_bound(tgt_prog->aux) ||
+ !bpf_offload_dev_match(prog, tgt_prog->aux->offload->netdev))) {
+ err = -EINVAL;
+ goto out_put_prog;
+ }
+
key = bpf_trampoline_compute_key(tgt_prog, NULL, btf_id);
}
diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index e61fe0472b9b..5c6d6d61e57a 100644
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -16524,11 +16524,6 @@ int bpf_check_attach_target(struct bpf_verifier_log *log,
if (tgt_prog) {
struct bpf_prog_aux *aux = tgt_prog->aux;
- if (bpf_prog_is_dev_bound(tgt_prog->aux)) {
- bpf_log(log, "Replacing device-bound programs not supported\n");
- return -EINVAL;
- }
-
for (i = 0; i < aux->func_info_cnt; i++)
if (aux->func_info[i].type_id == btf_id) {
subprog = i;
@@ -16789,10 +16784,22 @@ static int check_attach_btf_id(struct bpf_verifier_env *env)
if (tgt_prog && prog->type == BPF_PROG_TYPE_EXT) {
/* to make freplace equivalent to their targets, they need to
* inherit env->ops and expected_attach_type for the rest of the
- * verification
+ * verification; we also need to propagate the prog offload data
+ * for resolving kfuncs.
*/
env->ops = bpf_verifier_ops[tgt_prog->type];
prog->expected_attach_type = tgt_prog->expected_attach_type;
+
+ if (bpf_prog_is_dev_bound(tgt_prog->aux)) {
+ if (bpf_prog_is_offloaded(tgt_prog->aux))
+ return -EINVAL;
+
+ prog->aux->dev_bound = true;
+ ret = __bpf_prog_dev_bound_init(prog,
+ tgt_prog->aux->offload->netdev);
+ if (ret)
+ return ret;
+ }
}
/* store info about the attachment target that will be used later */
--
2.39.0.rc1.256.g54fd8350bd-goog
next prev parent reply other threads:[~2022-12-13 2:36 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-13 2:35 [PATCH bpf-next v4 00/15] xdp: hints via kfuncs Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 01/15] bpf: Document XDP RX metadata Stanislav Fomichev
2022-12-13 16:37 ` David Vernet
2022-12-13 20:42 ` Stanislav Fomichev
2022-12-14 10:34 ` [xdp-hints] " Toke Høiland-Jørgensen
2022-12-14 18:42 ` Stanislav Fomichev
2022-12-14 23:46 ` Toke Høiland-Jørgensen
2022-12-15 3:48 ` Stanislav Fomichev
2022-12-15 14:04 ` Toke Høiland-Jørgensen
2022-12-14 23:46 ` [xdp-hints] " Toke Høiland-Jørgensen
2022-12-17 4:20 ` kernel test robot
2022-12-13 2:35 ` [PATCH bpf-next v4 02/15] bpf: Rename bpf_{prog,map}_is_dev_bound to is_offloaded Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 03/15] bpf: Introduce device-bound XDP programs Stanislav Fomichev
2022-12-13 23:25 ` Martin KaFai Lau
2022-12-14 18:42 ` Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 04/15] selftests/bpf: Update expected test_offload.py messages Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 05/15] bpf: XDP metadata RX kfuncs Stanislav Fomichev
2022-12-13 17:00 ` David Vernet
2022-12-13 20:42 ` Stanislav Fomichev
2022-12-13 21:45 ` David Vernet
2022-12-14 1:53 ` Martin KaFai Lau
2022-12-14 18:43 ` Stanislav Fomichev
2022-12-14 10:54 ` [xdp-hints] " Toke Høiland-Jørgensen
2022-12-14 18:43 ` Stanislav Fomichev
2022-12-13 2:35 ` Stanislav Fomichev [this message]
2022-12-14 1:45 ` [PATCH bpf-next v4 06/15] bpf: Support consuming XDP HW metadata from fext programs Martin KaFai Lau
2022-12-14 10:41 ` Toke Høiland-Jørgensen
2022-12-14 18:43 ` Stanislav Fomichev
2022-12-14 22:19 ` Toke Høiland-Jørgensen
2022-12-13 2:35 ` [PATCH bpf-next v4 07/15] veth: Introduce veth_xdp_buff wrapper for xdp_buff Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 08/15] veth: Support RX XDP metadata Stanislav Fomichev
2022-12-13 15:55 ` Jesper Dangaard Brouer
2022-12-13 20:42 ` Stanislav Fomichev
2022-12-14 9:48 ` Jesper Dangaard Brouer
2022-12-14 10:47 ` [xdp-hints] " Toke Høiland-Jørgensen
2022-12-14 18:09 ` Martin KaFai Lau
2022-12-14 18:44 ` Stanislav Fomichev
2022-12-13 2:35 ` [PATCH bpf-next v4 09/15] selftests/bpf: Verify xdp_metadata xdp->af_xdp path Stanislav Fomichev
2022-12-13 2:36 ` [PATCH bpf-next v4 10/15] net/mlx4_en: Introduce wrapper for xdp_buff Stanislav Fomichev
2022-12-13 8:56 ` Tariq Toukan
2022-12-13 2:36 ` [PATCH bpf-next v4 11/15] net/mlx4_en: Support RX XDP metadata Stanislav Fomichev
2022-12-13 8:56 ` Tariq Toukan
2022-12-13 2:36 ` [PATCH bpf-next v4 12/15] xsk: Add cb area to struct xdp_buff_xsk Stanislav Fomichev
2022-12-13 2:36 ` [PATCH bpf-next v4 13/15] net/mlx5e: Introduce wrapper for xdp_buff Stanislav Fomichev
2022-12-13 2:36 ` [PATCH bpf-next v4 14/15] net/mlx5e: Support RX XDP metadata Stanislav Fomichev
2022-12-13 2:36 ` [PATCH bpf-next v4 15/15] selftests/bpf: Simple program to dump XDP RX metadata Stanislav Fomichev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221213023605.737383-7-sdf@google.com \
--to=sdf@google.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=haoluo@google.com \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kpsingh@kernel.org \
--cc=martin.lau@linux.dev \
--cc=song@kernel.org \
--cc=toke@redhat.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox