From: Daniel Borkmann <daniel@iogearbox.net>
To: Jiri Pirko <jiri@resnulli.us>, Feng zhou <zhoufeng.zf@bytedance.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, ast@kernel.org, hawk@kernel.org,
john.fastabend@gmail.com, bigeasy@linutronix.de,
lorenzo@kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, bpf@vger.kernel.org,
yangzhenze@bytedance.com, wangdongdong.6@bytedance.com,
"Toke Høiland-Jørgensen" <toke@redhat.com>
Subject: Re: [PATCH bpf-next v2] net: Don't allow to attach xdp if bond slave device's upper already has a program
Date: Fri, 23 Aug 2024 14:07:45 +0200 [thread overview]
Message-ID: <6d38eaf5-0a13-9f85-3a5d-0ca354bc45d5@iogearbox.net> (raw)
In-Reply-To: <Zsh4vPAPBKdRUq8H@nanopsycho.orion>
On 8/23/24 1:55 PM, Jiri Pirko wrote:
> Fri, Aug 23, 2024 at 10:42:04AM CEST, zhoufeng.zf@bytedance.com wrote:
>> From: Feng Zhou <zhoufeng.zf@bytedance.com>
>>
>> Cannot attach when an upper device already has a program, This
>> restriction is only for bond's slave devices or team port, and
>> should not be accidentally injured for devices like eth0 and vxlan0.
>
> What if I attach xdp program to solo netdev and then I enslave it
> to bond/team netdev that already has xdp program attached?
> What prevents me from doing that?
In that case the enslaving of the device to bond(/team) must fail as
otherwise the latter won't be able to propagate the XDP prog downwards.
Feng, did you double check if we have net or BPF selftest coverage for
that? If not might be good to add.
>> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
>> Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
>> ---
>> Changelog:
>> v1->v2: Addressed comments from Paolo Abeni, Jiri Pirko
>> - Use "netif_is_lag_port" relace of "netif_is_bond_slave"
>> Details in here:
>> https://lore.kernel.org/netdev/3bf84d23-a561-47ae-84a4-e99488fc762b@bytedance.com/T/
>>
>> net/core/dev.c | 10 ++++++----
>> 1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> diff --git a/net/core/dev.c b/net/core/dev.c
>> index f66e61407883..49144e62172e 100644
>> --- a/net/core/dev.c
>> +++ b/net/core/dev.c
>> @@ -9502,10 +9502,12 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
>> }
>>
>> /* don't allow if an upper device already has a program */
>> - netdev_for_each_upper_dev_rcu(dev, upper, iter) {
>> - if (dev_xdp_prog_count(upper) > 0) {
>> - NL_SET_ERR_MSG(extack, "Cannot attach when an upper device already has a program");
>> - return -EEXIST;
>> + if (netif_is_lag_port(dev)) {
>> + netdev_for_each_upper_dev_rcu(dev, upper, iter) {
>> + if (dev_xdp_prog_count(upper) > 0) {
>> + NL_SET_ERR_MSG(extack, "Cannot attach when an upper device already has a program");
>> + return -EEXIST;
>> + }
>> }
>> }
>>
>> --
>> 2.30.2
>>
>
next prev parent reply other threads:[~2024-08-23 12:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-23 8:42 [PATCH bpf-next v2] net: Don't allow to attach xdp if bond slave device's upper already has a program Feng zhou
2024-08-23 11:55 ` Jiri Pirko
2024-08-23 12:07 ` Daniel Borkmann [this message]
2024-08-23 13:29 ` Jiri Pirko
2024-08-27 8:02 ` [External] " Feng Zhou
2024-08-27 8:03 ` Feng Zhou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d38eaf5-0a13-9f85-3a5d-0ca354bc45d5@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=ast@kernel.org \
--cc=bigeasy@linutronix.de \
--cc=bpf@vger.kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=hawk@kernel.org \
--cc=jiri@resnulli.us \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lorenzo@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=toke@redhat.com \
--cc=wangdongdong.6@bytedance.com \
--cc=yangzhenze@bytedance.com \
--cc=zhoufeng.zf@bytedance.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox