From: "Toke Høiland-Jørgensen" <toke@redhat.com>
To: David Ahern <dsahern@kernel.org>, netdev@vger.kernel.org
Cc: davem@davemloft.net, kuba@kernel.org,
prashantbhole.linux@gmail.com, jasowang@redhat.com,
brouer@redhat.com, toshiaki.makita1@gmail.com,
daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org,
kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com,
dsahern@gmail.com, David Ahern <dahern@digitalocean.com>
Subject: Re: [PATCH bpf-next 04/16] net: Add BPF_XDP_EGRESS as a bpf_attach_type
Date: Tue, 21 Apr 2020 12:14:56 +0200 [thread overview]
Message-ID: <87ftcx9mcf.fsf@toke.dk> (raw)
In-Reply-To: <20200420200055.49033-5-dsahern@kernel.org>
David Ahern <dsahern@kernel.org> writes:
> From: David Ahern <dahern@digitalocean.com>
>
> Add new bpf_attach_type, BPF_XDP_EGRESS, for BPF programs attached
> at the XDP layer, but the egress path.
>
> Since egress path will not have ingress_ifindex and rx_queue_index
> set, update xdp_is_valid_access to block access to these entries in
> the xdp context when a program is attached to egress path.
>
> Update dev_change_xdp_fd to verify expected_attach_type for a program
> is BPF_XDP_EGRESS if egress argument is set.
>
> The next patch adds support for the egress ifindex.
>
> Signed-off-by: Prashant Bhole <prashantbhole.linux@gmail.com>
> Signed-off-by: David Ahern <dahern@digitalocean.com>
> ---
> include/uapi/linux/bpf.h | 1 +
> net/core/dev.c | 11 +++++++++++
> net/core/filter.c | 8 ++++++++
> tools/include/uapi/linux/bpf.h | 1 +
> 4 files changed, 21 insertions(+)
>
> diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
> index 2e29a671d67e..a9d384998e8b 100644
> --- a/include/uapi/linux/bpf.h
> +++ b/include/uapi/linux/bpf.h
> @@ -215,6 +215,7 @@ enum bpf_attach_type {
> BPF_TRACE_FEXIT,
> BPF_MODIFY_RETURN,
> BPF_LSM_MAC,
> + BPF_XDP_EGRESS,
> __MAX_BPF_ATTACH_TYPE
> };
>
> diff --git a/net/core/dev.c b/net/core/dev.c
> index 97180458e7cb..e8a62bdb395b 100644
> --- a/net/core/dev.c
> +++ b/net/core/dev.c
> @@ -8732,6 +8732,17 @@ int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack,
> if (IS_ERR(prog))
> return PTR_ERR(prog);
>
> + if (egress && prog->expected_attach_type != BPF_XDP_EGRESS) {
> + NL_SET_ERR_MSG(extack, "XDP program in Tx path must use BPF_XDP_EGRESS attach type");
> + bpf_prog_put(prog);
> + return -EINVAL;
> + }
> + if (!egress && prog->expected_attach_type == BPF_XDP_EGRESS) {
> + NL_SET_ERR_MSG(extack, "XDP program in Rx path can not use BPF_XDP_EGRESS attach type");
> + bpf_prog_put(prog);
> + return -EINVAL;
> + }
> +
> if (!offload && bpf_prog_is_dev_bound(prog->aux)) {
> NL_SET_ERR_MSG(extack, "using device-bound program without HW_MODE flag is not supported");
> bpf_prog_put(prog);
> diff --git a/net/core/filter.c b/net/core/filter.c
> index 7d6ceaa54d21..bcb56448f336 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -6935,6 +6935,14 @@ static bool xdp_is_valid_access(int off, int size,
> const struct bpf_prog *prog,
> struct bpf_insn_access_aux *info)
> {
> + if (prog->expected_attach_type == BPF_XDP_EGRESS) {
> + switch (off) {
> + case offsetof(struct xdp_md, ingress_ifindex):
> + case offsetof(struct xdp_md, rx_queue_index):
> + return false;
> + }
> + }
As I pointed out on the RFC patch, I'm concerned whether this will work
right with freplace programs attaching to XDP programs. It may just be
that I'm missing something, but in that case please explain why it
works? :)
-Toke
next prev parent reply other threads:[~2020-04-21 10:15 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-20 20:00 [PATCH bpf-next 00/16] net: Add support for XDP in egress path David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 01/16] net: Refactor convert_to_xdp_frame David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 02/16] net: Move handling of IFLA_XDP attribute out of do_setlink David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 03/16] net: Add XDP setup and query commands for Tx programs David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 04/16] net: Add BPF_XDP_EGRESS as a bpf_attach_type David Ahern
2020-04-21 10:14 ` Toke Høiland-Jørgensen [this message]
2020-04-21 12:50 ` David Ahern
2020-04-21 13:25 ` Toke Høiland-Jørgensen
2020-04-21 13:49 ` David Ahern
2020-04-22 11:21 ` Toke Høiland-Jørgensen
2020-04-22 14:51 ` David Ahern
2020-04-22 15:27 ` Toke Høiland-Jørgensen
2020-04-22 15:33 ` David Ahern
2020-04-22 15:51 ` Toke Høiland-Jørgensen
2020-04-22 15:56 ` David Ahern
2020-04-23 15:23 ` Toke Høiland-Jørgensen
2020-04-23 0:39 ` Alexei Starovoitov
2020-04-23 16:40 ` Toke Høiland-Jørgensen
2020-04-23 16:52 ` Alexei Starovoitov
2020-04-23 17:05 ` Toke Høiland-Jørgensen
2020-04-23 22:44 ` Alexei Starovoitov
2020-04-23 23:49 ` Toke Høiland-Jørgensen
2020-04-24 0:53 ` Alexei Starovoitov
2020-04-24 0:58 ` David Ahern
2020-04-24 8:55 ` Toke Høiland-Jørgensen
2020-04-20 20:00 ` [PATCH bpf-next 05/16] xdp: Add xdp_txq_info to xdp_buff David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 06/16] net: Add IFLA_XDP_EGRESS for XDP programs in the egress path David Ahern
2020-04-21 10:17 ` Toke Høiland-Jørgensen
2020-04-21 12:59 ` David Ahern
2020-04-21 13:27 ` Toke Høiland-Jørgensen
2020-04-20 20:00 ` [PATCH bpf-next 07/16] net: Rename do_xdp_generic to do_xdp_generic_rx David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 08/16] net: rename netif_receive_generic_xdp to do_generic_xdp_core David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 09/16] net: set XDP egress program on netdevice David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 10/16] net: Support xdp in the Tx path for packets as an skb David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 11/16] net: Support xdp in the Tx path for xdp_frames David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 12/16] libbpf: Add egress XDP support David Ahern
2020-04-21 10:20 ` Toke Høiland-Jørgensen
2020-04-21 13:03 ` David Ahern
2020-04-21 13:28 ` Toke Høiland-Jørgensen
2020-04-23 1:19 ` Andrii Nakryiko
2020-04-23 1:33 ` David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 13/16] bpftool: Add support for XDP egress David Ahern
2020-04-23 10:43 ` Quentin Monnet
2020-04-23 18:50 ` David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 14/16] selftest: Add test for xdp_egress David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 15/16] selftest: Add xdp_egress attach tests David Ahern
2020-04-20 20:00 ` [PATCH bpf-next 16/16] samples/bpf: add XDP egress support to xdp1 David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftcx9mcf.fsf@toke.dk \
--to=toke@redhat.com \
--cc=andriin@fb.com \
--cc=ast@kernel.org \
--cc=brouer@redhat.com \
--cc=dahern@digitalocean.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=dsahern@kernel.org \
--cc=jasowang@redhat.com \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=prashantbhole.linux@gmail.com \
--cc=songliubraving@fb.com \
--cc=toshiaki.makita1@gmail.com \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.