From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.6 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB990C31E50 for ; Fri, 14 Jun 2019 23:07:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7377620866 for ; Fri, 14 Jun 2019 23:07:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="FGtb93s7" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726368AbfFNXHV (ORCPT ); Fri, 14 Jun 2019 19:07:21 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:44106 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725993AbfFNXHV (ORCPT ); Fri, 14 Jun 2019 19:07:21 -0400 Received: by mail-qt1-f195.google.com with SMTP id x47so4379693qtk.11 for ; Fri, 14 Jun 2019 16:07:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MYCIQVv3qYOxsnI90tP6w1wYQt5KkdY0QPuDwSqvIIA=; b=FGtb93s7+NOcX67MKMLgtCoBBTKuDngdBn9GxjKiaW0kSraHIMCkdkN8Hj5EpdNjKG U11hyDemKbiIB2iKYxxvFrF43ELBFBP4Bvm8xfbQ9o16NdkWGNMpyLVM1U6CamCapIue lFucAUrRhNKM3r2cGZnixLNMzkOoDKDJfvuBz0O3Qj/6tMRtIG2IVsDkXpFoOdAltsZ+ kpq9PiegXjqDEOa4OZlGKPKUzad6YNHqluqeyB3QderBsAvJKrkkzw1goE2YWlc63Nx2 eTLWYhUXCN7o59O7H56wUIJmSz4Um10NangvYsl3uREUEM31QXB3yaHiT80KMAAhDCO0 D7YQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MYCIQVv3qYOxsnI90tP6w1wYQt5KkdY0QPuDwSqvIIA=; b=TD6xdUQh6JOsqVlOWyZpKavfL4cR7GkuoxoMpmnF2b/By+DUZ/szlyW2b91sCl23Y2 en7yuL+x8yTBAcKsVBaT8WavZ+mtJ9gEVIRlbWLFmCRGUzjV6eJi7Gx4GsGXPhHcAfBA OtezV9ngFi+0D6rHkiNq+z6++tjStTS7iNK/ijy6eX0MtvWRfvIFdRvDAhlyR9EvtsT7 KUXvEmcYMQQBHGD9UB6JdGR+kjEmIXOFRX6RVTtNsPNy8ycztf3zIQO/qEZb8eXaKiiR ueDjc3IeshYNSPbWCyw1Tozc0dkE/oFLSKDQjjuCh06j+dS9elQxUhupZNinT0gLxAjC aVpw== X-Gm-Message-State: APjAAAWVClyBLRiahpN+pK9YxceItsyW23y5wXUGqaFW60hFJm8i1In9 dVAeFuLVSz9FR64ZMGSahCLg1i/wVzXYoxSYmCg= X-Google-Smtp-Source: APXvYqw4F1aJ1XomvkPwJb2ul/BwawD/xPlwXKaQO7VSdJnCJgDsCPWMMhAZV2gwmG2Bf46wiug7mUCs3l8qkzXfZDM= X-Received: by 2002:ac8:21b7:: with SMTP id 52mr64191092qty.59.1560553639512; Fri, 14 Jun 2019 16:07:19 -0700 (PDT) MIME-Version: 1.0 References: <156042464138.25684.15061870566905680617.stgit@alrua-x1> <156042464155.25684.9001494922674130772.stgit@alrua-x1> In-Reply-To: <156042464155.25684.9001494922674130772.stgit@alrua-x1> From: Andrii Nakryiko Date: Fri, 14 Jun 2019 16:07:08 -0700 Message-ID: Subject: Re: [PATCH bpf-next v4 2/3] bpf_xdp_redirect_map: Perform map lookup in eBPF helper To: =?UTF-8?B?VG9rZSBIw7hpbGFuZC1Kw7hyZ2Vuc2Vu?= Cc: Networking , Jesper Dangaard Brouer , Daniel Borkmann , Alexei Starovoitov , David Miller , Jonathan Lemon Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org On Thu, Jun 13, 2019 at 8:31 AM Toke H=C3=B8iland-J=C3=B8rgensen wrote: > > From: Toke H=C3=B8iland-J=C3=B8rgensen > > The bpf_redirect_map() helper used by XDP programs doesn't return any > indication of whether it can successfully redirect to the map index it wa= s > given. Instead, BPF programs have to track this themselves, leading to > programs using duplicate maps to track which entries are populated in the > devmap. > > This patch fixes this by moving the map lookup into the bpf_redirect_map(= ) > helper, which makes it possible to return failure to the eBPF program. Th= e > lower bits of the flags argument is used as the return code, which means > that existing users who pass a '0' flag argument will get XDP_ABORTED. I see that we have absolutely no documentation for bpf_xdp_redirect_map. Can you please add it to include/uapi/linux/bpf.h? Don't forget to mention this handling of lower bits of flags. Thanks! > > With this, a BPF program can check the return code from the helper call a= nd > react by, for instance, substituting a different redirect. This works for > any type of map used for redirect. > > Signed-off-by: Toke H=C3=B8iland-J=C3=B8rgensen > --- > include/linux/filter.h | 1 + > net/core/filter.c | 27 +++++++++++++-------------- > 2 files changed, 14 insertions(+), 14 deletions(-) > > diff --git a/include/linux/filter.h b/include/linux/filter.h > index 43b45d6db36d..f31ae8b9035a 100644 > --- a/include/linux/filter.h > +++ b/include/linux/filter.h > @@ -580,6 +580,7 @@ struct bpf_skb_data_end { > struct bpf_redirect_info { > u32 ifindex; > u32 flags; > + void *item; This is so generic name that some short comment describing what that item is would help a lot. > struct bpf_map *map; > struct bpf_map *map_to_flush; > u32 kern_flags; > diff --git a/net/core/filter.c b/net/core/filter.c > index 7a996887c500..7d742ea61e2d 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -3608,17 +3608,13 @@ static int xdp_do_redirect_map(struct net_device = *dev, struct xdp_buff *xdp, > struct bpf_redirect_info *ri) > { > u32 index =3D ri->ifindex; > - void *fwd =3D NULL; > + void *fwd =3D ri->item; > int err; > > ri->ifindex =3D 0; > + ri->item =3D NULL; > WRITE_ONCE(ri->map, NULL); > > - fwd =3D __xdp_map_lookup_elem(map, index); > - if (unlikely(!fwd)) { > - err =3D -EINVAL; > - goto err; > - } > if (ri->map_to_flush && unlikely(ri->map_to_flush !=3D map)) > xdp_do_flush_map(); > > @@ -3655,18 +3651,13 @@ static int xdp_do_generic_redirect_map(struct net= _device *dev, > { > struct bpf_redirect_info *ri =3D this_cpu_ptr(&bpf_redirect_info)= ; > u32 index =3D ri->ifindex; > - void *fwd =3D NULL; > + void *fwd =3D ri->item; > int err =3D 0; > > ri->ifindex =3D 0; > + ri->item =3D NULL; > WRITE_ONCE(ri->map, NULL); > > - fwd =3D __xdp_map_lookup_elem(map, index); > - if (unlikely(!fwd)) { > - err =3D -EINVAL; > - goto err; > - } > - > if (map->map_type =3D=3D BPF_MAP_TYPE_DEVMAP) { > struct bpf_dtab_netdev *dst =3D fwd; > > @@ -3735,6 +3726,7 @@ BPF_CALL_2(bpf_xdp_redirect, u32, ifindex, u64, fla= gs) > > ri->ifindex =3D ifindex; > ri->flags =3D flags; > + ri->item =3D NULL; > WRITE_ONCE(ri->map, NULL); > > return XDP_REDIRECT; > @@ -3753,9 +3745,16 @@ BPF_CALL_3(bpf_xdp_redirect_map, struct bpf_map *,= map, u32, ifindex, > { > struct bpf_redirect_info *ri =3D this_cpu_ptr(&bpf_redirect_info)= ; > > - if (unlikely(flags)) > + /* Lower bits of the flags are used as return code on lookup fail= ure */ > + if (unlikely(flags > XDP_TX)) > return XDP_ABORTED; > > + ri->item =3D __xdp_map_lookup_elem(map, ifindex); > + if (unlikely(!ri->item)) { > + WRITE_ONCE(ri->map, NULL); > + return flags; > + } > + > ri->ifindex =3D ifindex; > ri->flags =3D flags; > WRITE_ONCE(ri->map, map); >