From patchwork Fri Apr 24 20:14:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220591 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58E4BC55186 for ; Fri, 24 Apr 2020 20:14:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 339F02173E for ; Fri, 24 Apr 2020 20:14:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759275; bh=0cK7BAcwG+LN56KdajxJRHtlJWGr1Z++kKa/PFq2mxU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=eRVy053IDRl9CD92p0lw1oZdxtBQEjxNMZ3Ck189TfTqMRx5ef97T2hsKhnJPwNon YpgbMmCYznocJ9sab/m8ucTY64Mt1aM4iUao/eAVM17Yk8BQOUnxgyNNyeVBxMx2aQ VQwmgYyO6Sdp1jkWByUPrLQ0YKxzvSIqxJXAFwGc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729423AbgDXUOe (ORCPT ); Fri, 24 Apr 2020 16:14:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:57294 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728659AbgDXUOc (ORCPT ); Fri, 24 Apr 2020 16:14:32 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 143A8215A4; Fri, 24 Apr 2020 20:14:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759271; bh=0cK7BAcwG+LN56KdajxJRHtlJWGr1Z++kKa/PFq2mxU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=qNCNYZjbWJXtRTsHL42KoEIGqQ1waaM/AuslMwaiOU7LrpvMc8ceslBj36vESgm1u wHFmM9jcB+pN/FROWRUeF0sTFSqlHTr8VIdZwPiaugThOP86Yams7jmdACdhOwfD1v fw70WAw1tosWr5XXKBvQoF/+O9gWx1cdLwwxkR3E= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 01/15] net: Refactor convert_to_xdp_frame Date: Fri, 24 Apr 2020 14:14:14 -0600 Message-Id: <20200424201428.89514-2-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern Move the guts of convert_to_xdp_frame to a new helper, update_xdp_frame so it can be reused in a later patch. Suggested-by: Jesper Dangaard Brouer Signed-off-by: David Ahern Acked-by: Jesper Dangaard Brouer --- include/net/xdp.h | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/include/net/xdp.h b/include/net/xdp.h index 40c6d3398458..779313862073 100644 --- a/include/net/xdp.h +++ b/include/net/xdp.h @@ -93,32 +93,42 @@ static inline void xdp_scrub_frame(struct xdp_frame *frame) struct xdp_frame *xdp_convert_zc_to_xdp_frame(struct xdp_buff *xdp); -/* Convert xdp_buff to xdp_frame */ static inline -struct xdp_frame *convert_to_xdp_frame(struct xdp_buff *xdp) +bool update_xdp_frame(struct xdp_buff *xdp, struct xdp_frame *xdp_frame) { - struct xdp_frame *xdp_frame; int metasize; int headroom; - if (xdp->rxq->mem.type == MEM_TYPE_ZERO_COPY) - return xdp_convert_zc_to_xdp_frame(xdp); - /* Assure headroom is available for storing info */ headroom = xdp->data - xdp->data_hard_start; metasize = xdp->data - xdp->data_meta; metasize = metasize > 0 ? metasize : 0; if (unlikely((headroom - metasize) < sizeof(*xdp_frame))) - return NULL; - - /* Store info in top of packet */ - xdp_frame = xdp->data_hard_start; + return false; xdp_frame->data = xdp->data; xdp_frame->len = xdp->data_end - xdp->data; xdp_frame->headroom = headroom - sizeof(*xdp_frame); xdp_frame->metasize = metasize; + return true; +} + +/* Convert xdp_buff to xdp_frame */ +static inline +struct xdp_frame *convert_to_xdp_frame(struct xdp_buff *xdp) +{ + struct xdp_frame *xdp_frame; + + if (xdp->rxq->mem.type == MEM_TYPE_ZERO_COPY) + return xdp_convert_zc_to_xdp_frame(xdp); + + /* Store info in top of packet */ + xdp_frame = xdp->data_hard_start; + + if (unlikely(!update_xdp_frame(xdp, xdp_frame))) + return NULL; + /* rxq only valid until napi_schedule ends, convert to xdp_mem_info */ xdp_frame->mem = xdp->rxq->mem; From patchwork Fri Apr 24 20:14:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220590 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD272C55186 for ; Fri, 24 Apr 2020 20:14:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8804821835 for ; Fri, 24 Apr 2020 20:14:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759279; bh=WrTXsePN30JYi0KAEyQLPlQkXR6+r/4YACi18nFdvsg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=mWvmIJv+C+ZGVOrqmLMg3OJ5v1vsllBEC9F/7075J+P3VwLxOYlu9MvdbC6630mBQ yBDJF56uIv5z/tUyx9K+/e46vcC0utuHyTRUqVzgpRkim/VPwCm1BUhb2wgG4W2FMx 8KHGyFJURZvElL4q6vM/aft92ZJZSQBdVxON8h1I= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729464AbgDXUOh (ORCPT ); Fri, 24 Apr 2020 16:14:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:57350 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728659AbgDXUOf (ORCPT ); Fri, 24 Apr 2020 16:14:35 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3D7EE2166E; Fri, 24 Apr 2020 20:14:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759275; bh=WrTXsePN30JYi0KAEyQLPlQkXR6+r/4YACi18nFdvsg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UCwBkjFDPCSwFozJQ80R4nrxh480SDL7opYKPoXXkidtGSMGqJMTFNC+q8kU1Tnii OuGLJlj/O+xI5qGuqKNCHHL1Pcfpu0zPoiYKgS5nUdc5tkXYywX+nxgksLQVtHkr/O 9LW4cg789BT7r50yYH7Q77X7Z9OjKTO0edqUOfdU= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 04/15] net: Add BPF_XDP_EGRESS as a bpf_attach_type Date: Fri, 24 Apr 2020 14:14:17 -0600 Message-Id: <20200424201428.89514-5-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern Add new bpf_attach_type, BPF_XDP_EGRESS, for BPF programs attached at the XDP layer, but the egress path. Since egress path will not have ingress_ifindex and rx_queue_index set, update xdp_is_valid_access to block access to these entries in the xdp context when a program is attached with expected_attach_type set. Update dev_change_xdp_fd to verify expected_attach_type for a program is BPF_XDP_EGRESS if egress argument is set. The next patch adds support for the egress ifindex. Signed-off-by: Prashant Bhole Co-developed-by: David Ahern Signed-off-by: David Ahern --- include/uapi/linux/bpf.h | 1 + net/core/dev.c | 11 +++++++++++ net/core/filter.c | 11 +++++++++++ tools/include/uapi/linux/bpf.h | 1 + 4 files changed, 24 insertions(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 2e29a671d67e..a9d384998e8b 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -215,6 +215,7 @@ enum bpf_attach_type { BPF_TRACE_FEXIT, BPF_MODIFY_RETURN, BPF_LSM_MAC, + BPF_XDP_EGRESS, __MAX_BPF_ATTACH_TYPE }; diff --git a/net/core/dev.c b/net/core/dev.c index 726a93a5cb25..2f6e18fc02ed 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -8730,6 +8730,17 @@ int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack, if (IS_ERR(prog)) return PTR_ERR(prog); + if (egress && prog->expected_attach_type != BPF_XDP_EGRESS) { + NL_SET_ERR_MSG(extack, "XDP program in Tx path must use BPF_XDP_EGRESS attach type"); + bpf_prog_put(prog); + return -EINVAL; + } + if (!egress && prog->expected_attach_type == BPF_XDP_EGRESS) { + NL_SET_ERR_MSG(extack, "XDP program in Rx path can not use BPF_XDP_EGRESS attach type"); + bpf_prog_put(prog); + return -EINVAL; + } + if (!offload && bpf_prog_is_dev_bound(prog->aux)) { NL_SET_ERR_MSG(extack, "using device-bound program without HW_MODE flag is not supported"); bpf_prog_put(prog); diff --git a/net/core/filter.c b/net/core/filter.c index a943df3ad8b0..b4d064c7fdec 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -6935,6 +6935,17 @@ static bool xdp_is_valid_access(int off, int size, const struct bpf_prog *prog, struct bpf_insn_access_aux *info) { + /* Rx data is only accessible from original XDP where + * expected_attach_type is not set + */ + if (prog->expected_attach_type) { + switch (off) { + case offsetof(struct xdp_md, ingress_ifindex): + case offsetof(struct xdp_md, rx_queue_index): + return false; + } + } + if (type == BPF_WRITE) { if (bpf_prog_is_dev_bound(prog->aux)) { switch (off) { diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 2e29a671d67e..a9d384998e8b 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -215,6 +215,7 @@ enum bpf_attach_type { BPF_TRACE_FEXIT, BPF_MODIFY_RETURN, BPF_LSM_MAC, + BPF_XDP_EGRESS, __MAX_BPF_ATTACH_TYPE }; From patchwork Fri Apr 24 20:14:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220586 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5481AC54FCB for ; Fri, 24 Apr 2020 20:15:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 32ABC214AF for ; Fri, 24 Apr 2020 20:15:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759300; bh=u1/3oZ1r8+EI7DBdimzXx4Se/Uy0coEkTTkVX5OtrEQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=FP+unWZV7xLVg9rVS0ftbFiupEiIyzY5q4lw6ZlmNRYvJMfHX7C1ieX6K7L7NrcNI bZyfMZfTFjG3uJb2OtuqbuC6QT4j0kUFm6U80hhaP2mLBMjcjHs70siRHcOr98mWEq lqQkTwoiBYYVD3o6rBfuzf5qnNdI2cAK92GyJPiI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729587AbgDXUO7 (ORCPT ); Fri, 24 Apr 2020 16:14:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:57458 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729466AbgDXUOj (ORCPT ); Fri, 24 Apr 2020 16:14:39 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5F35F21927; Fri, 24 Apr 2020 20:14:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759278; bh=u1/3oZ1r8+EI7DBdimzXx4Se/Uy0coEkTTkVX5OtrEQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sV8vLx6C3YrbnUGL6gGiflZJvTPo47wJecaPrNt90oP2MiyiBoLp5F+cawnEN9vWk iIddkw+7ilHXEbYIQS4feG69SpovWJ27wuejQYDjJrdWUAokiq0zPsDnFAHQsj0r5E /GruVa34qT0yUgeq8EgUO8MLS9QS/Aw5xYsnHvBE= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 07/15] net: rename netif_receive_generic_xdp to do_generic_xdp_core Date: Fri, 24 Apr 2020 14:14:20 -0600 Message-Id: <20200424201428.89514-8-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern In skb generic path, we need a way to run XDP program on skb but to have customized handling of XDP actions. netif_receive_generic_xdp will be more helpful in such cases than do_xdp_generic. This patch prepares netif_receive_generic_xdp() to be used as general purpose function for running xdp programs on skbs by renaming it to do_xdp_generic_core, moving skb_is_redirected and rxq settings as well as XDP return code checks to the callers. This allows this core function to be used from both Rx and Tx paths with rxq and txq set based on context. Signed-off-by: Jason Wang Signed-off-by: Prashant Bhole Signed-off-by: David Ahern --- net/core/dev.c | 52 ++++++++++++++++++++++++-------------------------- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/net/core/dev.c b/net/core/dev.c index 50e07b7967c9..0a56862a32e5 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -4501,25 +4501,17 @@ static struct netdev_rx_queue *netif_get_rxqueue(struct sk_buff *skb) return rxqueue; } -static u32 netif_receive_generic_xdp(struct sk_buff *skb, - struct xdp_buff *xdp, - struct bpf_prog *xdp_prog) +static u32 do_xdp_generic_core(struct sk_buff *skb, struct xdp_buff *xdp, + struct bpf_prog *xdp_prog) { - struct netdev_rx_queue *rxqueue; void *orig_data, *orig_data_end; - u32 metalen, act = XDP_DROP; __be16 orig_eth_type; struct ethhdr *eth; + u32 metalen, act; bool orig_bcast; int hlen, off; u32 mac_len; - /* Reinjected packets coming from act_mirred or similar should - * not get XDP generic processing. - */ - if (skb_is_redirected(skb)) - return XDP_PASS; - /* XDP packets must be linear and must have sufficient headroom * of XDP_PACKET_HEADROOM bytes. This is the guarantee that also * native XDP provides, thus we need to do it here as well. @@ -4535,9 +4527,9 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb, if (pskb_expand_head(skb, hroom > 0 ? ALIGN(hroom, NET_SKB_PAD) : 0, troom > 0 ? troom + 128 : 0, GFP_ATOMIC)) - goto do_drop; + return XDP_DROP; if (skb_linearize(skb)) - goto do_drop; + return XDP_DROP; } /* The XDP program wants to see the packet starting at the MAC @@ -4555,9 +4547,6 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb, orig_bcast = is_multicast_ether_addr_64bits(eth->h_dest); orig_eth_type = eth->h_proto; - rxqueue = netif_get_rxqueue(skb); - xdp->rxq = &rxqueue->xdp_rxq; - act = bpf_prog_run_xdp(xdp_prog, xdp); /* check if bpf_xdp_adjust_head was used */ @@ -4600,16 +4589,6 @@ static u32 netif_receive_generic_xdp(struct sk_buff *skb, if (metalen) skb_metadata_set(skb, metalen); break; - default: - bpf_warn_invalid_xdp_action(act); - /* fall through */ - case XDP_ABORTED: - trace_xdp_exception(skb->dev, xdp_prog, act); - /* fall through */ - case XDP_DROP: - do_drop: - kfree_skb(skb); - break; } return act; @@ -4644,12 +4623,22 @@ static DEFINE_STATIC_KEY_FALSE(generic_xdp_needed_key); int do_xdp_generic_rx(struct bpf_prog *xdp_prog, struct sk_buff *skb) { + /* Reinjected packets coming from act_mirred or similar should + * not get XDP generic processing. + */ + if (skb_is_redirected(skb)) + return XDP_PASS; + if (xdp_prog) { + struct netdev_rx_queue *rxqueue; struct xdp_buff xdp; u32 act; int err; - act = netif_receive_generic_xdp(skb, &xdp, xdp_prog); + rxqueue = netif_get_rxqueue(skb); + xdp.rxq = &rxqueue->xdp_rxq; + + act = do_xdp_generic_core(skb, &xdp, xdp_prog); if (act != XDP_PASS) { switch (act) { case XDP_REDIRECT: @@ -4661,6 +4650,15 @@ int do_xdp_generic_rx(struct bpf_prog *xdp_prog, struct sk_buff *skb) case XDP_TX: generic_xdp_tx(skb, xdp_prog); break; + default: + bpf_warn_invalid_xdp_action(act); + /* fall through */ + case XDP_ABORTED: + trace_xdp_exception(skb->dev, xdp_prog, act); + /* fall through */ + case XDP_DROP: + kfree_skb(skb); + break; } return XDP_DROP; } From patchwork Fri Apr 24 20:14:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220585 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EB54C55186 for ; Fri, 24 Apr 2020 20:15:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EE602214AF for ; Fri, 24 Apr 2020 20:15:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759303; bh=RAfY3yvO7eaBb7Pp+Mv9Vaaz4e3kAJvkE+lk4Adppyg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=hzycm/lBQ3ctQkjD43sw827GVdQD+WdLsZuBhyJ45Xzpdg6uqszCuRkteP4CRL7bp hsrG23JpPENkb+MHqZfvA0AssGGUZGthCcLeHZQOk98dISsMLwocGxwDkJlG8f4Ito qdQSABxi7MfoIaGRqIAJH81VFNOkH0KFSKxhZW9Q= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729574AbgDXUO5 (ORCPT ); Fri, 24 Apr 2020 16:14:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:57548 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729513AbgDXUOm (ORCPT ); Fri, 24 Apr 2020 16:14:42 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 81830214AF; Fri, 24 Apr 2020 20:14:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759282; bh=RAfY3yvO7eaBb7Pp+Mv9Vaaz4e3kAJvkE+lk4Adppyg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iflG14Bp24xRw3pKp52vaCEBgd4XXzKpEvDWWhWzo0ddZb6oqbb3rzL10KFkQ0zBf Xekl0VjmjPQmT0oO2JOWf1FahJnypEcdSxYJrswuQNcHggW7WrCigEaPkk0cPYe4Y8 +ducc/rV3VZFHsSoumaNe7sLfD8pO5nPb3kzKOsM= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 11/15] libbpf: Add egress XDP support Date: Fri, 24 Apr 2020 14:14:24 -0600 Message-Id: <20200424201428.89514-12-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern New section name hint, xdp_egress, is added to set expected attach type at program load. Programs can use xdp_egress as the prefix in the SEC statement to load the program with the BPF_XDP_EGRESS attach type set. egress_prog_id is added to xdp_link_info to report the program id. Signed-off-by: David Ahern --- tools/lib/bpf/libbpf.c | 2 ++ tools/lib/bpf/libbpf.h | 1 + tools/lib/bpf/netlink.c | 6 ++++++ 3 files changed, 9 insertions(+) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 8f480e29a6b0..32fc970495d9 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -6366,6 +6366,8 @@ static const struct bpf_sec_def section_defs[] = { .is_attach_btf = true, .expected_attach_type = BPF_LSM_MAC, .attach_fn = attach_lsm), + BPF_EAPROG_SEC("xdp_egress", BPF_PROG_TYPE_XDP, + BPF_XDP_EGRESS), BPF_PROG_SEC("xdp", BPF_PROG_TYPE_XDP), BPF_PROG_SEC("perf_event", BPF_PROG_TYPE_PERF_EVENT), BPF_PROG_SEC("lwt_in", BPF_PROG_TYPE_LWT_IN), diff --git a/tools/lib/bpf/libbpf.h b/tools/lib/bpf/libbpf.h index f1dacecb1619..445c3789faa4 100644 --- a/tools/lib/bpf/libbpf.h +++ b/tools/lib/bpf/libbpf.h @@ -454,6 +454,7 @@ struct xdp_link_info { __u32 hw_prog_id; __u32 skb_prog_id; __u8 attach_mode; + __u32 egress_prog_id; }; struct bpf_xdp_set_link_opts { diff --git a/tools/lib/bpf/netlink.c b/tools/lib/bpf/netlink.c index 0b709fd10bba..072d3552248b 100644 --- a/tools/lib/bpf/netlink.c +++ b/tools/lib/bpf/netlink.c @@ -280,6 +280,10 @@ static int get_xdp_info(void *cookie, void *msg, struct nlattr **tb) xdp_id->info.hw_prog_id = libbpf_nla_getattr_u32( xdp_tb[IFLA_XDP_HW_PROG_ID]); + if (xdp_tb[IFLA_XDP_EGRESS_PROG_ID]) + xdp_id->info.egress_prog_id = libbpf_nla_getattr_u32( + xdp_tb[IFLA_XDP_EGRESS_PROG_ID]); + return 0; } @@ -329,6 +333,8 @@ static __u32 get_xdp_id(struct xdp_link_info *info, __u32 flags) return info->hw_prog_id; if (flags & XDP_FLAGS_SKB_MODE) return info->skb_prog_id; + if (flags & XDP_FLAGS_EGRESS_MODE) + return info->egress_prog_id; return 0; } From patchwork Fri Apr 24 20:14:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220588 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2782CC55186 for ; Fri, 24 Apr 2020 20:14:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0682E215A4 for ; Fri, 24 Apr 2020 20:14:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759292; bh=9apX48VINGAv491PjmlzAkadaPR0qKX9AaYHGtSkxqI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Yduw5RPDszc2/Y0kStvIn0TUw4GCckV0xn/4mUaZUZWR9wEgpumU4qsLqxoRk9OyC YvPAlrUU4x0uz4iFGIxbp15Gp/vrsjLGsCiTBgV/gaXYpXxw3cPEBFWsRei9M1tj9e zfv+1gq5z5r2/REd9nvwOB5IKRO98rEV7Una/5AI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729536AbgDXUOp (ORCPT ); Fri, 24 Apr 2020 16:14:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:57574 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729389AbgDXUOo (ORCPT ); Fri, 24 Apr 2020 16:14:44 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A7988217BA; Fri, 24 Apr 2020 20:14:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759283; bh=9apX48VINGAv491PjmlzAkadaPR0qKX9AaYHGtSkxqI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iXTQh0wjhLOavDCFwbNWHNSBMwVWvI+i3J6ACBQfeoBk/uulVl2PMrFH5aKg8TLlS SOeVdTv+DqhVj9fimT2TlQf82acKUFpypGe3iDnEMoWPdQbA6vAN0AJpZtuR54IcoX DLpSAihwswkRNAfvrst/uvNapfrxZwOweuKR2G6o= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 12/15] bpftool: Add support for XDP egress Date: Fri, 24 Apr 2020 14:14:25 -0600 Message-Id: <20200424201428.89514-13-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern Add xdp_egress as a program type since it requires a new attach type. This follows suit with other program type + attach type combintations and leverages the SEC name in libbpf. Add NET_ATTACH_TYPE_XDP_EGRESS and update attach_type_strings to allow a user to specify 'xdp_egress' as the attach or detach point. Update do_attach_detach_xdp to set XDP_FLAGS_EGRESS_MODE if egress is selected. Update do_xdp_dump_one to show egress program ids. Update the documentation and help output. Signed-off-by: David Ahern --- tools/bpf/bpftool/Documentation/bpftool-net.rst | 4 +++- tools/bpf/bpftool/Documentation/bpftool-prog.rst | 2 +- tools/bpf/bpftool/bash-completion/bpftool | 4 ++-- tools/bpf/bpftool/net.c | 6 +++++- tools/bpf/bpftool/netlink_dumper.c | 5 +++++ tools/bpf/bpftool/prog.c | 2 +- 6 files changed, 17 insertions(+), 6 deletions(-) diff --git a/tools/bpf/bpftool/Documentation/bpftool-net.rst b/tools/bpf/bpftool/Documentation/bpftool-net.rst index 8651b00b81ea..d7398fb00ec4 100644 --- a/tools/bpf/bpftool/Documentation/bpftool-net.rst +++ b/tools/bpf/bpftool/Documentation/bpftool-net.rst @@ -26,7 +26,8 @@ NET COMMANDS | **bpftool** **net help** | | *PROG* := { **id** *PROG_ID* | **pinned** *FILE* | **tag** *PROG_TAG* } -| *ATTACH_TYPE* := { **xdp** | **xdpgeneric** | **xdpdrv** | **xdpoffload** } +| *ATTACH_TYPE* := +| { **xdp** | **xdpgeneric** | **xdpdrv** | **xdpoffload** | **xdp_egress** } DESCRIPTION =========== @@ -63,6 +64,7 @@ DESCRIPTION **xdpgeneric** - Generic XDP. runs at generic XDP hook when packet already enters receive path as skb; **xdpdrv** - Native XDP. runs earliest point in driver's receive path; **xdpoffload** - Offload XDP. runs directly on NIC on each packet reception; + **xdp_egress** - XDP in egress path. runs at core networking level; **bpftool** **net detach** *ATTACH_TYPE* **dev** *NAME* Detach bpf program attached to network interface *NAME* with diff --git a/tools/bpf/bpftool/Documentation/bpftool-prog.rst b/tools/bpf/bpftool/Documentation/bpftool-prog.rst index 9f19404f470e..ab0a8846a8e3 100644 --- a/tools/bpf/bpftool/Documentation/bpftool-prog.rst +++ b/tools/bpf/bpftool/Documentation/bpftool-prog.rst @@ -44,7 +44,7 @@ PROG COMMANDS | **cgroup/connect4** | **cgroup/connect6** | **cgroup/sendmsg4** | **cgroup/sendmsg6** | | **cgroup/recvmsg4** | **cgroup/recvmsg6** | **cgroup/sysctl** | | **cgroup/getsockopt** | **cgroup/setsockopt** | -| **struct_ops** | **fentry** | **fexit** | **freplace** +| **struct_ops** | **fentry** | **fexit** | **freplace** | **xdp_egress** | } | *ATTACH_TYPE* := { | **msg_verdict** | **stream_verdict** | **stream_parser** | **flow_dissector** diff --git a/tools/bpf/bpftool/bash-completion/bpftool b/tools/bpf/bpftool/bash-completion/bpftool index 45ee99b159e2..ab20696c20c6 100644 --- a/tools/bpf/bpftool/bash-completion/bpftool +++ b/tools/bpf/bpftool/bash-completion/bpftool @@ -471,7 +471,7 @@ _bpftool() cgroup/post_bind4 cgroup/post_bind6 \ cgroup/sysctl cgroup/getsockopt \ cgroup/setsockopt struct_ops \ - fentry fexit freplace" -- \ + fentry fexit freplace xdp_egress" -- \ "$cur" ) ) return 0 ;; @@ -1003,7 +1003,7 @@ _bpftool() ;; net) local PROG_TYPE='id pinned tag name' - local ATTACH_TYPES='xdp xdpgeneric xdpdrv xdpoffload' + local ATTACH_TYPES='xdp xdpgeneric xdpdrv xdpoffload xdp_egress' case $command in show|list) [[ $prev != "$command" ]] && return 0 diff --git a/tools/bpf/bpftool/net.c b/tools/bpf/bpftool/net.c index c5e3895b7c8b..dbace14e5484 100644 --- a/tools/bpf/bpftool/net.c +++ b/tools/bpf/bpftool/net.c @@ -61,6 +61,7 @@ enum net_attach_type { NET_ATTACH_TYPE_XDP_GENERIC, NET_ATTACH_TYPE_XDP_DRIVER, NET_ATTACH_TYPE_XDP_OFFLOAD, + NET_ATTACH_TYPE_XDP_EGRESS, }; static const char * const attach_type_strings[] = { @@ -68,6 +69,7 @@ static const char * const attach_type_strings[] = { [NET_ATTACH_TYPE_XDP_GENERIC] = "xdpgeneric", [NET_ATTACH_TYPE_XDP_DRIVER] = "xdpdrv", [NET_ATTACH_TYPE_XDP_OFFLOAD] = "xdpoffload", + [NET_ATTACH_TYPE_XDP_EGRESS] = "xdp_egress", }; const size_t net_attach_type_size = ARRAY_SIZE(attach_type_strings); @@ -286,6 +288,8 @@ static int do_attach_detach_xdp(int progfd, enum net_attach_type attach_type, flags |= XDP_FLAGS_DRV_MODE; if (attach_type == NET_ATTACH_TYPE_XDP_OFFLOAD) flags |= XDP_FLAGS_HW_MODE; + if (attach_type == NET_ATTACH_TYPE_XDP_EGRESS) + flags |= XDP_FLAGS_EGRESS_MODE; return bpf_set_link_xdp_fd(ifindex, progfd, flags); } @@ -464,7 +468,7 @@ static int do_help(int argc, char **argv) " %s %s help\n" "\n" " " HELP_SPEC_PROGRAM "\n" - " ATTACH_TYPE := { xdp | xdpgeneric | xdpdrv | xdpoffload }\n" + " ATTACH_TYPE := { xdp | xdpgeneric | xdpdrv | xdpoffload | xdp_egress}\n" "\n" "Note: Only xdp and tc attachments are supported now.\n" " For progs attached to cgroups, use \"bpftool cgroup\"\n" diff --git a/tools/bpf/bpftool/netlink_dumper.c b/tools/bpf/bpftool/netlink_dumper.c index 5f65140b003b..68e4909b6073 100644 --- a/tools/bpf/bpftool/netlink_dumper.c +++ b/tools/bpf/bpftool/netlink_dumper.c @@ -55,6 +55,8 @@ static int do_xdp_dump_one(struct nlattr *attr, unsigned int ifindex, xdp_dump_prog_id(tb, IFLA_XDP_SKB_PROG_ID, "generic", true); xdp_dump_prog_id(tb, IFLA_XDP_DRV_PROG_ID, "driver", true); xdp_dump_prog_id(tb, IFLA_XDP_HW_PROG_ID, "offload", true); + xdp_dump_prog_id(tb, IFLA_XDP_EGRESS_PROG_ID, + "egress", true); if (json_output) jsonw_end_array(json_wtr); } else if (mode == XDP_ATTACHED_DRV) { @@ -63,6 +65,9 @@ static int do_xdp_dump_one(struct nlattr *attr, unsigned int ifindex, xdp_dump_prog_id(tb, IFLA_XDP_PROG_ID, "generic", false); } else if (mode == XDP_ATTACHED_HW) { xdp_dump_prog_id(tb, IFLA_XDP_PROG_ID, "offload", false); + } else if (mode == XDP_ATTACHED_EGRESS_CORE) { + xdp_dump_prog_id(tb, IFLA_XDP_EGRESS_PROG_ID, + "egress", false); } NET_END_OBJECT_FINAL; diff --git a/tools/bpf/bpftool/prog.c b/tools/bpf/bpftool/prog.c index f6a5974a7b0a..64695ccdcf9d 100644 --- a/tools/bpf/bpftool/prog.c +++ b/tools/bpf/bpftool/prog.c @@ -2014,7 +2014,7 @@ static int do_help(int argc, char **argv) " cgroup/post_bind6 | cgroup/connect4 | cgroup/connect6 |\n" " cgroup/sendmsg4 | cgroup/sendmsg6 | cgroup/recvmsg4 |\n" " cgroup/recvmsg6 | cgroup/getsockopt | cgroup/setsockopt |\n" - " struct_ops | fentry | fexit | freplace }\n" + " struct_ops | fentry | fexit | freplace | xdp_egress }\n" " ATTACH_TYPE := { msg_verdict | stream_verdict | stream_parser |\n" " flow_dissector }\n" " METRIC := { cycles | instructions | l1d_loads | llc_misses }\n" From patchwork Fri Apr 24 20:14:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220589 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95AADC54FCB for ; Fri, 24 Apr 2020 20:14:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6D77E215A4 for ; Fri, 24 Apr 2020 20:14:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759290; bh=XZap2EEumrmCAj5GHjnK0BMGpW3p3efAnFk5mMSvEgY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=C6WVz9BEayF3GA6Gsp9hWO86ktXlQANs13tXEGE2k6bQ61b3qdaqIfRzZ6JIY8Bqk 4+f6SQ/gl/I0hKek4rArja1Y/y5MXhB0BQHjfi3Evx8sb/flelRdiBloLjMrLLxAgk u/c/1Eqg7ZyBCjGOokrzHakw6zcOU0cxiZ8p7SAE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729549AbgDXUOs (ORCPT ); Fri, 24 Apr 2020 16:14:48 -0400 Received: from mail.kernel.org ([198.145.29.99]:57548 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729529AbgDXUOp (ORCPT ); Fri, 24 Apr 2020 16:14:45 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AF86921707; Fri, 24 Apr 2020 20:14:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759284; bh=XZap2EEumrmCAj5GHjnK0BMGpW3p3efAnFk5mMSvEgY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DsiwDU2llfQjN9QV0lQ876kyhGwRksqL/o0QIZ99rzkHhoEGPK5Rxbec4MvocUJ45 Kc0p2g4CmVO41HFzmDTVebB9kXQ5aNAB1YqFNw7LmmatDd175iQf+utTw1G9M5IMxQ A49Eoj2Mr5wQZKr4Tj7XjT0YxE4oevskHUPP9CKA= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 13/15] selftest: Add test for xdp_egress Date: Fri, 24 Apr 2020 14:14:26 -0600 Message-Id: <20200424201428.89514-14-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern Add selftest for xdp_egress. Add xdp_drop program to veth connecting a namespace to drop packets and break connectivity. Signed-off-by: David Ahern --- tools/testing/selftests/bpf/Makefile | 1 + tools/testing/selftests/bpf/progs/xdp_drop.c | 25 +++ .../testing/selftests/bpf/test_xdp_egress.sh | 160 ++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100644 tools/testing/selftests/bpf/progs/xdp_drop.c create mode 100755 tools/testing/selftests/bpf/test_xdp_egress.sh diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 7729892e0b04..5dae18ebac13 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -50,6 +50,7 @@ TEST_PROGS := test_kmod.sh \ test_xdp_redirect.sh \ test_xdp_meta.sh \ test_xdp_veth.sh \ + test_xdp_egress.sh \ test_offload.py \ test_sock_addr.sh \ test_tunnel.sh \ diff --git a/tools/testing/selftests/bpf/progs/xdp_drop.c b/tools/testing/selftests/bpf/progs/xdp_drop.c new file mode 100644 index 000000000000..cffabc53a5e1 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/xdp_drop.c @@ -0,0 +1,25 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include +#include + +SEC("drop") +int xdp_drop(struct xdp_md *ctx) +{ + void *data_end = (void *)(long)ctx->data_end; + void *data = (void *)(long)ctx->data; + struct ethhdr *eth = data; + void *nh; + + nh = data + sizeof(*eth); + if (nh > data_end) + return XDP_DROP; + + if (eth->h_proto == 0x0008) + return XDP_DROP; + + return XDP_PASS; +} + +char _license[] SEC("license") = "GPL"; diff --git a/tools/testing/selftests/bpf/test_xdp_egress.sh b/tools/testing/selftests/bpf/test_xdp_egress.sh new file mode 100755 index 000000000000..7efa59fdf823 --- /dev/null +++ b/tools/testing/selftests/bpf/test_xdp_egress.sh @@ -0,0 +1,160 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# XDP egress tests. + +# Kselftest framework requirement - SKIP code is 4. +ksft_skip=4 + +TESTNAME=xdp_egress +BPF_FS=$(awk '$3 == "bpf" {print $2; exit}' /proc/mounts) + +ret=0 + +################################################################################ +# +log_test() +{ + local rc=$1 + local expected=$2 + local msg="$3" + + if [ ${rc} -eq ${expected} ]; then + printf "TEST: %-60s [ OK ]\n" "${msg}" + else + ret=1 + printf "TEST: %-60s [FAIL]\n" "${msg}" + fi +} + +################################################################################ +# create namespaces and connect them + +create_ns() +{ + local ns=$1 + local addr=$2 + local addr6=$3 + + ip netns add ${ns} + + ip -netns ${ns} link set lo up + ip -netns ${ns} addr add dev lo ${addr} + ip -netns ${ns} -6 addr add dev lo ${addr6} + + ip -netns ${ns} ro add unreachable default metric 8192 + ip -netns ${ns} -6 ro add unreachable default metric 8192 + + ip netns exec ${ns} sysctl -qw net.ipv4.ip_forward=1 + ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 + ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 + ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.forwarding=1 + ip netns exec ${ns} sysctl -qw net.ipv6.conf.all.accept_dad=0 +} + +connect_ns() +{ + local ns1=$1 + local ns1_dev=$2 + local ns1_addr=$3 + local ns1_addr6=$4 + local ns2=$5 + local ns2_dev=$6 + local ns2_addr=$7 + local ns2_addr6=$8 + local ns1arg + local ns2arg + + if [ -n "${ns1}" ]; then + ns1arg="-netns ${ns1}" + fi + if [ -n "${ns2}" ]; then + ns2arg="-netns ${ns2}" + fi + + ip ${ns1arg} li add ${ns1_dev} type veth peer name tmp + ip ${ns1arg} li set ${ns1_dev} up + ip ${ns1arg} li set tmp netns ${ns2} name ${ns2_dev} + ip ${ns2arg} li set ${ns2_dev} up + + ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr} + ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr} + + ip ${ns1arg} addr add dev ${ns1_dev} ${ns1_addr6} nodad + ip ${ns2arg} addr add dev ${ns2_dev} ${ns2_addr6} nodad +} + +################################################################################ +# + +setup() +{ + create_ns host 172.16.101.1/32 2001:db8:101::1/128 + connect_ns "" veth-host 172.16.1.1/24 2001:db8:1::1/64 host eth0 172.16.1.2/24 2001:db8:1::2/64 + ip ro add 172.16.101.1 via 172.16.1.2 + ip -6 ro add 2001:db8:101::1 via 2001:db8:1::2 + ping -c1 -w1 172.16.101.1 >/dev/null 2>&1 + ping -c1 -w1 2001:db8:101::1 >/dev/null 2>&1 +} + +cleanup() +{ + ip li del veth-host 2>/dev/null + ip netns del host 2>/dev/null + rm -f $BPF_FS/test_$TESTNAME +} + +################################################################################ +# main + +if [ $(id -u) -ne 0 ]; then + echo "selftests: $TESTNAME [SKIP] Need root privileges" + exit $ksft_skip +fi + +if ! ip link set dev lo xdp off > /dev/null 2>&1; then + echo "selftests: $TESTNAME [SKIP] Could not run test without the ip xdp support" + exit $ksft_skip +fi + +if [ -z "$BPF_FS" ]; then + echo "selftests: $TESTNAME [SKIP] Could not run test without bpffs mounted" + exit $ksft_skip +fi + +if ! bpftool version > /dev/null 2>&1; then + echo "selftests: $TESTNAME [SKIP] Could not run test without bpftool" + exit $ksft_skip +fi + +cleanup +trap cleanup EXIT + +set -e +setup +set +e + +bpftool prog load xdp_drop.o $BPF_FS/test_$TESTNAME type xdp_egress || exit 1 +ID=$(bpftool prog show name xdp_drop | awk '$4 == "xdp_drop" {print $1}') + +# attach egress program +bpftool net attach xdp_egress id ${ID/:/} dev veth-host +ping -c1 -w1 172.16.101.1 >/dev/null 2>&1 +log_test $? 1 "IPv4 connectivity disabled by xdp_egress" +ping -c1 -w1 2001:db8:101::1 >/dev/null 2>&1 +log_test $? 0 "IPv6 connectivity not disabled by egress drop program" + +# detach program should restore connectivity +bpftool net detach xdp_egress dev veth-host +ping -c1 -w1 172.16.101.1 >/dev/null 2>&1 +log_test $? 0 "IPv4 connectivity restored" + +# cleanup on delete +ip netns exec host bpftool net attach xdp_egress id ${ID/:/} dev eth0 +bpftool net attach xdp_egress id ${ID/:/} dev veth-host +ip li del veth-host +rm -f $BPF_FS/test_$TESTNAME +sleep 5 # rcu grace pass; verify program is dropped +bpftool prog show name xdp_drop + +exit $ret From patchwork Fri Apr 24 20:14:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 220587 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.1 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9368EC54FCB for ; Fri, 24 Apr 2020 20:14:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 71A0E215A4 for ; Fri, 24 Apr 2020 20:14:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759294; bh=Vw2FCOouxN7bROtFES0en98jMRaoYmLfRNQ/ko0YO0M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=mbjPFBU+M1ygGVtxw/hNY474kejkmbnozapb4JIaVYsIsCnLCWnt2oiil52UrG8Q7 H/WgPvFlE+KkyHSnbyJzQg8RSzALGKcut3ElPB7L6ex5EnuVXW/2rAyVBcJexebsmK S5qO4eeRtLFct5I2XxEMqbw9hn3TGFhdXZPJauoc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729564AbgDXUOx (ORCPT ); Fri, 24 Apr 2020 16:14:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:57614 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729537AbgDXUOq (ORCPT ); Fri, 24 Apr 2020 16:14:46 -0400 Received: from C02YQ0RWLVCF.internal.digitalocean.com (c-73-181-34-237.hsd1.co.comcast.net [73.181.34.237]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CCF3721BE5; Fri, 24 Apr 2020 20:14:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587759285; bh=Vw2FCOouxN7bROtFES0en98jMRaoYmLfRNQ/ko0YO0M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SaPxq2UXoBMIusaFk1ItIpCTmTKXZrbM4NeVoOCMhc9b+VWkizUZt2bhkLH9rX7Nx TSmeH5Lmh+bXTYCn1h4L/mCrkXVRF/vbk0rQ8oL+0KjHN2uTNWv+Xy+/ZBSez86jPI 50sRN5IW7v2aWC3P46CmnAfLjlEcIxSC34CmrEro= From: David Ahern To: netdev@vger.kernel.org Cc: davem@davemloft.net, kuba@kernel.org, prashantbhole.linux@gmail.com, jasowang@redhat.com, brouer@redhat.com, toke@redhat.com, toshiaki.makita1@gmail.com, daniel@iogearbox.net, john.fastabend@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andriin@fb.com, dsahern@gmail.com, David Ahern Subject: [PATCH v3 bpf-next 14/15] selftest: Add xdp_egress attach tests Date: Fri, 24 Apr 2020 14:14:27 -0600 Message-Id: <20200424201428.89514-15-dsahern@kernel.org> X-Mailer: git-send-email 2.21.1 (Apple Git-122.3) In-Reply-To: <20200424201428.89514-1-dsahern@kernel.org> References: <20200424201428.89514-1-dsahern@kernel.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Ahern Add xdp_egress attach tests: 1. verify egress programs cannot access ingress entries in xdp context 2. verify ability to load, attach, and detach xdp egress to a device. Signed-off-by: David Ahern --- .../bpf/prog_tests/xdp_egress_attach.c | 56 +++++++++++++++++++ .../selftests/bpf/progs/test_xdp_egress.c | 12 ++++ .../bpf/progs/test_xdp_egress_fail.c | 16 ++++++ 3 files changed, 84 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/xdp_egress_attach.c create mode 100644 tools/testing/selftests/bpf/progs/test_xdp_egress.c create mode 100644 tools/testing/selftests/bpf/progs/test_xdp_egress_fail.c diff --git a/tools/testing/selftests/bpf/prog_tests/xdp_egress_attach.c b/tools/testing/selftests/bpf/prog_tests/xdp_egress_attach.c new file mode 100644 index 000000000000..5253754b27de --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/xdp_egress_attach.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include + +#define IFINDEX_LO 1 + +void test_xdp_egress_attach(void) +{ + struct bpf_prog_load_attr attr = { + .prog_type = BPF_PROG_TYPE_XDP, + .expected_attach_type = BPF_XDP_EGRESS, + }; + struct bpf_prog_info info = {}; + __u32 id, len = sizeof(info); + struct bpf_object *obj; + __u32 duration = 0; + int err, fd = -1; + + /* should fail - accesses rx queue info */ + attr.file = "./test_xdp_egress_fail.o", + err = bpf_prog_load_xattr(&attr, &obj, &fd); + if (CHECK(err == 0 && fd >= 0, "xdp_egress with rx failed to load", + "load of xdp_egress with rx succeeded instead of failed")) + return; + + attr.file = "./test_xdp_egress.o", + err = bpf_prog_load_xattr(&attr, &obj, &fd); + if (CHECK_FAIL(err)) + return; + + err = bpf_obj_get_info_by_fd(fd, &info, &len); + if (CHECK_FAIL(err)) + goto out_close; + + err = bpf_set_link_xdp_fd(IFINDEX_LO, fd, XDP_FLAGS_EGRESS_MODE); + if (CHECK(err, "xdp attach", "xdp attach failed")) + goto out_close; + + err = bpf_get_link_xdp_id(IFINDEX_LO, &id, XDP_FLAGS_EGRESS_MODE); + if (CHECK(err || id != info.id, "id_check", + "loaded prog id %u != id %u, err %d", info.id, id, err)) + goto out; + +out: + err = bpf_set_link_xdp_fd(IFINDEX_LO, -1, XDP_FLAGS_EGRESS_MODE); + if (CHECK(err, "xdp detach", "xdp detach failed")) + goto out_close; + + err = bpf_get_link_xdp_id(IFINDEX_LO, &id, XDP_FLAGS_EGRESS_MODE); + if (CHECK(err || id, "id_check", + "failed to detach program %u", id)) + goto out; + +out_close: + bpf_object__close(obj); +} diff --git a/tools/testing/selftests/bpf/progs/test_xdp_egress.c b/tools/testing/selftests/bpf/progs/test_xdp_egress.c new file mode 100644 index 000000000000..0477e8537b7f --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_xdp_egress.c @@ -0,0 +1,12 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +SEC("xdp_egress") +int xdp_egress_good(struct xdp_md *ctx) +{ + __u32 idx = ctx->egress_ifindex; + + return idx == 1 ? XDP_DROP : XDP_PASS; +} diff --git a/tools/testing/selftests/bpf/progs/test_xdp_egress_fail.c b/tools/testing/selftests/bpf/progs/test_xdp_egress_fail.c new file mode 100644 index 000000000000..76b47b1d3bc3 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_xdp_egress_fail.c @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0 + +#include +#include + +SEC("xdp_egress") +int xdp_egress_fail(struct xdp_md *ctx) +{ + __u32 rxq = ctx->rx_queue_index; + __u32 idx = ctx->ingress_ifindex; + + if (idx == 1) + return XDP_DROP; + + return rxq ? XDP_DROP : XDP_PASS; +}