lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20191018040748.30593-11-toshiaki.makita1@gmail.com>
Date:   Fri, 18 Oct 2019 13:07:43 +0900
From:   Toshiaki Makita <toshiaki.makita1@...il.com>
To:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Martin KaFai Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        Jesper Dangaard Brouer <hawk@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        Pravin B Shelar <pshelar@....org>
Cc:     Toshiaki Makita <toshiaki.makita1@...il.com>,
        netdev@...r.kernel.org, bpf@...r.kernel.org,
        William Tu <u9012063@...il.com>,
        Stanislav Fomichev <sdf@...ichev.me>
Subject: [RFC PATCH v2 bpf-next 10/15] xdp_flow: Add netdev feature for enabling flow offload to XDP

The usage would be like this:

 $ ethtool -K eth0 flow-offload-xdp on
 $ tc qdisc add dev eth0 clsact
 $ tc filter add dev eth0 ingress protocol ip flower ...

Then the filters offloaded to XDP are marked as "in_hw".

xdp_flow is using the indirect block mechanism to handle the newly added
feature.

Signed-off-by: Toshiaki Makita <toshiaki.makita1@...il.com>
---
 include/linux/netdev_features.h  |  2 ++
 net/core/dev.c                   |  2 ++
 net/core/ethtool.c               |  1 +
 net/xdp_flow/xdp_flow.h          |  5 ++++
 net/xdp_flow/xdp_flow_core.c     | 55 +++++++++++++++++++++++++++++++++++++++-
 net/xdp_flow/xdp_flow_kern_mod.c |  6 +++++
 6 files changed, 70 insertions(+), 1 deletion(-)

diff --git a/include/linux/netdev_features.h b/include/linux/netdev_features.h
index 4b19c54..1063511 100644
--- a/include/linux/netdev_features.h
+++ b/include/linux/netdev_features.h
@@ -80,6 +80,7 @@ enum {
 
 	NETIF_F_GRO_HW_BIT,		/* Hardware Generic receive offload */
 	NETIF_F_HW_TLS_RECORD_BIT,	/* Offload TLS record */
+	NETIF_F_XDP_FLOW_BIT,		/* Offload flow to XDP */
 
 	/*
 	 * Add your fresh new feature above and remember to update
@@ -150,6 +151,7 @@ enum {
 #define NETIF_F_GSO_UDP_L4	__NETIF_F(GSO_UDP_L4)
 #define NETIF_F_HW_TLS_TX	__NETIF_F(HW_TLS_TX)
 #define NETIF_F_HW_TLS_RX	__NETIF_F(HW_TLS_RX)
+#define NETIF_F_XDP_FLOW	__NETIF_F(XDP_FLOW)
 
 /* Finds the next feature with the highest number of the range of start till 0.
  */
diff --git a/net/core/dev.c b/net/core/dev.c
index 9965675..62e0469 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -9035,6 +9035,8 @@ int register_netdevice(struct net_device *dev)
 	 * software offloads (GSO and GRO).
 	 */
 	dev->hw_features |= NETIF_F_SOFT_FEATURES;
+	if (IS_ENABLED(CONFIG_XDP_FLOW) && dev->netdev_ops->ndo_bpf)
+		dev->hw_features |= NETIF_F_XDP_FLOW;
 	dev->features |= NETIF_F_SOFT_FEATURES;
 
 	if (dev->netdev_ops->ndo_udp_tunnel_add) {
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
index c763106..200aa96 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
@@ -111,6 +111,7 @@ int ethtool_op_get_ts_info(struct net_device *dev, struct ethtool_ts_info *info)
 	[NETIF_F_HW_TLS_RECORD_BIT] =	"tls-hw-record",
 	[NETIF_F_HW_TLS_TX_BIT] =	 "tls-hw-tx-offload",
 	[NETIF_F_HW_TLS_RX_BIT] =	 "tls-hw-rx-offload",
+	[NETIF_F_XDP_FLOW_BIT] =	 "flow-offload-xdp",
 };
 
 static const char
diff --git a/net/xdp_flow/xdp_flow.h b/net/xdp_flow/xdp_flow.h
index 656ceab..58f8a229 100644
--- a/net/xdp_flow/xdp_flow.h
+++ b/net/xdp_flow/xdp_flow.h
@@ -20,4 +20,9 @@ struct xdp_flow_umh_ops {
 
 extern struct xdp_flow_umh_ops xdp_flow_ops;
 
+static inline bool xdp_flow_enabled(const struct net_device *dev)
+{
+	return dev->features & NETIF_F_XDP_FLOW;
+}
+
 #endif
diff --git a/net/xdp_flow/xdp_flow_core.c b/net/xdp_flow/xdp_flow_core.c
index 8265aef..f402427 100644
--- a/net/xdp_flow/xdp_flow_core.c
+++ b/net/xdp_flow/xdp_flow_core.c
@@ -20,7 +20,8 @@ static void xdp_flow_block_release(void *cb_priv)
 	mutex_unlock(&xdp_flow_ops.lock);
 }
 
-int xdp_flow_setup_block(struct net_device *dev, struct flow_block_offload *f)
+static int xdp_flow_setup_block(struct net_device *dev,
+				struct flow_block_offload *f)
 {
 	struct flow_block_cb *block_cb;
 	int err = 0;
@@ -32,6 +33,9 @@ int xdp_flow_setup_block(struct net_device *dev, struct flow_block_offload *f)
 	if (f->binder_type != FLOW_BLOCK_BINDER_TYPE_CLSACT_INGRESS)
 		return -EOPNOTSUPP;
 
+	if (f->command == FLOW_BLOCK_BIND && !xdp_flow_enabled(dev))
+		return -EOPNOTSUPP;
+
 	mutex_lock(&xdp_flow_ops.lock);
 	if (!xdp_flow_ops.module) {
 		mutex_unlock(&xdp_flow_ops.lock);
@@ -105,6 +109,50 @@ int xdp_flow_setup_block(struct net_device *dev, struct flow_block_offload *f)
 	return err;
 }
 
+static int xdp_flow_indr_setup_cb(struct net_device *dev, void *cb_priv,
+				  enum tc_setup_type type, void *type_data)
+{
+	switch (type) {
+	case TC_SETUP_BLOCK:
+		return xdp_flow_setup_block(dev, type_data);
+	default:
+		return -EOPNOTSUPP;
+	}
+}
+
+static int xdp_flow_netdevice_event(struct notifier_block *nb,
+				    unsigned long event, void *ptr)
+{
+	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
+	int err;
+
+	if (!dev->netdev_ops->ndo_bpf)
+		return NOTIFY_DONE;
+
+	switch (event) {
+	case NETDEV_REGISTER:
+		err = __flow_indr_block_cb_register(dev, NULL,
+						    xdp_flow_indr_setup_cb,
+						    dev);
+		if (err) {
+			netdev_err(dev,
+				   "Failed to register indirect block setup callback: %d\n",
+				   err);
+		}
+		break;
+	case NETDEV_UNREGISTER:
+		__flow_indr_block_cb_unregister(dev, xdp_flow_indr_setup_cb,
+						dev);
+		break;
+	}
+
+	return NOTIFY_DONE;
+}
+
+static struct notifier_block xdp_flow_notifier_block __read_mostly = {
+	.notifier_call = xdp_flow_netdevice_event,
+};
+
 static void xdp_flow_umh_cleanup(struct umh_info *info)
 {
 	mutex_lock(&xdp_flow_ops.lock);
@@ -117,6 +165,11 @@ static void xdp_flow_umh_cleanup(struct umh_info *info)
 
 static int __init xdp_flow_init(void)
 {
+	int err = register_netdevice_notifier(&xdp_flow_notifier_block);
+
+	if (err)
+		return err;
+
 	mutex_init(&xdp_flow_ops.lock);
 	xdp_flow_ops.stop = true;
 	xdp_flow_ops.info.cmdline = "xdp_flow_umh";
diff --git a/net/xdp_flow/xdp_flow_kern_mod.c b/net/xdp_flow/xdp_flow_kern_mod.c
index e70a86a..ce8a75b 100644
--- a/net/xdp_flow/xdp_flow_kern_mod.c
+++ b/net/xdp_flow/xdp_flow_kern_mod.c
@@ -335,6 +335,12 @@ static int xdp_flow_replace(struct net_device *dev, struct flow_cls_offload *f)
 	struct mbox_request *req;
 	int err;
 
+	if (!xdp_flow_enabled(dev)) {
+		NL_SET_ERR_MSG_MOD(f->common.extack,
+				   "flow-offload-xdp is disabled on net device");
+		return -EOPNOTSUPP;
+	}
+
 	req = kzalloc(sizeof(*req), GFP_KERNEL);
 	if (!req)
 		return -ENOMEM;
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ