| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jan 2020 18:42:08 -0700
From: David Ahern <dsahern@...nel.org>
To: netdev@...r.kernel.org
Cc: prashantbhole.linux@...il.com, jasowang@...hat.com,
davem@...emloft.net, jakub.kicinski@...ronome.com,
jbrouer@...hat.com, toke@...hat.com, mst@...hat.com,
toshiaki.makita1@...il.com, daniel@...earbox.net,
john.fastabend@...il.com, ast@...nel.org, kafai@...com,
songliubraving@...com, yhs@...com, andriin@...com,
dsahern@...il.com
Subject: [PATCH bpf-next 10/12] tun: run XDP program in tx path
From: Prashant Bhole <prashantbhole.linux@...il.com>
Run the XDP program as soon as packet is removed from the ptr
ring. Since this is XDP in tx path, the traditional handling of
XDP actions XDP_TX/REDIRECT isn't valid. For this reason we call
do_xdp_generic_core instead of do_xdp_generic. do_xdp_generic_core
just runs the program and leaves the action handling to us.
Signed-off-by: Prashant Bhole <prashantbhole.linux@...il.com>
---
drivers/net/tun.c | 153 +++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 150 insertions(+), 3 deletions(-)
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index b6bac773f2a0..71bcd4ec2571 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -130,6 +130,7 @@ struct tap_filter {
/* MAX_TAP_QUEUES 256 is chosen to allow rx/tx queues to be equal
* to max number of VCPUs in guest. */
#define MAX_TAP_QUEUES 256
+#define MAX_TAP_BATCH 64
#define MAX_TAP_FLOWS 4096
#define TUN_FLOW_EXPIRE (3 * HZ)
@@ -175,6 +176,7 @@ struct tun_file {
struct tun_struct *detached;
struct ptr_ring tx_ring;
struct xdp_rxq_info xdp_rxq;
+ void *pkt_ptrs[MAX_TAP_BATCH];
};
struct tun_page {
@@ -2140,6 +2142,107 @@ static ssize_t tun_put_user(struct tun_struct *tun,
return total;
}
+static struct sk_buff *tun_prepare_xdp_skb(struct sk_buff *skb)
+{
+ struct sk_buff *nskb;
+
+ if (skb_shared(skb) || skb_cloned(skb)) {
+ nskb = skb_copy(skb, GFP_ATOMIC);
+ consume_skb(skb);
+ return nskb;
+ }
+
+ return skb;
+}
+
+static u32 tun_do_xdp_tx_generic(struct tun_struct *tun,
+ struct sk_buff *skb)
+{
+ struct bpf_prog *xdp_prog;
+ struct xdp_buff xdp;
+ u32 act = XDP_PASS;
+
+ xdp_prog = rcu_dereference(tun->xdp_egress_prog);
+ if (xdp_prog) {
+ skb = tun_prepare_xdp_skb(skb);
+ if (!skb) {
+ act = XDP_DROP;
+ kfree_skb(skb);
+ goto drop;
+ }
+
+ act = do_xdp_generic_core(skb, &xdp, xdp_prog);
+ switch (act) {
+ case XDP_TX:
+ /* Rx path generic XDP will be called in this path
+ */
+ local_bh_disable();
+ netif_receive_skb(skb);
+ local_bh_enable();
+ break;
+ case XDP_PASS:
+ break;
+ case XDP_REDIRECT:
+ /* Since we are not handling this case yet, let's free
+ * skb here. In case of XDP_DROP/XDP_ABORTED, the skb
+ * was already freed in do_xdp_generic_core()
+ */
+ kfree_skb(skb);
+ /* fall through */
+ default:
+ bpf_warn_invalid_xdp_action(act);
+ /* fall through */
+ case XDP_ABORTED:
+ trace_xdp_exception(tun->dev, xdp_prog, act);
+ /* fall through */
+ case XDP_DROP:
+ goto drop;
+ }
+ }
+
+ return act;
+drop:
+ this_cpu_inc(tun->pcpu_stats->tx_dropped);
+ return act;
+}
+
+static u32 tun_do_xdp_tx(struct tun_struct *tun, struct tun_file *tfile,
+ struct xdp_frame *frame)
+{
+ struct bpf_prog *xdp_prog;
+ struct xdp_buff xdp;
+ u32 act = XDP_PASS;
+
+ xdp_prog = rcu_dereference(tun->xdp_egress_prog);
+ if (xdp_prog) {
+ xdp.data_hard_start = frame->data - frame->headroom;
+ xdp.data = frame->data;
+ xdp.data_end = xdp.data + frame->len;
+ xdp.data_meta = xdp.data - frame->metasize;
+
+ act = bpf_prog_run_xdp(xdp_prog, &xdp);
+ switch (act) {
+ case XDP_PASS:
+ break;
+ case XDP_TX:
+ /* fall through */
+ case XDP_REDIRECT:
+ /* fall through */
+ default:
+ bpf_warn_invalid_xdp_action(act);
+ /* fall through */
+ case XDP_ABORTED:
+ trace_xdp_exception(tun->dev, xdp_prog, act);
+ /* fall through */
+ case XDP_DROP:
+ xdp_return_frame_rx_napi(frame);
+ break;
+ }
+ }
+
+ return act;
+}
+
static void *tun_ring_recv(struct tun_file *tfile, int noblock, int *err)
{
DECLARE_WAITQUEUE(wait, current);
@@ -2557,6 +2660,52 @@ static int tun_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len)
return ret;
}
+static int tun_consume_packets(struct tun_file *tfile, void **ptr_array, int n)
+{
+ void **pkts = tfile->pkt_ptrs;
+ struct xdp_frame *frame;
+ struct tun_struct *tun;
+ int i, num_ptrs;
+ int pkt_cnt = 0;
+ void *ptr;
+ u32 act;
+ int batchsz;
+
+ if (unlikely(!tfile))
+ return 0;
+
+ rcu_read_lock();
+ tun = rcu_dereference(tfile->tun);
+ if (unlikely(!tun)) {
+ rcu_read_unlock();
+ return 0;
+ }
+
+ while (n) {
+ batchsz = (n > MAX_TAP_BATCH) ? MAX_TAP_BATCH : n;
+ n -= batchsz;
+ num_ptrs = ptr_ring_consume_batched(&tfile->tx_ring, pkts,
+ batchsz);
+ if (!num_ptrs)
+ break;
+ for (i = 0; i < num_ptrs; i++) {
+ ptr = pkts[i];
+ if (tun_is_xdp_frame(ptr)) {
+ frame = tun_ptr_to_xdp(ptr);
+ act = tun_do_xdp_tx(tun, tfile, frame);
+ } else {
+ act = tun_do_xdp_tx_generic(tun, ptr);
+ }
+
+ if (act == XDP_PASS)
+ ptr_array[pkt_cnt++] = ptr;
+ }
+ }
+
+ rcu_read_unlock();
+ return pkt_cnt;
+}
+
static int tun_recvmsg(struct socket *sock, struct msghdr *m, size_t total_len,
int flags)
{
@@ -2577,9 +2726,7 @@ static int tun_recvmsg(struct socket *sock, struct msghdr *m, size_t total_len,
ptr = ctl->ptr;
break;
case TUN_MSG_CONSUME_PKTS:
- ret = ptr_ring_consume_batched(&tfile->tx_ring,
- ctl->ptr,
- ctl->num);
+ ret = tun_consume_packets(tfile, ctl->ptr, ctl->num);
goto out;
case TUN_MSG_UNCONSUME_PKTS:
ptr_ring_unconsume(&tfile->tx_ring, ctl->ptr,
--
2.21.1 (Apple Git-122.3)
Powered by blists - more mailing lists