1 // SPDX-License-Identifier: GPL-2.0-only
2 /* bpf/cpumap.c
3 *
4 * Copyright (c) 2017 Jesper Dangaard Brouer, Red Hat Inc.
5 */
6
7 /* The 'cpumap' is primarily used as a backend map for XDP BPF helper
8 * call bpf_redirect_map() and XDP_REDIRECT action, like 'devmap'.
9 *
10 * Unlike devmap which redirects XDP frames out another NIC device,
11 * this map type redirects raw XDP frames to another CPU. The remote
12 * CPU will do SKB-allocation and call the normal network stack.
13 *
14 * This is a scalability and isolation mechanism, that allow
15 * separating the early driver network XDP layer, from the rest of the
16 * netstack, and assigning dedicated CPUs for this stage. This
17 * basically allows for 10G wirespeed pre-filtering via bpf.
18 */
19 #include <linux/bitops.h>
20 #include <linux/bpf.h>
21 #include <linux/filter.h>
22 #include <linux/ptr_ring.h>
23 #include <net/xdp.h>
24
25 #include <linux/sched.h>
26 #include <linux/workqueue.h>
27 #include <linux/kthread.h>
28 #include <linux/capability.h>
29 #include <trace/events/xdp.h>
30 #include <linux/btf_ids.h>
31
32 #include <linux/netdevice.h> /* netif_receive_skb_list */
33 #include <linux/etherdevice.h> /* eth_type_trans */
34
35 /* General idea: XDP packets getting XDP redirected to another CPU,
36 * will maximum be stored/queued for one driver ->poll() call. It is
37 * guaranteed that queueing the frame and the flush operation happen on
38 * same CPU. Thus, cpu_map_flush operation can deduct via this_cpu_ptr()
39 * which queue in bpf_cpu_map_entry contains packets.
40 */
41
42 #define CPU_MAP_BULK_SIZE 8 /* 8 == one cacheline on 64-bit archs */
43 struct bpf_cpu_map_entry;
44 struct bpf_cpu_map;
45
46 struct xdp_bulk_queue {
47 void *q[CPU_MAP_BULK_SIZE];
48 struct list_head flush_node;
49 struct bpf_cpu_map_entry *obj;
50 unsigned int count;
51 };
52
53 /* Struct for every remote "destination" CPU in map */
54 struct bpf_cpu_map_entry {
55 u32 cpu; /* kthread CPU and map index */
56 int map_id; /* Back reference to map */
57
58 /* XDP can run multiple RX-ring queues, need __percpu enqueue store */
59 struct xdp_bulk_queue __percpu *bulkq;
60
61 struct bpf_cpu_map *cmap;
62
63 /* Queue with potential multi-producers, and single-consumer kthread */
64 struct ptr_ring *queue;
65 struct task_struct *kthread;
66
67 struct bpf_cpumap_val value;
68 struct bpf_prog *prog;
69
70 atomic_t refcnt; /* Control when this struct can be free'ed */
71 struct rcu_head rcu;
72
73 struct work_struct kthread_stop_wq;
74 };
75
76 struct bpf_cpu_map {
77 struct bpf_map map;
78 /* Below members specific for map type */
79 struct bpf_cpu_map_entry __rcu **cpu_map;
80 };
81
82 static DEFINE_PER_CPU(struct list_head, cpu_map_flush_list);
83
cpu_map_alloc(union bpf_attr * attr)84 static struct bpf_map *cpu_map_alloc(union bpf_attr *attr)
85 {
86 u32 value_size = attr->value_size;
87 struct bpf_cpu_map *cmap;
88 int err = -ENOMEM;
89
90 if (!bpf_capable())
91 return ERR_PTR(-EPERM);
92
93 /* check sanity of attributes */
94 if (attr->max_entries == 0 || attr->key_size != 4 ||
95 (value_size != offsetofend(struct bpf_cpumap_val, qsize) &&
96 value_size != offsetofend(struct bpf_cpumap_val, bpf_prog.fd)) ||
97 attr->map_flags & ~BPF_F_NUMA_NODE)
98 return ERR_PTR(-EINVAL);
99
100 cmap = bpf_map_area_alloc(sizeof(*cmap), NUMA_NO_NODE);
101 if (!cmap)
102 return ERR_PTR(-ENOMEM);
103
104 bpf_map_init_from_attr(&cmap->map, attr);
105
106 /* Pre-limit array size based on NR_CPUS, not final CPU check */
107 if (cmap->map.max_entries > NR_CPUS) {
108 err = -E2BIG;
109 goto free_cmap;
110 }
111
112 /* Alloc array for possible remote "destination" CPUs */
113 cmap->cpu_map = bpf_map_area_alloc(cmap->map.max_entries *
114 sizeof(struct bpf_cpu_map_entry *),
115 cmap->map.numa_node);
116 if (!cmap->cpu_map)
117 goto free_cmap;
118
119 return &cmap->map;
120 free_cmap:
121 bpf_map_area_free(cmap);
122 return ERR_PTR(err);
123 }
124
get_cpu_map_entry(struct bpf_cpu_map_entry * rcpu)125 static void get_cpu_map_entry(struct bpf_cpu_map_entry *rcpu)
126 {
127 atomic_inc(&rcpu->refcnt);
128 }
129
130 /* called from workqueue, to workaround syscall using preempt_disable */
cpu_map_kthread_stop(struct work_struct * work)131 static void cpu_map_kthread_stop(struct work_struct *work)
132 {
133 struct bpf_cpu_map_entry *rcpu;
134
135 rcpu = container_of(work, struct bpf_cpu_map_entry, kthread_stop_wq);
136
137 /* Wait for flush in __cpu_map_entry_free(), via full RCU barrier,
138 * as it waits until all in-flight call_rcu() callbacks complete.
139 */
140 rcu_barrier();
141
142 /* kthread_stop will wake_up_process and wait for it to complete */
143 kthread_stop(rcpu->kthread);
144 }
145
__cpu_map_ring_cleanup(struct ptr_ring * ring)146 static void __cpu_map_ring_cleanup(struct ptr_ring *ring)
147 {
148 /* The tear-down procedure should have made sure that queue is
149 * empty. See __cpu_map_entry_replace() and work-queue
150 * invoked cpu_map_kthread_stop(). Catch any broken behaviour
151 * gracefully and warn once.
152 */
153 struct xdp_frame *xdpf;
154
155 while ((xdpf = ptr_ring_consume(ring)))
156 if (WARN_ON_ONCE(xdpf))
157 xdp_return_frame(xdpf);
158 }
159
put_cpu_map_entry(struct bpf_cpu_map_entry * rcpu)160 static void put_cpu_map_entry(struct bpf_cpu_map_entry *rcpu)
161 {
162 if (atomic_dec_and_test(&rcpu->refcnt)) {
163 if (rcpu->prog)
164 bpf_prog_put(rcpu->prog);
165 /* The queue should be empty at this point */
166 __cpu_map_ring_cleanup(rcpu->queue);
167 ptr_ring_cleanup(rcpu->queue, NULL);
168 kfree(rcpu->queue);
169 kfree(rcpu);
170 }
171 }
172
cpu_map_bpf_prog_run_skb(struct bpf_cpu_map_entry * rcpu,struct list_head * listp,struct xdp_cpumap_stats * stats)173 static void cpu_map_bpf_prog_run_skb(struct bpf_cpu_map_entry *rcpu,
174 struct list_head *listp,
175 struct xdp_cpumap_stats *stats)
176 {
177 struct sk_buff *skb, *tmp;
178 struct xdp_buff xdp;
179 u32 act;
180 int err;
181
182 list_for_each_entry_safe(skb, tmp, listp, list) {
183 act = bpf_prog_run_generic_xdp(skb, &xdp, rcpu->prog);
184 switch (act) {
185 case XDP_PASS:
186 break;
187 case XDP_REDIRECT:
188 skb_list_del_init(skb);
189 err = xdp_do_generic_redirect(skb->dev, skb, &xdp,
190 rcpu->prog);
191 if (unlikely(err)) {
192 kfree_skb(skb);
193 stats->drop++;
194 } else {
195 stats->redirect++;
196 }
197 return;
198 default:
199 bpf_warn_invalid_xdp_action(NULL, rcpu->prog, act);
200 fallthrough;
201 case XDP_ABORTED:
202 trace_xdp_exception(skb->dev, rcpu->prog, act);
203 fallthrough;
204 case XDP_DROP:
205 skb_list_del_init(skb);
206 kfree_skb(skb);
207 stats->drop++;
208 return;
209 }
210 }
211 }
212
cpu_map_bpf_prog_run_xdp(struct bpf_cpu_map_entry * rcpu,void ** frames,int n,struct xdp_cpumap_stats * stats)213 static int cpu_map_bpf_prog_run_xdp(struct bpf_cpu_map_entry *rcpu,
214 void **frames, int n,
215 struct xdp_cpumap_stats *stats)
216 {
217 struct xdp_rxq_info rxq;
218 struct xdp_buff xdp;
219 int i, nframes = 0;
220
221 xdp_set_return_frame_no_direct();
222 xdp.rxq = &rxq;
223
224 for (i = 0; i < n; i++) {
225 struct xdp_frame *xdpf = frames[i];
226 u32 act;
227 int err;
228
229 rxq.dev = xdpf->dev_rx;
230 rxq.mem = xdpf->mem;
231 /* TODO: report queue_index to xdp_rxq_info */
232
233 xdp_convert_frame_to_buff(xdpf, &xdp);
234
235 act = bpf_prog_run_xdp(rcpu->prog, &xdp);
236 switch (act) {
237 case XDP_PASS:
238 err = xdp_update_frame_from_buff(&xdp, xdpf);
239 if (err < 0) {
240 xdp_return_frame(xdpf);
241 stats->drop++;
242 } else {
243 frames[nframes++] = xdpf;
244 stats->pass++;
245 }
246 break;
247 case XDP_REDIRECT:
248 err = xdp_do_redirect(xdpf->dev_rx, &xdp,
249 rcpu->prog);
250 if (unlikely(err)) {
251 xdp_return_frame(xdpf);
252 stats->drop++;
253 } else {
254 stats->redirect++;
255 }
256 break;
257 default:
258 bpf_warn_invalid_xdp_action(NULL, rcpu->prog, act);
259 fallthrough;
260 case XDP_DROP:
261 xdp_return_frame(xdpf);
262 stats->drop++;
263 break;
264 }
265 }
266
267 xdp_clear_return_frame_no_direct();
268
269 return nframes;
270 }
271
272 #define CPUMAP_BATCH 8
273
cpu_map_bpf_prog_run(struct bpf_cpu_map_entry * rcpu,void ** frames,int xdp_n,struct xdp_cpumap_stats * stats,struct list_head * list)274 static int cpu_map_bpf_prog_run(struct bpf_cpu_map_entry *rcpu, void **frames,
275 int xdp_n, struct xdp_cpumap_stats *stats,
276 struct list_head *list)
277 {
278 int nframes;
279
280 if (!rcpu->prog)
281 return xdp_n;
282
283 rcu_read_lock_bh();
284
285 nframes = cpu_map_bpf_prog_run_xdp(rcpu, frames, xdp_n, stats);
286
287 if (stats->redirect)
288 xdp_do_flush();
289
290 if (unlikely(!list_empty(list)))
291 cpu_map_bpf_prog_run_skb(rcpu, list, stats);
292
293 rcu_read_unlock_bh(); /* resched point, may call do_softirq() */
294
295 return nframes;
296 }
297
298
cpu_map_kthread_run(void * data)299 static int cpu_map_kthread_run(void *data)
300 {
301 struct bpf_cpu_map_entry *rcpu = data;
302
303 set_current_state(TASK_INTERRUPTIBLE);
304
305 /* When kthread gives stop order, then rcpu have been disconnected
306 * from map, thus no new packets can enter. Remaining in-flight
307 * per CPU stored packets are flushed to this queue. Wait honoring
308 * kthread_stop signal until queue is empty.
309 */
310 while (!kthread_should_stop() || !__ptr_ring_empty(rcpu->queue)) {
311 struct xdp_cpumap_stats stats = {}; /* zero stats */
312 unsigned int kmem_alloc_drops = 0, sched = 0;
313 gfp_t gfp = __GFP_ZERO | GFP_ATOMIC;
314 int i, n, m, nframes, xdp_n;
315 void *frames[CPUMAP_BATCH];
316 void *skbs[CPUMAP_BATCH];
317 LIST_HEAD(list);
318
319 /* Release CPU reschedule checks */
320 if (__ptr_ring_empty(rcpu->queue)) {
321 set_current_state(TASK_INTERRUPTIBLE);
322 /* Recheck to avoid lost wake-up */
323 if (__ptr_ring_empty(rcpu->queue)) {
324 schedule();
325 sched = 1;
326 } else {
327 __set_current_state(TASK_RUNNING);
328 }
329 } else {
330 sched = cond_resched();
331 }
332
333 /*
334 * The bpf_cpu_map_entry is single consumer, with this
335 * kthread CPU pinned. Lockless access to ptr_ring
336 * consume side valid as no-resize allowed of queue.
337 */
338 n = __ptr_ring_consume_batched(rcpu->queue, frames,
339 CPUMAP_BATCH);
340 for (i = 0, xdp_n = 0; i < n; i++) {
341 void *f = frames[i];
342 struct page *page;
343
344 if (unlikely(__ptr_test_bit(0, &f))) {
345 struct sk_buff *skb = f;
346
347 __ptr_clear_bit(0, &skb);
348 list_add_tail(&skb->list, &list);
349 continue;
350 }
351
352 frames[xdp_n++] = f;
353 page = virt_to_page(f);
354
355 /* Bring struct page memory area to curr CPU. Read by
356 * build_skb_around via page_is_pfmemalloc(), and when
357 * freed written by page_frag_free call.
358 */
359 prefetchw(page);
360 }
361
362 /* Support running another XDP prog on this CPU */
363 nframes = cpu_map_bpf_prog_run(rcpu, frames, xdp_n, &stats, &list);
364 if (nframes) {
365 m = kmem_cache_alloc_bulk(skbuff_head_cache, gfp, nframes, skbs);
366 if (unlikely(m == 0)) {
367 for (i = 0; i < nframes; i++)
368 skbs[i] = NULL; /* effect: xdp_return_frame */
369 kmem_alloc_drops += nframes;
370 }
371 }
372
373 local_bh_disable();
374 for (i = 0; i < nframes; i++) {
375 struct xdp_frame *xdpf = frames[i];
376 struct sk_buff *skb = skbs[i];
377
378 skb = __xdp_build_skb_from_frame(xdpf, skb,
379 xdpf->dev_rx);
380 if (!skb) {
381 xdp_return_frame(xdpf);
382 continue;
383 }
384
385 list_add_tail(&skb->list, &list);
386 }
387 netif_receive_skb_list(&list);
388
389 /* Feedback loop via tracepoint */
390 trace_xdp_cpumap_kthread(rcpu->map_id, n, kmem_alloc_drops,
391 sched, &stats);
392
393 local_bh_enable(); /* resched point, may call do_softirq() */
394 }
395 __set_current_state(TASK_RUNNING);
396
397 put_cpu_map_entry(rcpu);
398 return 0;
399 }
400
__cpu_map_load_bpf_program(struct bpf_cpu_map_entry * rcpu,struct bpf_map * map,int fd)401 static int __cpu_map_load_bpf_program(struct bpf_cpu_map_entry *rcpu,
402 struct bpf_map *map, int fd)
403 {
404 struct bpf_prog *prog;
405
406 prog = bpf_prog_get_type(fd, BPF_PROG_TYPE_XDP);
407 if (IS_ERR(prog))
408 return PTR_ERR(prog);
409
410 if (prog->expected_attach_type != BPF_XDP_CPUMAP ||
411 !bpf_prog_map_compatible(map, prog)) {
412 bpf_prog_put(prog);
413 return -EINVAL;
414 }
415
416 rcpu->value.bpf_prog.id = prog->aux->id;
417 rcpu->prog = prog;
418
419 return 0;
420 }
421
422 static struct bpf_cpu_map_entry *
__cpu_map_entry_alloc(struct bpf_map * map,struct bpf_cpumap_val * value,u32 cpu)423 __cpu_map_entry_alloc(struct bpf_map *map, struct bpf_cpumap_val *value,
424 u32 cpu)
425 {
426 int numa, err, i, fd = value->bpf_prog.fd;
427 gfp_t gfp = GFP_KERNEL | __GFP_NOWARN;
428 struct bpf_cpu_map_entry *rcpu;
429 struct xdp_bulk_queue *bq;
430
431 /* Have map->numa_node, but choose node of redirect target CPU */
432 numa = cpu_to_node(cpu);
433
434 rcpu = bpf_map_kmalloc_node(map, sizeof(*rcpu), gfp | __GFP_ZERO, numa);
435 if (!rcpu)
436 return NULL;
437
438 /* Alloc percpu bulkq */
439 rcpu->bulkq = bpf_map_alloc_percpu(map, sizeof(*rcpu->bulkq),
440 sizeof(void *), gfp);
441 if (!rcpu->bulkq)
442 goto free_rcu;
443
444 for_each_possible_cpu(i) {
445 bq = per_cpu_ptr(rcpu->bulkq, i);
446 bq->obj = rcpu;
447 }
448
449 /* Alloc queue */
450 rcpu->queue = bpf_map_kmalloc_node(map, sizeof(*rcpu->queue), gfp,
451 numa);
452 if (!rcpu->queue)
453 goto free_bulkq;
454
455 err = ptr_ring_init(rcpu->queue, value->qsize, gfp);
456 if (err)
457 goto free_queue;
458
459 rcpu->cpu = cpu;
460 rcpu->map_id = map->id;
461 rcpu->value.qsize = value->qsize;
462
463 if (fd > 0 && __cpu_map_load_bpf_program(rcpu, map, fd))
464 goto free_ptr_ring;
465
466 /* Setup kthread */
467 rcpu->kthread = kthread_create_on_node(cpu_map_kthread_run, rcpu, numa,
468 "cpumap/%d/map:%d", cpu,
469 map->id);
470 if (IS_ERR(rcpu->kthread))
471 goto free_prog;
472
473 get_cpu_map_entry(rcpu); /* 1-refcnt for being in cmap->cpu_map[] */
474 get_cpu_map_entry(rcpu); /* 1-refcnt for kthread */
475
476 /* Make sure kthread runs on a single CPU */
477 kthread_bind(rcpu->kthread, cpu);
478 wake_up_process(rcpu->kthread);
479
480 return rcpu;
481
482 free_prog:
483 if (rcpu->prog)
484 bpf_prog_put(rcpu->prog);
485 free_ptr_ring:
486 ptr_ring_cleanup(rcpu->queue, NULL);
487 free_queue:
488 kfree(rcpu->queue);
489 free_bulkq:
490 free_percpu(rcpu->bulkq);
491 free_rcu:
492 kfree(rcpu);
493 return NULL;
494 }
495
__cpu_map_entry_free(struct rcu_head * rcu)496 static void __cpu_map_entry_free(struct rcu_head *rcu)
497 {
498 struct bpf_cpu_map_entry *rcpu;
499
500 /* This cpu_map_entry have been disconnected from map and one
501 * RCU grace-period have elapsed. Thus, XDP cannot queue any
502 * new packets and cannot change/set flush_needed that can
503 * find this entry.
504 */
505 rcpu = container_of(rcu, struct bpf_cpu_map_entry, rcu);
506
507 free_percpu(rcpu->bulkq);
508 /* Cannot kthread_stop() here, last put free rcpu resources */
509 put_cpu_map_entry(rcpu);
510 }
511
512 /* After xchg pointer to bpf_cpu_map_entry, use the call_rcu() to
513 * ensure any driver rcu critical sections have completed, but this
514 * does not guarantee a flush has happened yet. Because driver side
515 * rcu_read_lock/unlock only protects the running XDP program. The
516 * atomic xchg and NULL-ptr check in __cpu_map_flush() makes sure a
517 * pending flush op doesn't fail.
518 *
519 * The bpf_cpu_map_entry is still used by the kthread, and there can
520 * still be pending packets (in queue and percpu bulkq). A refcnt
521 * makes sure to last user (kthread_stop vs. call_rcu) free memory
522 * resources.
523 *
524 * The rcu callback __cpu_map_entry_free flush remaining packets in
525 * percpu bulkq to queue. Due to caller map_delete_elem() disable
526 * preemption, cannot call kthread_stop() to make sure queue is empty.
527 * Instead a work_queue is started for stopping kthread,
528 * cpu_map_kthread_stop, which waits for an RCU grace period before
529 * stopping kthread, emptying the queue.
530 */
__cpu_map_entry_replace(struct bpf_cpu_map * cmap,u32 key_cpu,struct bpf_cpu_map_entry * rcpu)531 static void __cpu_map_entry_replace(struct bpf_cpu_map *cmap,
532 u32 key_cpu, struct bpf_cpu_map_entry *rcpu)
533 {
534 struct bpf_cpu_map_entry *old_rcpu;
535
536 old_rcpu = unrcu_pointer(xchg(&cmap->cpu_map[key_cpu], RCU_INITIALIZER(rcpu)));
537 if (old_rcpu) {
538 call_rcu(&old_rcpu->rcu, __cpu_map_entry_free);
539 INIT_WORK(&old_rcpu->kthread_stop_wq, cpu_map_kthread_stop);
540 schedule_work(&old_rcpu->kthread_stop_wq);
541 }
542 }
543
cpu_map_delete_elem(struct bpf_map * map,void * key)544 static int cpu_map_delete_elem(struct bpf_map *map, void *key)
545 {
546 struct bpf_cpu_map *cmap = container_of(map, struct bpf_cpu_map, map);
547 u32 key_cpu = *(u32 *)key;
548
549 if (key_cpu >= map->max_entries)
550 return -EINVAL;
551
552 /* notice caller map_delete_elem() use preempt_disable() */
553 __cpu_map_entry_replace(cmap, key_cpu, NULL);
554 return 0;
555 }
556
cpu_map_update_elem(struct bpf_map * map,void * key,void * value,u64 map_flags)557 static int cpu_map_update_elem(struct bpf_map *map, void *key, void *value,
558 u64 map_flags)
559 {
560 struct bpf_cpu_map *cmap = container_of(map, struct bpf_cpu_map, map);
561 struct bpf_cpumap_val cpumap_value = {};
562 struct bpf_cpu_map_entry *rcpu;
563 /* Array index key correspond to CPU number */
564 u32 key_cpu = *(u32 *)key;
565
566 memcpy(&cpumap_value, value, map->value_size);
567
568 if (unlikely(map_flags > BPF_EXIST))
569 return -EINVAL;
570 if (unlikely(key_cpu >= cmap->map.max_entries))
571 return -E2BIG;
572 if (unlikely(map_flags == BPF_NOEXIST))
573 return -EEXIST;
574 if (unlikely(cpumap_value.qsize > 16384)) /* sanity limit on qsize */
575 return -EOVERFLOW;
576
577 /* Make sure CPU is a valid possible cpu */
578 if (key_cpu >= nr_cpumask_bits || !cpu_possible(key_cpu))
579 return -ENODEV;
580
581 if (cpumap_value.qsize == 0) {
582 rcpu = NULL; /* Same as deleting */
583 } else {
584 /* Updating qsize cause re-allocation of bpf_cpu_map_entry */
585 rcpu = __cpu_map_entry_alloc(map, &cpumap_value, key_cpu);
586 if (!rcpu)
587 return -ENOMEM;
588 rcpu->cmap = cmap;
589 }
590 rcu_read_lock();
591 __cpu_map_entry_replace(cmap, key_cpu, rcpu);
592 rcu_read_unlock();
593 return 0;
594 }
595
cpu_map_free(struct bpf_map * map)596 static void cpu_map_free(struct bpf_map *map)
597 {
598 struct bpf_cpu_map *cmap = container_of(map, struct bpf_cpu_map, map);
599 u32 i;
600
601 /* At this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,
602 * so the bpf programs (can be more than one that used this map) were
603 * disconnected from events. Wait for outstanding critical sections in
604 * these programs to complete. The rcu critical section only guarantees
605 * no further "XDP/bpf-side" reads against bpf_cpu_map->cpu_map.
606 * It does __not__ ensure pending flush operations (if any) are
607 * complete.
608 */
609
610 synchronize_rcu();
611
612 /* For cpu_map the remote CPUs can still be using the entries
613 * (struct bpf_cpu_map_entry).
614 */
615 for (i = 0; i < cmap->map.max_entries; i++) {
616 struct bpf_cpu_map_entry *rcpu;
617
618 rcpu = rcu_dereference_raw(cmap->cpu_map[i]);
619 if (!rcpu)
620 continue;
621
622 /* bq flush and cleanup happens after RCU grace-period */
623 __cpu_map_entry_replace(cmap, i, NULL); /* call_rcu */
624 }
625 bpf_map_area_free(cmap->cpu_map);
626 bpf_map_area_free(cmap);
627 }
628
629 /* Elements are kept alive by RCU; either by rcu_read_lock() (from syscall) or
630 * by local_bh_disable() (from XDP calls inside NAPI). The
631 * rcu_read_lock_bh_held() below makes lockdep accept both.
632 */
__cpu_map_lookup_elem(struct bpf_map * map,u32 key)633 static void *__cpu_map_lookup_elem(struct bpf_map *map, u32 key)
634 {
635 struct bpf_cpu_map *cmap = container_of(map, struct bpf_cpu_map, map);
636 struct bpf_cpu_map_entry *rcpu;
637
638 if (key >= map->max_entries)
639 return NULL;
640
641 rcpu = rcu_dereference_check(cmap->cpu_map[key],
642 rcu_read_lock_bh_held());
643 return rcpu;
644 }
645
cpu_map_lookup_elem(struct bpf_map * map,void * key)646 static void *cpu_map_lookup_elem(struct bpf_map *map, void *key)
647 {
648 struct bpf_cpu_map_entry *rcpu =
649 __cpu_map_lookup_elem(map, *(u32 *)key);
650
651 return rcpu ? &rcpu->value : NULL;
652 }
653
cpu_map_get_next_key(struct bpf_map * map,void * key,void * next_key)654 static int cpu_map_get_next_key(struct bpf_map *map, void *key, void *next_key)
655 {
656 struct bpf_cpu_map *cmap = container_of(map, struct bpf_cpu_map, map);
657 u32 index = key ? *(u32 *)key : U32_MAX;
658 u32 *next = next_key;
659
660 if (index >= cmap->map.max_entries) {
661 *next = 0;
662 return 0;
663 }
664
665 if (index == cmap->map.max_entries - 1)
666 return -ENOENT;
667 *next = index + 1;
668 return 0;
669 }
670
cpu_map_redirect(struct bpf_map * map,u32 ifindex,u64 flags)671 static int cpu_map_redirect(struct bpf_map *map, u32 ifindex, u64 flags)
672 {
673 return __bpf_xdp_redirect_map(map, ifindex, flags, 0,
674 __cpu_map_lookup_elem);
675 }
676
677 BTF_ID_LIST_SINGLE(cpu_map_btf_ids, struct, bpf_cpu_map)
678 const struct bpf_map_ops cpu_map_ops = {
679 .map_meta_equal = bpf_map_meta_equal,
680 .map_alloc = cpu_map_alloc,
681 .map_free = cpu_map_free,
682 .map_delete_elem = cpu_map_delete_elem,
683 .map_update_elem = cpu_map_update_elem,
684 .map_lookup_elem = cpu_map_lookup_elem,
685 .map_get_next_key = cpu_map_get_next_key,
686 .map_check_btf = map_check_no_btf,
687 .map_btf_id = &cpu_map_btf_ids[0],
688 .map_redirect = cpu_map_redirect,
689 };
690
bq_flush_to_queue(struct xdp_bulk_queue * bq)691 static void bq_flush_to_queue(struct xdp_bulk_queue *bq)
692 {
693 struct bpf_cpu_map_entry *rcpu = bq->obj;
694 unsigned int processed = 0, drops = 0;
695 const int to_cpu = rcpu->cpu;
696 struct ptr_ring *q;
697 int i;
698
699 if (unlikely(!bq->count))
700 return;
701
702 q = rcpu->queue;
703 spin_lock(&q->producer_lock);
704
705 for (i = 0; i < bq->count; i++) {
706 struct xdp_frame *xdpf = bq->q[i];
707 int err;
708
709 err = __ptr_ring_produce(q, xdpf);
710 if (err) {
711 drops++;
712 xdp_return_frame_rx_napi(xdpf);
713 }
714 processed++;
715 }
716 bq->count = 0;
717 spin_unlock(&q->producer_lock);
718
719 __list_del_clearprev(&bq->flush_node);
720
721 /* Feedback loop via tracepoints */
722 trace_xdp_cpumap_enqueue(rcpu->map_id, processed, drops, to_cpu);
723 }
724
725 /* Runs under RCU-read-side, plus in softirq under NAPI protection.
726 * Thus, safe percpu variable access.
727 */
bq_enqueue(struct bpf_cpu_map_entry * rcpu,struct xdp_frame * xdpf)728 static void bq_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf)
729 {
730 struct list_head *flush_list = this_cpu_ptr(&cpu_map_flush_list);
731 struct xdp_bulk_queue *bq = this_cpu_ptr(rcpu->bulkq);
732
733 if (unlikely(bq->count == CPU_MAP_BULK_SIZE))
734 bq_flush_to_queue(bq);
735
736 /* Notice, xdp_buff/page MUST be queued here, long enough for
737 * driver to code invoking us to finished, due to driver
738 * (e.g. ixgbe) recycle tricks based on page-refcnt.
739 *
740 * Thus, incoming xdp_frame is always queued here (else we race
741 * with another CPU on page-refcnt and remaining driver code).
742 * Queue time is very short, as driver will invoke flush
743 * operation, when completing napi->poll call.
744 */
745 bq->q[bq->count++] = xdpf;
746
747 if (!bq->flush_node.prev)
748 list_add(&bq->flush_node, flush_list);
749 }
750
cpu_map_enqueue(struct bpf_cpu_map_entry * rcpu,struct xdp_frame * xdpf,struct net_device * dev_rx)751 int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf,
752 struct net_device *dev_rx)
753 {
754 /* Info needed when constructing SKB on remote CPU */
755 xdpf->dev_rx = dev_rx;
756
757 bq_enqueue(rcpu, xdpf);
758 return 0;
759 }
760
cpu_map_generic_redirect(struct bpf_cpu_map_entry * rcpu,struct sk_buff * skb)761 int cpu_map_generic_redirect(struct bpf_cpu_map_entry *rcpu,
762 struct sk_buff *skb)
763 {
764 int ret;
765
766 __skb_pull(skb, skb->mac_len);
767 skb_set_redirected(skb, false);
768 __ptr_set_bit(0, &skb);
769
770 ret = ptr_ring_produce(rcpu->queue, skb);
771 if (ret < 0)
772 goto trace;
773
774 wake_up_process(rcpu->kthread);
775 trace:
776 trace_xdp_cpumap_enqueue(rcpu->map_id, !ret, !!ret, rcpu->cpu);
777 return ret;
778 }
779
__cpu_map_flush(void)780 void __cpu_map_flush(void)
781 {
782 struct list_head *flush_list = this_cpu_ptr(&cpu_map_flush_list);
783 struct xdp_bulk_queue *bq, *tmp;
784
785 list_for_each_entry_safe(bq, tmp, flush_list, flush_node) {
786 bq_flush_to_queue(bq);
787
788 /* If already running, costs spin_lock_irqsave + smb_mb */
789 wake_up_process(bq->obj->kthread);
790 }
791 }
792
cpu_map_init(void)793 static int __init cpu_map_init(void)
794 {
795 int cpu;
796
797 for_each_possible_cpu(cpu)
798 INIT_LIST_HEAD(&per_cpu(cpu_map_flush_list, cpu));
799 return 0;
800 }
801
802 subsys_initcall(cpu_map_init);
803
