1 /* 2 * Longest prefix match list implementation 3 * 4 * Copyright (c) 2016,2017 Daniel Mack 5 * Copyright (c) 2016 David Herrmann 6 * 7 * This file is subject to the terms and conditions of version 2 of the GNU 8 * General Public License. See the file COPYING in the main directory of the 9 * Linux distribution for more details. 10 */ 11 12 #include <linux/bpf.h> 13 #include <linux/err.h> 14 #include <linux/slab.h> 15 #include <linux/spinlock.h> 16 #include <linux/vmalloc.h> 17 #include <net/ipv6.h> 18 19 /* Intermediate node */ 20 #define LPM_TREE_NODE_FLAG_IM BIT(0) 21 22 struct lpm_trie_node; 23 24 struct lpm_trie_node { 25 struct rcu_head rcu; 26 struct lpm_trie_node __rcu *child[2]; 27 u32 prefixlen; 28 u32 flags; 29 u8 data[0]; 30 }; 31 32 struct lpm_trie { 33 struct bpf_map map; 34 struct lpm_trie_node __rcu *root; 35 size_t n_entries; 36 size_t max_prefixlen; 37 size_t data_size; 38 raw_spinlock_t lock; 39 }; 40 41 /* This trie implements a longest prefix match algorithm that can be used to 42 * match IP addresses to a stored set of ranges. 43 * 44 * Data stored in @data of struct bpf_lpm_key and struct lpm_trie_node is 45 * interpreted as big endian, so data[0] stores the most significant byte. 46 * 47 * Match ranges are internally stored in instances of struct lpm_trie_node 48 * which each contain their prefix length as well as two pointers that may 49 * lead to more nodes containing more specific matches. Each node also stores 50 * a value that is defined by and returned to userspace via the update_elem 51 * and lookup functions. 52 * 53 * For instance, let's start with a trie that was created with a prefix length 54 * of 32, so it can be used for IPv4 addresses, and one single element that 55 * matches 192.168.0.0/16. The data array would hence contain 56 * [0xc0, 0xa8, 0x00, 0x00] in big-endian notation. This documentation will 57 * stick to IP-address notation for readability though. 58 * 59 * As the trie is empty initially, the new node (1) will be places as root 60 * node, denoted as (R) in the example below. As there are no other node, both 61 * child pointers are %NULL. 62 * 63 * +----------------+ 64 * | (1) (R) | 65 * | 192.168.0.0/16 | 66 * | value: 1 | 67 * | [0] [1] | 68 * +----------------+ 69 * 70 * Next, let's add a new node (2) matching 192.168.0.0/24. As there is already 71 * a node with the same data and a smaller prefix (ie, a less specific one), 72 * node (2) will become a child of (1). In child index depends on the next bit 73 * that is outside of what (1) matches, and that bit is 0, so (2) will be 74 * child[0] of (1): 75 * 76 * +----------------+ 77 * | (1) (R) | 78 * | 192.168.0.0/16 | 79 * | value: 1 | 80 * | [0] [1] | 81 * +----------------+ 82 * | 83 * +----------------+ 84 * | (2) | 85 * | 192.168.0.0/24 | 86 * | value: 2 | 87 * | [0] [1] | 88 * +----------------+ 89 * 90 * The child[1] slot of (1) could be filled with another node which has bit #17 91 * (the next bit after the ones that (1) matches on) set to 1. For instance, 92 * 192.168.128.0/24: 93 * 94 * +----------------+ 95 * | (1) (R) | 96 * | 192.168.0.0/16 | 97 * | value: 1 | 98 * | [0] [1] | 99 * +----------------+ 100 * | | 101 * +----------------+ +------------------+ 102 * | (2) | | (3) | 103 * | 192.168.0.0/24 | | 192.168.128.0/24 | 104 * | value: 2 | | value: 3 | 105 * | [0] [1] | | [0] [1] | 106 * +----------------+ +------------------+ 107 * 108 * Let's add another node (4) to the game for 192.168.1.0/24. In order to place 109 * it, node (1) is looked at first, and because (4) of the semantics laid out 110 * above (bit #17 is 0), it would normally be attached to (1) as child[0]. 111 * However, that slot is already allocated, so a new node is needed in between. 112 * That node does not have a value attached to it and it will never be 113 * returned to users as result of a lookup. It is only there to differentiate 114 * the traversal further. It will get a prefix as wide as necessary to 115 * distinguish its two children: 116 * 117 * +----------------+ 118 * | (1) (R) | 119 * | 192.168.0.0/16 | 120 * | value: 1 | 121 * | [0] [1] | 122 * +----------------+ 123 * | | 124 * +----------------+ +------------------+ 125 * | (4) (I) | | (3) | 126 * | 192.168.0.0/23 | | 192.168.128.0/24 | 127 * | value: --- | | value: 3 | 128 * | [0] [1] | | [0] [1] | 129 * +----------------+ +------------------+ 130 * | | 131 * +----------------+ +----------------+ 132 * | (2) | | (5) | 133 * | 192.168.0.0/24 | | 192.168.1.0/24 | 134 * | value: 2 | | value: 5 | 135 * | [0] [1] | | [0] [1] | 136 * +----------------+ +----------------+ 137 * 138 * 192.168.1.1/32 would be a child of (5) etc. 139 * 140 * An intermediate node will be turned into a 'real' node on demand. In the 141 * example above, (4) would be re-used if 192.168.0.0/23 is added to the trie. 142 * 143 * A fully populated trie would have a height of 32 nodes, as the trie was 144 * created with a prefix length of 32. 145 * 146 * The lookup starts at the root node. If the current node matches and if there 147 * is a child that can be used to become more specific, the trie is traversed 148 * downwards. The last node in the traversal that is a non-intermediate one is 149 * returned. 150 */ 151 152 static inline int extract_bit(const u8 *data, size_t index) 153 { 154 return !!(data[index / 8] & (1 << (7 - (index % 8)))); 155 } 156 157 /** 158 * longest_prefix_match() - determine the longest prefix 159 * @trie: The trie to get internal sizes from 160 * @node: The node to operate on 161 * @key: The key to compare to @node 162 * 163 * Determine the longest prefix of @node that matches the bits in @key. 164 */ 165 static size_t longest_prefix_match(const struct lpm_trie *trie, 166 const struct lpm_trie_node *node, 167 const struct bpf_lpm_trie_key *key) 168 { 169 size_t prefixlen = 0; 170 size_t i; 171 172 for (i = 0; i < trie->data_size; i++) { 173 size_t b; 174 175 b = 8 - fls(node->data[i] ^ key->data[i]); 176 prefixlen += b; 177 178 if (prefixlen >= node->prefixlen || prefixlen >= key->prefixlen) 179 return min(node->prefixlen, key->prefixlen); 180 181 if (b < 8) 182 break; 183 } 184 185 return prefixlen; 186 } 187 188 /* Called from syscall or from eBPF program */ 189 static void *trie_lookup_elem(struct bpf_map *map, void *_key) 190 { 191 struct lpm_trie *trie = container_of(map, struct lpm_trie, map); 192 struct lpm_trie_node *node, *found = NULL; 193 struct bpf_lpm_trie_key *key = _key; 194 195 /* Start walking the trie from the root node ... */ 196 197 for (node = rcu_dereference(trie->root); node;) { 198 unsigned int next_bit; 199 size_t matchlen; 200 201 /* Determine the longest prefix of @node that matches @key. 202 * If it's the maximum possible prefix for this trie, we have 203 * an exact match and can return it directly. 204 */ 205 matchlen = longest_prefix_match(trie, node, key); 206 if (matchlen == trie->max_prefixlen) { 207 found = node; 208 break; 209 } 210 211 /* If the number of bits that match is smaller than the prefix 212 * length of @node, bail out and return the node we have seen 213 * last in the traversal (ie, the parent). 214 */ 215 if (matchlen < node->prefixlen) 216 break; 217 218 /* Consider this node as return candidate unless it is an 219 * artificially added intermediate one. 220 */ 221 if (!(node->flags & LPM_TREE_NODE_FLAG_IM)) 222 found = node; 223 224 /* If the node match is fully satisfied, let's see if we can 225 * become more specific. Determine the next bit in the key and 226 * traverse down. 227 */ 228 next_bit = extract_bit(key->data, node->prefixlen); 229 node = rcu_dereference(node->child[next_bit]); 230 } 231 232 if (!found) 233 return NULL; 234 235 return found->data + trie->data_size; 236 } 237 238 static struct lpm_trie_node *lpm_trie_node_alloc(const struct lpm_trie *trie, 239 const void *value) 240 { 241 struct lpm_trie_node *node; 242 size_t size = sizeof(struct lpm_trie_node) + trie->data_size; 243 244 if (value) 245 size += trie->map.value_size; 246 247 node = kmalloc_node(size, GFP_ATOMIC | __GFP_NOWARN, 248 trie->map.numa_node); 249 if (!node) 250 return NULL; 251 252 node->flags = 0; 253 254 if (value) 255 memcpy(node->data + trie->data_size, value, 256 trie->map.value_size); 257 258 return node; 259 } 260 261 /* Called from syscall or from eBPF program */ 262 static int trie_update_elem(struct bpf_map *map, 263 void *_key, void *value, u64 flags) 264 { 265 struct lpm_trie *trie = container_of(map, struct lpm_trie, map); 266 struct lpm_trie_node *node, *im_node = NULL, *new_node = NULL; 267 struct lpm_trie_node __rcu **slot; 268 struct bpf_lpm_trie_key *key = _key; 269 unsigned long irq_flags; 270 unsigned int next_bit; 271 size_t matchlen = 0; 272 int ret = 0; 273 274 if (unlikely(flags > BPF_EXIST)) 275 return -EINVAL; 276 277 if (key->prefixlen > trie->max_prefixlen) 278 return -EINVAL; 279 280 raw_spin_lock_irqsave(&trie->lock, irq_flags); 281 282 /* Allocate and fill a new node */ 283 284 if (trie->n_entries == trie->map.max_entries) { 285 ret = -ENOSPC; 286 goto out; 287 } 288 289 new_node = lpm_trie_node_alloc(trie, value); 290 if (!new_node) { 291 ret = -ENOMEM; 292 goto out; 293 } 294 295 trie->n_entries++; 296 297 new_node->prefixlen = key->prefixlen; 298 RCU_INIT_POINTER(new_node->child[0], NULL); 299 RCU_INIT_POINTER(new_node->child[1], NULL); 300 memcpy(new_node->data, key->data, trie->data_size); 301 302 /* Now find a slot to attach the new node. To do that, walk the tree 303 * from the root and match as many bits as possible for each node until 304 * we either find an empty slot or a slot that needs to be replaced by 305 * an intermediate node. 306 */ 307 slot = &trie->root; 308 309 while ((node = rcu_dereference_protected(*slot, 310 lockdep_is_held(&trie->lock)))) { 311 matchlen = longest_prefix_match(trie, node, key); 312 313 if (node->prefixlen != matchlen || 314 node->prefixlen == key->prefixlen || 315 node->prefixlen == trie->max_prefixlen) 316 break; 317 318 next_bit = extract_bit(key->data, node->prefixlen); 319 slot = &node->child[next_bit]; 320 } 321 322 /* If the slot is empty (a free child pointer or an empty root), 323 * simply assign the @new_node to that slot and be done. 324 */ 325 if (!node) { 326 rcu_assign_pointer(*slot, new_node); 327 goto out; 328 } 329 330 /* If the slot we picked already exists, replace it with @new_node 331 * which already has the correct data array set. 332 */ 333 if (node->prefixlen == matchlen) { 334 new_node->child[0] = node->child[0]; 335 new_node->child[1] = node->child[1]; 336 337 if (!(node->flags & LPM_TREE_NODE_FLAG_IM)) 338 trie->n_entries--; 339 340 rcu_assign_pointer(*slot, new_node); 341 kfree_rcu(node, rcu); 342 343 goto out; 344 } 345 346 /* If the new node matches the prefix completely, it must be inserted 347 * as an ancestor. Simply insert it between @node and *@slot. 348 */ 349 if (matchlen == key->prefixlen) { 350 next_bit = extract_bit(node->data, matchlen); 351 rcu_assign_pointer(new_node->child[next_bit], node); 352 rcu_assign_pointer(*slot, new_node); 353 goto out; 354 } 355 356 im_node = lpm_trie_node_alloc(trie, NULL); 357 if (!im_node) { 358 ret = -ENOMEM; 359 goto out; 360 } 361 362 im_node->prefixlen = matchlen; 363 im_node->flags |= LPM_TREE_NODE_FLAG_IM; 364 memcpy(im_node->data, node->data, trie->data_size); 365 366 /* Now determine which child to install in which slot */ 367 if (extract_bit(key->data, matchlen)) { 368 rcu_assign_pointer(im_node->child[0], node); 369 rcu_assign_pointer(im_node->child[1], new_node); 370 } else { 371 rcu_assign_pointer(im_node->child[0], new_node); 372 rcu_assign_pointer(im_node->child[1], node); 373 } 374 375 /* Finally, assign the intermediate node to the determined spot */ 376 rcu_assign_pointer(*slot, im_node); 377 378 out: 379 if (ret) { 380 if (new_node) 381 trie->n_entries--; 382 383 kfree(new_node); 384 kfree(im_node); 385 } 386 387 raw_spin_unlock_irqrestore(&trie->lock, irq_flags); 388 389 return ret; 390 } 391 392 static int trie_delete_elem(struct bpf_map *map, void *key) 393 { 394 /* TODO */ 395 return -ENOSYS; 396 } 397 398 #define LPM_DATA_SIZE_MAX 256 399 #define LPM_DATA_SIZE_MIN 1 400 401 #define LPM_VAL_SIZE_MAX (KMALLOC_MAX_SIZE - LPM_DATA_SIZE_MAX - \ 402 sizeof(struct lpm_trie_node)) 403 #define LPM_VAL_SIZE_MIN 1 404 405 #define LPM_KEY_SIZE(X) (sizeof(struct bpf_lpm_trie_key) + (X)) 406 #define LPM_KEY_SIZE_MAX LPM_KEY_SIZE(LPM_DATA_SIZE_MAX) 407 #define LPM_KEY_SIZE_MIN LPM_KEY_SIZE(LPM_DATA_SIZE_MIN) 408 409 #define LPM_CREATE_FLAG_MASK (BPF_F_NO_PREALLOC | BPF_F_NUMA_NODE) 410 411 static struct bpf_map *trie_alloc(union bpf_attr *attr) 412 { 413 struct lpm_trie *trie; 414 u64 cost = sizeof(*trie), cost_per_node; 415 int ret; 416 417 if (!capable(CAP_SYS_ADMIN)) 418 return ERR_PTR(-EPERM); 419 420 /* check sanity of attributes */ 421 if (attr->max_entries == 0 || 422 !(attr->map_flags & BPF_F_NO_PREALLOC) || 423 attr->map_flags & ~LPM_CREATE_FLAG_MASK || 424 attr->key_size < LPM_KEY_SIZE_MIN || 425 attr->key_size > LPM_KEY_SIZE_MAX || 426 attr->value_size < LPM_VAL_SIZE_MIN || 427 attr->value_size > LPM_VAL_SIZE_MAX) 428 return ERR_PTR(-EINVAL); 429 430 trie = kzalloc(sizeof(*trie), GFP_USER | __GFP_NOWARN); 431 if (!trie) 432 return ERR_PTR(-ENOMEM); 433 434 /* copy mandatory map attributes */ 435 trie->map.map_type = attr->map_type; 436 trie->map.key_size = attr->key_size; 437 trie->map.value_size = attr->value_size; 438 trie->map.max_entries = attr->max_entries; 439 trie->map.map_flags = attr->map_flags; 440 trie->map.numa_node = bpf_map_attr_numa_node(attr); 441 trie->data_size = attr->key_size - 442 offsetof(struct bpf_lpm_trie_key, data); 443 trie->max_prefixlen = trie->data_size * 8; 444 445 cost_per_node = sizeof(struct lpm_trie_node) + 446 attr->value_size + trie->data_size; 447 cost += (u64) attr->max_entries * cost_per_node; 448 if (cost >= U32_MAX - PAGE_SIZE) { 449 ret = -E2BIG; 450 goto out_err; 451 } 452 453 trie->map.pages = round_up(cost, PAGE_SIZE) >> PAGE_SHIFT; 454 455 ret = bpf_map_precharge_memlock(trie->map.pages); 456 if (ret) 457 goto out_err; 458 459 raw_spin_lock_init(&trie->lock); 460 461 return &trie->map; 462 out_err: 463 kfree(trie); 464 return ERR_PTR(ret); 465 } 466 467 static void trie_free(struct bpf_map *map) 468 { 469 struct lpm_trie *trie = container_of(map, struct lpm_trie, map); 470 struct lpm_trie_node __rcu **slot; 471 struct lpm_trie_node *node; 472 473 raw_spin_lock(&trie->lock); 474 475 /* Always start at the root and walk down to a node that has no 476 * children. Then free that node, nullify its reference in the parent 477 * and start over. 478 */ 479 480 for (;;) { 481 slot = &trie->root; 482 483 for (;;) { 484 node = rcu_dereference_protected(*slot, 485 lockdep_is_held(&trie->lock)); 486 if (!node) 487 goto unlock; 488 489 if (rcu_access_pointer(node->child[0])) { 490 slot = &node->child[0]; 491 continue; 492 } 493 494 if (rcu_access_pointer(node->child[1])) { 495 slot = &node->child[1]; 496 continue; 497 } 498 499 kfree(node); 500 RCU_INIT_POINTER(*slot, NULL); 501 break; 502 } 503 } 504 505 unlock: 506 raw_spin_unlock(&trie->lock); 507 } 508 509 static int trie_get_next_key(struct bpf_map *map, void *key, void *next_key) 510 { 511 return -ENOTSUPP; 512 } 513 514 const struct bpf_map_ops trie_map_ops = { 515 .map_alloc = trie_alloc, 516 .map_free = trie_free, 517 .map_get_next_key = trie_get_next_key, 518 .map_lookup_elem = trie_lookup_elem, 519 .map_update_elem = trie_update_elem, 520 .map_delete_elem = trie_delete_elem, 521 }; 522