1 #include <linux/bpf.h> 2 #include <linux/bpf_verifier.h> 3 #include <linux/bug.h> 4 #include <linux/list.h> 5 #include <linux/netdevice.h> 6 #include <linux/printk.h> 7 #include <linux/rtnetlink.h> 8 9 /* protected by RTNL */ 10 static LIST_HEAD(bpf_prog_offload_devs); 11 12 int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr) 13 { 14 struct net *net = current->nsproxy->net_ns; 15 struct bpf_dev_offload *offload; 16 17 if (!capable(CAP_SYS_ADMIN)) 18 return -EPERM; 19 20 if (attr->prog_flags) 21 return -EINVAL; 22 23 offload = kzalloc(sizeof(*offload), GFP_USER); 24 if (!offload) 25 return -ENOMEM; 26 27 offload->prog = prog; 28 init_waitqueue_head(&offload->verifier_done); 29 30 rtnl_lock(); 31 offload->netdev = __dev_get_by_index(net, attr->prog_target_ifindex); 32 if (!offload->netdev) { 33 rtnl_unlock(); 34 kfree(offload); 35 return -EINVAL; 36 } 37 38 prog->aux->offload = offload; 39 list_add_tail(&offload->offloads, &bpf_prog_offload_devs); 40 rtnl_unlock(); 41 42 return 0; 43 } 44 45 static int __bpf_offload_ndo(struct bpf_prog *prog, enum bpf_netdev_command cmd, 46 struct netdev_bpf *data) 47 { 48 struct net_device *netdev = prog->aux->offload->netdev; 49 50 ASSERT_RTNL(); 51 52 if (!netdev) 53 return -ENODEV; 54 if (!netdev->netdev_ops->ndo_bpf) 55 return -EOPNOTSUPP; 56 57 data->command = cmd; 58 59 return netdev->netdev_ops->ndo_bpf(netdev, data); 60 } 61 62 int bpf_prog_offload_verifier_prep(struct bpf_verifier_env *env) 63 { 64 struct netdev_bpf data = {}; 65 int err; 66 67 data.verifier.prog = env->prog; 68 69 rtnl_lock(); 70 err = __bpf_offload_ndo(env->prog, BPF_OFFLOAD_VERIFIER_PREP, &data); 71 if (err) 72 goto exit_unlock; 73 74 env->dev_ops = data.verifier.ops; 75 76 env->prog->aux->offload->dev_state = true; 77 env->prog->aux->offload->verifier_running = true; 78 exit_unlock: 79 rtnl_unlock(); 80 return err; 81 } 82 83 static void __bpf_prog_offload_destroy(struct bpf_prog *prog) 84 { 85 struct bpf_dev_offload *offload = prog->aux->offload; 86 struct netdev_bpf data = {}; 87 88 data.offload.prog = prog; 89 90 if (offload->verifier_running) 91 wait_event(offload->verifier_done, !offload->verifier_running); 92 93 if (offload->dev_state) 94 WARN_ON(__bpf_offload_ndo(prog, BPF_OFFLOAD_DESTROY, &data)); 95 96 offload->dev_state = false; 97 list_del_init(&offload->offloads); 98 offload->netdev = NULL; 99 } 100 101 void bpf_prog_offload_destroy(struct bpf_prog *prog) 102 { 103 struct bpf_dev_offload *offload = prog->aux->offload; 104 105 offload->verifier_running = false; 106 wake_up(&offload->verifier_done); 107 108 rtnl_lock(); 109 __bpf_prog_offload_destroy(prog); 110 rtnl_unlock(); 111 112 kfree(offload); 113 } 114 115 static int bpf_prog_offload_translate(struct bpf_prog *prog) 116 { 117 struct bpf_dev_offload *offload = prog->aux->offload; 118 struct netdev_bpf data = {}; 119 int ret; 120 121 data.offload.prog = prog; 122 123 offload->verifier_running = false; 124 wake_up(&offload->verifier_done); 125 126 rtnl_lock(); 127 ret = __bpf_offload_ndo(prog, BPF_OFFLOAD_TRANSLATE, &data); 128 rtnl_unlock(); 129 130 return ret; 131 } 132 133 static unsigned int bpf_prog_warn_on_exec(const void *ctx, 134 const struct bpf_insn *insn) 135 { 136 WARN(1, "attempt to execute device eBPF program on the host!"); 137 return 0; 138 } 139 140 int bpf_prog_offload_compile(struct bpf_prog *prog) 141 { 142 prog->bpf_func = bpf_prog_warn_on_exec; 143 144 return bpf_prog_offload_translate(prog); 145 } 146 147 u32 bpf_prog_offload_ifindex(struct bpf_prog *prog) 148 { 149 struct bpf_dev_offload *offload = prog->aux->offload; 150 u32 ifindex; 151 152 rtnl_lock(); 153 ifindex = offload->netdev ? offload->netdev->ifindex : 0; 154 rtnl_unlock(); 155 156 return ifindex; 157 } 158 159 const struct bpf_prog_ops bpf_offload_prog_ops = { 160 }; 161 162 static int bpf_offload_notification(struct notifier_block *notifier, 163 ulong event, void *ptr) 164 { 165 struct net_device *netdev = netdev_notifier_info_to_dev(ptr); 166 struct bpf_dev_offload *offload, *tmp; 167 168 ASSERT_RTNL(); 169 170 switch (event) { 171 case NETDEV_UNREGISTER: 172 list_for_each_entry_safe(offload, tmp, &bpf_prog_offload_devs, 173 offloads) { 174 if (offload->netdev == netdev) 175 __bpf_prog_offload_destroy(offload->prog); 176 } 177 break; 178 default: 179 break; 180 } 181 return NOTIFY_OK; 182 } 183 184 static struct notifier_block bpf_offload_notifier = { 185 .notifier_call = bpf_offload_notification, 186 }; 187 188 static int __init bpf_offload_init(void) 189 { 190 register_netdevice_notifier(&bpf_offload_notifier); 191 return 0; 192 } 193 194 subsys_initcall(bpf_offload_init); 195