2019-05-31 11:09:24 +03:00
// SPDX-License-Identifier: GPL-2.0-only
2017-10-16 13:19:28 +03:00
/* bpf/cpumap.c
*
* Copyright ( c ) 2017 Jesper Dangaard Brouer , Red Hat Inc .
*/
/* The 'cpumap' is primarily used as a backend map for XDP BPF helper
* call bpf_redirect_map ( ) and XDP_REDIRECT action , like ' devmap ' .
*
* Unlike devmap which redirects XDP frames out another NIC device ,
* this map type redirects raw XDP frames to another CPU . The remote
* CPU will do SKB - allocation and call the normal network stack .
*
* This is a scalability and isolation mechanism , that allow
* separating the early driver network XDP layer , from the rest of the
* netstack , and assigning dedicated CPUs for this stage . This
* basically allows for 10 G wirespeed pre - filtering via bpf .
*/
2021-07-02 14:18:23 +03:00
# include <linux/bitops.h>
2017-10-16 13:19:28 +03:00
# include <linux/bpf.h>
# include <linux/filter.h>
# include <linux/ptr_ring.h>
2018-04-17 17:45:26 +03:00
# include <net/xdp.h>
2017-10-16 13:19:28 +03:00
# include <linux/sched.h>
# include <linux/workqueue.h>
# include <linux/kthread.h>
# include <linux/capability.h>
2017-10-16 13:19:44 +03:00
# include <trace/events/xdp.h>
2017-10-16 13:19:28 +03:00
2021-04-23 12:27:27 +03:00
# include <linux/netdevice.h> /* netif_receive_skb_list */
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
# include <linux/etherdevice.h> /* eth_type_trans */
2017-10-16 13:19:28 +03:00
/* General idea: XDP packets getting XDP redirected to another CPU,
* will maximum be stored / queued for one driver - > poll ( ) call . It is
2019-06-28 12:12:34 +03:00
* guaranteed that queueing the frame and the flush operation happen on
2017-10-16 13:19:28 +03:00
* same CPU . Thus , cpu_map_flush operation can deduct via this_cpu_ptr ( )
* which queue in bpf_cpu_map_entry contains packets .
*/
# define CPU_MAP_BULK_SIZE 8 /* 8 == one cacheline on 64-bit archs */
2019-06-28 12:12:34 +03:00
struct bpf_cpu_map_entry ;
struct bpf_cpu_map ;
2017-10-16 13:19:28 +03:00
struct xdp_bulk_queue {
void * q [ CPU_MAP_BULK_SIZE ] ;
2019-06-28 12:12:34 +03:00
struct list_head flush_node ;
struct bpf_cpu_map_entry * obj ;
2017-10-16 13:19:28 +03:00
unsigned int count ;
} ;
/* Struct for every remote "destination" CPU in map */
struct bpf_cpu_map_entry {
2017-10-16 13:19:44 +03:00
u32 cpu ; /* kthread CPU and map index */
int map_id ; /* Back reference to map */
2017-10-16 13:19:28 +03:00
/* XDP can run multiple RX-ring queues, need __percpu enqueue store */
struct xdp_bulk_queue __percpu * bulkq ;
2019-06-28 12:12:34 +03:00
struct bpf_cpu_map * cmap ;
2017-10-16 13:19:28 +03:00
/* Queue with potential multi-producers, and single-consumer kthread */
struct ptr_ring * queue ;
struct task_struct * kthread ;
2020-07-14 16:56:37 +03:00
struct bpf_cpumap_val value ;
2020-07-14 16:56:38 +03:00
struct bpf_prog * prog ;
2017-10-16 13:19:28 +03:00
atomic_t refcnt ; /* Control when this struct can be free'ed */
struct rcu_head rcu ;
2020-07-14 16:56:37 +03:00
struct work_struct kthread_stop_wq ;
2017-10-16 13:19:28 +03:00
} ;
struct bpf_cpu_map {
struct bpf_map map ;
/* Below members specific for map type */
xdp: Add proper __rcu annotations to redirect map entries
XDP_REDIRECT works by a three-step process: the bpf_redirect() and
bpf_redirect_map() helpers will lookup the target of the redirect and store
it (along with some other metadata) in a per-CPU struct bpf_redirect_info.
Next, when the program returns the XDP_REDIRECT return code, the driver
will call xdp_do_redirect() which will use the information thus stored to
actually enqueue the frame into a bulk queue structure (that differs
slightly by map type, but shares the same principle). Finally, before
exiting its NAPI poll loop, the driver will call xdp_do_flush(), which will
flush all the different bulk queues, thus completing the redirect.
Pointers to the map entries will be kept around for this whole sequence of
steps, protected by RCU. However, there is no top-level rcu_read_lock() in
the core code; instead drivers add their own rcu_read_lock() around the XDP
portions of the code, but somewhat inconsistently as Martin discovered[0].
However, things still work because everything happens inside a single NAPI
poll sequence, which means it's between a pair of calls to
local_bh_disable()/local_bh_enable(). So Paul suggested[1] that we could
document this intention by using rcu_dereference_check() with
rcu_read_lock_bh_held() as a second parameter, thus allowing sparse and
lockdep to verify that everything is done correctly.
This patch does just that: we add an __rcu annotation to the map entry
pointers and remove the various comments explaining the NAPI poll assurance
strewn through devmap.c in favour of a longer explanation in filter.c. The
goal is to have one coherent documentation of the entire flow, and rely on
the RCU annotations as a "standard" way of communicating the flow in the
map code (which can additionally be understood by sparse and lockdep).
The RCU annotation replacements result in a fairly straight-forward
replacement where READ_ONCE() becomes rcu_dereference_check(), WRITE_ONCE()
becomes rcu_assign_pointer() and xchg() and cmpxchg() gets wrapped in the
proper constructs to cast the pointer back and forth between __rcu and
__kernel address space (for the benefit of sparse). The one complication is
that xskmap has a few constructions where double-pointers are passed back
and forth; these simply all gain __rcu annotations, and only the final
reference/dereference to the inner-most pointer gets changed.
With this, everything can be run through sparse without eliciting
complaints, and lockdep can verify correctness even without the use of
rcu_read_lock() in the drivers. Subsequent patches will clean these up from
the drivers.
[0] https://lore.kernel.org/bpf/20210415173551.7ma4slcbqeyiba2r@kafai-mbp.dhcp.thefacebook.com/
[1] https://lore.kernel.org/bpf/20210419165837.GA975577@paulmck-ThinkPad-P17-Gen-1/
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210624160609.292325-6-toke@redhat.com
2021-06-24 19:05:55 +03:00
struct bpf_cpu_map_entry __rcu * * cpu_map ;
2017-10-16 13:19:28 +03:00
} ;
2019-12-19 09:10:04 +03:00
static DEFINE_PER_CPU ( struct list_head , cpu_map_flush_list ) ;
2017-10-16 13:19:28 +03:00
static struct bpf_map * cpu_map_alloc ( union bpf_attr * attr )
{
2020-07-14 16:56:38 +03:00
u32 value_size = attr - > value_size ;
2017-10-16 13:19:28 +03:00
struct bpf_cpu_map * cmap ;
int err = - ENOMEM ;
2020-05-14 02:03:54 +03:00
if ( ! bpf_capable ( ) )
2017-10-16 13:19:28 +03:00
return ERR_PTR ( - EPERM ) ;
/* check sanity of attributes */
if ( attr - > max_entries = = 0 | | attr - > key_size ! = 4 | |
2020-07-14 16:56:38 +03:00
( value_size ! = offsetofend ( struct bpf_cpumap_val , qsize ) & &
value_size ! = offsetofend ( struct bpf_cpumap_val , bpf_prog . fd ) ) | |
attr - > map_flags & ~ BPF_F_NUMA_NODE )
2017-10-16 13:19:28 +03:00
return ERR_PTR ( - EINVAL ) ;
2020-12-02 00:58:35 +03:00
cmap = kzalloc ( sizeof ( * cmap ) , GFP_USER | __GFP_ACCOUNT ) ;
2017-10-16 13:19:28 +03:00
if ( ! cmap )
return ERR_PTR ( - ENOMEM ) ;
2018-01-12 07:29:06 +03:00
bpf_map_init_from_attr ( & cmap - > map , attr ) ;
2017-10-16 13:19:28 +03:00
/* Pre-limit array size based on NR_CPUS, not final CPU check */
if ( cmap - > map . max_entries > NR_CPUS ) {
err = - E2BIG ;
goto free_cmap ;
}
/* Alloc array for possible remote "destination" CPUs */
cmap - > cpu_map = bpf_map_area_alloc ( cmap - > map . max_entries *
sizeof ( struct bpf_cpu_map_entry * ) ,
cmap - > map . numa_node ) ;
if ( ! cmap - > cpu_map )
2020-12-02 00:58:46 +03:00
goto free_cmap ;
2017-10-16 13:19:28 +03:00
return & cmap - > map ;
free_cmap :
kfree ( cmap ) ;
return ERR_PTR ( err ) ;
}
static void get_cpu_map_entry ( struct bpf_cpu_map_entry * rcpu )
{
atomic_inc ( & rcpu - > refcnt ) ;
}
/* called from workqueue, to workaround syscall using preempt_disable */
static void cpu_map_kthread_stop ( struct work_struct * work )
{
struct bpf_cpu_map_entry * rcpu ;
rcpu = container_of ( work , struct bpf_cpu_map_entry , kthread_stop_wq ) ;
/* Wait for flush in __cpu_map_entry_free(), via full RCU barrier,
* as it waits until all in - flight call_rcu ( ) callbacks complete .
*/
rcu_barrier ( ) ;
/* kthread_stop will wake_up_process and wait for it to complete */
kthread_stop ( rcpu - > kthread ) ;
}
2018-04-17 17:45:26 +03:00
static void __cpu_map_ring_cleanup ( struct ptr_ring * ring )
{
/* The tear-down procedure should have made sure that queue is
* empty . See __cpu_map_entry_replace ( ) and work - queue
* invoked cpu_map_kthread_stop ( ) . Catch any broken behaviour
* gracefully and warn once .
*/
2018-04-17 17:45:57 +03:00
struct xdp_frame * xdpf ;
2018-04-17 17:45:26 +03:00
2018-04-17 17:45:57 +03:00
while ( ( xdpf = ptr_ring_consume ( ring ) ) )
if ( WARN_ON_ONCE ( xdpf ) )
xdp: transition into using xdp_frame for return API
Changing API xdp_return_frame() to take struct xdp_frame as argument,
seems like a natural choice. But there are some subtle performance
details here that needs extra care, which is a deliberate choice.
When de-referencing xdp_frame on a remote CPU during DMA-TX
completion, result in the cache-line is change to "Shared"
state. Later when the page is reused for RX, then this xdp_frame
cache-line is written, which change the state to "Modified".
This situation already happens (naturally) for, virtio_net, tun and
cpumap as the xdp_frame pointer is the queued object. In tun and
cpumap, the ptr_ring is used for efficiently transferring cache-lines
(with pointers) between CPUs. Thus, the only option is to
de-referencing xdp_frame.
It is only the ixgbe driver that had an optimization, in which it can
avoid doing the de-reference of xdp_frame. The driver already have
TX-ring queue, which (in case of remote DMA-TX completion) have to be
transferred between CPUs anyhow. In this data area, we stored a
struct xdp_mem_info and a data pointer, which allowed us to avoid
de-referencing xdp_frame.
To compensate for this, a prefetchw is used for telling the cache
coherency protocol about our access pattern. My benchmarks show that
this prefetchw is enough to compensate the ixgbe driver.
V7: Adjust for commit d9314c474d4f ("i40e: add support for XDP_REDIRECT")
V8: Adjust for commit bd658dda4237 ("net/mlx5e: Separate dma base address
and offset in dma_sync call")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-04-17 17:46:32 +03:00
xdp_return_frame ( xdpf ) ;
2018-04-17 17:45:26 +03:00
}
static void put_cpu_map_entry ( struct bpf_cpu_map_entry * rcpu )
{
if ( atomic_dec_and_test ( & rcpu - > refcnt ) ) {
2020-07-14 16:56:38 +03:00
if ( rcpu - > prog )
bpf_prog_put ( rcpu - > prog ) ;
2018-04-17 17:45:26 +03:00
/* The queue should be empty at this point */
__cpu_map_ring_cleanup ( rcpu - > queue ) ;
ptr_ring_cleanup ( rcpu - > queue , NULL ) ;
kfree ( rcpu - > queue ) ;
kfree ( rcpu ) ;
}
}
2021-07-02 14:18:23 +03:00
static void cpu_map_bpf_prog_run_skb ( struct bpf_cpu_map_entry * rcpu ,
struct list_head * listp ,
struct xdp_cpumap_stats * stats )
{
struct sk_buff * skb , * tmp ;
struct xdp_buff xdp ;
u32 act ;
int err ;
list_for_each_entry_safe ( skb , tmp , listp , list ) {
act = bpf_prog_run_generic_xdp ( skb , & xdp , rcpu - > prog ) ;
switch ( act ) {
case XDP_PASS :
break ;
case XDP_REDIRECT :
skb_list_del_init ( skb ) ;
err = xdp_do_generic_redirect ( skb - > dev , skb , & xdp ,
rcpu - > prog ) ;
if ( unlikely ( err ) ) {
kfree_skb ( skb ) ;
stats - > drop + + ;
} else {
stats - > redirect + + ;
}
return ;
default :
2021-11-30 13:08:07 +03:00
bpf_warn_invalid_xdp_action ( NULL , rcpu - > prog , act ) ;
2021-07-02 14:18:23 +03:00
fallthrough ;
case XDP_ABORTED :
trace_xdp_exception ( skb - > dev , rcpu - > prog , act ) ;
fallthrough ;
case XDP_DROP :
skb_list_del_init ( skb ) ;
kfree_skb ( skb ) ;
stats - > drop + + ;
return ;
}
}
}
2020-07-14 16:56:38 +03:00
static int cpu_map_bpf_prog_run_xdp ( struct bpf_cpu_map_entry * rcpu ,
void * * frames , int n ,
struct xdp_cpumap_stats * stats )
{
struct xdp_rxq_info rxq ;
struct xdp_buff xdp ;
int i , nframes = 0 ;
xdp_set_return_frame_no_direct ( ) ;
xdp . rxq = & rxq ;
for ( i = 0 ; i < n ; i + + ) {
struct xdp_frame * xdpf = frames [ i ] ;
u32 act ;
int err ;
rxq . dev = xdpf - > dev_rx ;
rxq . mem = xdpf - > mem ;
/* TODO: report queue_index to xdp_rxq_info */
xdp_convert_frame_to_buff ( xdpf , & xdp ) ;
act = bpf_prog_run_xdp ( rcpu - > prog , & xdp ) ;
switch ( act ) {
case XDP_PASS :
err = xdp_update_frame_from_buff ( & xdp , xdpf ) ;
if ( err < 0 ) {
xdp_return_frame ( xdpf ) ;
stats - > drop + + ;
} else {
frames [ nframes + + ] = xdpf ;
stats - > pass + + ;
}
break ;
2020-07-14 16:56:39 +03:00
case XDP_REDIRECT :
err = xdp_do_redirect ( xdpf - > dev_rx , & xdp ,
rcpu - > prog ) ;
if ( unlikely ( err ) ) {
xdp_return_frame ( xdpf ) ;
stats - > drop + + ;
} else {
stats - > redirect + + ;
}
break ;
2020-07-14 16:56:38 +03:00
default :
2021-11-30 13:08:07 +03:00
bpf_warn_invalid_xdp_action ( NULL , rcpu - > prog , act ) ;
2020-08-24 01:36:59 +03:00
fallthrough ;
2020-07-14 16:56:38 +03:00
case XDP_DROP :
xdp_return_frame ( xdpf ) ;
stats - > drop + + ;
break ;
}
}
2021-07-02 14:18:23 +03:00
xdp_clear_return_frame_no_direct ( ) ;
return nframes ;
}
# define CPUMAP_BATCH 8
static int cpu_map_bpf_prog_run ( struct bpf_cpu_map_entry * rcpu , void * * frames ,
int xdp_n , struct xdp_cpumap_stats * stats ,
struct list_head * list )
{
int nframes ;
if ( ! rcpu - > prog )
return xdp_n ;
rcu_read_lock_bh ( ) ;
nframes = cpu_map_bpf_prog_run_xdp ( rcpu , frames , xdp_n , stats ) ;
2020-07-14 16:56:39 +03:00
if ( stats - > redirect )
2021-07-02 14:18:23 +03:00
xdp_do_flush ( ) ;
2020-07-14 16:56:39 +03:00
2021-07-02 14:18:23 +03:00
if ( unlikely ( ! list_empty ( list ) ) )
cpu_map_bpf_prog_run_skb ( rcpu , list , stats ) ;
2020-07-14 16:56:38 +03:00
2020-07-14 16:56:39 +03:00
rcu_read_unlock_bh ( ) ; /* resched point, may call do_softirq() */
2020-07-14 16:56:38 +03:00
return nframes ;
}
2019-04-12 18:07:32 +03:00
2017-10-16 13:19:28 +03:00
static int cpu_map_kthread_run ( void * data )
{
struct bpf_cpu_map_entry * rcpu = data ;
set_current_state ( TASK_INTERRUPTIBLE ) ;
/* When kthread gives stop order, then rcpu have been disconnected
* from map , thus no new packets can enter . Remaining in - flight
* per CPU stored packets are flushed to this queue . Wait honoring
* kthread_stop signal until queue is empty .
*/
while ( ! kthread_should_stop ( ) | | ! __ptr_ring_empty ( rcpu - > queue ) ) {
2020-07-14 16:56:38 +03:00
struct xdp_cpumap_stats stats = { } ; /* zero stats */
2021-04-23 12:27:27 +03:00
unsigned int kmem_alloc_drops = 0 , sched = 0 ;
2020-07-14 16:56:38 +03:00
gfp_t gfp = __GFP_ZERO | GFP_ATOMIC ;
2021-07-02 14:18:23 +03:00
int i , n , m , nframes , xdp_n ;
2019-04-12 18:07:32 +03:00
void * frames [ CPUMAP_BATCH ] ;
2019-04-12 18:07:43 +03:00
void * skbs [ CPUMAP_BATCH ] ;
2021-04-23 12:27:27 +03:00
LIST_HEAD ( list ) ;
2017-10-16 13:19:28 +03:00
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
/* Release CPU reschedule checks */
if ( __ptr_ring_empty ( rcpu - > queue ) ) {
2017-10-23 20:39:28 +03:00
set_current_state ( TASK_INTERRUPTIBLE ) ;
/* Recheck to avoid lost wake-up */
if ( __ptr_ring_empty ( rcpu - > queue ) ) {
schedule ( ) ;
sched = 1 ;
} else {
__set_current_state ( TASK_RUNNING ) ;
}
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
} else {
2017-10-16 13:19:44 +03:00
sched = cond_resched ( ) ;
2017-10-16 13:19:28 +03:00
}
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
/*
* The bpf_cpu_map_entry is single consumer , with this
* kthread CPU pinned . Lockless access to ptr_ring
* consume side valid as no - resize allowed of queue .
*/
2020-07-14 16:56:38 +03:00
n = __ptr_ring_consume_batched ( rcpu - > queue , frames ,
CPUMAP_BATCH ) ;
2021-07-02 14:18:23 +03:00
for ( i = 0 , xdp_n = 0 ; i < n ; i + + ) {
2019-04-12 18:07:48 +03:00
void * f = frames [ i ] ;
2021-07-02 14:18:23 +03:00
struct page * page ;
if ( unlikely ( __ptr_test_bit ( 0 , & f ) ) ) {
struct sk_buff * skb = f ;
__ptr_clear_bit ( 0 , & skb ) ;
list_add_tail ( & skb - > list , & list ) ;
continue ;
}
frames [ xdp_n + + ] = f ;
page = virt_to_page ( f ) ;
2019-04-12 18:07:48 +03:00
/* Bring struct page memory area to curr CPU. Read by
* build_skb_around via page_is_pfmemalloc ( ) , and when
* freed written by page_frag_free call .
*/
prefetchw ( page ) ;
}
2020-07-14 16:56:38 +03:00
/* Support running another XDP prog on this CPU */
2021-07-02 14:18:23 +03:00
nframes = cpu_map_bpf_prog_run ( rcpu , frames , xdp_n , & stats , & list ) ;
2020-07-14 16:56:38 +03:00
if ( nframes ) {
m = kmem_cache_alloc_bulk ( skbuff_head_cache , gfp , nframes , skbs ) ;
if ( unlikely ( m = = 0 ) ) {
for ( i = 0 ; i < nframes ; i + + )
skbs [ i ] = NULL ; /* effect: xdp_return_frame */
2021-04-23 12:27:27 +03:00
kmem_alloc_drops + = nframes ;
2020-07-14 16:56:38 +03:00
}
2019-04-12 18:07:43 +03:00
}
2019-04-12 18:07:32 +03:00
local_bh_disable ( ) ;
2020-07-14 16:56:38 +03:00
for ( i = 0 ; i < nframes ; i + + ) {
2019-04-12 18:07:32 +03:00
struct xdp_frame * xdpf = frames [ i ] ;
2019-04-12 18:07:43 +03:00
struct sk_buff * skb = skbs [ i ] ;
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
2021-01-12 21:26:12 +03:00
skb = __xdp_build_skb_from_frame ( xdpf , skb ,
xdpf - > dev_rx ) ;
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
if ( ! skb ) {
xdp: transition into using xdp_frame for return API
Changing API xdp_return_frame() to take struct xdp_frame as argument,
seems like a natural choice. But there are some subtle performance
details here that needs extra care, which is a deliberate choice.
When de-referencing xdp_frame on a remote CPU during DMA-TX
completion, result in the cache-line is change to "Shared"
state. Later when the page is reused for RX, then this xdp_frame
cache-line is written, which change the state to "Modified".
This situation already happens (naturally) for, virtio_net, tun and
cpumap as the xdp_frame pointer is the queued object. In tun and
cpumap, the ptr_ring is used for efficiently transferring cache-lines
(with pointers) between CPUs. Thus, the only option is to
de-referencing xdp_frame.
It is only the ixgbe driver that had an optimization, in which it can
avoid doing the de-reference of xdp_frame. The driver already have
TX-ring queue, which (in case of remote DMA-TX completion) have to be
transferred between CPUs anyhow. In this data area, we stored a
struct xdp_mem_info and a data pointer, which allowed us to avoid
de-referencing xdp_frame.
To compensate for this, a prefetchw is used for telling the cache
coherency protocol about our access pattern. My benchmarks show that
this prefetchw is enough to compensate the ixgbe driver.
V7: Adjust for commit d9314c474d4f ("i40e: add support for XDP_REDIRECT")
V8: Adjust for commit bd658dda4237 ("net/mlx5e: Separate dma base address
and offset in dma_sync call")
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-04-17 17:46:32 +03:00
xdp_return_frame ( xdpf ) ;
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
continue ;
}
2021-04-23 12:27:27 +03:00
list_add_tail ( & skb - > list , & list ) ;
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
}
2021-04-23 12:27:27 +03:00
netif_receive_skb_list ( & list ) ;
2017-10-16 13:19:44 +03:00
/* Feedback loop via tracepoint */
2021-04-23 12:27:27 +03:00
trace_xdp_cpumap_kthread ( rcpu - > map_id , n , kmem_alloc_drops ,
sched , & stats ) ;
2017-10-16 13:19:44 +03:00
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
local_bh_enable ( ) ; /* resched point, may call do_softirq() */
2017-10-16 13:19:28 +03:00
}
__set_current_state ( TASK_RUNNING ) ;
put_cpu_map_entry ( rcpu ) ;
return 0 ;
}
2022-01-21 13:10:02 +03:00
static int __cpu_map_load_bpf_program ( struct bpf_cpu_map_entry * rcpu ,
struct bpf_map * map , int fd )
2020-07-14 16:56:38 +03:00
{
struct bpf_prog * prog ;
prog = bpf_prog_get_type ( fd , BPF_PROG_TYPE_XDP ) ;
if ( IS_ERR ( prog ) )
return PTR_ERR ( prog ) ;
2022-01-21 13:10:02 +03:00
if ( prog - > expected_attach_type ! = BPF_XDP_CPUMAP | |
! bpf_prog_map_compatible ( map , prog ) ) {
2020-07-14 16:56:38 +03:00
bpf_prog_put ( prog ) ;
return - EINVAL ;
}
rcpu - > value . bpf_prog . id = prog - > aux - > id ;
rcpu - > prog = prog ;
return 0 ;
}
2020-07-14 16:56:37 +03:00
static struct bpf_cpu_map_entry *
2020-12-02 00:58:35 +03:00
__cpu_map_entry_alloc ( struct bpf_map * map , struct bpf_cpumap_val * value ,
u32 cpu )
2017-10-16 13:19:28 +03:00
{
2020-07-14 16:56:38 +03:00
int numa , err , i , fd = value - > bpf_prog . fd ;
2018-02-14 17:17:34 +03:00
gfp_t gfp = GFP_KERNEL | __GFP_NOWARN ;
2017-10-16 13:19:28 +03:00
struct bpf_cpu_map_entry * rcpu ;
2019-06-28 12:12:34 +03:00
struct xdp_bulk_queue * bq ;
2017-10-16 13:19:28 +03:00
/* Have map->numa_node, but choose node of redirect target CPU */
numa = cpu_to_node ( cpu ) ;
2020-12-02 00:58:35 +03:00
rcpu = bpf_map_kmalloc_node ( map , sizeof ( * rcpu ) , gfp | __GFP_ZERO , numa ) ;
2017-10-16 13:19:28 +03:00
if ( ! rcpu )
return NULL ;
/* Alloc percpu bulkq */
2020-12-02 00:58:35 +03:00
rcpu - > bulkq = bpf_map_alloc_percpu ( map , sizeof ( * rcpu - > bulkq ) ,
sizeof ( void * ) , gfp ) ;
2017-10-16 13:19:28 +03:00
if ( ! rcpu - > bulkq )
goto free_rcu ;
2019-06-28 12:12:34 +03:00
for_each_possible_cpu ( i ) {
bq = per_cpu_ptr ( rcpu - > bulkq , i ) ;
bq - > obj = rcpu ;
}
2017-10-16 13:19:28 +03:00
/* Alloc queue */
2020-12-02 00:58:35 +03:00
rcpu - > queue = bpf_map_kmalloc_node ( map , sizeof ( * rcpu - > queue ) , gfp ,
numa ) ;
2017-10-16 13:19:28 +03:00
if ( ! rcpu - > queue )
goto free_bulkq ;
2020-07-14 16:56:37 +03:00
err = ptr_ring_init ( rcpu - > queue , value - > qsize , gfp ) ;
2017-10-16 13:19:28 +03:00
if ( err )
goto free_queue ;
2017-10-16 13:19:44 +03:00
rcpu - > cpu = cpu ;
2020-12-02 00:58:35 +03:00
rcpu - > map_id = map - > id ;
2020-07-14 16:56:37 +03:00
rcpu - > value . qsize = value - > qsize ;
2017-10-16 13:19:28 +03:00
2022-01-21 13:10:02 +03:00
if ( fd > 0 & & __cpu_map_load_bpf_program ( rcpu , map , fd ) )
2020-07-19 18:52:41 +03:00
goto free_ptr_ring ;
2017-10-16 13:19:28 +03:00
/* Setup kthread */
rcpu - > kthread = kthread_create_on_node ( cpu_map_kthread_run , rcpu , numa ,
2020-12-02 00:58:35 +03:00
" cpumap/%d/map:%d " , cpu ,
map - > id ) ;
2017-10-16 13:19:28 +03:00
if ( IS_ERR ( rcpu - > kthread ) )
2020-07-19 18:52:41 +03:00
goto free_prog ;
2017-10-16 13:19:28 +03:00
get_cpu_map_entry ( rcpu ) ; /* 1-refcnt for being in cmap->cpu_map[] */
get_cpu_map_entry ( rcpu ) ; /* 1-refcnt for kthread */
/* Make sure kthread runs on a single CPU */
kthread_bind ( rcpu - > kthread , cpu ) ;
wake_up_process ( rcpu - > kthread ) ;
return rcpu ;
2020-07-19 18:52:41 +03:00
free_prog :
if ( rcpu - > prog )
bpf_prog_put ( rcpu - > prog ) ;
2017-10-16 13:19:28 +03:00
free_ptr_ring :
ptr_ring_cleanup ( rcpu - > queue , NULL ) ;
free_queue :
kfree ( rcpu - > queue ) ;
free_bulkq :
free_percpu ( rcpu - > bulkq ) ;
free_rcu :
kfree ( rcpu ) ;
return NULL ;
}
2018-01-16 14:27:05 +03:00
static void __cpu_map_entry_free ( struct rcu_head * rcu )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map_entry * rcpu ;
/* This cpu_map_entry have been disconnected from map and one
2019-12-19 09:10:01 +03:00
* RCU grace - period have elapsed . Thus , XDP cannot queue any
2017-10-16 13:19:28 +03:00
* new packets and cannot change / set flush_needed that can
* find this entry .
*/
rcpu = container_of ( rcu , struct bpf_cpu_map_entry , rcu ) ;
free_percpu ( rcpu - > bulkq ) ;
/* Cannot kthread_stop() here, last put free rcpu resources */
put_cpu_map_entry ( rcpu ) ;
}
/* After xchg pointer to bpf_cpu_map_entry, use the call_rcu() to
* ensure any driver rcu critical sections have completed , but this
* does not guarantee a flush has happened yet . Because driver side
* rcu_read_lock / unlock only protects the running XDP program . The
* atomic xchg and NULL - ptr check in __cpu_map_flush ( ) makes sure a
* pending flush op doesn ' t fail .
*
* The bpf_cpu_map_entry is still used by the kthread , and there can
* still be pending packets ( in queue and percpu bulkq ) . A refcnt
* makes sure to last user ( kthread_stop vs . call_rcu ) free memory
* resources .
*
* The rcu callback __cpu_map_entry_free flush remaining packets in
* percpu bulkq to queue . Due to caller map_delete_elem ( ) disable
* preemption , cannot call kthread_stop ( ) to make sure queue is empty .
* Instead a work_queue is started for stopping kthread ,
2019-12-19 09:10:01 +03:00
* cpu_map_kthread_stop , which waits for an RCU grace period before
2017-10-16 13:19:28 +03:00
* stopping kthread , emptying the queue .
*/
2018-01-16 14:27:05 +03:00
static void __cpu_map_entry_replace ( struct bpf_cpu_map * cmap ,
u32 key_cpu , struct bpf_cpu_map_entry * rcpu )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map_entry * old_rcpu ;
xdp: Add proper __rcu annotations to redirect map entries
XDP_REDIRECT works by a three-step process: the bpf_redirect() and
bpf_redirect_map() helpers will lookup the target of the redirect and store
it (along with some other metadata) in a per-CPU struct bpf_redirect_info.
Next, when the program returns the XDP_REDIRECT return code, the driver
will call xdp_do_redirect() which will use the information thus stored to
actually enqueue the frame into a bulk queue structure (that differs
slightly by map type, but shares the same principle). Finally, before
exiting its NAPI poll loop, the driver will call xdp_do_flush(), which will
flush all the different bulk queues, thus completing the redirect.
Pointers to the map entries will be kept around for this whole sequence of
steps, protected by RCU. However, there is no top-level rcu_read_lock() in
the core code; instead drivers add their own rcu_read_lock() around the XDP
portions of the code, but somewhat inconsistently as Martin discovered[0].
However, things still work because everything happens inside a single NAPI
poll sequence, which means it's between a pair of calls to
local_bh_disable()/local_bh_enable(). So Paul suggested[1] that we could
document this intention by using rcu_dereference_check() with
rcu_read_lock_bh_held() as a second parameter, thus allowing sparse and
lockdep to verify that everything is done correctly.
This patch does just that: we add an __rcu annotation to the map entry
pointers and remove the various comments explaining the NAPI poll assurance
strewn through devmap.c in favour of a longer explanation in filter.c. The
goal is to have one coherent documentation of the entire flow, and rely on
the RCU annotations as a "standard" way of communicating the flow in the
map code (which can additionally be understood by sparse and lockdep).
The RCU annotation replacements result in a fairly straight-forward
replacement where READ_ONCE() becomes rcu_dereference_check(), WRITE_ONCE()
becomes rcu_assign_pointer() and xchg() and cmpxchg() gets wrapped in the
proper constructs to cast the pointer back and forth between __rcu and
__kernel address space (for the benefit of sparse). The one complication is
that xskmap has a few constructions where double-pointers are passed back
and forth; these simply all gain __rcu annotations, and only the final
reference/dereference to the inner-most pointer gets changed.
With this, everything can be run through sparse without eliciting
complaints, and lockdep can verify correctness even without the use of
rcu_read_lock() in the drivers. Subsequent patches will clean these up from
the drivers.
[0] https://lore.kernel.org/bpf/20210415173551.7ma4slcbqeyiba2r@kafai-mbp.dhcp.thefacebook.com/
[1] https://lore.kernel.org/bpf/20210419165837.GA975577@paulmck-ThinkPad-P17-Gen-1/
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210624160609.292325-6-toke@redhat.com
2021-06-24 19:05:55 +03:00
old_rcpu = unrcu_pointer ( xchg ( & cmap - > cpu_map [ key_cpu ] , RCU_INITIALIZER ( rcpu ) ) ) ;
2017-10-16 13:19:28 +03:00
if ( old_rcpu ) {
call_rcu ( & old_rcpu - > rcu , __cpu_map_entry_free ) ;
INIT_WORK ( & old_rcpu - > kthread_stop_wq , cpu_map_kthread_stop ) ;
schedule_work ( & old_rcpu - > kthread_stop_wq ) ;
}
}
2018-01-16 14:27:05 +03:00
static int cpu_map_delete_elem ( struct bpf_map * map , void * key )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map * cmap = container_of ( map , struct bpf_cpu_map , map ) ;
u32 key_cpu = * ( u32 * ) key ;
if ( key_cpu > = map - > max_entries )
return - EINVAL ;
/* notice caller map_delete_elem() use preempt_disable() */
__cpu_map_entry_replace ( cmap , key_cpu , NULL ) ;
return 0 ;
}
2018-01-16 14:27:05 +03:00
static int cpu_map_update_elem ( struct bpf_map * map , void * key , void * value ,
u64 map_flags )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map * cmap = container_of ( map , struct bpf_cpu_map , map ) ;
2020-07-14 16:56:37 +03:00
struct bpf_cpumap_val cpumap_value = { } ;
2017-10-16 13:19:28 +03:00
struct bpf_cpu_map_entry * rcpu ;
/* Array index key correspond to CPU number */
u32 key_cpu = * ( u32 * ) key ;
2020-07-14 16:56:37 +03:00
memcpy ( & cpumap_value , value , map - > value_size ) ;
2017-10-16 13:19:28 +03:00
if ( unlikely ( map_flags > BPF_EXIST ) )
return - EINVAL ;
if ( unlikely ( key_cpu > = cmap - > map . max_entries ) )
return - E2BIG ;
if ( unlikely ( map_flags = = BPF_NOEXIST ) )
return - EEXIST ;
2020-07-14 16:56:37 +03:00
if ( unlikely ( cpumap_value . qsize > 16384 ) ) /* sanity limit on qsize */
2017-10-16 13:19:28 +03:00
return - EOVERFLOW ;
/* Make sure CPU is a valid possible cpu */
2020-04-16 11:31:20 +03:00
if ( key_cpu > = nr_cpumask_bits | | ! cpu_possible ( key_cpu ) )
2017-10-16 13:19:28 +03:00
return - ENODEV ;
2020-07-14 16:56:37 +03:00
if ( cpumap_value . qsize = = 0 ) {
2017-10-16 13:19:28 +03:00
rcpu = NULL ; /* Same as deleting */
} else {
/* Updating qsize cause re-allocation of bpf_cpu_map_entry */
2020-12-02 00:58:35 +03:00
rcpu = __cpu_map_entry_alloc ( map , & cpumap_value , key_cpu ) ;
2017-10-16 13:19:28 +03:00
if ( ! rcpu )
return - ENOMEM ;
2019-06-28 12:12:34 +03:00
rcpu - > cmap = cmap ;
2017-10-16 13:19:28 +03:00
}
rcu_read_lock ( ) ;
__cpu_map_entry_replace ( cmap , key_cpu , rcpu ) ;
rcu_read_unlock ( ) ;
return 0 ;
}
2018-01-16 14:27:05 +03:00
static void cpu_map_free ( struct bpf_map * map )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map * cmap = container_of ( map , struct bpf_cpu_map , map ) ;
u32 i ;
/* At this point bpf_prog->aux->refcnt == 0 and this map->refcnt == 0,
* so the bpf programs ( can be more than one that used this map ) were
* disconnected from events . Wait for outstanding critical sections in
* these programs to complete . The rcu critical section only guarantees
* no further " XDP/bpf-side " reads against bpf_cpu_map - > cpu_map .
* It does __not__ ensure pending flush operations ( if any ) are
* complete .
*/
2018-08-18 00:26:14 +03:00
2017-10-16 13:19:28 +03:00
synchronize_rcu ( ) ;
/* For cpu_map the remote CPUs can still be using the entries
* ( struct bpf_cpu_map_entry ) .
*/
for ( i = 0 ; i < cmap - > map . max_entries ; i + + ) {
struct bpf_cpu_map_entry * rcpu ;
xdp: Add proper __rcu annotations to redirect map entries
XDP_REDIRECT works by a three-step process: the bpf_redirect() and
bpf_redirect_map() helpers will lookup the target of the redirect and store
it (along with some other metadata) in a per-CPU struct bpf_redirect_info.
Next, when the program returns the XDP_REDIRECT return code, the driver
will call xdp_do_redirect() which will use the information thus stored to
actually enqueue the frame into a bulk queue structure (that differs
slightly by map type, but shares the same principle). Finally, before
exiting its NAPI poll loop, the driver will call xdp_do_flush(), which will
flush all the different bulk queues, thus completing the redirect.
Pointers to the map entries will be kept around for this whole sequence of
steps, protected by RCU. However, there is no top-level rcu_read_lock() in
the core code; instead drivers add their own rcu_read_lock() around the XDP
portions of the code, but somewhat inconsistently as Martin discovered[0].
However, things still work because everything happens inside a single NAPI
poll sequence, which means it's between a pair of calls to
local_bh_disable()/local_bh_enable(). So Paul suggested[1] that we could
document this intention by using rcu_dereference_check() with
rcu_read_lock_bh_held() as a second parameter, thus allowing sparse and
lockdep to verify that everything is done correctly.
This patch does just that: we add an __rcu annotation to the map entry
pointers and remove the various comments explaining the NAPI poll assurance
strewn through devmap.c in favour of a longer explanation in filter.c. The
goal is to have one coherent documentation of the entire flow, and rely on
the RCU annotations as a "standard" way of communicating the flow in the
map code (which can additionally be understood by sparse and lockdep).
The RCU annotation replacements result in a fairly straight-forward
replacement where READ_ONCE() becomes rcu_dereference_check(), WRITE_ONCE()
becomes rcu_assign_pointer() and xchg() and cmpxchg() gets wrapped in the
proper constructs to cast the pointer back and forth between __rcu and
__kernel address space (for the benefit of sparse). The one complication is
that xskmap has a few constructions where double-pointers are passed back
and forth; these simply all gain __rcu annotations, and only the final
reference/dereference to the inner-most pointer gets changed.
With this, everything can be run through sparse without eliciting
complaints, and lockdep can verify correctness even without the use of
rcu_read_lock() in the drivers. Subsequent patches will clean these up from
the drivers.
[0] https://lore.kernel.org/bpf/20210415173551.7ma4slcbqeyiba2r@kafai-mbp.dhcp.thefacebook.com/
[1] https://lore.kernel.org/bpf/20210419165837.GA975577@paulmck-ThinkPad-P17-Gen-1/
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210624160609.292325-6-toke@redhat.com
2021-06-24 19:05:55 +03:00
rcpu = rcu_dereference_raw ( cmap - > cpu_map [ i ] ) ;
2017-10-16 13:19:28 +03:00
if ( ! rcpu )
continue ;
2019-12-19 09:10:01 +03:00
/* bq flush and cleanup happens after RCU grace-period */
2017-10-16 13:19:28 +03:00
__cpu_map_entry_replace ( cmap , i , NULL ) ; /* call_rcu */
}
bpf_map_area_free ( cmap - > cpu_map ) ;
kfree ( cmap ) ;
}
xdp: Add proper __rcu annotations to redirect map entries
XDP_REDIRECT works by a three-step process: the bpf_redirect() and
bpf_redirect_map() helpers will lookup the target of the redirect and store
it (along with some other metadata) in a per-CPU struct bpf_redirect_info.
Next, when the program returns the XDP_REDIRECT return code, the driver
will call xdp_do_redirect() which will use the information thus stored to
actually enqueue the frame into a bulk queue structure (that differs
slightly by map type, but shares the same principle). Finally, before
exiting its NAPI poll loop, the driver will call xdp_do_flush(), which will
flush all the different bulk queues, thus completing the redirect.
Pointers to the map entries will be kept around for this whole sequence of
steps, protected by RCU. However, there is no top-level rcu_read_lock() in
the core code; instead drivers add their own rcu_read_lock() around the XDP
portions of the code, but somewhat inconsistently as Martin discovered[0].
However, things still work because everything happens inside a single NAPI
poll sequence, which means it's between a pair of calls to
local_bh_disable()/local_bh_enable(). So Paul suggested[1] that we could
document this intention by using rcu_dereference_check() with
rcu_read_lock_bh_held() as a second parameter, thus allowing sparse and
lockdep to verify that everything is done correctly.
This patch does just that: we add an __rcu annotation to the map entry
pointers and remove the various comments explaining the NAPI poll assurance
strewn through devmap.c in favour of a longer explanation in filter.c. The
goal is to have one coherent documentation of the entire flow, and rely on
the RCU annotations as a "standard" way of communicating the flow in the
map code (which can additionally be understood by sparse and lockdep).
The RCU annotation replacements result in a fairly straight-forward
replacement where READ_ONCE() becomes rcu_dereference_check(), WRITE_ONCE()
becomes rcu_assign_pointer() and xchg() and cmpxchg() gets wrapped in the
proper constructs to cast the pointer back and forth between __rcu and
__kernel address space (for the benefit of sparse). The one complication is
that xskmap has a few constructions where double-pointers are passed back
and forth; these simply all gain __rcu annotations, and only the final
reference/dereference to the inner-most pointer gets changed.
With this, everything can be run through sparse without eliciting
complaints, and lockdep can verify correctness even without the use of
rcu_read_lock() in the drivers. Subsequent patches will clean these up from
the drivers.
[0] https://lore.kernel.org/bpf/20210415173551.7ma4slcbqeyiba2r@kafai-mbp.dhcp.thefacebook.com/
[1] https://lore.kernel.org/bpf/20210419165837.GA975577@paulmck-ThinkPad-P17-Gen-1/
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210624160609.292325-6-toke@redhat.com
2021-06-24 19:05:55 +03:00
/* Elements are kept alive by RCU; either by rcu_read_lock() (from syscall) or
* by local_bh_disable ( ) ( from XDP calls inside NAPI ) . The
* rcu_read_lock_bh_held ( ) below makes lockdep accept both .
*/
2021-03-08 14:29:06 +03:00
static void * __cpu_map_lookup_elem ( struct bpf_map * map , u32 key )
2017-10-16 13:19:28 +03:00
{
struct bpf_cpu_map * cmap = container_of ( map , struct bpf_cpu_map , map ) ;
struct bpf_cpu_map_entry * rcpu ;
if ( key > = map - > max_entries )
return NULL ;
xdp: Add proper __rcu annotations to redirect map entries
XDP_REDIRECT works by a three-step process: the bpf_redirect() and
bpf_redirect_map() helpers will lookup the target of the redirect and store
it (along with some other metadata) in a per-CPU struct bpf_redirect_info.
Next, when the program returns the XDP_REDIRECT return code, the driver
will call xdp_do_redirect() which will use the information thus stored to
actually enqueue the frame into a bulk queue structure (that differs
slightly by map type, but shares the same principle). Finally, before
exiting its NAPI poll loop, the driver will call xdp_do_flush(), which will
flush all the different bulk queues, thus completing the redirect.
Pointers to the map entries will be kept around for this whole sequence of
steps, protected by RCU. However, there is no top-level rcu_read_lock() in
the core code; instead drivers add their own rcu_read_lock() around the XDP
portions of the code, but somewhat inconsistently as Martin discovered[0].
However, things still work because everything happens inside a single NAPI
poll sequence, which means it's between a pair of calls to
local_bh_disable()/local_bh_enable(). So Paul suggested[1] that we could
document this intention by using rcu_dereference_check() with
rcu_read_lock_bh_held() as a second parameter, thus allowing sparse and
lockdep to verify that everything is done correctly.
This patch does just that: we add an __rcu annotation to the map entry
pointers and remove the various comments explaining the NAPI poll assurance
strewn through devmap.c in favour of a longer explanation in filter.c. The
goal is to have one coherent documentation of the entire flow, and rely on
the RCU annotations as a "standard" way of communicating the flow in the
map code (which can additionally be understood by sparse and lockdep).
The RCU annotation replacements result in a fairly straight-forward
replacement where READ_ONCE() becomes rcu_dereference_check(), WRITE_ONCE()
becomes rcu_assign_pointer() and xchg() and cmpxchg() gets wrapped in the
proper constructs to cast the pointer back and forth between __rcu and
__kernel address space (for the benefit of sparse). The one complication is
that xskmap has a few constructions where double-pointers are passed back
and forth; these simply all gain __rcu annotations, and only the final
reference/dereference to the inner-most pointer gets changed.
With this, everything can be run through sparse without eliciting
complaints, and lockdep can verify correctness even without the use of
rcu_read_lock() in the drivers. Subsequent patches will clean these up from
the drivers.
[0] https://lore.kernel.org/bpf/20210415173551.7ma4slcbqeyiba2r@kafai-mbp.dhcp.thefacebook.com/
[1] https://lore.kernel.org/bpf/20210419165837.GA975577@paulmck-ThinkPad-P17-Gen-1/
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20210624160609.292325-6-toke@redhat.com
2021-06-24 19:05:55 +03:00
rcpu = rcu_dereference_check ( cmap - > cpu_map [ key ] ,
rcu_read_lock_bh_held ( ) ) ;
2017-10-16 13:19:28 +03:00
return rcpu ;
}
static void * cpu_map_lookup_elem ( struct bpf_map * map , void * key )
{
struct bpf_cpu_map_entry * rcpu =
__cpu_map_lookup_elem ( map , * ( u32 * ) key ) ;
2020-07-14 16:56:37 +03:00
return rcpu ? & rcpu - > value : NULL ;
2017-10-16 13:19:28 +03:00
}
static int cpu_map_get_next_key ( struct bpf_map * map , void * key , void * next_key )
{
struct bpf_cpu_map * cmap = container_of ( map , struct bpf_cpu_map , map ) ;
u32 index = key ? * ( u32 * ) key : U32_MAX ;
u32 * next = next_key ;
if ( index > = cmap - > map . max_entries ) {
* next = 0 ;
return 0 ;
}
if ( index = = cmap - > map . max_entries - 1 )
return - ENOENT ;
* next = index + 1 ;
return 0 ;
}
2021-03-08 14:29:06 +03:00
static int cpu_map_redirect ( struct bpf_map * map , u32 ifindex , u64 flags )
{
2021-05-19 12:07:45 +03:00
return __bpf_xdp_redirect_map ( map , ifindex , flags , 0 ,
__cpu_map_lookup_elem ) ;
2021-03-08 14:29:06 +03:00
}
2020-06-20 00:11:44 +03:00
static int cpu_map_btf_id ;
2017-10-16 13:19:28 +03:00
const struct bpf_map_ops cpu_map_ops = {
2020-08-28 04:18:06 +03:00
. map_meta_equal = bpf_map_meta_equal ,
2017-10-16 13:19:28 +03:00
. map_alloc = cpu_map_alloc ,
. map_free = cpu_map_free ,
. map_delete_elem = cpu_map_delete_elem ,
. map_update_elem = cpu_map_update_elem ,
. map_lookup_elem = cpu_map_lookup_elem ,
. map_get_next_key = cpu_map_get_next_key ,
2018-08-12 02:59:17 +03:00
. map_check_btf = map_check_no_btf ,
2020-06-20 00:11:44 +03:00
. map_btf_name = " bpf_cpu_map " ,
. map_btf_id = & cpu_map_btf_id ,
2021-03-08 14:29:06 +03:00
. map_redirect = cpu_map_redirect ,
2017-10-16 13:19:28 +03:00
} ;
2020-09-01 11:39:28 +03:00
static void bq_flush_to_queue ( struct xdp_bulk_queue * bq )
2017-10-16 13:19:28 +03:00
{
2019-06-28 12:12:34 +03:00
struct bpf_cpu_map_entry * rcpu = bq - > obj ;
2017-10-16 13:19:44 +03:00
unsigned int processed = 0 , drops = 0 ;
const int to_cpu = rcpu - > cpu ;
2017-10-16 13:19:28 +03:00
struct ptr_ring * q ;
int i ;
if ( unlikely ( ! bq - > count ) )
2020-09-01 11:39:28 +03:00
return ;
2017-10-16 13:19:28 +03:00
q = rcpu - > queue ;
spin_lock ( & q - > producer_lock ) ;
for ( i = 0 ; i < bq - > count ; i + + ) {
2018-04-17 17:45:57 +03:00
struct xdp_frame * xdpf = bq - > q [ i ] ;
2017-10-16 13:19:28 +03:00
int err ;
2018-04-17 17:45:57 +03:00
err = __ptr_ring_produce ( q , xdpf ) ;
2017-10-16 13:19:28 +03:00
if ( err ) {
2017-10-16 13:19:44 +03:00
drops + + ;
2019-12-19 09:10:00 +03:00
xdp_return_frame_rx_napi ( xdpf ) ;
2017-10-16 13:19:28 +03:00
}
2017-10-16 13:19:44 +03:00
processed + + ;
2017-10-16 13:19:28 +03:00
}
bq - > count = 0 ;
spin_unlock ( & q - > producer_lock ) ;
2019-06-28 12:12:34 +03:00
__list_del_clearprev ( & bq - > flush_node ) ;
2017-10-16 13:19:44 +03:00
/* Feedback loop via tracepoints */
trace_xdp_cpumap_enqueue ( rcpu - > map_id , processed , drops , to_cpu ) ;
2017-10-16 13:19:28 +03:00
}
/* Runs under RCU-read-side, plus in softirq under NAPI protection.
* Thus , safe percpu variable access .
*/
2020-09-01 11:39:28 +03:00
static void bq_enqueue ( struct bpf_cpu_map_entry * rcpu , struct xdp_frame * xdpf )
2017-10-16 13:19:28 +03:00
{
2019-12-19 09:10:04 +03:00
struct list_head * flush_list = this_cpu_ptr ( & cpu_map_flush_list ) ;
2017-10-16 13:19:28 +03:00
struct xdp_bulk_queue * bq = this_cpu_ptr ( rcpu - > bulkq ) ;
if ( unlikely ( bq - > count = = CPU_MAP_BULK_SIZE ) )
2019-12-19 09:10:00 +03:00
bq_flush_to_queue ( bq ) ;
2017-10-16 13:19:28 +03:00
/* Notice, xdp_buff/page MUST be queued here, long enough for
* driver to code invoking us to finished , due to driver
* ( e . g . ixgbe ) recycle tricks based on page - refcnt .
*
2018-04-17 17:45:57 +03:00
* Thus , incoming xdp_frame is always queued here ( else we race
2017-10-16 13:19:28 +03:00
* with another CPU on page - refcnt and remaining driver code ) .
* Queue time is very short , as driver will invoke flush
* operation , when completing napi - > poll call .
*/
2018-04-17 17:45:57 +03:00
bq - > q [ bq - > count + + ] = xdpf ;
2019-06-28 12:12:34 +03:00
if ( ! bq - > flush_node . prev )
list_add ( & bq - > flush_node , flush_list ) ;
2017-10-16 13:19:28 +03:00
}
2022-01-03 18:08:09 +03:00
int cpu_map_enqueue ( struct bpf_cpu_map_entry * rcpu , struct xdp_frame * xdpf ,
2017-10-16 13:19:34 +03:00
struct net_device * dev_rx )
{
bpf: cpumap xdp_buff to skb conversion and allocation
This patch makes cpumap functional, by adding SKB allocation and
invoking the network stack on the dequeuing CPU.
For constructing the SKB on the remote CPU, the xdp_buff in converted
into a struct xdp_pkt, and it mapped into the top headroom of the
packet, to avoid allocating separate mem. For now, struct xdp_pkt is
just a cpumap internal data structure, with info carried between
enqueue to dequeue.
If a driver doesn't have enough headroom it is simply dropped, with
return code -EOVERFLOW. This will be picked up the xdp tracepoint
infrastructure, to allow users to catch this.
V2: take into account xdp->data_meta
V4:
- Drop busypoll tricks, keeping it more simple.
- Skip RPS and Generic-XDP-recursive-reinjection, suggested by Alexei
V5: correct RCU read protection around __netif_receive_skb_core.
V6: Setting TASK_RUNNING vs TASK_INTERRUPTIBLE based on talk with Rik van Riel
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-16 13:19:39 +03:00
/* Info needed when constructing SKB on remote CPU */
2018-04-17 17:45:57 +03:00
xdpf - > dev_rx = dev_rx ;
2017-10-16 13:19:34 +03:00
2018-04-17 17:45:57 +03:00
bq_enqueue ( rcpu , xdpf ) ;
2017-10-16 13:19:34 +03:00
return 0 ;
}
2021-07-02 14:18:23 +03:00
int cpu_map_generic_redirect ( struct bpf_cpu_map_entry * rcpu ,
struct sk_buff * skb )
{
int ret ;
__skb_pull ( skb , skb - > mac_len ) ;
skb_set_redirected ( skb , false ) ;
__ptr_set_bit ( 0 , & skb ) ;
ret = ptr_ring_produce ( rcpu - > queue , skb ) ;
if ( ret < 0 )
goto trace ;
wake_up_process ( rcpu - > kthread ) ;
trace :
trace_xdp_cpumap_enqueue ( rcpu - > map_id , ! ret , ! ! ret , rcpu - > cpu ) ;
return ret ;
}
2019-12-19 09:10:04 +03:00
void __cpu_map_flush ( void )
2017-10-16 13:19:28 +03:00
{
2019-12-19 09:10:04 +03:00
struct list_head * flush_list = this_cpu_ptr ( & cpu_map_flush_list ) ;
2019-06-28 12:12:34 +03:00
struct xdp_bulk_queue * bq , * tmp ;
2017-10-16 13:19:28 +03:00
2019-06-28 12:12:34 +03:00
list_for_each_entry_safe ( bq , tmp , flush_list , flush_node ) {
2019-12-19 09:10:00 +03:00
bq_flush_to_queue ( bq ) ;
2017-10-16 13:19:28 +03:00
/* If already running, costs spin_lock_irqsave + smb_mb */
2019-06-28 12:12:34 +03:00
wake_up_process ( bq - > obj - > kthread ) ;
2017-10-16 13:19:28 +03:00
}
}
2019-12-19 09:10:04 +03:00
static int __init cpu_map_init ( void )
{
int cpu ;
for_each_possible_cpu ( cpu )
INIT_LIST_HEAD ( & per_cpu ( cpu_map_flush_list , cpu ) ) ;
return 0 ;
}
subsys_initcall ( cpu_map_init ) ;