Commit d1a4e0a9 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Daniel Borkmann says:

====================
bpf-next 2021-08-10

We've added 31 non-merge commits during the last 8 day(s) which contain
a total of 28 files changed, 3644 insertions(+), 519 deletions(-).

1) Native XDP support for bonding driver & related BPF selftests, from Jussi Maki.

2) Large batch of new BPF JIT tests for test_bpf.ko that came out as a result from
   32-bit MIPS JIT development, from Johan Almbladh.

3) Rewrite of netcnt BPF selftest and merge into test_progs, from Stanislav Fomichev.

4) Fix XDP bpf_prog_test_run infra after net to net-next merge, from Andrii Nakryiko.

5) Follow-up fix in unix_bpf_update_proto() to enforce socket type, from Cong Wang.

6) Fix bpf-iter-tcp4 selftest to print the correct dest IP, from Jose Blanquicet.

7) Various misc BPF XDP sample improvements, from Niklas Söderlund, Matthew Cover,
   and Muhammad Falak R Wani.

* https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (31 commits)
  bpf, tests: Add tail call test suite
  bpf, tests: Add tests for BPF_CMPXCHG
  bpf, tests: Add tests for atomic operations
  bpf, tests: Add test for 32-bit context pointer argument passing
  bpf, tests: Add branch conversion JIT test
  bpf, tests: Add word-order tests for load/store of double words
  bpf, tests: Add tests for ALU operations implemented with function calls
  bpf, tests: Add more ALU64 BPF_MUL tests
  bpf, tests: Add more BPF_LSH/RSH/ARSH tests for ALU64
  bpf, tests: Add more ALU32 tests for BPF_LSH/RSH/ARSH
  bpf, tests: Add more tests of ALU32 and ALU64 bitwise operations
  bpf, tests: Fix typos in test case descriptions
  bpf, tests: Add BPF_MOV tests for zero and sign extension
  bpf, tests: Add BPF_JMP32 test cases
  samples, bpf: Add an explict comment to handle nested vlan tagging.
  selftests/bpf: Add tests for XDP bonding
  selftests/bpf: Fix xdp_tx.c prog section name
  net, core: Allow netdev_lower_get_next_private_rcu in bh context
  bpf, devmap: Exclude XDP broadcast to master device
  net, bonding: Add XDP support to the bonding driver
  ...
====================

Link: https://lore.kernel.org/r/20210810130038.16927-1-daniel@iogearbox.netSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 4ef3960e 874be05f
This diff is collapsed.
...@@ -776,6 +776,10 @@ static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog, ...@@ -776,6 +776,10 @@ static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog,
DECLARE_BPF_DISPATCHER(xdp) DECLARE_BPF_DISPATCHER(xdp)
DECLARE_STATIC_KEY_FALSE(bpf_master_redirect_enabled_key);
u32 xdp_master_redirect(struct xdp_buff *xdp);
static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog, static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
struct xdp_buff *xdp) struct xdp_buff *xdp)
{ {
...@@ -783,7 +787,14 @@ static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog, ...@@ -783,7 +787,14 @@ static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
* under local_bh_disable(), which provides the needed RCU protection * under local_bh_disable(), which provides the needed RCU protection
* for accessing map entries. * for accessing map entries.
*/ */
return __BPF_PROG_RUN(prog, xdp, BPF_DISPATCHER_FUNC(xdp)); u32 act = __BPF_PROG_RUN(prog, xdp, BPF_DISPATCHER_FUNC(xdp));
if (static_branch_unlikely(&bpf_master_redirect_enabled_key)) {
if (act == XDP_TX && netif_is_bond_slave(xdp->rxq->dev))
act = xdp_master_redirect(xdp);
}
return act;
} }
void bpf_prog_change_xdp(struct bpf_prog *prev_prog, struct bpf_prog *prog); void bpf_prog_change_xdp(struct bpf_prog *prev_prog, struct bpf_prog *prog);
......
...@@ -1318,6 +1318,9 @@ struct netdev_net_notifier { ...@@ -1318,6 +1318,9 @@ struct netdev_net_notifier {
* that got dropped are freed/returned via xdp_return_frame(). * that got dropped are freed/returned via xdp_return_frame().
* Returns negative number, means general error invoking ndo, meaning * Returns negative number, means general error invoking ndo, meaning
* no frames were xmit'ed and core-caller will free all frames. * no frames were xmit'ed and core-caller will free all frames.
* struct net_device *(*ndo_xdp_get_xmit_slave)(struct net_device *dev,
* struct xdp_buff *xdp);
* Get the xmit slave of master device based on the xdp_buff.
* int (*ndo_xsk_wakeup)(struct net_device *dev, u32 queue_id, u32 flags); * int (*ndo_xsk_wakeup)(struct net_device *dev, u32 queue_id, u32 flags);
* This function is used to wake up the softirq, ksoftirqd or kthread * This function is used to wake up the softirq, ksoftirqd or kthread
* responsible for sending and/or receiving packets on a specific * responsible for sending and/or receiving packets on a specific
...@@ -1545,6 +1548,8 @@ struct net_device_ops { ...@@ -1545,6 +1548,8 @@ struct net_device_ops {
int (*ndo_xdp_xmit)(struct net_device *dev, int n, int (*ndo_xdp_xmit)(struct net_device *dev, int n,
struct xdp_frame **xdp, struct xdp_frame **xdp,
u32 flags); u32 flags);
struct net_device * (*ndo_xdp_get_xmit_slave)(struct net_device *dev,
struct xdp_buff *xdp);
int (*ndo_xsk_wakeup)(struct net_device *dev, int (*ndo_xsk_wakeup)(struct net_device *dev,
u32 queue_id, u32 flags); u32 queue_id, u32 flags);
struct devlink_port * (*ndo_get_devlink_port)(struct net_device *dev); struct devlink_port * (*ndo_get_devlink_port)(struct net_device *dev);
...@@ -4076,6 +4081,7 @@ typedef int (*bpf_op_t)(struct net_device *dev, struct netdev_bpf *bpf); ...@@ -4076,6 +4081,7 @@ typedef int (*bpf_op_t)(struct net_device *dev, struct netdev_bpf *bpf);
int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack, int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack,
int fd, int expected_fd, u32 flags); int fd, int expected_fd, u32 flags);
int bpf_xdp_link_attach(const union bpf_attr *attr, struct bpf_prog *prog); int bpf_xdp_link_attach(const union bpf_attr *attr, struct bpf_prog *prog);
u8 dev_xdp_prog_count(struct net_device *dev);
u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode); u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode);
int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb); int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb);
......
...@@ -259,6 +259,7 @@ struct bonding { ...@@ -259,6 +259,7 @@ struct bonding {
/* protecting ipsec_list */ /* protecting ipsec_list */
spinlock_t ipsec_lock; spinlock_t ipsec_lock;
#endif /* CONFIG_XFRM_OFFLOAD */ #endif /* CONFIG_XFRM_OFFLOAD */
struct bpf_prog *xdp_prog;
}; };
#define bond_slave_get_rcu(dev) \ #define bond_slave_get_rcu(dev) \
......
...@@ -1562,7 +1562,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn) ...@@ -1562,7 +1562,7 @@ static u64 ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn)
if (unlikely(index >= array->map.max_entries)) if (unlikely(index >= array->map.max_entries))
goto out; goto out;
if (unlikely(tail_call_cnt > MAX_TAIL_CALL_CNT)) if (unlikely(tail_call_cnt >= MAX_TAIL_CALL_CNT))
goto out; goto out;
tail_call_cnt++; tail_call_cnt++;
......
...@@ -534,10 +534,9 @@ int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_buff *xdp, ...@@ -534,10 +534,9 @@ int dev_map_enqueue(struct bpf_dtab_netdev *dst, struct xdp_buff *xdp,
return __xdp_enqueue(dev, xdp, dev_rx, dst->xdp_prog); return __xdp_enqueue(dev, xdp, dev_rx, dst->xdp_prog);
} }
static bool is_valid_dst(struct bpf_dtab_netdev *obj, struct xdp_buff *xdp, static bool is_valid_dst(struct bpf_dtab_netdev *obj, struct xdp_buff *xdp)
int exclude_ifindex)
{ {
if (!obj || obj->dev->ifindex == exclude_ifindex || if (!obj ||
!obj->dev->netdev_ops->ndo_xdp_xmit) !obj->dev->netdev_ops->ndo_xdp_xmit)
return false; return false;
...@@ -562,17 +561,48 @@ static int dev_map_enqueue_clone(struct bpf_dtab_netdev *obj, ...@@ -562,17 +561,48 @@ static int dev_map_enqueue_clone(struct bpf_dtab_netdev *obj,
return 0; return 0;
} }
static inline bool is_ifindex_excluded(int *excluded, int num_excluded, int ifindex)
{
while (num_excluded--) {
if (ifindex == excluded[num_excluded])
return true;
}
return false;
}
/* Get ifindex of each upper device. 'indexes' must be able to hold at
* least MAX_NEST_DEV elements.
* Returns the number of ifindexes added.
*/
static int get_upper_ifindexes(struct net_device *dev, int *indexes)
{
struct net_device *upper;
struct list_head *iter;
int n = 0;
netdev_for_each_upper_dev_rcu(dev, upper, iter) {
indexes[n++] = upper->ifindex;
}
return n;
}
int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx, int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx,
struct bpf_map *map, bool exclude_ingress) struct bpf_map *map, bool exclude_ingress)
{ {
struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map); struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
int exclude_ifindex = exclude_ingress ? dev_rx->ifindex : 0;
struct bpf_dtab_netdev *dst, *last_dst = NULL; struct bpf_dtab_netdev *dst, *last_dst = NULL;
int excluded_devices[1+MAX_NEST_DEV];
struct hlist_head *head; struct hlist_head *head;
struct xdp_frame *xdpf; struct xdp_frame *xdpf;
int num_excluded = 0;
unsigned int i; unsigned int i;
int err; int err;
if (exclude_ingress) {
num_excluded = get_upper_ifindexes(dev_rx, excluded_devices);
excluded_devices[num_excluded++] = dev_rx->ifindex;
}
xdpf = xdp_convert_buff_to_frame(xdp); xdpf = xdp_convert_buff_to_frame(xdp);
if (unlikely(!xdpf)) if (unlikely(!xdpf))
return -EOVERFLOW; return -EOVERFLOW;
...@@ -581,7 +611,10 @@ int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx, ...@@ -581,7 +611,10 @@ int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx,
for (i = 0; i < map->max_entries; i++) { for (i = 0; i < map->max_entries; i++) {
dst = rcu_dereference_check(dtab->netdev_map[i], dst = rcu_dereference_check(dtab->netdev_map[i],
rcu_read_lock_bh_held()); rcu_read_lock_bh_held());
if (!is_valid_dst(dst, xdp, exclude_ifindex)) if (!is_valid_dst(dst, xdp))
continue;
if (is_ifindex_excluded(excluded_devices, num_excluded, dst->dev->ifindex))
continue; continue;
/* we only need n-1 clones; last_dst enqueued below */ /* we only need n-1 clones; last_dst enqueued below */
...@@ -601,7 +634,11 @@ int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx, ...@@ -601,7 +634,11 @@ int dev_map_enqueue_multi(struct xdp_buff *xdp, struct net_device *dev_rx,
head = dev_map_index_hash(dtab, i); head = dev_map_index_hash(dtab, i);
hlist_for_each_entry_rcu(dst, head, index_hlist, hlist_for_each_entry_rcu(dst, head, index_hlist,
lockdep_is_held(&dtab->index_lock)) { lockdep_is_held(&dtab->index_lock)) {
if (!is_valid_dst(dst, xdp, exclude_ifindex)) if (!is_valid_dst(dst, xdp))
continue;
if (is_ifindex_excluded(excluded_devices, num_excluded,
dst->dev->ifindex))
continue; continue;
/* we only need n-1 clones; last_dst enqueued below */ /* we only need n-1 clones; last_dst enqueued below */
...@@ -675,18 +712,27 @@ int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, ...@@ -675,18 +712,27 @@ int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb,
bool exclude_ingress) bool exclude_ingress)
{ {
struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map); struct bpf_dtab *dtab = container_of(map, struct bpf_dtab, map);
int exclude_ifindex = exclude_ingress ? dev->ifindex : 0;
struct bpf_dtab_netdev *dst, *last_dst = NULL; struct bpf_dtab_netdev *dst, *last_dst = NULL;
int excluded_devices[1+MAX_NEST_DEV];
struct hlist_head *head; struct hlist_head *head;
struct hlist_node *next; struct hlist_node *next;
int num_excluded = 0;
unsigned int i; unsigned int i;
int err; int err;
if (exclude_ingress) {
num_excluded = get_upper_ifindexes(dev, excluded_devices);
excluded_devices[num_excluded++] = dev->ifindex;
}
if (map->map_type == BPF_MAP_TYPE_DEVMAP) { if (map->map_type == BPF_MAP_TYPE_DEVMAP) {
for (i = 0; i < map->max_entries; i++) { for (i = 0; i < map->max_entries; i++) {
dst = rcu_dereference_check(dtab->netdev_map[i], dst = rcu_dereference_check(dtab->netdev_map[i],
rcu_read_lock_bh_held()); rcu_read_lock_bh_held());
if (!dst || dst->dev->ifindex == exclude_ifindex) if (!dst)
continue;
if (is_ifindex_excluded(excluded_devices, num_excluded, dst->dev->ifindex))
continue; continue;
/* we only need n-1 clones; last_dst enqueued below */ /* we only need n-1 clones; last_dst enqueued below */
...@@ -700,12 +746,17 @@ int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb, ...@@ -700,12 +746,17 @@ int dev_map_redirect_multi(struct net_device *dev, struct sk_buff *skb,
return err; return err;
last_dst = dst; last_dst = dst;
} }
} else { /* BPF_MAP_TYPE_DEVMAP_HASH */ } else { /* BPF_MAP_TYPE_DEVMAP_HASH */
for (i = 0; i < dtab->n_buckets; i++) { for (i = 0; i < dtab->n_buckets; i++) {
head = dev_map_index_hash(dtab, i); head = dev_map_index_hash(dtab, i);
hlist_for_each_entry_safe(dst, next, head, index_hlist) { hlist_for_each_entry_safe(dst, next, head, index_hlist) {
if (!dst || dst->dev->ifindex == exclude_ifindex) if (!dst)
continue;
if (is_ifindex_excluded(excluded_devices, num_excluded,
dst->dev->ifindex))
continue; continue;
/* we only need n-1 clones; last_dst enqueued below */ /* we only need n-1 clones; last_dst enqueued below */
......
This diff is collapsed.
...@@ -763,8 +763,7 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr, ...@@ -763,8 +763,7 @@ int bpf_prog_test_run_xdp(struct bpf_prog *prog, const union bpf_attr *kattr,
if (prog->expected_attach_type == BPF_XDP_DEVMAP || if (prog->expected_attach_type == BPF_XDP_DEVMAP ||
prog->expected_attach_type == BPF_XDP_CPUMAP) prog->expected_attach_type == BPF_XDP_CPUMAP)
return -EINVAL; return -EINVAL;
if (kattr->test.ctx_in || kattr->test.ctx_out)
return -EINVAL;
ctx = bpf_ctx_init(kattr, sizeof(struct xdp_md)); ctx = bpf_ctx_init(kattr, sizeof(struct xdp_md));
if (IS_ERR(ctx)) if (IS_ERR(ctx))
return PTR_ERR(ctx); return PTR_ERR(ctx);
......
...@@ -7532,7 +7532,7 @@ void *netdev_lower_get_next_private_rcu(struct net_device *dev, ...@@ -7532,7 +7532,7 @@ void *netdev_lower_get_next_private_rcu(struct net_device *dev,
{ {
struct netdev_adjacent *lower; struct netdev_adjacent *lower;
WARN_ON_ONCE(!rcu_read_lock_held()); WARN_ON_ONCE(!rcu_read_lock_held() && !rcu_read_lock_bh_held());
lower = list_entry_rcu((*iter)->next, struct netdev_adjacent, list); lower = list_entry_rcu((*iter)->next, struct netdev_adjacent, list);
...@@ -9297,7 +9297,7 @@ static struct bpf_prog *dev_xdp_prog(struct net_device *dev, ...@@ -9297,7 +9297,7 @@ static struct bpf_prog *dev_xdp_prog(struct net_device *dev,
return dev->xdp_state[mode].prog; return dev->xdp_state[mode].prog;
} }
static u8 dev_xdp_prog_count(struct net_device *dev) u8 dev_xdp_prog_count(struct net_device *dev)
{ {
u8 count = 0; u8 count = 0;
int i; int i;
...@@ -9307,6 +9307,7 @@ static u8 dev_xdp_prog_count(struct net_device *dev) ...@@ -9307,6 +9307,7 @@ static u8 dev_xdp_prog_count(struct net_device *dev)
count++; count++;
return count; return count;
} }
EXPORT_SYMBOL_GPL(dev_xdp_prog_count);
u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode) u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode)
{ {
...@@ -9400,6 +9401,8 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack ...@@ -9400,6 +9401,8 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
{ {
unsigned int num_modes = hweight32(flags & XDP_FLAGS_MODES); unsigned int num_modes = hweight32(flags & XDP_FLAGS_MODES);
struct bpf_prog *cur_prog; struct bpf_prog *cur_prog;
struct net_device *upper;
struct list_head *iter;
enum bpf_xdp_mode mode; enum bpf_xdp_mode mode;
bpf_op_t bpf_op; bpf_op_t bpf_op;
int err; int err;
...@@ -9438,6 +9441,14 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack ...@@ -9438,6 +9441,14 @@ static int dev_xdp_attach(struct net_device *dev, struct netlink_ext_ack *extack
return -EBUSY; return -EBUSY;
} }
/* don't allow if an upper device already has a program */
netdev_for_each_upper_dev_rcu(dev, upper, iter) {
if (dev_xdp_prog_count(upper) > 0) {
NL_SET_ERR_MSG(extack, "Cannot attach when an upper device already has a program");
return -EEXIST;
}
}
cur_prog = dev_xdp_prog(dev, mode); cur_prog = dev_xdp_prog(dev, mode);
/* can't replace attached prog with link */ /* can't replace attached prog with link */
if (link && cur_prog) { if (link && cur_prog) {
......
...@@ -3933,6 +3933,31 @@ void bpf_clear_redirect_map(struct bpf_map *map) ...@@ -3933,6 +3933,31 @@ void bpf_clear_redirect_map(struct bpf_map *map)
} }
} }
DEFINE_STATIC_KEY_FALSE(bpf_master_redirect_enabled_key);
EXPORT_SYMBOL_GPL(bpf_master_redirect_enabled_key);
u32 xdp_master_redirect(struct xdp_buff *xdp)
{
struct net_device *master, *slave;
struct bpf_redirect_info *ri = this_cpu_ptr(&bpf_redirect_info);
master = netdev_master_upper_dev_get_rcu(xdp->rxq->dev);
slave = master->netdev_ops->ndo_xdp_get_xmit_slave(master, xdp);
if (slave && slave != xdp->rxq->dev) {
/* The target device is different from the receiving device, so
* redirect it to the new device.
* Using XDP_REDIRECT gets the correct behaviour from XDP enabled
* drivers to unmap the packet from their rx ring.
*/
ri->tgt_index = slave->ifindex;
ri->map_id = INT_MAX;
ri->map_type = BPF_MAP_TYPE_UNSPEC;
return XDP_REDIRECT;
}
return XDP_TX;
}
EXPORT_SYMBOL_GPL(xdp_master_redirect);
int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp, int xdp_do_redirect(struct net_device *dev, struct xdp_buff *xdp,
struct bpf_prog *xdp_prog) struct bpf_prog *xdp_prog)
{ {
......
...@@ -105,6 +105,9 @@ static void unix_bpf_check_needs_rebuild(struct proto *ops) ...@@ -105,6 +105,9 @@ static void unix_bpf_check_needs_rebuild(struct proto *ops)
int unix_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool restore) int unix_bpf_update_proto(struct sock *sk, struct sk_psock *psock, bool restore)
{ {
if (sk->sk_type != SOCK_DGRAM)
return -EOPNOTSUPP;
if (restore) { if (restore) {
sk->sk_write_space = psock->saved_write_space; sk->sk_write_space = psock->saved_write_space;
WRITE_ONCE(sk->sk_prot, psock->sk_proto); WRITE_ONCE(sk->sk_prot, psock->sk_proto);
......
...@@ -57,6 +57,7 @@ int xdp_prog1(struct xdp_md *ctx) ...@@ -57,6 +57,7 @@ int xdp_prog1(struct xdp_md *ctx)
h_proto = eth->h_proto; h_proto = eth->h_proto;
/* Handle VLAN tagged packet */
if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) { if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
struct vlan_hdr *vhdr; struct vlan_hdr *vhdr;
...@@ -66,6 +67,7 @@ int xdp_prog1(struct xdp_md *ctx) ...@@ -66,6 +67,7 @@ int xdp_prog1(struct xdp_md *ctx)
return rc; return rc;
h_proto = vhdr->h_vlan_encapsulated_proto; h_proto = vhdr->h_vlan_encapsulated_proto;
} }
/* Handle double VLAN tagged packet */
if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) { if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
struct vlan_hdr *vhdr; struct vlan_hdr *vhdr;
......
...@@ -73,6 +73,7 @@ int xdp_prog1(struct xdp_md *ctx) ...@@ -73,6 +73,7 @@ int xdp_prog1(struct xdp_md *ctx)
h_proto = eth->h_proto; h_proto = eth->h_proto;
/* Handle VLAN tagged packet */
if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) { if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
struct vlan_hdr *vhdr; struct vlan_hdr *vhdr;
...@@ -82,6 +83,7 @@ int xdp_prog1(struct xdp_md *ctx) ...@@ -82,6 +83,7 @@ int xdp_prog1(struct xdp_md *ctx)
return rc; return rc;
h_proto = vhdr->h_vlan_encapsulated_proto; h_proto = vhdr->h_vlan_encapsulated_proto;
} }
/* Handle double VLAN tagged packet */
if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) { if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
struct vlan_hdr *vhdr; struct vlan_hdr *vhdr;
......
...@@ -841,7 +841,7 @@ int main(int argc, char **argv) ...@@ -841,7 +841,7 @@ int main(int argc, char **argv)
memset(cpu, 0, n_cpus * sizeof(int)); memset(cpu, 0, n_cpus * sizeof(int));
/* Parse commands line args */ /* Parse commands line args */
while ((opt = getopt_long(argc, argv, "hSd:s:p:q:c:xzFf:e:r:m:", while ((opt = getopt_long(argc, argv, "hSd:s:p:q:c:xzFf:e:r:m:n",
long_options, &longindex)) != -1) { long_options, &longindex)) != -1) {
switch (opt) { switch (opt) {
case 'd': case 'd':
......
// SPDX-License-Identifier: GPL-2.0 // SPDX-License-Identifier: GPL-2.0
/* Copyright(c) 2017 - 2018 Intel Corporation. */ /* Copyright(c) 2017 - 2018 Intel Corporation. */
#include <asm/barrier.h>
#include <errno.h> #include <errno.h>
#include <getopt.h> #include <getopt.h>
#include <libgen.h> #include <libgen.h>
#include <linux/bpf.h> #include <linux/bpf.h>
#include <linux/compiler.h>
#include <linux/if_link.h> #include <linux/if_link.h>
#include <linux/if_xdp.h> #include <linux/if_xdp.h>
#include <linux/if_ether.h> #include <linux/if_ether.h>
...@@ -653,17 +651,15 @@ static unsigned int do_csum(const unsigned char *buff, int len) ...@@ -653,17 +651,15 @@ static unsigned int do_csum(const unsigned char *buff, int len)
return result; return result;
} }
__sum16 ip_fast_csum(const void *iph, unsigned int ihl);
/* /*
* This is a version of ip_compute_csum() optimized for IP headers, * This is a version of ip_compute_csum() optimized for IP headers,
* which always checksum on 4 octet boundaries. * which always checksum on 4 octet boundaries.
* This function code has been taken from * This function code has been taken from
* Linux kernel lib/checksum.c * Linux kernel lib/checksum.c
*/ */
__sum16 ip_fast_csum(const void *iph, unsigned int ihl) static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
{ {
return (__force __sum16)~do_csum(iph, ihl * 4); return (__sum16)~do_csum(iph, ihl * 4);
} }
/* /*
...@@ -673,11 +669,11 @@ __sum16 ip_fast_csum(const void *iph, unsigned int ihl) ...@@ -673,11 +669,11 @@ __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
*/ */
static inline __sum16 csum_fold(__wsum csum) static inline __sum16 csum_fold(__wsum csum)
{ {
u32 sum = (__force u32)csum; u32 sum = (u32)csum;
sum = (sum & 0xffff) + (sum >> 16); sum = (sum & 0xffff) + (sum >> 16);
sum = (sum & 0xffff) + (sum >> 16); sum = (sum & 0xffff) + (sum >> 16);
return (__force __sum16)~sum; return (__sum16)~sum;
} }
/* /*
...@@ -703,16 +699,16 @@ __wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr, ...@@ -703,16 +699,16 @@ __wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr,
__wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr, __wsum csum_tcpudp_nofold(__be32 saddr, __be32 daddr,
__u32 len, __u8 proto, __wsum sum) __u32 len, __u8 proto, __wsum sum)
{ {
unsigned long long s = (__force u32)sum; unsigned long long s = (u32)sum;
s += (__force u32)saddr; s += (u32)saddr;
s += (__force u32)daddr; s += (u32)daddr;
#ifdef __BIG_ENDIAN__ #ifdef __BIG_ENDIAN__
s += proto + len; s += proto + len;
#else #else
s += (proto + len) << 8; s += (proto + len) << 8;
#endif #endif
return (__force __wsum)from64to32(s); return (__wsum)from64to32(s);
} }
/* /*
......
...@@ -23,7 +23,6 @@ test_skb_cgroup_id_user ...@@ -23,7 +23,6 @@ test_skb_cgroup_id_user
test_cgroup_storage test_cgroup_storage
test_flow_dissector test_flow_dissector
flow_dissector_load flow_dissector_load
test_netcnt
test_tcpnotify_user test_tcpnotify_user
test_libbpf test_libbpf
test_tcp_check_syncookie_user test_tcp_check_syncookie_user
......
...@@ -38,7 +38,7 @@ TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test ...@@ -38,7 +38,7 @@ TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test
test_verifier_log test_dev_cgroup \ test_verifier_log test_dev_cgroup \
test_sock test_sockmap get_cgroup_id_user \ test_sock test_sockmap get_cgroup_id_user \
test_cgroup_storage \ test_cgroup_storage \
test_netcnt test_tcpnotify_user test_sysctl \ test_tcpnotify_user test_sysctl \
test_progs-no_alu32 test_progs-no_alu32
# Also test bpf-gcc, if present # Also test bpf-gcc, if present
...@@ -197,7 +197,6 @@ $(OUTPUT)/test_sockmap: cgroup_helpers.c ...@@ -197,7 +197,6 @@ $(OUTPUT)/test_sockmap: cgroup_helpers.c
$(OUTPUT)/test_tcpnotify_user: cgroup_helpers.c trace_helpers.c $(OUTPUT)/test_tcpnotify_user: cgroup_helpers.c trace_helpers.c
$(OUTPUT)/get_cgroup_id_user: cgroup_helpers.c $(OUTPUT)/get_cgroup_id_user: cgroup_helpers.c
$(OUTPUT)/test_cgroup_storage: cgroup_helpers.c $(OUTPUT)/test_cgroup_storage: cgroup_helpers.c
$(OUTPUT)/test_netcnt: cgroup_helpers.c
$(OUTPUT)/test_sock_fields: cgroup_helpers.c $(OUTPUT)/test_sock_fields: cgroup_helpers.c
$(OUTPUT)/test_sysctl: cgroup_helpers.c $(OUTPUT)/test_sysctl: cgroup_helpers.c
......
...@@ -310,3 +310,15 @@ int make_sockaddr(int family, const char *addr_str, __u16 port, ...@@ -310,3 +310,15 @@ int make_sockaddr(int family, const char *addr_str, __u16 port,
} }
return -1; return -1;
} }
char *ping_command(int family)
{
if (family == AF_INET6) {
/* On some systems 'ping' doesn't support IPv6, so use ping6 if it is present. */
if (!system("which ping6 >/dev/null 2>&1"))
return "ping6";
else
return "ping -6";
}
return "ping";
}
...@@ -46,5 +46,6 @@ int fastopen_connect(int server_fd, const char *data, unsigned int data_len, ...@@ -46,5 +46,6 @@ int fastopen_connect(int server_fd, const char *data, unsigned int data_len,
int timeout_ms); int timeout_ms);
int make_sockaddr(int family, const char *addr_str, __u16 port, int make_sockaddr(int family, const char *addr_str, __u16 port,
struct sockaddr_storage *addr, socklen_t *len); struct sockaddr_storage *addr, socklen_t *len);
char *ping_command(int family);
#endif #endif
// SPDX-License-Identifier: GPL-2.0
#include <sys/sysinfo.h>
#include <test_progs.h>
#include "network_helpers.h"
#include "netcnt_prog.skel.h"
#include "netcnt_common.h"
#define CG_NAME "/netcnt"
void test_netcnt(void)
{
union percpu_net_cnt *percpu_netcnt = NULL;
struct bpf_cgroup_storage_key key;
int map_fd, percpu_map_fd;
struct netcnt_prog *skel;
unsigned long packets;
union net_cnt netcnt;
unsigned long bytes;
int cpu, nproc;
int cg_fd = -1;
char cmd[128];
skel = netcnt_prog__open_and_load();
if (!ASSERT_OK_PTR(skel, "netcnt_prog__open_and_load"))
return;
nproc = get_nprocs_conf();
percpu_netcnt = malloc(sizeof(*percpu_netcnt) * nproc);
if (!ASSERT_OK_PTR(percpu_netcnt, "malloc(percpu_netcnt)"))
goto err;
cg_fd = test__join_cgroup(CG_NAME);
if (!ASSERT_GE(cg_fd, 0, "test__join_cgroup"))
goto err;
skel->links.bpf_nextcnt = bpf_program__attach_cgroup(skel->progs.bpf_nextcnt, cg_fd);
if (!ASSERT_OK_PTR(skel->links.bpf_nextcnt,
"attach_cgroup(bpf_nextcnt)"))
goto err;
snprintf(cmd, sizeof(cmd), "%s ::1 -A -c 10000 -q > /dev/null", ping_command(AF_INET6));
ASSERT_OK(system(cmd), cmd);
map_fd = bpf_map__fd(skel->maps.netcnt);
if (!ASSERT_OK(bpf_map_get_next_key(map_fd, NULL, &key), "bpf_map_get_next_key"))
goto err;
if (!ASSERT_OK(bpf_map_lookup_elem(map_fd, &key, &netcnt), "bpf_map_lookup_elem(netcnt)"))
goto err;
percpu_map_fd = bpf_map__fd(skel->maps.percpu_netcnt);
if (!ASSERT_OK(bpf_map_lookup_elem(percpu_map_fd, &key, &percpu_netcnt[0]),
"bpf_map_lookup_elem(percpu_netcnt)"))
goto err;
/* Some packets can be still in per-cpu cache, but not more than
* MAX_PERCPU_PACKETS.
*/
packets = netcnt.packets;
bytes = netcnt.bytes;
for (cpu = 0; cpu < nproc; cpu++) {
ASSERT_LE(percpu_netcnt[cpu].packets, MAX_PERCPU_PACKETS, "MAX_PERCPU_PACKETS");
packets += percpu_netcnt[cpu].packets;
bytes += percpu_netcnt[cpu].bytes;
}
/* No packets should be lost */
ASSERT_EQ(packets, 10000, "packets");
/* Let's check that bytes counter matches the number of packets
* multiplied by the size of ipv6 ICMP packet.
*/
ASSERT_EQ(bytes, packets * 104, "bytes");
err:
if (cg_fd != -1)
close(cg_fd);
free(percpu_netcnt);
netcnt_prog__destroy(skel);
}
...@@ -34,8 +34,8 @@ void test_reference_tracking(void) ...@@ -34,8 +34,8 @@ void test_reference_tracking(void)
if (!test__start_subtest(title)) if (!test__start_subtest(title))
continue; continue;
/* Expect verifier failure if test name has 'fail' */ /* Expect verifier failure if test name has 'err' */
if (strstr(title, "fail") != NULL) { if (strstr(title, "err_") != NULL) {
libbpf_print_fn_t old_print_fn; libbpf_print_fn_t old_print_fn;
old_print_fn = libbpf_set_print(NULL); old_print_fn = libbpf_set_print(NULL);
......
...@@ -390,18 +390,6 @@ static void test_tcp(int family, const char *addr, __u16 port) ...@@ -390,18 +390,6 @@ static void test_tcp(int family, const char *addr, __u16 port)
close(client_fd); close(client_fd);
} }
static char *ping_command(int family)
{
if (family == AF_INET6) {
/* On some systems 'ping' doesn't support IPv6, so use ping6 if it is present. */
if (!system("which ping6 >/dev/null 2>&1"))
return "ping6";
else
return "ping -6";
}
return "ping";
}
static int test_ping(int family, const char *addr) static int test_ping(int family, const char *addr)
{ {
SYS("ip netns exec " NS_SRC " %s " PING_ARGS " %s > /dev/null", ping_command(family), addr); SYS("ip netns exec " NS_SRC " %s " PING_ARGS " %s > /dev/null", ping_command(family), addr);
......
This diff is collapsed.
...@@ -121,7 +121,7 @@ static int dump_tcp_sock(struct seq_file *seq, struct tcp_sock *tp, ...@@ -121,7 +121,7 @@ static int dump_tcp_sock(struct seq_file *seq, struct tcp_sock *tp,
} }
BPF_SEQ_PRINTF(seq, "%4d: %08X:%04X %08X:%04X ", BPF_SEQ_PRINTF(seq, "%4d: %08X:%04X %08X:%04X ",
seq_num, src, srcp, destp, destp); seq_num, src, srcp, dest, destp);
BPF_SEQ_PRINTF(seq, "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d ", BPF_SEQ_PRINTF(seq, "%02X %08X:%08X %02X:%08lX %08X %5u %8d %lu %d ",
state, state,
tp->write_seq - tp->snd_una, rx_queue, tp->write_seq - tp->snd_una, rx_queue,
......
...@@ -91,7 +91,7 @@ int bpf_sk_lookup_test1(struct __sk_buff *skb) ...@@ -91,7 +91,7 @@ int bpf_sk_lookup_test1(struct __sk_buff *skb)
return 0; return 0;
} }
SEC("classifier/fail_use_after_free") SEC("classifier/err_use_after_free")
int bpf_sk_lookup_uaf(struct __sk_buff *skb) int bpf_sk_lookup_uaf(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -106,7 +106,7 @@ int bpf_sk_lookup_uaf(struct __sk_buff *skb) ...@@ -106,7 +106,7 @@ int bpf_sk_lookup_uaf(struct __sk_buff *skb)
return family; return family;
} }
SEC("classifier/fail_modify_sk_pointer") SEC("classifier/err_modify_sk_pointer")
int bpf_sk_lookup_modptr(struct __sk_buff *skb) int bpf_sk_lookup_modptr(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -121,7 +121,7 @@ int bpf_sk_lookup_modptr(struct __sk_buff *skb) ...@@ -121,7 +121,7 @@ int bpf_sk_lookup_modptr(struct __sk_buff *skb)
return 0; return 0;
} }
SEC("classifier/fail_modify_sk_or_null_pointer") SEC("classifier/err_modify_sk_or_null_pointer")
int bpf_sk_lookup_modptr_or_null(struct __sk_buff *skb) int bpf_sk_lookup_modptr_or_null(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -135,7 +135,7 @@ int bpf_sk_lookup_modptr_or_null(struct __sk_buff *skb) ...@@ -135,7 +135,7 @@ int bpf_sk_lookup_modptr_or_null(struct __sk_buff *skb)
return 0; return 0;
} }
SEC("classifier/fail_no_release") SEC("classifier/err_no_release")
int bpf_sk_lookup_test2(struct __sk_buff *skb) int bpf_sk_lookup_test2(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -144,7 +144,7 @@ int bpf_sk_lookup_test2(struct __sk_buff *skb) ...@@ -144,7 +144,7 @@ int bpf_sk_lookup_test2(struct __sk_buff *skb)
return 0; return 0;
} }
SEC("classifier/fail_release_twice") SEC("classifier/err_release_twice")
int bpf_sk_lookup_test3(struct __sk_buff *skb) int bpf_sk_lookup_test3(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -156,7 +156,7 @@ int bpf_sk_lookup_test3(struct __sk_buff *skb) ...@@ -156,7 +156,7 @@ int bpf_sk_lookup_test3(struct __sk_buff *skb)
return 0; return 0;
} }
SEC("classifier/fail_release_unchecked") SEC("classifier/err_release_unchecked")
int bpf_sk_lookup_test4(struct __sk_buff *skb) int bpf_sk_lookup_test4(struct __sk_buff *skb)
{ {
struct bpf_sock_tuple tuple = {}; struct bpf_sock_tuple tuple = {};
...@@ -173,7 +173,7 @@ void lookup_no_release(struct __sk_buff *skb) ...@@ -173,7 +173,7 @@ void lookup_no_release(struct __sk_buff *skb)
bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0); bpf_sk_lookup_tcp(skb, &tuple, sizeof(tuple), BPF_F_CURRENT_NETNS, 0);
} }
SEC("classifier/fail_no_release_subcall") SEC("classifier/err_no_release_subcall")
int bpf_sk_lookup_test5(struct __sk_buff *skb) int bpf_sk_lookup_test5(struct __sk_buff *skb)
{ {
lookup_no_release(skb); lookup_no_release(skb);
......
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
#include <linux/bpf.h> #include <linux/bpf.h>
#include <bpf/bpf_helpers.h> #include <bpf/bpf_helpers.h>
SEC("tx") SEC("xdp")
int xdp_tx(struct xdp_md *xdp) int xdp_tx(struct xdp_md *xdp)
{ {
return XDP_TX; return XDP_TX;
......
This diff is collapsed.
...@@ -108,7 +108,7 @@ ip link set dev veth2 xdp pinned $BPF_DIR/progs/redirect_map_1 ...@@ -108,7 +108,7 @@ ip link set dev veth2 xdp pinned $BPF_DIR/progs/redirect_map_1
ip link set dev veth3 xdp pinned $BPF_DIR/progs/redirect_map_2 ip link set dev veth3 xdp pinned $BPF_DIR/progs/redirect_map_2
ip -n ns1 link set dev veth11 xdp obj xdp_dummy.o sec xdp_dummy ip -n ns1 link set dev veth11 xdp obj xdp_dummy.o sec xdp_dummy
ip -n ns2 link set dev veth22 xdp obj xdp_tx.o sec tx ip -n ns2 link set dev veth22 xdp obj xdp_tx.o sec xdp
ip -n ns3 link set dev veth33 xdp obj xdp_dummy.o sec xdp_dummy ip -n ns3 link set dev veth33 xdp obj xdp_dummy.o sec xdp_dummy
trap cleanup EXIT trap cleanup EXIT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment