cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

act_bpf.c (10644B)


      1// SPDX-License-Identifier: GPL-2.0-or-later
      2/*
      3 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
      4 */
      5
      6#include <linux/module.h>
      7#include <linux/init.h>
      8#include <linux/kernel.h>
      9#include <linux/skbuff.h>
     10#include <linux/rtnetlink.h>
     11#include <linux/filter.h>
     12#include <linux/bpf.h>
     13
     14#include <net/netlink.h>
     15#include <net/sock.h>
     16#include <net/pkt_sched.h>
     17#include <net/pkt_cls.h>
     18
     19#include <linux/tc_act/tc_bpf.h>
     20#include <net/tc_act/tc_bpf.h>
     21
     22#define ACT_BPF_NAME_LEN	256
     23
     24struct tcf_bpf_cfg {
     25	struct bpf_prog *filter;
     26	struct sock_filter *bpf_ops;
     27	const char *bpf_name;
     28	u16 bpf_num_ops;
     29	bool is_ebpf;
     30};
     31
     32static unsigned int bpf_net_id;
     33static struct tc_action_ops act_bpf_ops;
     34
     35static int tcf_bpf_act(struct sk_buff *skb, const struct tc_action *act,
     36		       struct tcf_result *res)
     37{
     38	bool at_ingress = skb_at_tc_ingress(skb);
     39	struct tcf_bpf *prog = to_bpf(act);
     40	struct bpf_prog *filter;
     41	int action, filter_res;
     42
     43	tcf_lastuse_update(&prog->tcf_tm);
     44	bstats_update(this_cpu_ptr(prog->common.cpu_bstats), skb);
     45
     46	filter = rcu_dereference(prog->filter);
     47	if (at_ingress) {
     48		__skb_push(skb, skb->mac_len);
     49		bpf_compute_data_pointers(skb);
     50		filter_res = bpf_prog_run(filter, skb);
     51		__skb_pull(skb, skb->mac_len);
     52	} else {
     53		bpf_compute_data_pointers(skb);
     54		filter_res = bpf_prog_run(filter, skb);
     55	}
     56	if (unlikely(!skb->tstamp && skb->mono_delivery_time))
     57		skb->mono_delivery_time = 0;
     58	if (skb_sk_is_prefetched(skb) && filter_res != TC_ACT_OK)
     59		skb_orphan(skb);
     60
     61	/* A BPF program may overwrite the default action opcode.
     62	 * Similarly as in cls_bpf, if filter_res == -1 we use the
     63	 * default action specified from tc.
     64	 *
     65	 * In case a different well-known TC_ACT opcode has been
     66	 * returned, it will overwrite the default one.
     67	 *
     68	 * For everything else that is unknown, TC_ACT_UNSPEC is
     69	 * returned.
     70	 */
     71	switch (filter_res) {
     72	case TC_ACT_PIPE:
     73	case TC_ACT_RECLASSIFY:
     74	case TC_ACT_OK:
     75	case TC_ACT_REDIRECT:
     76		action = filter_res;
     77		break;
     78	case TC_ACT_SHOT:
     79		action = filter_res;
     80		qstats_drop_inc(this_cpu_ptr(prog->common.cpu_qstats));
     81		break;
     82	case TC_ACT_UNSPEC:
     83		action = prog->tcf_action;
     84		break;
     85	default:
     86		action = TC_ACT_UNSPEC;
     87		break;
     88	}
     89
     90	return action;
     91}
     92
     93static bool tcf_bpf_is_ebpf(const struct tcf_bpf *prog)
     94{
     95	return !prog->bpf_ops;
     96}
     97
     98static int tcf_bpf_dump_bpf_info(const struct tcf_bpf *prog,
     99				 struct sk_buff *skb)
    100{
    101	struct nlattr *nla;
    102
    103	if (nla_put_u16(skb, TCA_ACT_BPF_OPS_LEN, prog->bpf_num_ops))
    104		return -EMSGSIZE;
    105
    106	nla = nla_reserve(skb, TCA_ACT_BPF_OPS, prog->bpf_num_ops *
    107			  sizeof(struct sock_filter));
    108	if (nla == NULL)
    109		return -EMSGSIZE;
    110
    111	memcpy(nla_data(nla), prog->bpf_ops, nla_len(nla));
    112
    113	return 0;
    114}
    115
    116static int tcf_bpf_dump_ebpf_info(const struct tcf_bpf *prog,
    117				  struct sk_buff *skb)
    118{
    119	struct nlattr *nla;
    120
    121	if (prog->bpf_name &&
    122	    nla_put_string(skb, TCA_ACT_BPF_NAME, prog->bpf_name))
    123		return -EMSGSIZE;
    124
    125	if (nla_put_u32(skb, TCA_ACT_BPF_ID, prog->filter->aux->id))
    126		return -EMSGSIZE;
    127
    128	nla = nla_reserve(skb, TCA_ACT_BPF_TAG, sizeof(prog->filter->tag));
    129	if (nla == NULL)
    130		return -EMSGSIZE;
    131
    132	memcpy(nla_data(nla), prog->filter->tag, nla_len(nla));
    133
    134	return 0;
    135}
    136
    137static int tcf_bpf_dump(struct sk_buff *skb, struct tc_action *act,
    138			int bind, int ref)
    139{
    140	unsigned char *tp = skb_tail_pointer(skb);
    141	struct tcf_bpf *prog = to_bpf(act);
    142	struct tc_act_bpf opt = {
    143		.index   = prog->tcf_index,
    144		.refcnt  = refcount_read(&prog->tcf_refcnt) - ref,
    145		.bindcnt = atomic_read(&prog->tcf_bindcnt) - bind,
    146	};
    147	struct tcf_t tm;
    148	int ret;
    149
    150	spin_lock_bh(&prog->tcf_lock);
    151	opt.action = prog->tcf_action;
    152	if (nla_put(skb, TCA_ACT_BPF_PARMS, sizeof(opt), &opt))
    153		goto nla_put_failure;
    154
    155	if (tcf_bpf_is_ebpf(prog))
    156		ret = tcf_bpf_dump_ebpf_info(prog, skb);
    157	else
    158		ret = tcf_bpf_dump_bpf_info(prog, skb);
    159	if (ret)
    160		goto nla_put_failure;
    161
    162	tcf_tm_dump(&tm, &prog->tcf_tm);
    163	if (nla_put_64bit(skb, TCA_ACT_BPF_TM, sizeof(tm), &tm,
    164			  TCA_ACT_BPF_PAD))
    165		goto nla_put_failure;
    166
    167	spin_unlock_bh(&prog->tcf_lock);
    168	return skb->len;
    169
    170nla_put_failure:
    171	spin_unlock_bh(&prog->tcf_lock);
    172	nlmsg_trim(skb, tp);
    173	return -1;
    174}
    175
    176static const struct nla_policy act_bpf_policy[TCA_ACT_BPF_MAX + 1] = {
    177	[TCA_ACT_BPF_PARMS]	= { .len = sizeof(struct tc_act_bpf) },
    178	[TCA_ACT_BPF_FD]	= { .type = NLA_U32 },
    179	[TCA_ACT_BPF_NAME]	= { .type = NLA_NUL_STRING,
    180				    .len = ACT_BPF_NAME_LEN },
    181	[TCA_ACT_BPF_OPS_LEN]	= { .type = NLA_U16 },
    182	[TCA_ACT_BPF_OPS]	= { .type = NLA_BINARY,
    183				    .len = sizeof(struct sock_filter) * BPF_MAXINSNS },
    184};
    185
    186static int tcf_bpf_init_from_ops(struct nlattr **tb, struct tcf_bpf_cfg *cfg)
    187{
    188	struct sock_filter *bpf_ops;
    189	struct sock_fprog_kern fprog_tmp;
    190	struct bpf_prog *fp;
    191	u16 bpf_size, bpf_num_ops;
    192	int ret;
    193
    194	bpf_num_ops = nla_get_u16(tb[TCA_ACT_BPF_OPS_LEN]);
    195	if (bpf_num_ops	> BPF_MAXINSNS || bpf_num_ops == 0)
    196		return -EINVAL;
    197
    198	bpf_size = bpf_num_ops * sizeof(*bpf_ops);
    199	if (bpf_size != nla_len(tb[TCA_ACT_BPF_OPS]))
    200		return -EINVAL;
    201
    202	bpf_ops = kmemdup(nla_data(tb[TCA_ACT_BPF_OPS]), bpf_size, GFP_KERNEL);
    203	if (bpf_ops == NULL)
    204		return -ENOMEM;
    205
    206	fprog_tmp.len = bpf_num_ops;
    207	fprog_tmp.filter = bpf_ops;
    208
    209	ret = bpf_prog_create(&fp, &fprog_tmp);
    210	if (ret < 0) {
    211		kfree(bpf_ops);
    212		return ret;
    213	}
    214
    215	cfg->bpf_ops = bpf_ops;
    216	cfg->bpf_num_ops = bpf_num_ops;
    217	cfg->filter = fp;
    218	cfg->is_ebpf = false;
    219
    220	return 0;
    221}
    222
    223static int tcf_bpf_init_from_efd(struct nlattr **tb, struct tcf_bpf_cfg *cfg)
    224{
    225	struct bpf_prog *fp;
    226	char *name = NULL;
    227	u32 bpf_fd;
    228
    229	bpf_fd = nla_get_u32(tb[TCA_ACT_BPF_FD]);
    230
    231	fp = bpf_prog_get_type(bpf_fd, BPF_PROG_TYPE_SCHED_ACT);
    232	if (IS_ERR(fp))
    233		return PTR_ERR(fp);
    234
    235	if (tb[TCA_ACT_BPF_NAME]) {
    236		name = nla_memdup(tb[TCA_ACT_BPF_NAME], GFP_KERNEL);
    237		if (!name) {
    238			bpf_prog_put(fp);
    239			return -ENOMEM;
    240		}
    241	}
    242
    243	cfg->bpf_name = name;
    244	cfg->filter = fp;
    245	cfg->is_ebpf = true;
    246
    247	return 0;
    248}
    249
    250static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg)
    251{
    252	struct bpf_prog *filter = cfg->filter;
    253
    254	if (filter) {
    255		if (cfg->is_ebpf)
    256			bpf_prog_put(filter);
    257		else
    258			bpf_prog_destroy(filter);
    259	}
    260
    261	kfree(cfg->bpf_ops);
    262	kfree(cfg->bpf_name);
    263}
    264
    265static void tcf_bpf_prog_fill_cfg(const struct tcf_bpf *prog,
    266				  struct tcf_bpf_cfg *cfg)
    267{
    268	cfg->is_ebpf = tcf_bpf_is_ebpf(prog);
    269	/* updates to prog->filter are prevented, since it's called either
    270	 * with tcf lock or during final cleanup in rcu callback
    271	 */
    272	cfg->filter = rcu_dereference_protected(prog->filter, 1);
    273
    274	cfg->bpf_ops = prog->bpf_ops;
    275	cfg->bpf_name = prog->bpf_name;
    276}
    277
    278static int tcf_bpf_init(struct net *net, struct nlattr *nla,
    279			struct nlattr *est, struct tc_action **act,
    280			struct tcf_proto *tp, u32 flags,
    281			struct netlink_ext_ack *extack)
    282{
    283	struct tc_action_net *tn = net_generic(net, bpf_net_id);
    284	bool bind = flags & TCA_ACT_FLAGS_BIND;
    285	struct nlattr *tb[TCA_ACT_BPF_MAX + 1];
    286	struct tcf_chain *goto_ch = NULL;
    287	struct tcf_bpf_cfg cfg, old;
    288	struct tc_act_bpf *parm;
    289	struct tcf_bpf *prog;
    290	bool is_bpf, is_ebpf;
    291	int ret, res = 0;
    292	u32 index;
    293
    294	if (!nla)
    295		return -EINVAL;
    296
    297	ret = nla_parse_nested_deprecated(tb, TCA_ACT_BPF_MAX, nla,
    298					  act_bpf_policy, NULL);
    299	if (ret < 0)
    300		return ret;
    301
    302	if (!tb[TCA_ACT_BPF_PARMS])
    303		return -EINVAL;
    304
    305	parm = nla_data(tb[TCA_ACT_BPF_PARMS]);
    306	index = parm->index;
    307	ret = tcf_idr_check_alloc(tn, &index, act, bind);
    308	if (!ret) {
    309		ret = tcf_idr_create(tn, index, est, act,
    310				     &act_bpf_ops, bind, true, flags);
    311		if (ret < 0) {
    312			tcf_idr_cleanup(tn, index);
    313			return ret;
    314		}
    315
    316		res = ACT_P_CREATED;
    317	} else if (ret > 0) {
    318		/* Don't override defaults. */
    319		if (bind)
    320			return 0;
    321
    322		if (!(flags & TCA_ACT_FLAGS_REPLACE)) {
    323			tcf_idr_release(*act, bind);
    324			return -EEXIST;
    325		}
    326	} else {
    327		return ret;
    328	}
    329
    330	ret = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack);
    331	if (ret < 0)
    332		goto release_idr;
    333
    334	is_bpf = tb[TCA_ACT_BPF_OPS_LEN] && tb[TCA_ACT_BPF_OPS];
    335	is_ebpf = tb[TCA_ACT_BPF_FD];
    336
    337	if ((!is_bpf && !is_ebpf) || (is_bpf && is_ebpf)) {
    338		ret = -EINVAL;
    339		goto put_chain;
    340	}
    341
    342	memset(&cfg, 0, sizeof(cfg));
    343
    344	ret = is_bpf ? tcf_bpf_init_from_ops(tb, &cfg) :
    345		       tcf_bpf_init_from_efd(tb, &cfg);
    346	if (ret < 0)
    347		goto put_chain;
    348
    349	prog = to_bpf(*act);
    350
    351	spin_lock_bh(&prog->tcf_lock);
    352	if (res != ACT_P_CREATED)
    353		tcf_bpf_prog_fill_cfg(prog, &old);
    354
    355	prog->bpf_ops = cfg.bpf_ops;
    356	prog->bpf_name = cfg.bpf_name;
    357
    358	if (cfg.bpf_num_ops)
    359		prog->bpf_num_ops = cfg.bpf_num_ops;
    360
    361	goto_ch = tcf_action_set_ctrlact(*act, parm->action, goto_ch);
    362	rcu_assign_pointer(prog->filter, cfg.filter);
    363	spin_unlock_bh(&prog->tcf_lock);
    364
    365	if (goto_ch)
    366		tcf_chain_put_by_act(goto_ch);
    367
    368	if (res != ACT_P_CREATED) {
    369		/* make sure the program being replaced is no longer executing */
    370		synchronize_rcu();
    371		tcf_bpf_cfg_cleanup(&old);
    372	}
    373
    374	return res;
    375
    376put_chain:
    377	if (goto_ch)
    378		tcf_chain_put_by_act(goto_ch);
    379
    380release_idr:
    381	tcf_idr_release(*act, bind);
    382	return ret;
    383}
    384
    385static void tcf_bpf_cleanup(struct tc_action *act)
    386{
    387	struct tcf_bpf_cfg tmp;
    388
    389	tcf_bpf_prog_fill_cfg(to_bpf(act), &tmp);
    390	tcf_bpf_cfg_cleanup(&tmp);
    391}
    392
    393static int tcf_bpf_walker(struct net *net, struct sk_buff *skb,
    394			  struct netlink_callback *cb, int type,
    395			  const struct tc_action_ops *ops,
    396			  struct netlink_ext_ack *extack)
    397{
    398	struct tc_action_net *tn = net_generic(net, bpf_net_id);
    399
    400	return tcf_generic_walker(tn, skb, cb, type, ops, extack);
    401}
    402
    403static int tcf_bpf_search(struct net *net, struct tc_action **a, u32 index)
    404{
    405	struct tc_action_net *tn = net_generic(net, bpf_net_id);
    406
    407	return tcf_idr_search(tn, a, index);
    408}
    409
    410static struct tc_action_ops act_bpf_ops __read_mostly = {
    411	.kind		=	"bpf",
    412	.id		=	TCA_ID_BPF,
    413	.owner		=	THIS_MODULE,
    414	.act		=	tcf_bpf_act,
    415	.dump		=	tcf_bpf_dump,
    416	.cleanup	=	tcf_bpf_cleanup,
    417	.init		=	tcf_bpf_init,
    418	.walk		=	tcf_bpf_walker,
    419	.lookup		=	tcf_bpf_search,
    420	.size		=	sizeof(struct tcf_bpf),
    421};
    422
    423static __net_init int bpf_init_net(struct net *net)
    424{
    425	struct tc_action_net *tn = net_generic(net, bpf_net_id);
    426
    427	return tc_action_net_init(net, tn, &act_bpf_ops);
    428}
    429
    430static void __net_exit bpf_exit_net(struct list_head *net_list)
    431{
    432	tc_action_net_exit(net_list, bpf_net_id);
    433}
    434
    435static struct pernet_operations bpf_net_ops = {
    436	.init = bpf_init_net,
    437	.exit_batch = bpf_exit_net,
    438	.id   = &bpf_net_id,
    439	.size = sizeof(struct tc_action_net),
    440};
    441
    442static int __init bpf_init_module(void)
    443{
    444	return tcf_register_action(&act_bpf_ops, &bpf_net_ops);
    445}
    446
    447static void __exit bpf_cleanup_module(void)
    448{
    449	tcf_unregister_action(&act_bpf_ops, &bpf_net_ops);
    450}
    451
    452module_init(bpf_init_module);
    453module_exit(bpf_cleanup_module);
    454
    455MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>");
    456MODULE_DESCRIPTION("TC BPF based action");
    457MODULE_LICENSE("GPL v2");