From: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
This adds for executing multiple XDP programs on a single interface using
the chain call map type introduced in the previous commits. The logic is
added as an extension of bpf_prog_run_xdp() which will loop through the
call sequence specified by the chain call map installed on the current
interface. The overhead when no chain map is installed is only a single
pointer dereference.
The total call sequence length is limited to 32 programs, and the call
sequence will be aborted and XDP_ABORTED returned if it is exceeded.
Likewise, if a program in the sequence returns XDP_ABORTED, the whole
sequence will be aborted immediately, on the assumption that this is a
fault somewhere in the system.
Signed-off-by: Toke Høiland-Jørgensen <toke@xxxxxxxxxx>
---
include/linux/filter.h | 26 +++++++++++++++++++++++++-
1 file changed, 25 insertions(+), 1 deletion(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index 2ce57645f3cd..8a79ddd4f7b5 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -693,6 +693,7 @@ static inline u32 bpf_prog_run_clear_cb(const struct bpf_prog *prog,
return res;
}
+#define BPF_XDP_MAX_CHAIN_CALLS 32
static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
struct xdp_buff *xdp)
{
@@ -702,7 +703,30 @@ static __always_inline u32 bpf_prog_run_xdp(const struct bpf_prog *prog,
* already takes rcu_read_lock() when fetching the program, so
* it's not necessary here anymore.
*/
- return BPF_PROG_RUN(prog, xdp);
+
+ int i = BPF_XDP_MAX_CHAIN_CALLS;
+ struct bpf_map *chain_map;
+ u32 ret;
+
+ chain_map = rcu_dereference(xdp->rxq->dev->xdp_chain_map);
+ if (!chain_map)
+ return BPF_PROG_RUN(prog, xdp);
+
+ do {
+ if (!--i) {
+ ret = XDP_ABORTED;
+ goto out;
+ }
+
+ ret = BPF_PROG_RUN(prog, xdp);
+ if (ret == XDP_ABORTED)
+ goto out;
+
+ prog = bpf_xdp_chain_map_get_prog(chain_map, prog->aux->id, ret);
+ } while(prog);
+
+out:
+ return ret;
}
static inline u32 bpf_prog_insn_size(const struct bpf_prog *prog)
