From: Jason Wang <jasowang@xxxxxxxxxx> Background: This change was initiated from virtio_net XDP offload work. As per the implementation plan, a copy of original program with map fds from guest replaced with map fds from host needs to be offloaded to the host. To implement this fd replacement, insn_hook() must provide an insn with map fd intact. bpf_map and driver specific map data can be derived from map_fd. Since verifier calls all the offload callbacks after replacing map fds, it was difficult to implement virtio_net XDP offload feature. If virtio_net gets only one callback with original bpf program, it will get a chance to perform the fd replacement in its own copy of the program. Solution: Let's introduce a setup() callback in bpf_prog_offload_ops. It will be non mandetory. The verifier will call it just before replacing the map fds. Signed-off-by: Jason Wang <jasowang@xxxxxxxxxx> Signed-off-by: Prashant Bhole <prashantbhole.linux@xxxxxxxxx> --- include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + kernel/bpf/offload.c | 14 ++++++++++++++ kernel/bpf/verifier.c | 6 ++++++ 4 files changed, 22 insertions(+) diff --git a/include/linux/bpf.h b/include/linux/bpf.h index 35903f148be5..1cdba120357c 100644 --- a/include/linux/bpf.h +++ b/include/linux/bpf.h @@ -361,6 +361,7 @@ struct bpf_prog_offload_ops { struct bpf_insn *insn); int (*remove_insns)(struct bpf_verifier_env *env, u32 off, u32 cnt); /* program management callbacks */ + int (*setup)(struct bpf_prog *prog); int (*prepare)(struct bpf_prog *prog); int (*translate)(struct bpf_prog *prog); void (*destroy)(struct bpf_prog *prog); diff --git a/include/linux/bpf_verifier.h b/include/linux/bpf_verifier.h index 26e40de9ef55..de7028e17c0d 100644 --- a/include/linux/bpf_verifier.h +++ b/include/linux/bpf_verifier.h @@ -418,6 +418,7 @@ static inline struct bpf_reg_state *cur_regs(struct bpf_verifier_env *env) return cur_func(env)->regs; } +int bpf_prog_offload_verifier_setup(struct bpf_prog *prog); int bpf_prog_offload_verifier_prep(struct bpf_prog *prog); int bpf_prog_offload_verify_insn(struct bpf_verifier_env *env, int insn_idx, int prev_insn_idx); diff --git a/kernel/bpf/offload.c b/kernel/bpf/offload.c index 5b9da0954a27..04ca7a31d947 100644 --- a/kernel/bpf/offload.c +++ b/kernel/bpf/offload.c @@ -124,6 +124,20 @@ int bpf_prog_offload_init(struct bpf_prog *prog, union bpf_attr *attr) return err; } +int bpf_prog_offload_verifier_setup(struct bpf_prog *prog) +{ + struct bpf_prog_offload *offload; + int ret = 0; + + down_read(&bpf_devs_lock); + offload = prog->aux->offload; + if (offload && offload->offdev->ops->setup) + ret = offload->offdev->ops->setup(prog); + up_read(&bpf_devs_lock); + + return ret; +} + int bpf_prog_offload_verifier_prep(struct bpf_prog *prog) { struct bpf_prog_offload *offload; diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a0482e1c4a77..94b43542439e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -9737,6 +9737,12 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, env->allow_ptr_leaks = is_priv; + if (bpf_prog_is_dev_bound(env->prog->aux)) { + ret = bpf_prog_offload_verifier_setup(env->prog); + if (ret) + goto skip_full_check; + } + if (is_priv) env->test_state_freq = attr->prog_flags & BPF_F_TEST_STATE_FREQ; -- 2.20.1