From patchwork Tue Nov 29 04:38:47 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 700303 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3tSW5y1Rynz9tlW for ; Tue, 29 Nov 2016 15:39:02 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=cumulusnetworks.com header.i=@cumulusnetworks.com header.b="K6AnhMbV"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932469AbcK2EjB (ORCPT ); Mon, 28 Nov 2016 23:39:01 -0500 Received: from mail-pg0-f49.google.com ([74.125.83.49]:34226 "EHLO mail-pg0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752592AbcK2Ei4 (ORCPT ); Mon, 28 Nov 2016 23:38:56 -0500 Received: by mail-pg0-f49.google.com with SMTP id x23so64856826pgx.1 for ; Mon, 28 Nov 2016 20:38:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cumulusnetworks.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QfBw5fmIztSXWTY8RIwMveYnhYTXJ/LF8y6nxzYXlM8=; b=K6AnhMbV85qVKzyXscZfjUcLXPAZZ6ebOW7aEgBwmWCbmC9IjzFkxE09aPPFxrftjO lVUN4z8BFgcqFHYumC71C+TIxc63ZGjJ3Xny/ORAorQ/KzdQBId8VqUyxEmLoA01SKYN Eve/bKyIDew0q3iUSyL3Iuo0Ivcaf4lMY6o+o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QfBw5fmIztSXWTY8RIwMveYnhYTXJ/LF8y6nxzYXlM8=; b=GBkiYaXbITsftcNDD6yzxqHz8wZfhf2OSlrzQg9EwSxnUiB7ukoWrGlC7L9zu5l5rh 8QBmhsoxZOlhQ1lZlqhRz9dxbEgIRWx/tgNLp2ktmVYBl/EastO5mateDTWb+iR/LCBo aXhgG22iW6Zsq3mhDOIjxO1YWyG00arx30u1a7GJlgTqqyf7h8qh4CQEvCO4lRIvw4rB 3IiIFBU+Y9u4PYjA++5rgVAcLU2fEA9VCZaMbgoDHVVl9WciU3RRybGuAjJmf15q6fRp 3d+5XXCAimwidVTF8v1N2b+GikhVHtkqZscoBYB7mJ3tLVt4Y8/YcyNhd0NWlpwQUj+M 4kHA== X-Gm-Message-State: AKaTC02Pk0g7UKweqGuvDiT3sgrTl0t1jJx9ySmjEIhohQFCRfDHHpZV0mS29TiUQ3Gh0VyZ X-Received: by 10.99.204.81 with SMTP id q17mr46617361pgi.168.1480394335753; Mon, 28 Nov 2016 20:38:55 -0800 (PST) Received: from kenny.cumulusnetworks.com. ([216.129.126.126]) by smtp.googlemail.com with ESMTPSA id d197sm87533802pfd.38.2016.11.28.20.38.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 28 Nov 2016 20:38:55 -0800 (PST) From: David Ahern To: netdev@vger.kernel.org Cc: daniel@zonque.org, ast@fb.com, daniel@iogearbox.net, maheshb@google.com, tgraf@suug.ch, David Ahern Subject: [PATCH net-next v4 1/3] bpf: Refactor cgroups code in prep for new type Date: Mon, 28 Nov 2016 20:38:47 -0800 Message-Id: <1480394329-24847-2-git-send-email-dsa@cumulusnetworks.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1480394329-24847-1-git-send-email-dsa@cumulusnetworks.com> References: <1480394329-24847-1-git-send-email-dsa@cumulusnetworks.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Code move and rename only; no functional change intended. Signed-off-by: David Ahern --- v4 - dropped refactor of __cgroup_bpf_run_filter and renamed it to __cgroup_bpf_run_filter_skb v3 - dropped the rename v2 - fix bpf_prog_run_clear_cb to bpf_prog_run_save_cb as caught by Daniel - rename BPF_PROG_TYPE_CGROUP_SKB and its cg_skb functions to BPF_PROG_TYPE_CGROUP and cgroup include/linux/bpf-cgroup.h | 46 +++++++++++++++++++++++----------------------- kernel/bpf/cgroup.c | 10 +++++----- kernel/bpf/syscall.c | 28 +++++++++++++++------------- 3 files changed, 43 insertions(+), 41 deletions(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index ec80d0c0953e..7f0fc635b13e 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -37,31 +37,31 @@ void cgroup_bpf_update(struct cgroup *cgrp, struct bpf_prog *prog, enum bpf_attach_type type); -int __cgroup_bpf_run_filter(struct sock *sk, - struct sk_buff *skb, - enum bpf_attach_type type); - -/* Wrappers for __cgroup_bpf_run_filter() guarded by cgroup_bpf_enabled. */ -#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) \ -({ \ - int __ret = 0; \ - if (cgroup_bpf_enabled) \ - __ret = __cgroup_bpf_run_filter(sk, skb, \ - BPF_CGROUP_INET_INGRESS); \ - \ - __ret; \ +int __cgroup_bpf_run_filter_skb(struct sock *sk, + struct sk_buff *skb, + enum bpf_attach_type type); + +/* Wrappers for __cgroup_bpf_run_filter_skb() guarded by cgroup_bpf_enabled. */ +#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk, skb) \ +({ \ + int __ret = 0; \ + if (cgroup_bpf_enabled) \ + __ret = __cgroup_bpf_run_filter_skb(sk, skb, \ + BPF_CGROUP_INET_INGRESS); \ + \ + __ret; \ }) -#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) \ -({ \ - int __ret = 0; \ - if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ - typeof(sk) __sk = sk_to_full_sk(sk); \ - if (sk_fullsock(__sk)) \ - __ret = __cgroup_bpf_run_filter(__sk, skb, \ - BPF_CGROUP_INET_EGRESS); \ - } \ - __ret; \ +#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk, skb) \ +({ \ + int __ret = 0; \ + if (cgroup_bpf_enabled && sk && sk == skb->sk) { \ + typeof(sk) __sk = sk_to_full_sk(sk); \ + if (sk_fullsock(__sk)) \ + __ret = __cgroup_bpf_run_filter_skb(__sk, skb, \ + BPF_CGROUP_INET_EGRESS); \ + } \ + __ret; \ }) #else diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index a0ab43f264b0..19892973a78a 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -118,7 +118,7 @@ void __cgroup_bpf_update(struct cgroup *cgrp, } /** - * __cgroup_bpf_run_filter() - Run a program for packet filtering + * __cgroup_bpf_run_filter_skb() - Run a program for packet filtering * @sk: The socken sending or receiving traffic * @skb: The skb that is being sent or received * @type: The type of program to be exectuted @@ -132,9 +132,9 @@ void __cgroup_bpf_update(struct cgroup *cgrp, * This function will return %-EPERM if any if an attached program was found * and if it returned != 1 during execution. In all other cases, 0 is returned. */ -int __cgroup_bpf_run_filter(struct sock *sk, - struct sk_buff *skb, - enum bpf_attach_type type) +int __cgroup_bpf_run_filter_skb(struct sock *sk, + struct sk_buff *skb, + enum bpf_attach_type type) { struct bpf_prog *prog; struct cgroup *cgrp; @@ -164,4 +164,4 @@ int __cgroup_bpf_run_filter(struct sock *sk, return ret; } -EXPORT_SYMBOL(__cgroup_bpf_run_filter); +EXPORT_SYMBOL(__cgroup_bpf_run_filter_skb); diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c index 4caa18e6860a..5518a6839ab1 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -856,6 +856,7 @@ static int bpf_prog_attach(const union bpf_attr *attr) { struct bpf_prog *prog; struct cgroup *cgrp; + enum bpf_prog_type ptype; if (!capable(CAP_NET_ADMIN)) return -EPERM; @@ -866,25 +867,26 @@ static int bpf_prog_attach(const union bpf_attr *attr) switch (attr->attach_type) { case BPF_CGROUP_INET_INGRESS: case BPF_CGROUP_INET_EGRESS: - prog = bpf_prog_get_type(attr->attach_bpf_fd, - BPF_PROG_TYPE_CGROUP_SKB); - if (IS_ERR(prog)) - return PTR_ERR(prog); - - cgrp = cgroup_get_from_fd(attr->target_fd); - if (IS_ERR(cgrp)) { - bpf_prog_put(prog); - return PTR_ERR(cgrp); - } - - cgroup_bpf_update(cgrp, prog, attr->attach_type); - cgroup_put(cgrp); + ptype = BPF_PROG_TYPE_CGROUP_SKB; break; default: return -EINVAL; } + prog = bpf_prog_get_type(attr->attach_bpf_fd, ptype); + if (IS_ERR(prog)) + return PTR_ERR(prog); + + cgrp = cgroup_get_from_fd(attr->target_fd); + if (IS_ERR(cgrp)) { + bpf_prog_put(prog); + return PTR_ERR(cgrp); + } + + cgroup_bpf_update(cgrp, prog, attr->attach_type); + cgroup_put(cgrp); + return 0; }