hulk inclusion category: featrue bugzilla: https://atomgit.com/openeuler/kernel/issues/8480 -------------------------------- Add bpf_xdp_set_ingress/egress_dev kfunc to set network device to ingress or egress skb. Signed-off-by: Pu Lehui <pulehui@huawei.com> --- kernel/bpf/verifier.c | 13 ++++++++++++- net/core/filter.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 67ff1bcfb277..f028f5650323 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -10813,6 +10813,8 @@ enum special_kfunc_type { KF_bpf_dynptr_clone, #ifdef CONFIG_HISOCK KF_bpf_set_ingress_dst, + KF_bpf_set_ingress_dev, + KF_bpf_set_egress_dev, #endif }; @@ -10836,6 +10838,8 @@ BTF_ID(func, bpf_dynptr_slice_rdwr) BTF_ID(func, bpf_dynptr_clone) #ifdef CONFIG_HISOCK BTF_ID(func, bpf_set_ingress_dst) +BTF_ID(func, bpf_set_ingress_dev) +BTF_ID(func, bpf_set_egress_dev) #endif BTF_SET_END(special_kfunc_set) @@ -10861,6 +10865,8 @@ BTF_ID(func, bpf_dynptr_slice_rdwr) BTF_ID(func, bpf_dynptr_clone) #ifdef CONFIG_HISOCK BTF_ID(func, bpf_set_ingress_dst) +BTF_ID(func, bpf_set_ingress_dev) +BTF_ID(func, bpf_set_egress_dev) #endif static bool is_kfunc_ret_null(struct bpf_kfunc_call_arg_meta *meta) @@ -11841,9 +11847,14 @@ static int fetch_kfunc_meta(struct bpf_verifier_env *env, static int check_atype_kfunc_compatibility(struct bpf_verifier_env *env, u32 func_id) { #ifdef CONFIG_HISOCK - if (func_id == special_kfunc_list[KF_bpf_set_ingress_dst] && + if ((func_id == special_kfunc_list[KF_bpf_set_ingress_dst] || + func_id == special_kfunc_list[KF_bpf_set_ingress_dev]) && env->prog->expected_attach_type != BPF_HISOCK_INGRESS) return -EACCES; + + if (func_id == special_kfunc_list[KF_bpf_set_egress_dev] && + env->prog->expected_attach_type != BPF_HISOCK_EGRESS) + return -EACCES; #endif return 0; } diff --git a/net/core/filter.c b/net/core/filter.c index ff0ec4621cc0..442025f7841f 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -12242,6 +12242,34 @@ __bpf_kfunc int bpf_skb_change_dev(struct __sk_buff *skb_ctx, u32 ifindex) skb->dev = dev; return 0; } + +__bpf_kfunc int +bpf_set_ingress_dev(struct __sk_buff *skb_ctx, unsigned long _dev) +{ + struct net_device *dev = (struct net_device *)_dev; + struct sk_buff *skb = (struct sk_buff *)skb_ctx; + + if (!dev || !virt_addr_valid(dev)) + return -EFAULT; + + skb->dev = dev; + skb->skb_iif = dev->ifindex; + skb->pkt_type = PACKET_HOST; + return 0; +} + +__bpf_kfunc int +bpf_set_egress_dev(struct __sk_buff *skb_ctx, unsigned long _dev) +{ + struct net_device *dev = (struct net_device *)_dev; + struct sk_buff *skb = (struct sk_buff *)skb_ctx; + + if (!dev || !virt_addr_valid(dev)) + return -EFAULT; + + skb->dev = dev; + return 0; +} #endif __diag_pop(); @@ -12282,6 +12310,8 @@ BTF_SET8_END(bpf_kfunc_check_set_sock_ops) BTF_SET8_START(bpf_kfunc_check_set_hisock) BTF_ID_FLAGS(func, bpf_set_ingress_dst) +BTF_ID_FLAGS(func, bpf_set_ingress_dev) +BTF_ID_FLAGS(func, bpf_set_egress_dev) BTF_ID_FLAGS(func, bpf_skb_change_dev) BTF_SET8_END(bpf_kfunc_check_set_hisock) #endif -- 2.34.1