Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
MIME-Version: 1.0
From:   Kees Cook <keescook@chromium.org>
Date:   Wed, 6 Jun 2018 22:15:04 -0700
Message-ID: <CAGXu5jJq774LZY1xUCKxG3Z4MkJ_JBJP7veB5gUCy4meb_PtSA@mail.gmail.com>
Subject: Re: nfp: bpf: perf event output helpers support
To:     Jakub Kicinski <jakub.kicinski@netronome.com>,
        Quentin Monnet <quentin.monnet@netronome.com>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Network Development <netdev@vger.kernel.org>
Cc:     LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

>     nfp: bpf: perf event output helpers support
>
>     Add support for the perf_event_output family of helpers.
>
>     The implementation on the NFP will not match the host code exactly.
>     The state of the host map and rings is unknown to the device, hence
>     device can't return errors when rings are not installed.  The device
>     simply packs the data into a firmware notification message and sends
>     it over to the host, returning success to the program.
>
>     There is no notion of a host CPU on the device when packets are being
>     processed.  Device will only offload programs which set BPF_F_CURRENT_CPU.
>     Still, if map index doesn't match CPU no error will be returned (see
>     above).
>
>     Dropped/lost firmware notification messages will not cause "lost
>     events" event on the perf ring, they are only visible via device
>     error counters.
>
>     Firmware notification messages may also get reordered in respect
>     to the packets which caused their generation.
>
>     Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
>     Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
>     Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>
> diff --git a/drivers/net/ethernet/netronome/nfp/bpf/offload.c b/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> index e3ead906cc60..4db0ac1e42a8 100644
> --- a/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> +++ b/drivers/net/ethernet/netronome/nfp/bpf/offload.c
> @@ -441,6 +441,53 @@ int nfp_ndo_bpf(struct nfp_app *app, struct nfp_net *nn, struct netdev_bpf *bpf)
>         }
>  }
>
> +static unsigned long
> +nfp_bpf_perf_event_copy(void *dst, const void *src,
> +                       unsigned long off, unsigned long len)
> +{
> +       memcpy(dst, src + off, len);
> +       return 0;
> +}
> +
> +int nfp_bpf_event_output(struct nfp_app_bpf *bpf, struct sk_buff *skb)
> +{
> +       struct cmsg_bpf_event *cbe = (void *)skb->data;
> +       u32 pkt_size, data_size;
> +       struct bpf_map *map;
> +
> +       if (skb->len < sizeof(struct cmsg_bpf_event))
> +               goto err_drop;
> +
> +       pkt_size = be32_to_cpu(cbe->pkt_size);
> +       data_size = be32_to_cpu(cbe->data_size);
> +       map = (void *)(unsigned long)be64_to_cpu(cbe->map_ptr);
> +
> +       if (skb->len < sizeof(struct cmsg_bpf_event) + pkt_size + data_size)
> +               goto err_drop;
> +       if (cbe->hdr.ver != CMSG_MAP_ABI_VERSION)
> +               goto err_drop;
> +
> +       rcu_read_lock();
> +       if (!rhashtable_lookup_fast(&bpf->maps_neutral, &map,
> +                                   nfp_bpf_maps_neutral_params)) {
> +               rcu_read_unlock();
> +               pr_warn("perf event: dest map pointer %px not recognized, dropping event\n",
> +                       map);

Please don't use %px on kernel pointers unless you absolutely have
to[1]. It seems like this value wouldn't be actionable here, so likely
it's best to just remove its use entirely.

-Kees

[1] https://www.spinics.net/lists/kernel/msg2671068.html

-- 
Kees Cook
Pixel Security