Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
awilliam
GitHub Repository: awilliam/linux-vfio
 Path: blob/master/net/sched/ematch.c
15109 views
1
/*

2
 * net/sched/ematch.c		Extended Match API

3
 *

4
 *		This program is free software; you can redistribute it and/or

5
 *		modify it under the terms of the GNU General Public License

6
 *		as published by the Free Software Foundation; either version

7
 *		2 of the License, or (at your option) any later version.

8
 *

9
 * Authors:	Thomas Graf <[email protected]>

10
 *

11
 * ==========================================================================

12
 *

13
 * An extended match (ematch) is a small classification tool not worth

14
 * writing a full classifier for. Ematches can be interconnected to form

15
 * a logic expression and get attached to classifiers to extend their

16
 * functionatlity.

17
 *

18
 * The userspace part transforms the logic expressions into an array

19
 * consisting of multiple sequences of interconnected ematches separated

20
 * by markers. Precedence is implemented by a special ematch kind

21
 * referencing a sequence beyond the marker of the current sequence

22
 * causing the current position in the sequence to be pushed onto a stack

23
 * to allow the current position to be overwritten by the position referenced

24
 * in the special ematch. Matching continues in the new sequence until a

25
 * marker is reached causing the position to be restored from the stack.

26
 *

27
 * Example:

28
 *          A AND (B1 OR B2) AND C AND D

29
 *

30
 *              ------->-PUSH-------

31
 *    -->--    /         -->--      \   -->--

32
 *   /     \  /         /     \      \ /     \

33
 * +-------+-------+-------+-------+-------+--------+

34
 * | A AND | B AND | C AND | D END | B1 OR | B2 END |

35
 * +-------+-------+-------+-------+-------+--------+

36
 *                    \                      /

37
 *                     --------<-POP---------

38
 *

39
 * where B is a virtual ematch referencing to sequence starting with B1.

40
 *

41
 * ==========================================================================

42
 *

43
 * How to write an ematch in 60 seconds

44
 * ------------------------------------

45
 *

46
 *   1) Provide a matcher function:

47
 *      static int my_match(struct sk_buff *skb, struct tcf_ematch *m,

48
 *                          struct tcf_pkt_info *info)

49
 *      {

50
 *      	struct mydata *d = (struct mydata *) m->data;

51
 *

52
 *      	if (...matching goes here...)

53
 *      		return 1;

54
 *      	else

55
 *      		return 0;

56
 *      }

57
 *

58
 *   2) Fill out a struct tcf_ematch_ops:

59
 *      static struct tcf_ematch_ops my_ops = {

60
 *      	.kind = unique id,

61
 *      	.datalen = sizeof(struct mydata),

62
 *      	.match = my_match,

63
 *      	.owner = THIS_MODULE,

64
 *      };

65
 *

66
 *   3) Register/Unregister your ematch:

67
 *      static int __init init_my_ematch(void)

68
 *      {

69
 *      	return tcf_em_register(&my_ops);

70
 *      }

71
 *

72
 *      static void __exit exit_my_ematch(void)

73
 *      {

74
 *      	tcf_em_unregister(&my_ops);

75
 *      }

76
 *

77
 *      module_init(init_my_ematch);

78
 *      module_exit(exit_my_ematch);

79
 *

80
 *   4) By now you should have two more seconds left, barely enough to

81
 *      open up a beer to watch the compilation going.

82
 */

83


84
#include <linux/module.h>

85
#include <linux/slab.h>

86
#include <linux/types.h>

87
#include <linux/kernel.h>

88
#include <linux/errno.h>

89
#include <linux/rtnetlink.h>

90
#include <linux/skbuff.h>

91
#include <net/pkt_cls.h>

92


93
static LIST_HEAD(ematch_ops);

94
static DEFINE_RWLOCK(ematch_mod_lock);

95


96
static struct tcf_ematch_ops *tcf_em_lookup(u16 kind)

97
{

98
	struct tcf_ematch_ops *e = NULL;

99


100
	read_lock(&ematch_mod_lock);

101
	list_for_each_entry(e, &ematch_ops, link) {

102
		if (kind == e->kind) {

103
			if (!try_module_get(e->owner))

104
				e = NULL;

105
			read_unlock(&ematch_mod_lock);

106
			return e;

107
		}

108
	}

109
	read_unlock(&ematch_mod_lock);

110


111
	return NULL;

112
}

113


114
/**

115
 * tcf_em_register - register an extended match

116
 *

117
 * @ops: ematch operations lookup table

118
 *

119
 * This function must be called by ematches to announce their presence.

120
 * The given @ops must have kind set to a unique identifier and the

121
 * callback match() must be implemented. All other callbacks are optional

122
 * and a fallback implementation is used instead.

123
 *

124
 * Returns -EEXISTS if an ematch of the same kind has already registered.

125
 */

126
int tcf_em_register(struct tcf_ematch_ops *ops)

127
{

128
	int err = -EEXIST;

129
	struct tcf_ematch_ops *e;

130


131
	if (ops->match == NULL)

132
		return -EINVAL;

133


134
	write_lock(&ematch_mod_lock);

135
	list_for_each_entry(e, &ematch_ops, link)

136
		if (ops->kind == e->kind)

137
			goto errout;

138


139
	list_add_tail(&ops->link, &ematch_ops);

140
	err = 0;

141
errout:

142
	write_unlock(&ematch_mod_lock);

143
	return err;

144
}

145
EXPORT_SYMBOL(tcf_em_register);

146


147
/**

148
 * tcf_em_unregister - unregster and extended match

149
 *

150
 * @ops: ematch operations lookup table

151
 *

152
 * This function must be called by ematches to announce their disappearance

153
 * for examples when the module gets unloaded. The @ops parameter must be

154
 * the same as the one used for registration.

155
 *

156
 * Returns -ENOENT if no matching ematch was found.

157
 */

158
void tcf_em_unregister(struct tcf_ematch_ops *ops)

159
{

160
	write_lock(&ematch_mod_lock);

161
	list_del(&ops->link);

162
	write_unlock(&ematch_mod_lock);

163
}

164
EXPORT_SYMBOL(tcf_em_unregister);

165


166
static inline struct tcf_ematch *tcf_em_get_match(struct tcf_ematch_tree *tree,

167
						  int index)

168
{

169
	return &tree->matches[index];

170
}

171


172


173
static int tcf_em_validate(struct tcf_proto *tp,

174
			   struct tcf_ematch_tree_hdr *tree_hdr,

175
			   struct tcf_ematch *em, struct nlattr *nla, int idx)

176
{

177
	int err = -EINVAL;

178
	struct tcf_ematch_hdr *em_hdr = nla_data(nla);

179
	int data_len = nla_len(nla) - sizeof(*em_hdr);

180
	void *data = (void *) em_hdr + sizeof(*em_hdr);

181


182
	if (!TCF_EM_REL_VALID(em_hdr->flags))

183
		goto errout;

184


185
	if (em_hdr->kind == TCF_EM_CONTAINER) {

186
		/* Special ematch called "container", carries an index

187
		 * referencing an external ematch sequence.

188
		 */

189
		u32 ref;

190


191
		if (data_len < sizeof(ref))

192
			goto errout;

193
		ref = *(u32 *) data;

194


195
		if (ref >= tree_hdr->nmatches)

196
			goto errout;

197


198
		/* We do not allow backward jumps to avoid loops and jumps

199
		 * to our own position are of course illegal.

200
		 */

201
		if (ref <= idx)

202
			goto errout;

203


204


205
		em->data = ref;

206
	} else {

207
		/* Note: This lookup will increase the module refcnt

208
		 * of the ematch module referenced. In case of a failure,

209
		 * a destroy function is called by the underlying layer

210
		 * which automatically releases the reference again, therefore

211
		 * the module MUST not be given back under any circumstances

212
		 * here. Be aware, the destroy function assumes that the

213
		 * module is held if the ops field is non zero.

214
		 */

215
		em->ops = tcf_em_lookup(em_hdr->kind);

216


217
		if (em->ops == NULL) {

218
			err = -ENOENT;

219
#ifdef CONFIG_MODULES

220
			__rtnl_unlock();

221
			request_module("ematch-kind-%u", em_hdr->kind);

222
			rtnl_lock();

223
			em->ops = tcf_em_lookup(em_hdr->kind);

224
			if (em->ops) {

225
				/* We dropped the RTNL mutex in order to

226
				 * perform the module load. Tell the caller

227
				 * to replay the request.

228
				 */

229
				module_put(em->ops->owner);

230
				err = -EAGAIN;

231
			}

232
#endif

233
			goto errout;

234
		}

235


236
		/* ematch module provides expected length of data, so we

237
		 * can do a basic sanity check.

238
		 */

239
		if (em->ops->datalen && data_len < em->ops->datalen)

240
			goto errout;

241


242
		if (em->ops->change) {

243
			err = em->ops->change(tp, data, data_len, em);

244
			if (err < 0)

245
				goto errout;

246
		} else if (data_len > 0) {

247
			/* ematch module doesn't provide an own change

248
			 * procedure and expects us to allocate and copy

249
			 * the ematch data.

250
			 *

251
			 * TCF_EM_SIMPLE may be specified stating that the

252
			 * data only consists of a u32 integer and the module

253
			 * does not expected a memory reference but rather

254
			 * the value carried.

255
			 */

256
			if (em_hdr->flags & TCF_EM_SIMPLE) {

257
				if (data_len < sizeof(u32))

258
					goto errout;

259
				em->data = *(u32 *) data;

260
			} else {

261
				void *v = kmemdup(data, data_len, GFP_KERNEL);

262
				if (v == NULL) {

263
					err = -ENOBUFS;

264
					goto errout;

265
				}

266
				em->data = (unsigned long) v;

267
			}

268
		}

269
	}

270


271
	em->matchid = em_hdr->matchid;

272
	em->flags = em_hdr->flags;

273
	em->datalen = data_len;

274


275
	err = 0;

276
errout:

277
	return err;

278
}

279


280
static const struct nla_policy em_policy[TCA_EMATCH_TREE_MAX + 1] = {

281
	[TCA_EMATCH_TREE_HDR]	= { .len = sizeof(struct tcf_ematch_tree_hdr) },

282
	[TCA_EMATCH_TREE_LIST]	= { .type = NLA_NESTED },

283
};

284


285
/**

286
 * tcf_em_tree_validate - validate ematch config TLV and build ematch tree

287
 *

288
 * @tp: classifier kind handle

289
 * @nla: ematch tree configuration TLV

290
 * @tree: destination ematch tree variable to store the resulting

291
 *        ematch tree.

292
 *

293
 * This function validates the given configuration TLV @nla and builds an

294
 * ematch tree in @tree. The resulting tree must later be copied into

295
 * the private classifier data using tcf_em_tree_change(). You MUST NOT

296
 * provide the ematch tree variable of the private classifier data directly,

297
 * the changes would not be locked properly.

298
 *

299
 * Returns a negative error code if the configuration TLV contains errors.

300
 */

301
int tcf_em_tree_validate(struct tcf_proto *tp, struct nlattr *nla,

302
			 struct tcf_ematch_tree *tree)

303
{

304
	int idx, list_len, matches_len, err;

305
	struct nlattr *tb[TCA_EMATCH_TREE_MAX + 1];

306
	struct nlattr *rt_match, *rt_hdr, *rt_list;

307
	struct tcf_ematch_tree_hdr *tree_hdr;

308
	struct tcf_ematch *em;

309


310
	memset(tree, 0, sizeof(*tree));

311
	if (!nla)

312
		return 0;

313


314
	err = nla_parse_nested(tb, TCA_EMATCH_TREE_MAX, nla, em_policy);

315
	if (err < 0)

316
		goto errout;

317


318
	err = -EINVAL;

319
	rt_hdr = tb[TCA_EMATCH_TREE_HDR];

320
	rt_list = tb[TCA_EMATCH_TREE_LIST];

321


322
	if (rt_hdr == NULL || rt_list == NULL)

323
		goto errout;

324


325
	tree_hdr = nla_data(rt_hdr);

326
	memcpy(&tree->hdr, tree_hdr, sizeof(*tree_hdr));

327


328
	rt_match = nla_data(rt_list);

329
	list_len = nla_len(rt_list);

330
	matches_len = tree_hdr->nmatches * sizeof(*em);

331


332
	tree->matches = kzalloc(matches_len, GFP_KERNEL);

333
	if (tree->matches == NULL)

334
		goto errout;

335


336
	/* We do not use nla_parse_nested here because the maximum

337
	 * number of attributes is unknown. This saves us the allocation

338
	 * for a tb buffer which would serve no purpose at all.

339
	 *

340
	 * The array of rt attributes is parsed in the order as they are

341
	 * provided, their type must be incremental from 1 to n. Even

342
	 * if it does not serve any real purpose, a failure of sticking

343
	 * to this policy will result in parsing failure.

344
	 */

345
	for (idx = 0; nla_ok(rt_match, list_len); idx++) {

346
		err = -EINVAL;

347


348
		if (rt_match->nla_type != (idx + 1))

349
			goto errout_abort;

350


351
		if (idx >= tree_hdr->nmatches)

352
			goto errout_abort;

353


354
		if (nla_len(rt_match) < sizeof(struct tcf_ematch_hdr))

355
			goto errout_abort;

356


357
		em = tcf_em_get_match(tree, idx);

358


359
		err = tcf_em_validate(tp, tree_hdr, em, rt_match, idx);

360
		if (err < 0)

361
			goto errout_abort;

362


363
		rt_match = nla_next(rt_match, &list_len);

364
	}

365


366
	/* Check if the number of matches provided by userspace actually

367
	 * complies with the array of matches. The number was used for

368
	 * the validation of references and a mismatch could lead to

369
	 * undefined references during the matching process.

370
	 */

371
	if (idx != tree_hdr->nmatches) {

372
		err = -EINVAL;

373
		goto errout_abort;

374
	}

375


376
	err = 0;

377
errout:

378
	return err;

379


380
errout_abort:

381
	tcf_em_tree_destroy(tp, tree);

382
	return err;

383
}

384
EXPORT_SYMBOL(tcf_em_tree_validate);

385


386
/**

387
 * tcf_em_tree_destroy - destroy an ematch tree

388
 *

389
 * @tp: classifier kind handle

390
 * @tree: ematch tree to be deleted

391
 *

392
 * This functions destroys an ematch tree previously created by

393
 * tcf_em_tree_validate()/tcf_em_tree_change(). You must ensure that

394
 * the ematch tree is not in use before calling this function.

395
 */

396
void tcf_em_tree_destroy(struct tcf_proto *tp, struct tcf_ematch_tree *tree)

397
{

398
	int i;

399


400
	if (tree->matches == NULL)

401
		return;

402


403
	for (i = 0; i < tree->hdr.nmatches; i++) {

404
		struct tcf_ematch *em = tcf_em_get_match(tree, i);

405


406
		if (em->ops) {

407
			if (em->ops->destroy)

408
				em->ops->destroy(tp, em);

409
			else if (!tcf_em_is_simple(em))

410
				kfree((void *) em->data);

411
			module_put(em->ops->owner);

412
		}

413
	}

414


415
	tree->hdr.nmatches = 0;

416
	kfree(tree->matches);

417
	tree->matches = NULL;

418
}

419
EXPORT_SYMBOL(tcf_em_tree_destroy);

420


421
/**

422
 * tcf_em_tree_dump - dump ematch tree into a rtnl message

423
 *

424
 * @skb: skb holding the rtnl message

425
 * @t: ematch tree to be dumped

426
 * @tlv: TLV type to be used to encapsulate the tree

427
 *

428
 * This function dumps a ematch tree into a rtnl message. It is valid to

429
 * call this function while the ematch tree is in use.

430
 *

431
 * Returns -1 if the skb tailroom is insufficient.

432
 */

433
int tcf_em_tree_dump(struct sk_buff *skb, struct tcf_ematch_tree *tree, int tlv)

434
{

435
	int i;

436
	u8 *tail;

437
	struct nlattr *top_start;

438
	struct nlattr *list_start;

439


440
	top_start = nla_nest_start(skb, tlv);

441
	if (top_start == NULL)

442
		goto nla_put_failure;

443


444
	NLA_PUT(skb, TCA_EMATCH_TREE_HDR, sizeof(tree->hdr), &tree->hdr);

445


446
	list_start = nla_nest_start(skb, TCA_EMATCH_TREE_LIST);

447
	if (list_start == NULL)

448
		goto nla_put_failure;

449


450
	tail = skb_tail_pointer(skb);

451
	for (i = 0; i < tree->hdr.nmatches; i++) {

452
		struct nlattr *match_start = (struct nlattr *)tail;

453
		struct tcf_ematch *em = tcf_em_get_match(tree, i);

454
		struct tcf_ematch_hdr em_hdr = {

455
			.kind = em->ops ? em->ops->kind : TCF_EM_CONTAINER,

456
			.matchid = em->matchid,

457
			.flags = em->flags

458
		};

459


460
		NLA_PUT(skb, i + 1, sizeof(em_hdr), &em_hdr);

461


462
		if (em->ops && em->ops->dump) {

463
			if (em->ops->dump(skb, em) < 0)

464
				goto nla_put_failure;

465
		} else if (tcf_em_is_container(em) || tcf_em_is_simple(em)) {

466
			u32 u = em->data;

467
			nla_put_nohdr(skb, sizeof(u), &u);

468
		} else if (em->datalen > 0)

469
			nla_put_nohdr(skb, em->datalen, (void *) em->data);

470


471
		tail = skb_tail_pointer(skb);

472
		match_start->nla_len = tail - (u8 *)match_start;

473
	}

474


475
	nla_nest_end(skb, list_start);

476
	nla_nest_end(skb, top_start);

477


478
	return 0;

479


480
nla_put_failure:

481
	return -1;

482
}

483
EXPORT_SYMBOL(tcf_em_tree_dump);

484


485
static inline int tcf_em_match(struct sk_buff *skb, struct tcf_ematch *em,

486
			       struct tcf_pkt_info *info)

487
{

488
	int r = em->ops->match(skb, em, info);

489


490
	return tcf_em_is_inverted(em) ? !r : r;

491
}

492


493
/* Do not use this function directly, use tcf_em_tree_match instead */

494
int __tcf_em_tree_match(struct sk_buff *skb, struct tcf_ematch_tree *tree,

495
			struct tcf_pkt_info *info)

496
{

497
	int stackp = 0, match_idx = 0, res = 0;

498
	struct tcf_ematch *cur_match;

499
	int stack[CONFIG_NET_EMATCH_STACK];

500


501
proceed:

502
	while (match_idx < tree->hdr.nmatches) {

503
		cur_match = tcf_em_get_match(tree, match_idx);

504


505
		if (tcf_em_is_container(cur_match)) {

506
			if (unlikely(stackp >= CONFIG_NET_EMATCH_STACK))

507
				goto stack_overflow;

508


509
			stack[stackp++] = match_idx;

510
			match_idx = cur_match->data;

511
			goto proceed;

512
		}

513


514
		res = tcf_em_match(skb, cur_match, info);

515


516
		if (tcf_em_early_end(cur_match, res))

517
			break;

518


519
		match_idx++;

520
	}

521


522
pop_stack:

523
	if (stackp > 0) {

524
		match_idx = stack[--stackp];

525
		cur_match = tcf_em_get_match(tree, match_idx);

526


527
		if (tcf_em_early_end(cur_match, res))

528
			goto pop_stack;

529
		else {

530
			match_idx++;

531
			goto proceed;

532
		}

533
	}

534


535
	return res;

536


537
stack_overflow:

538
	if (net_ratelimit())

539
		pr_warning("tc ematch: local stack overflow,"

540
			   " increase NET_EMATCH_STACK\n");

541
	return -1;

542
}

543
EXPORT_SYMBOL(__tcf_em_tree_match);

544


545