On Fri, 2016-04-01 at 18:21 -0700, Brenden Blanco wrote:
> Add support for the BPF_PROG_TYPE_PHYS_DEV hook in mlx4 driver. Since
> bpf programs require a skb context to navigate the packet, build a
> percpu fake skb with the minimal fields. This avoids the costly
> allocation for packets that end up being dropped.
>
> + /* A bpf program gets first chance to drop the packet. It may
> + * read bytes but not past the end of the frag. A non-zero
> + * return indicates packet should be dropped.
> + */
> + if (prog) {
> + struct ethhdr *ethh;
> +
> + ethh = (struct ethhdr *)(page_address(frags[0].page) +
> + frags[0].page_offset);
> + if (mlx4_call_bpf(prog, ethh, length)) {
> + priv->stats.rx_dropped++;
> + goto next;
> + }
> + }
> +
1) mlx4 can use multiple fragments (priv->num_frags) to hold an Ethernet
frame.
Still you pass a single fragment but total 'length' here : BPF program
can read past the end of this first fragment and panic the box.
Please take a look at mlx4_en_complete_rx_desc() and you'll see what I
mean.
2) priv->stats.rx_dropped is shared by all the RX queues -> false
sharing.
This is probably the right time to add a rx_dropped field in struct
mlx4_en_rx_ring since you guys want to drop 14 Mpps, and 50 Mpps on
higher speed links.
