Merge branch 'bpf-cpumap-devmap-fix-per-cpu-bulk-queue-races-on-preempt_rt'

#include <linux/sched.h>

#include <linux/workqueue.h>

#include <linux/kthread.h>

#include <linux/local_lock.h>

#include <linux/completion.h>

#include <trace/events/xdp.h>

#include <linux/btf_ids.h>

	struct list_head flush_node;

	struct bpf_cpu_map_entry *obj;

	unsigned int count;

	local_lock_t bq_lock;

};

/* Struct for every remote "destination" CPU in map */

	for_each_possible_cpu(i) {

		bq = per_cpu_ptr(rcpu->bulkq, i);

		bq->obj = rcpu;

		local_lock_init(&bq->bq_lock);

	}

	/* Alloc queue */

	struct ptr_ring *q;

	int i;

	lockdep_assert_held(&bq->bq_lock);

	if (unlikely(!bq->count))

		return;

}

/* Runs under RCU-read-side, plus in softirq under NAPI protection.

 * Thus, safe percpu variable access.

 * Thus, safe percpu variable access. PREEMPT_RT relies on

 * local_lock_nested_bh() to serialise access to the per-CPU bq.

 */

static void bq_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf)

{

	struct xdp_bulk_queue *bq = this_cpu_ptr(rcpu->bulkq);

	struct xdp_bulk_queue *bq;

	local_lock_nested_bh(&rcpu->bulkq->bq_lock);

	bq = this_cpu_ptr(rcpu->bulkq);

	if (unlikely(bq->count == CPU_MAP_BULK_SIZE))

		bq_flush_to_queue(bq);

		list_add(&bq->flush_node, flush_list);

	}

	local_unlock_nested_bh(&rcpu->bulkq->bq_lock);

}

int cpu_map_enqueue(struct bpf_cpu_map_entry *rcpu, struct xdp_frame *xdpf,

	struct xdp_bulk_queue *bq, *tmp;

	list_for_each_entry_safe(bq, tmp, flush_list, flush_node) {

		local_lock_nested_bh(&bq->obj->bulkq->bq_lock);

		bq_flush_to_queue(bq);

		local_unlock_nested_bh(&bq->obj->bulkq->bq_lock);

		/* If already running, costs spin_lock_irqsave + smb_mb */

		wake_up_process(bq->obj->kthread);

 * types of devmap; only the lookup and insertion is different.

 */

#include <linux/bpf.h>

#include <linux/local_lock.h>

#include <net/xdp.h>

#include <linux/filter.h>

#include <trace/events/xdp.h>

	struct net_device *dev_rx;

	struct bpf_prog *xdp_prog;

	unsigned int count;

	local_lock_t bq_lock;

};

struct bpf_dtab_netdev {

	int to_send = cnt;

	int i;

	lockdep_assert_held(&bq->bq_lock);

	if (unlikely(!cnt))

		return;

	struct xdp_dev_bulk_queue *bq, *tmp;

	list_for_each_entry_safe(bq, tmp, flush_list, flush_node) {

		local_lock_nested_bh(&bq->dev->xdp_bulkq->bq_lock);

		bq_xmit_all(bq, XDP_XMIT_FLUSH);

		bq->dev_rx = NULL;

		bq->xdp_prog = NULL;

		__list_del_clearprev(&bq->flush_node);

		local_unlock_nested_bh(&bq->dev->xdp_bulkq->bq_lock);

	}

}

/* Runs in NAPI, i.e., softirq under local_bh_disable(). Thus, safe percpu

 * variable access, and map elements stick around. See comment above

 * xdp_do_flush() in filter.c.

 * xdp_do_flush() in filter.c. PREEMPT_RT relies on local_lock_nested_bh()

 * to serialise access to the per-CPU bq.

 */

static void bq_enqueue(struct net_device *dev, struct xdp_frame *xdpf,

		       struct net_device *dev_rx, struct bpf_prog *xdp_prog)

{

	struct xdp_dev_bulk_queue *bq = this_cpu_ptr(dev->xdp_bulkq);

	struct xdp_dev_bulk_queue *bq;

	local_lock_nested_bh(&dev->xdp_bulkq->bq_lock);

	bq = this_cpu_ptr(dev->xdp_bulkq);

	if (unlikely(bq->count == DEV_MAP_BULK_SIZE))

		bq_xmit_all(bq, 0);

	}

	bq->q[bq->count++] = xdpf;

	local_unlock_nested_bh(&dev->xdp_bulkq->bq_lock);

}

static inline int __xdp_enqueue(struct net_device *dev, struct xdp_frame *xdpf,

		if (!netdev->xdp_bulkq)

			return NOTIFY_BAD;

		for_each_possible_cpu(cpu)

			per_cpu_ptr(netdev->xdp_bulkq, cpu)->dev = netdev;

		for_each_possible_cpu(cpu) {

			struct xdp_dev_bulk_queue *bq;

			bq = per_cpu_ptr(netdev->xdp_bulkq, cpu);

			bq->dev = netdev;

			local_lock_init(&bq->bq_lock);

		}

		break;

	case NETDEV_UNREGISTER:

		/* This rcu_read_lock/unlock pair is needed because