cff82457c5
Similar to act_gact/act_mirred, act_bpf can be lockless in packet processing with extra care taken to free bpf programs after rcu grace period. Replacement of existing act_bpf (very rare) is done with synchronize_rcu() and final destruction is done from tc_action_ops->cleanup() callback that is called from tcf_exts_destroy()->tcf_action_destroy()->__tcf_hash_release() when bind and refcnt reach zero which is only possible when classifier is destroyed. Previous two patches fixed the last two classifiers (tcindex and rsvp) to call tcf_exts_destroy() from rcu callback. Similar to gact/mirred there is a race between prog->filter and prog->tcf_action. Meaning that the program being replaced may use previous default action if it happened to return TC_ACT_UNSPEC. act_mirred race betwen tcf_action and tcfm_dev is similar. In all cases the race is harmless. Long term we may want to improve the situation by replacing the whole tc_action->priv as single pointer instead of updating inner fields one by one. Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
30 lines
691 B
C
30 lines
691 B
C
/*
|
|
* Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef __NET_TC_BPF_H
|
|
#define __NET_TC_BPF_H
|
|
|
|
#include <linux/filter.h>
|
|
#include <net/act_api.h>
|
|
|
|
struct tcf_bpf {
|
|
struct tcf_common common;
|
|
struct bpf_prog __rcu *filter;
|
|
union {
|
|
u32 bpf_fd;
|
|
u16 bpf_num_ops;
|
|
};
|
|
struct sock_filter *bpf_ops;
|
|
const char *bpf_name;
|
|
};
|
|
#define to_bpf(a) \
|
|
container_of(a->priv, struct tcf_bpf, common)
|
|
|
|
#endif /* __NET_TC_BPF_H */
|