search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mqprio: fix potential null pointer dereference on opt
[linux-2.6/btrfs-unstable.git] / net / sched / sch_mqprio.c
blob51c2b289c69b87e83a8cc80de448b8d968a56d64
1 /*
2 * net/sched/sch_mqprio.c
3 *
4 * Copyright (c) 2010 John Fastabend <john.r.fastabend@intel.com>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * version 2 as published by the Free Software Foundation.
9 */
10
11 #include <linux/types.h>
12 #include <linux/slab.h>
13 #include <linux/kernel.h>
14 #include <linux/string.h>
15 #include <linux/errno.h>
16 #include <linux/skbuff.h>
17 #include <linux/module.h>
18 #include <net/netlink.h>
19 #include <net/pkt_sched.h>
20 #include <net/sch_generic.h>
21 #include <net/pkt_cls.h>
22
23 struct mqprio_sched {
24 struct Qdisc **qdiscs;
25 u16 mode;
26 u16 shaper;
27 int hw_offload;
28 u32 flags;
29 u64 min_rate[TC_QOPT_MAX_QUEUE];
30 u64 max_rate[TC_QOPT_MAX_QUEUE];
31 };
32
33 static void mqprio_destroy(struct Qdisc *sch)
34 {
35 struct net_device *dev = qdisc_dev(sch);
36 struct mqprio_sched *priv = qdisc_priv(sch);
37 unsigned int ntx;
38
39 if (priv->qdiscs) {
40 for (ntx = 0;
41 ntx < dev->num_tx_queues && priv->qdiscs[ntx];
42 ntx++)
43 qdisc_destroy(priv->qdiscs[ntx]);
44 kfree(priv->qdiscs);
45 }
46
47 if (priv->hw_offload && dev->netdev_ops->ndo_setup_tc) {
48 struct tc_mqprio_qopt_offload mqprio = { { 0 } };
49
50 switch (priv->mode) {
51 case TC_MQPRIO_MODE_DCB:
52 case TC_MQPRIO_MODE_CHANNEL:
53 dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_MQPRIO,
54 &mqprio);
55 break;
56 default:
57 return;
58 }
59 } else {
60 netdev_set_num_tc(dev, 0);
61 }
62 }
63
64 static int mqprio_parse_opt(struct net_device *dev, struct tc_mqprio_qopt *qopt)
65 {
66 int i, j;
67
68 /* Verify num_tc is not out of max range */
69 if (qopt->num_tc > TC_MAX_QUEUE)
70 return -EINVAL;
71
72 /* Verify priority mapping uses valid tcs */
73 for (i = 0; i < TC_BITMASK + 1; i++) {
74 if (qopt->prio_tc_map[i] >= qopt->num_tc)
75 return -EINVAL;
76 }
77
78 /* Limit qopt->hw to maximum supported offload value. Drivers have
79 * the option of overriding this later if they don't support the a
80 * given offload type.
81 */
82 if (qopt->hw > TC_MQPRIO_HW_OFFLOAD_MAX)
83 qopt->hw = TC_MQPRIO_HW_OFFLOAD_MAX;
84
85 /* If hardware offload is requested we will leave it to the device
86 * to either populate the queue counts itself or to validate the
87 * provided queue counts. If ndo_setup_tc is not present then
88 * hardware doesn't support offload and we should return an error.
89 */
90 if (qopt->hw)
91 return dev->netdev_ops->ndo_setup_tc ? 0 : -EINVAL;
92
93 for (i = 0; i < qopt->num_tc; i++) {
94 unsigned int last = qopt->offset[i] + qopt->count[i];
95
96 /* Verify the queue count is in tx range being equal to the
97 * real_num_tx_queues indicates the last queue is in use.
98 */
99 if (qopt->offset[i] >= dev->real_num_tx_queues ||
100 !qopt->count[i] ||
101 last > dev->real_num_tx_queues)
102 return -EINVAL;
103
104 /* Verify that the offset and counts do not overlap */
105 for (j = i + 1; j < qopt->num_tc; j++) {
106 if (last > qopt->offset[j])
107 return -EINVAL;
108 }
109 }
110
111 return 0;
112 }
113
114 static const struct nla_policy mqprio_policy[TCA_MQPRIO_MAX + 1] = {
115 [TCA_MQPRIO_MODE] = { .len = sizeof(u16) },
116 [TCA_MQPRIO_SHAPER] = { .len = sizeof(u16) },
117 [TCA_MQPRIO_MIN_RATE64] = { .type = NLA_NESTED },
118 [TCA_MQPRIO_MAX_RATE64] = { .type = NLA_NESTED },
119 };
120
121 static int parse_attr(struct nlattr *tb[], int maxtype, struct nlattr *nla,
122 const struct nla_policy *policy, int len)
123 {
124 int nested_len = nla_len(nla) - NLA_ALIGN(len);
125
126 if (nested_len >= nla_attr_size(0))
127 return nla_parse(tb, maxtype, nla_data(nla) + NLA_ALIGN(len),
128 nested_len, policy, NULL);
129
130 memset(tb, 0, sizeof(struct nlattr *) * (maxtype + 1));
131 return 0;
132 }
133
134 static int mqprio_init(struct Qdisc *sch, struct nlattr *opt)
135 {
136 struct net_device *dev = qdisc_dev(sch);
137 struct mqprio_sched *priv = qdisc_priv(sch);
138 struct netdev_queue *dev_queue;
139 struct Qdisc *qdisc;
140 int i, err = -EOPNOTSUPP;
141 struct tc_mqprio_qopt *qopt = NULL;
142 struct nlattr *tb[TCA_MQPRIO_MAX + 1];
143 struct nlattr *attr;
144 int rem;
145 int len;
146
147 BUILD_BUG_ON(TC_MAX_QUEUE != TC_QOPT_MAX_QUEUE);
148 BUILD_BUG_ON(TC_BITMASK != TC_QOPT_BITMASK);
149
150 if (sch->parent != TC_H_ROOT)
151 return -EOPNOTSUPP;
152
153 if (!netif_is_multiqueue(dev))
154 return -EOPNOTSUPP;
155
156 /* make certain can allocate enough classids to handle queues */
157 if (dev->num_tx_queues >= TC_H_MIN_PRIORITY)
158 return -ENOMEM;
159
160 if (!opt || nla_len(opt) < sizeof(*qopt))
161 return -EINVAL;
162
163 qopt = nla_data(opt);
164 if (mqprio_parse_opt(dev, qopt))
165 return -EINVAL;
166
167 len = nla_len(opt) - NLA_ALIGN(sizeof(*qopt));
168 if (len > 0) {
169 err = parse_attr(tb, TCA_MQPRIO_MAX, opt, mqprio_policy,
170 sizeof(*qopt));
171 if (err < 0)
172 return err;
173
174 if (!qopt->hw)
175 return -EINVAL;
176
177 if (tb[TCA_MQPRIO_MODE]) {
178 priv->flags |= TC_MQPRIO_F_MODE;
179 priv->mode = *(u16 *)nla_data(tb[TCA_MQPRIO_MODE]);
180 }
181
182 if (tb[TCA_MQPRIO_SHAPER]) {
183 priv->flags |= TC_MQPRIO_F_SHAPER;
184 priv->shaper = *(u16 *)nla_data(tb[TCA_MQPRIO_SHAPER]);
185 }
186
187 if (tb[TCA_MQPRIO_MIN_RATE64]) {
188 if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
189 return -EINVAL;
190 i = 0;
191 nla_for_each_nested(attr, tb[TCA_MQPRIO_MIN_RATE64],
192 rem) {
193 if (nla_type(attr) != TCA_MQPRIO_MIN_RATE64)
194 return -EINVAL;
195 if (i >= qopt->num_tc)
196 break;
197 priv->min_rate[i] = *(u64 *)nla_data(attr);
198 i++;
199 }
200 priv->flags |= TC_MQPRIO_F_MIN_RATE;
201 }
202
203 if (tb[TCA_MQPRIO_MAX_RATE64]) {
204 if (priv->shaper != TC_MQPRIO_SHAPER_BW_RATE)
205 return -EINVAL;
206 i = 0;
207 nla_for_each_nested(attr, tb[TCA_MQPRIO_MAX_RATE64],
208 rem) {
209 if (nla_type(attr) != TCA_MQPRIO_MAX_RATE64)
210 return -EINVAL;
211 if (i >= qopt->num_tc)
212 break;
213 priv->max_rate[i] = *(u64 *)nla_data(attr);
214 i++;
215 }
216 priv->flags |= TC_MQPRIO_F_MAX_RATE;
217 }
218 }
219
220 /* pre-allocate qdisc, attachment can't fail */
221 priv->qdiscs = kcalloc(dev->num_tx_queues, sizeof(priv->qdiscs[0]),
222 GFP_KERNEL);
223 if (!priv->qdiscs)
224 return -ENOMEM;
225
226 for (i = 0; i < dev->num_tx_queues; i++) {
227 dev_queue = netdev_get_tx_queue(dev, i);
228 qdisc = qdisc_create_dflt(dev_queue,
229 get_default_qdisc_ops(dev, i),
230 TC_H_MAKE(TC_H_MAJ(sch->handle),
231 TC_H_MIN(i + 1)));
232 if (!qdisc)
233 return -ENOMEM;
234
235 priv->qdiscs[i] = qdisc;
236 qdisc->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT;
237 }
238
239 /* If the mqprio options indicate that hardware should own
240 * the queue mapping then run ndo_setup_tc otherwise use the
241 * supplied and verified mapping
242 */
243 if (qopt->hw) {
244 struct tc_mqprio_qopt_offload mqprio = {.qopt = *qopt};
245
246 switch (priv->mode) {
247 case TC_MQPRIO_MODE_DCB:
248 if (priv->shaper != TC_MQPRIO_SHAPER_DCB)
249 return -EINVAL;
250 break;
251 case TC_MQPRIO_MODE_CHANNEL:
252 mqprio.flags = priv->flags;
253 if (priv->flags & TC_MQPRIO_F_MODE)
254 mqprio.mode = priv->mode;
255 if (priv->flags & TC_MQPRIO_F_SHAPER)
256 mqprio.shaper = priv->shaper;
257 if (priv->flags & TC_MQPRIO_F_MIN_RATE)
258 for (i = 0; i < mqprio.qopt.num_tc; i++)
259 mqprio.min_rate[i] = priv->min_rate[i];
260 if (priv->flags & TC_MQPRIO_F_MAX_RATE)
261 for (i = 0; i < mqprio.qopt.num_tc; i++)
262 mqprio.max_rate[i] = priv->max_rate[i];
263 break;
264 default:
265 return -EINVAL;
266 }
267 err = dev->netdev_ops->ndo_setup_tc(dev,
268 TC_SETUP_MQPRIO,
269 &mqprio);
270 if (err)
271 return err;
272
273 priv->hw_offload = mqprio.qopt.hw;
274 } else {
275 netdev_set_num_tc(dev, qopt->num_tc);
276 for (i = 0; i < qopt->num_tc; i++)
277 netdev_set_tc_queue(dev, i,
278 qopt->count[i], qopt->offset[i]);
279 }
280
281 /* Always use supplied priority mappings */
282 for (i = 0; i < TC_BITMASK + 1; i++)
283 netdev_set_prio_tc_map(dev, i, qopt->prio_tc_map[i]);
284
285 sch->flags |= TCQ_F_MQROOT;
286 return 0;
287 }
288
289 static void mqprio_attach(struct Qdisc *sch)
290 {
291 struct net_device *dev = qdisc_dev(sch);
292 struct mqprio_sched *priv = qdisc_priv(sch);
293 struct Qdisc *qdisc, *old;
294 unsigned int ntx;
295
296 /* Attach underlying qdisc */
297 for (ntx = 0; ntx < dev->num_tx_queues; ntx++) {
298 qdisc = priv->qdiscs[ntx];
299 old = dev_graft_qdisc(qdisc->dev_queue, qdisc);
300 if (old)
301 qdisc_destroy(old);
302 if (ntx < dev->real_num_tx_queues)
303 qdisc_hash_add(qdisc, false);
304 }
305 kfree(priv->qdiscs);
306 priv->qdiscs = NULL;
307 }
308
309 static struct netdev_queue *mqprio_queue_get(struct Qdisc *sch,
310 unsigned long cl)
311 {
312 struct net_device *dev = qdisc_dev(sch);
313 unsigned long ntx = cl - 1;
314
315 if (ntx >= dev->num_tx_queues)
316 return NULL;
317 return netdev_get_tx_queue(dev, ntx);
318 }
319
320 static int mqprio_graft(struct Qdisc *sch, unsigned long cl, struct Qdisc *new,
321 struct Qdisc **old)
322 {
323 struct net_device *dev = qdisc_dev(sch);
324 struct netdev_queue *dev_queue = mqprio_queue_get(sch, cl);
325
326 if (!dev_queue)
327 return -EINVAL;
328
329 if (dev->flags & IFF_UP)
330 dev_deactivate(dev);
331
332 *old = dev_graft_qdisc(dev_queue, new);
333
334 if (new)
335 new->flags |= TCQ_F_ONETXQUEUE | TCQ_F_NOPARENT;
336
337 if (dev->flags & IFF_UP)
338 dev_activate(dev);
339
340 return 0;
341 }
342
343 static int dump_rates(struct mqprio_sched *priv,
344 struct tc_mqprio_qopt *opt, struct sk_buff *skb)
345 {
346 struct nlattr *nest;
347 int i;
348
349 if (priv->flags & TC_MQPRIO_F_MIN_RATE) {
350 nest = nla_nest_start(skb, TCA_MQPRIO_MIN_RATE64);
351 if (!nest)
352 goto nla_put_failure;
353
354 for (i = 0; i < opt->num_tc; i++) {
355 if (nla_put(skb, TCA_MQPRIO_MIN_RATE64,
356 sizeof(priv->min_rate[i]),
357 &priv->min_rate[i]))
358 goto nla_put_failure;
359 }
360 nla_nest_end(skb, nest);
361 }
362
363 if (priv->flags & TC_MQPRIO_F_MAX_RATE) {
364 nest = nla_nest_start(skb, TCA_MQPRIO_MAX_RATE64);
365 if (!nest)
366 goto nla_put_failure;
367
368 for (i = 0; i < opt->num_tc; i++) {
369 if (nla_put(skb, TCA_MQPRIO_MAX_RATE64,
370 sizeof(priv->max_rate[i]),
371 &priv->max_rate[i]))
372 goto nla_put_failure;
373 }
374 nla_nest_end(skb, nest);
375 }
376 return 0;
377
378 nla_put_failure:
379 nla_nest_cancel(skb, nest);
380 return -1;
381 }
382
383 static int mqprio_dump(struct Qdisc *sch, struct sk_buff *skb)
384 {
385 struct net_device *dev = qdisc_dev(sch);
386 struct mqprio_sched *priv = qdisc_priv(sch);
387 struct nlattr *nla = (struct nlattr *)skb_tail_pointer(skb);
388 struct tc_mqprio_qopt opt = { 0 };
389 struct Qdisc *qdisc;
390 unsigned int i;
391
392 sch->q.qlen = 0;
393 memset(&sch->bstats, 0, sizeof(sch->bstats));
394 memset(&sch->qstats, 0, sizeof(sch->qstats));
395
396 for (i = 0; i < dev->num_tx_queues; i++) {
397 qdisc = rtnl_dereference(netdev_get_tx_queue(dev, i)->qdisc);
398 spin_lock_bh(qdisc_lock(qdisc));
399 sch->q.qlen += qdisc->q.qlen;
400 sch->bstats.bytes += qdisc->bstats.bytes;
401 sch->bstats.packets += qdisc->bstats.packets;
402 sch->qstats.backlog += qdisc->qstats.backlog;
403 sch->qstats.drops += qdisc->qstats.drops;
404 sch->qstats.requeues += qdisc->qstats.requeues;
405 sch->qstats.overlimits += qdisc->qstats.overlimits;
406 spin_unlock_bh(qdisc_lock(qdisc));
407 }
408
409 opt.num_tc = netdev_get_num_tc(dev);
410 memcpy(opt.prio_tc_map, dev->prio_tc_map, sizeof(opt.prio_tc_map));
411 opt.hw = priv->hw_offload;
412
413 for (i = 0; i < netdev_get_num_tc(dev); i++) {
414 opt.count[i] = dev->tc_to_txq[i].count;
415 opt.offset[i] = dev->tc_to_txq[i].offset;
416 }
417
418 if (nla_put(skb, TCA_OPTIONS, NLA_ALIGN(sizeof(opt)), &opt))
419 goto nla_put_failure;
420
421 if ((priv->flags & TC_MQPRIO_F_MODE) &&
422 nla_put_u16(skb, TCA_MQPRIO_MODE, priv->mode))
423 goto nla_put_failure;
424
425 if ((priv->flags & TC_MQPRIO_F_SHAPER) &&
426 nla_put_u16(skb, TCA_MQPRIO_SHAPER, priv->shaper))
427 goto nla_put_failure;
428
429 if ((priv->flags & TC_MQPRIO_F_MIN_RATE ||
430 priv->flags & TC_MQPRIO_F_MAX_RATE) &&
431 (dump_rates(priv, &opt, skb) != 0))
432 goto nla_put_failure;
433
434 return nla_nest_end(skb, nla);
435 nla_put_failure:
436 nlmsg_trim(skb, nla);
437 return -1;
438 }
439
440 static struct Qdisc *mqprio_leaf(struct Qdisc *sch, unsigned long cl)
441 {
442 struct netdev_queue *dev_queue = mqprio_queue_get(sch, cl);
443
444 if (!dev_queue)
445 return NULL;
446
447 return dev_queue->qdisc_sleeping;
448 }
449
450 static unsigned long mqprio_find(struct Qdisc *sch, u32 classid)
451 {
452 struct net_device *dev = qdisc_dev(sch);
453 unsigned int ntx = TC_H_MIN(classid);
454
455 /* There are essentially two regions here that have valid classid
456 * values. The first region will have a classid value of 1 through
457 * num_tx_queues. All of these are backed by actual Qdiscs.
458 */
459 if (ntx < TC_H_MIN_PRIORITY)
460 return (ntx <= dev->num_tx_queues) ? ntx : 0;
461
462 /* The second region represents the hardware traffic classes. These
463 * are represented by classid values of TC_H_MIN_PRIORITY through
464 * TC_H_MIN_PRIORITY + netdev_get_num_tc - 1
465 */
466 return ((ntx - TC_H_MIN_PRIORITY) < netdev_get_num_tc(dev)) ? ntx : 0;
467 }
468
469 static int mqprio_dump_class(struct Qdisc *sch, unsigned long cl,
470 struct sk_buff *skb, struct tcmsg *tcm)
471 {
472 if (cl < TC_H_MIN_PRIORITY) {
473 struct netdev_queue *dev_queue = mqprio_queue_get(sch, cl);
474 struct net_device *dev = qdisc_dev(sch);
475 int tc = netdev_txq_to_tc(dev, cl - 1);
476
477 tcm->tcm_parent = (tc < 0) ? 0 :
478 TC_H_MAKE(TC_H_MAJ(sch->handle),
479 TC_H_MIN(tc + TC_H_MIN_PRIORITY));
480 tcm->tcm_info = dev_queue->qdisc_sleeping->handle;
481 } else {
482 tcm->tcm_parent = TC_H_ROOT;
483 tcm->tcm_info = 0;
484 }
485 tcm->tcm_handle |= TC_H_MIN(cl);
486 return 0;
487 }
488
489 static int mqprio_dump_class_stats(struct Qdisc *sch, unsigned long cl,
490 struct gnet_dump *d)
491 __releases(d->lock)
492 __acquires(d->lock)
493 {
494 if (cl >= TC_H_MIN_PRIORITY) {
495 int i;
496 __u32 qlen = 0;
497 struct Qdisc *qdisc;
498 struct gnet_stats_queue qstats = {0};
499 struct gnet_stats_basic_packed bstats = {0};
500 struct net_device *dev = qdisc_dev(sch);
501 struct netdev_tc_txq tc = dev->tc_to_txq[cl & TC_BITMASK];
502
503 /* Drop lock here it will be reclaimed before touching
504 * statistics this is required because the d->lock we
505 * hold here is the look on dev_queue->qdisc_sleeping
506 * also acquired below.
507 */
508 if (d->lock)
509 spin_unlock_bh(d->lock);
510
511 for (i = tc.offset; i < tc.offset + tc.count; i++) {
512 struct netdev_queue *q = netdev_get_tx_queue(dev, i);
513
514 qdisc = rtnl_dereference(q->qdisc);
515 spin_lock_bh(qdisc_lock(qdisc));
516 qlen += qdisc->q.qlen;
517 bstats.bytes += qdisc->bstats.bytes;
518 bstats.packets += qdisc->bstats.packets;
519 qstats.backlog += qdisc->qstats.backlog;
520 qstats.drops += qdisc->qstats.drops;
521 qstats.requeues += qdisc->qstats.requeues;
522 qstats.overlimits += qdisc->qstats.overlimits;
523 spin_unlock_bh(qdisc_lock(qdisc));
524 }
525 /* Reclaim root sleeping lock before completing stats */
526 if (d->lock)
527 spin_lock_bh(d->lock);
528 if (gnet_stats_copy_basic(NULL, d, NULL, &bstats) < 0 ||
529 gnet_stats_copy_queue(d, NULL, &qstats, qlen) < 0)
530 return -1;
531 } else {
532 struct netdev_queue *dev_queue = mqprio_queue_get(sch, cl);
533
534 sch = dev_queue->qdisc_sleeping;
535 if (gnet_stats_copy_basic(qdisc_root_sleeping_running(sch),
536 d, NULL, &sch->bstats) < 0 ||
537 gnet_stats_copy_queue(d, NULL,
538 &sch->qstats, sch->q.qlen) < 0)
539 return -1;
540 }
541 return 0;
542 }
543
544 static void mqprio_walk(struct Qdisc *sch, struct qdisc_walker *arg)
545 {
546 struct net_device *dev = qdisc_dev(sch);
547 unsigned long ntx;
548
549 if (arg->stop)
550 return;
551
552 /* Walk hierarchy with a virtual class per tc */
553 arg->count = arg->skip;
554 for (ntx = arg->skip; ntx < netdev_get_num_tc(dev); ntx++) {
555 if (arg->fn(sch, ntx + TC_H_MIN_PRIORITY, arg) < 0) {
556 arg->stop = 1;
557 return;
558 }
559 arg->count++;
560 }
561
562 /* Pad the values and skip over unused traffic classes */
563 if (ntx < TC_MAX_QUEUE) {
564 arg->count = TC_MAX_QUEUE;
565 ntx = TC_MAX_QUEUE;
566 }
567
568 /* Reset offset, sort out remaining per-queue qdiscs */
569 for (ntx -= TC_MAX_QUEUE; ntx < dev->num_tx_queues; ntx++) {
570 if (arg->fn(sch, ntx + 1, arg) < 0) {
571 arg->stop = 1;
572 return;
573 }
574 arg->count++;
575 }
576 }
577
578 static const struct Qdisc_class_ops mqprio_class_ops = {
579 .graft = mqprio_graft,
580 .leaf = mqprio_leaf,
581 .find = mqprio_find,
582 .walk = mqprio_walk,
583 .dump = mqprio_dump_class,
584 .dump_stats = mqprio_dump_class_stats,
585 };
586
587 static struct Qdisc_ops mqprio_qdisc_ops __read_mostly = {
588 .cl_ops = &mqprio_class_ops,
589 .id = "mqprio",
590 .priv_size = sizeof(struct mqprio_sched),
591 .init = mqprio_init,
592 .destroy = mqprio_destroy,
593 .attach = mqprio_attach,
594 .dump = mqprio_dump,
595 .owner = THIS_MODULE,
596 };
597
598 static int __init mqprio_module_init(void)
599 {
600 return register_qdisc(&mqprio_qdisc_ops);
601 }
602
603 static void __exit mqprio_module_exit(void)
604 {
605 unregister_qdisc(&mqprio_qdisc_ops);
606 }
607
608 module_init(mqprio_module_init);
609 module_exit(mqprio_module_exit);
610
611 MODULE_LICENSE("GPL");
(deprecated) Btrfs devel tree