@@ -215,6 +215,7 @@ enum bpf_attach_type {
BPF_TRACE_FEXIT,
BPF_MODIFY_RETURN,
BPF_LSM_MAC,
+ BPF_XDP_EGRESS,
__MAX_BPF_ATTACH_TYPE
};
@@ -8737,6 +8737,17 @@ int dev_change_xdp_fd(struct net_device *dev, struct netlink_ext_ack *extack,
if (IS_ERR(prog))
return PTR_ERR(prog);
+ if (egress && prog->expected_attach_type != BPF_XDP_EGRESS) {
+ NL_SET_ERR_MSG(extack, "XDP program in Tx path must use BPF_XDP_EGRESS attach type");
+ bpf_prog_put(prog);
+ return -EINVAL;
+ }
+ if (!egress && prog->expected_attach_type == BPF_XDP_EGRESS) {
+ NL_SET_ERR_MSG(extack, "XDP program in Rx path can not use BPF_XDP_EGRESS attach type");
+ bpf_prog_put(prog);
+ return -EINVAL;
+ }
+
if (!offload && bpf_prog_is_dev_bound(prog->aux)) {
NL_SET_ERR_MSG(extack, "using device-bound program without HW_MODE flag is not supported");
bpf_prog_put(prog);
@@ -6861,6 +6861,17 @@ static bool xdp_is_valid_access(int off, int size,
const struct bpf_prog *prog,
struct bpf_insn_access_aux *info)
{
+ /* Rx data is only accessible from original XDP where
+ * expected_attach_type is not set
+ */
+ if (prog->expected_attach_type) {
+ switch (off) {
+ case offsetof(struct xdp_md, ingress_ifindex):
+ case offsetof(struct xdp_md, rx_queue_index):
+ return false;
+ }
+ }
+
if (type == BPF_WRITE) {
if (bpf_prog_is_dev_bound(prog->aux)) {
switch (off) {
@@ -215,6 +215,7 @@ enum bpf_attach_type {
BPF_TRACE_FEXIT,
BPF_MODIFY_RETURN,
BPF_LSM_MAC,
+ BPF_XDP_EGRESS,
__MAX_BPF_ATTACH_TYPE
};