From patchwork Tue Oct 22 11:37:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1181261 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.b="L9mD9u1N"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46yBM52V5qz9s7T for ; Tue, 22 Oct 2019 22:37:36 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731061AbfJVLhf (ORCPT ); Tue, 22 Oct 2019 07:37:35 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:39535 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730749AbfJVLhf (ORCPT ); Tue, 22 Oct 2019 07:37:35 -0400 Received: by mail-lj1-f195.google.com with SMTP id y3so16812870ljj.6 for ; Tue, 22 Oct 2019 04:37:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=XwpTSQZj56OSYomc9KDBVc5uyUVwcduu9tcaPzQMlu4=; b=L9mD9u1NtrWM8xoDfW9KBEBAjbwYr/XNsM9Nw4rsdtB4K+DpJdibES7k+VbjRKCc5M jiLN4EugX0slnPe0d05Y36kGeRG8sWw2cIsPaimvFA4Dbc8v8ForgV+se1tDBOymyZXj +nREmzhFJYp+gOE6cf9yB8X3sZu+0J20GrkzQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=XwpTSQZj56OSYomc9KDBVc5uyUVwcduu9tcaPzQMlu4=; b=nXAI37W1e7iM7aipRrWYZgKRTMBimd7NL2BjwxH1rSnix/eJjKB6RRATr9BOCbjvOG WQRowte8gq0C3Fl3sriCNjC9RnYssGJCSUhmORVGBTQjvQcmiy9mntkLfERWH2DfvqcH 7JR5RBi4vDeHswNzMiD/UDZuCUjwnvnBx9JUvO//i9NPkdVytVYEYVoS+2uvJGnuo+Hv 3ifdfo1oHfio5XLlgcuICMEDa1TU2bEx7kpAXASG+mpy4/L77VFtgbptK2NiJgKvUUa8 r8guW1UAC0gxrJ4fHVHh9hJc3t/uwHb83hAR6/5uUYfSfg8Bdk8mOM8U/8YU5EXShxHB qQGg== X-Gm-Message-State: APjAAAXR6PXrMor+lC5096iSzx/L8xb+P5gjFmz19t340lW/2vSCESa1 IGiOS8zosZ386uRFxzF0p4A5JMDMb2wgcA== X-Google-Smtp-Source: APXvYqzmjfWIVuqz2e1ZdmrW+JohGhmSgP9fCvJZKAk9rUck9ZRuA0qxpcq+Gr2vjJnrtkO8Y4vAGQ== X-Received: by 2002:a2e:85cf:: with SMTP id h15mr18966379ljj.141.1571744253522; Tue, 22 Oct 2019 04:37:33 -0700 (PDT) Received: from cloudflare.com ([176.221.114.230]) by smtp.gmail.com with ESMTPSA id t135sm9396057lff.70.2019.10.22.04.37.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 04:37:33 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: John Fastabend , Martin KaFai Lau , netdev@vger.kernel.org, kernel-team@cloudflare.com Subject: [RFC bpf-next 1/5] bpf, sockmap: Let BPF helpers use lookup operation on SOCKMAP Date: Tue, 22 Oct 2019 13:37:26 +0200 Message-Id: <20191022113730.29303-2-jakub@cloudflare.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191022113730.29303-1-jakub@cloudflare.com> References: <20191022113730.29303-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Don't require the BPF helpers that need to access SOCKMAP maps to live in the sock_map module. Expose SOCKMAP lookup to all kernel-land. Signed-off-by: Jakub Sitnicki --- net/core/sock_map.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index eb114ee419b6..facacc296e6c 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -271,7 +271,9 @@ static struct sock *__sock_map_lookup_elem(struct bpf_map *map, u32 key) static void *sock_map_lookup(struct bpf_map *map, void *key) { - return ERR_PTR(-EOPNOTSUPP); + u32 index = *(u32 *)key; + + return __sock_map_lookup_elem(map, index); } static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test, From patchwork Tue Oct 22 11:37:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1181266 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.b="lPDEhgGn"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46yBM94VmWz9s7T for ; Tue, 22 Oct 2019 22:37:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388722AbfJVLhk (ORCPT ); Tue, 22 Oct 2019 07:37:40 -0400 Received: from mail-lf1-f41.google.com ([209.85.167.41]:33758 "EHLO mail-lf1-f41.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731065AbfJVLhh (ORCPT ); Tue, 22 Oct 2019 07:37:37 -0400 Received: by mail-lf1-f41.google.com with SMTP id y127so12840494lfc.0 for ; Tue, 22 Oct 2019 04:37:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xo1fyKX+7Sd9n19IL2v+0Ngzo9bK986LfFjLpFdWIA4=; b=lPDEhgGnKjHK3JW9+lHXUDMa6GUyisSi0HMCl/m8GZdiVQWJDQqB4hFGtdlwF0kDwI DhywtEV+1sRCbeIK7pfjc2d+lWqFLCb0U5WOtAIBGrsYuF2BQXOxaGIaYzPItZN03vJV a+AtyMHSciua3aLgwwRec2zSrq/mTFve4GJT8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xo1fyKX+7Sd9n19IL2v+0Ngzo9bK986LfFjLpFdWIA4=; b=j0w++FsmHVyj2aKDfeFbNOd5vgDCA/gJahuQ15XCZOKm15agKIMkfxNZIlZtv4at+9 IIW6VrIDFNjKGgeRoKxEiJi2loMqBk47Tr0UsLF1vO0xQX7Bbg6v2fKvAe7ZjR/b6fOD fWr8dn/Ie+1F+WAmndlpTrUKrzkj2wy+SWTeJFXgx2VXh5a7yrcJGOEXlioBCTQEFKML zJvtF0m3rp55ahbqb0rzs9hXTKB/eBt3Cdivx3TIVmb/MjGsOJNOJZUOUGlSncjIbBjY Pfx2IPduGFZFDoPGx5IHI4B10LMKcSXS8P5h2NODw04Y2wSj1caRTFPtrdx1q5BGWjkT FhTA== X-Gm-Message-State: APjAAAUGImRVKtuc8Fjv0dGUwftZIs/jrDVh0vz5rn+oq/w+8n7zen3k fCoMB4XTHQcHHeDc/nMkQeJNag== X-Google-Smtp-Source: APXvYqxf5RtsP3+8l0+YbiaCq2NOPMWDoMe5AdFeLHwy2MXfNM8EU0LhQhGp2+Ugml2geRnRvpcsMQ== X-Received: by 2002:ac2:5108:: with SMTP id q8mr14029087lfb.150.1571744254892; Tue, 22 Oct 2019 04:37:34 -0700 (PDT) Received: from cloudflare.com ([176.221.114.230]) by smtp.gmail.com with ESMTPSA id i190sm14857960lfi.45.2019.10.22.04.37.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 04:37:34 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: John Fastabend , Martin KaFai Lau , netdev@vger.kernel.org, kernel-team@cloudflare.com Subject: [RFC bpf-next 2/5] bpf, sockmap: Allow inserting listening TCP sockets into SOCKMAP Date: Tue, 22 Oct 2019 13:37:27 +0200 Message-Id: <20191022113730.29303-3-jakub@cloudflare.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191022113730.29303-1-jakub@cloudflare.com> References: <20191022113730.29303-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In order for SOCKMAP type to become a generic collection for storing socket references we need to loosen the checks in update callback. Currently SOCKMAP requires the TCP socket to be in established state, which prevents us from using it to keep references to listening sockets. Change the update pre-checks so that it is sufficient for socket to be in a hash table, i.e. have a local address/port, to be inserted. Return -EINVAL if the condition is not met to be consistent with REUSEPORT_SOCKARRY map type. Signed-off-by: Jakub Sitnicki --- net/core/sock_map.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/core/sock_map.c b/net/core/sock_map.c index facacc296e6c..222036393b90 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -415,11 +415,14 @@ static int sock_map_update_elem(struct bpf_map *map, void *key, ret = -EINVAL; goto out; } - if (!sock_map_sk_is_suitable(sk) || - sk->sk_state != TCP_ESTABLISHED) { + if (!sock_map_sk_is_suitable(sk)) { ret = -EOPNOTSUPP; goto out; } + if (!sk_hashed(sk)) { + ret = -EINVAL; + goto out; + } sock_map_sk_acquire(sk); ret = sock_map_update_common(map, idx, sk, flags); From patchwork Tue Oct 22 11:37:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1181265 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.b="BxyCCZY9"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46yBM75Wckz9s7T for ; Tue, 22 Oct 2019 22:37:39 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730749AbfJVLhj (ORCPT ); Tue, 22 Oct 2019 07:37:39 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:45375 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731935AbfJVLhi (ORCPT ); Tue, 22 Oct 2019 07:37:38 -0400 Received: by mail-lj1-f194.google.com with SMTP id q64so16780653ljb.12 for ; Tue, 22 Oct 2019 04:37:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Xqrpc0hIvk7cC/XR6fxs+NuIUEIOeQSw7Q47oAnYusw=; b=BxyCCZY9d8ui0xczegbvwu8M0rvjNkHJJNWKBFcE3Wn0vdq7qeM7umSTxmwjPx+hF2 AAExR35Po1dhjm9aCm3RLXiFjqiffq7JCy8IN0+TZGOIXfYa6Bbodl8CCEWP8gSlWMNj NjBQ/z0r0drJ1Jmlr844bX8/IoRSR2/+loNIU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Xqrpc0hIvk7cC/XR6fxs+NuIUEIOeQSw7Q47oAnYusw=; b=h1GIClgxMhLDHNM65bVgMeUyhUeEtBnQ4AoSLkgDkuWKVFiNYrds1zynFeGtUhgdpz B1ulkkT5e3TXp97i3KR0FWmR/fx72adwW6WboVr415NDahG0GnGCWymh8BvfY23/75Z1 5yrj/zagIZTEW7+ujmUkDvFyFlfN2SVFuGTjX0i/A7EoLD7NowUwvERCwuKqQJkMr8zg +LogDcDtN9vwdqsgyWrSQoJu2B8O1Fzk+ILIaK+Npxp2kK1Cldx5hAqBfd4v3Eu75z6i 2SZzJAYw7imrgwpbDbRZKNcdHBwLRWfjhlWU/RX/LkmnlCuHsavACOCh4D2eUthQEevB DhUg== X-Gm-Message-State: APjAAAWcVCJIHl80F/ELYKuzVfgZee2liSf/7Ks4jg77NhVl8FSQ9qsy Nb3kwThfWmkjPcDaRbQ8ZilHpf1nB+h3VA== X-Google-Smtp-Source: APXvYqxf2UQaxeP8A49EhisZtxHdK55KwLl2SealOI3tDBkDqZEVySUJViRPSOZNmIdk6IBxD1mB4w== X-Received: by 2002:a2e:81da:: with SMTP id s26mr17749694ljg.192.1571744256224; Tue, 22 Oct 2019 04:37:36 -0700 (PDT) Received: from cloudflare.com ([176.221.114.230]) by smtp.gmail.com with ESMTPSA id o196sm6362575lff.59.2019.10.22.04.37.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 04:37:35 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: John Fastabend , Martin KaFai Lau , netdev@vger.kernel.org, kernel-team@cloudflare.com Subject: [RFC bpf-next 3/5] bpf, sockmap: Don't let child socket inherit psock or its ops on copy Date: Tue, 22 Oct 2019 13:37:28 +0200 Message-Id: <20191022113730.29303-4-jakub@cloudflare.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191022113730.29303-1-jakub@cloudflare.com> References: <20191022113730.29303-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org New sockets cloned from listening sockets that are in a sockmap must not inherit the psock that has the link to the sockmap. Otherwise child sockets unintentionally share the sockmap entry with the listening socket, which leads to double-free on socket close. Prevent it by overloading the accept callback. In it we restore the protocol and write buffer callbacks and clear the pointer to psock. Signed-off-by: Jakub Sitnicki --- net/ipv4/tcp_bpf.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/net/ipv4/tcp_bpf.c b/net/ipv4/tcp_bpf.c index 8a56e09cfb0e..5838aaba4ce0 100644 --- a/net/ipv4/tcp_bpf.c +++ b/net/ipv4/tcp_bpf.c @@ -582,6 +582,35 @@ static void tcp_bpf_close(struct sock *sk, long timeout) saved_close(sk, timeout); } +static struct sock *tcp_bpf_accept(struct sock *sk, int flags, int *err, + bool kern) +{ + void (*saved_write_space)(struct sock *sk); + struct proto *saved_proto; + struct sk_psock *psock; + struct sock *child; + + rcu_read_lock(); + psock = sk_psock(sk); + if (unlikely(!psock)) { + rcu_read_unlock(); + return sk->sk_prot->accept(sk, flags, err, kern); + } + saved_proto = psock->sk_proto; + saved_write_space = psock->saved_write_space; + rcu_read_unlock(); + + child = saved_proto->accept(sk, flags, err, kern); + if (!child) + return NULL; + + /* Child must not inherit psock or its ops. */ + rcu_assign_sk_user_data(child, NULL); + child->sk_prot = saved_proto; + child->sk_write_space = saved_write_space; + return child; +} + enum { TCP_BPF_IPV4, TCP_BPF_IPV6, @@ -606,6 +635,7 @@ static void tcp_bpf_rebuild_protos(struct proto prot[TCP_BPF_NUM_CFGS], prot[TCP_BPF_BASE].close = tcp_bpf_close; prot[TCP_BPF_BASE].recvmsg = tcp_bpf_recvmsg; prot[TCP_BPF_BASE].stream_memory_read = tcp_bpf_stream_read; + prot[TCP_BPF_BASE].accept = tcp_bpf_accept; prot[TCP_BPF_TX] = prot[TCP_BPF_BASE]; prot[TCP_BPF_TX].sendmsg = tcp_bpf_sendmsg; From patchwork Tue Oct 22 11:37:29 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1181267 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.b="pHI6U9pR"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46yBMB69ttz9sCJ for ; Tue, 22 Oct 2019 22:37:42 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388729AbfJVLhm (ORCPT ); Tue, 22 Oct 2019 07:37:42 -0400 Received: from mail-lf1-f65.google.com ([209.85.167.65]:36033 "EHLO mail-lf1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731177AbfJVLhl (ORCPT ); Tue, 22 Oct 2019 07:37:41 -0400 Received: by mail-lf1-f65.google.com with SMTP id u16so12819088lfq.3 for ; Tue, 22 Oct 2019 04:37:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=hZlR5PU4/YmAeioQRcDed2hFQfaFvK140rZLS4S454Y=; b=pHI6U9pRKjgO6ACWmz7LGAOxTgeiHLBfbNv10hbQrC8FE+NZ2i1bNawfwM5NBuWGwZ 1zyMFcf9blcwhA6V3eZFXiCrXo5ubJpd7KmG+w1s/+lpMqnfWfb09wOxjQMmBbigr5AC /livLW1GR9Y0vA+cYLRzExhBVvTm3rt5Kow7o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=hZlR5PU4/YmAeioQRcDed2hFQfaFvK140rZLS4S454Y=; b=I6OlCCEwbZi739xP0XnXu/GXrcaQeCmrf0eJ69zEFiXP+RMPs3i1b5s92hJKgV8cJN e9eYkG3foN7oASahlKbwcahORxM4D0YLRL+ZjSJ59mtSJCdfRalKg8Z1ZeTnBT8eUSpT /mq8PwaGEW48JwHevCiubY1SOOPJ6eOcp94/fTieLDc8D3D5Xefw0oPo+5XHpOM5uxoo RC7FYWYpPkwdiMskOzAZIHpb07qJwp5GgYqoNxdH7AFLR1o9NpKKsnph4Kr+spsBuVn/ j9/wqb/f/gusnppYfrl7yrTCuPcMlm+CS+Eams/64ci2S8sDSjMUSQD7p07mLvpS1GM/ ECRQ== X-Gm-Message-State: APjAAAXDXDeaAgZZqVuRx4Mi81vx/CxZMAQ1HseXGbWVtUTvBwScpdtU JxKE+hAqjc3kzF6ITeQbFMBxRA== X-Google-Smtp-Source: APXvYqyOU0/BVBJiJ8W7YdJ/7zYyeLKHysIabxkAiqlrpbkFYbqPMWAWYb7LQ9S8YZaCzaadpRRasg== X-Received: by 2002:ac2:4d04:: with SMTP id r4mr8527759lfi.136.1571744257575; Tue, 22 Oct 2019 04:37:37 -0700 (PDT) Received: from cloudflare.com ([176.221.114.230]) by smtp.gmail.com with ESMTPSA id 77sm8802847lfj.41.2019.10.22.04.37.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 04:37:37 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: John Fastabend , Martin KaFai Lau , netdev@vger.kernel.org, kernel-team@cloudflare.com Subject: [RFC bpf-next 4/5] bpf: Allow selecting reuseport socket from a SOCKMAP Date: Tue, 22 Oct 2019 13:37:29 +0200 Message-Id: <20191022113730.29303-5-jakub@cloudflare.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191022113730.29303-1-jakub@cloudflare.com> References: <20191022113730.29303-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org SOCKMAP now supports storing references to listening sockets. Nothing keeps us from using it as array of sockets to select from in reuseport programs. Whitelist the map type with the socket selection helper. Signed-off-by: Jakub Sitnicki --- kernel/bpf/verifier.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 556e82f8869b..77319248e357 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3648,7 +3648,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, if (func_id != BPF_FUNC_sk_redirect_map && func_id != BPF_FUNC_sock_map_update && func_id != BPF_FUNC_map_delete_elem && - func_id != BPF_FUNC_msg_redirect_map) + func_id != BPF_FUNC_msg_redirect_map && + func_id != BPF_FUNC_sk_select_reuseport) goto error; break; case BPF_MAP_TYPE_SOCKHASH: @@ -3729,7 +3730,8 @@ static int check_map_func_compatibility(struct bpf_verifier_env *env, goto error; break; case BPF_FUNC_sk_select_reuseport: - if (map->map_type != BPF_MAP_TYPE_REUSEPORT_SOCKARRAY) + if (map->map_type != BPF_MAP_TYPE_REUSEPORT_SOCKARRAY && + map->map_type != BPF_MAP_TYPE_SOCKMAP) goto error; break; case BPF_FUNC_map_peek_elem: From patchwork Tue Oct 22 11:37:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Sitnicki X-Patchwork-Id: 1181270 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none) header.from=cloudflare.com Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; secure) header.d=cloudflare.com header.i=@cloudflare.com header.b="x7t9MKxM"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46yBMD1MHcz9sPl for ; Tue, 22 Oct 2019 22:37:44 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388720AbfJVLhn (ORCPT ); Tue, 22 Oct 2019 07:37:43 -0400 Received: from mail-lj1-f196.google.com ([209.85.208.196]:37705 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388724AbfJVLhn (ORCPT ); Tue, 22 Oct 2019 07:37:43 -0400 Received: by mail-lj1-f196.google.com with SMTP id l21so16820717lje.4 for ; Tue, 22 Oct 2019 04:37:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=j6cYMh9pnezBts77yucweU5gi1EhuulBHcAcK6kAqQE=; b=x7t9MKxM4CpxndyDAeWNg8FDqECZtTgRLRae5phEbuuUL/9gR+x0zbIDqkeoVYu0kA VORZUHSyxgnV1+quJTiI0J4iyKSg6hyN598mRn0TDA+VCJ+m5MsBmU0s3BlDYTYDSDfi qf5aMKXD2Omu8E6kT9WdCLCC/vsvnqsPhX6yw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=j6cYMh9pnezBts77yucweU5gi1EhuulBHcAcK6kAqQE=; b=KyTfSzTob/dChTaQM1QRw7lkJpDyvshZrNXGEh6G8j03R1lDp6sODl0DP+Owz6ImPJ XMo6w1281SpDQBLj/Inj8biEJ5gpHbfNHA7nmKaRK7GQ7bY2XnQno9lJNtLbsxIr5vr3 A1SN97QU1Hw2R+Jm/hYBWw1wtO1Z+/8MIOTgLbUfJq+c2mWzaC18IvDFzVtKLvOiokQx omw4cVU5WsJLxxCkDOqIVrHPoa2rFrda7ydxxWUaHMNNZMv9iQryb75fxHjSYr2qVoP0 zxgvcoiZdi900aWbVyQ3pg6NuNzbs+loUKVD7515aZrCGdj0ayndjfkeZNofCoI/sQXl 63cQ== X-Gm-Message-State: APjAAAWgjdFi08io2FItQ+iQTqh/AtJqVTtwNOHUbNj1xVe3796deu9e m0fE18EvWcZMxnruMyvBV4987VuQ68ajXQ== X-Google-Smtp-Source: APXvYqwe8JB9LLzje4JQFSfgbPMY/mw3gR/PXjCFmbzWjT0vE6QoEgqOfpTwsswSfRA4wuisWlNRpg== X-Received: by 2002:a2e:8544:: with SMTP id u4mr3443107ljj.158.1571744258965; Tue, 22 Oct 2019 04:37:38 -0700 (PDT) Received: from cloudflare.com ([176.221.114.230]) by smtp.gmail.com with ESMTPSA id c18sm11351157ljd.27.2019.10.22.04.37.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 22 Oct 2019 04:37:38 -0700 (PDT) From: Jakub Sitnicki To: bpf@vger.kernel.org Cc: John Fastabend , Martin KaFai Lau , netdev@vger.kernel.org, kernel-team@cloudflare.com Subject: [RFC bpf-next 5/5] selftests/bpf: Extend SK_REUSEPORT tests to cover SOCKMAP Date: Tue, 22 Oct 2019 13:37:30 +0200 Message-Id: <20191022113730.29303-6-jakub@cloudflare.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191022113730.29303-1-jakub@cloudflare.com> References: <20191022113730.29303-1-jakub@cloudflare.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org Parametrize the SK_REUSEPORT tests so that the map type for storing sockets can be selected at run-time. Also allow choosing which L4 protocols get tested. Run the extended reuseport program test two times, once for REUSEPORT_ARRAY, and once for SOCKMAP but just with TCP to cover the newly enabled map type. Signed-off-by: Jakub Sitnicki --- tools/testing/selftests/bpf/Makefile | 7 +- .../selftests/bpf/test_select_reuseport.c | 141 ++++++++++++++---- .../selftests/bpf/test_select_reuseport.sh | 14 ++ 3 files changed, 131 insertions(+), 31 deletions(-) create mode 100755 tools/testing/selftests/bpf/test_select_reuseport.sh diff --git a/tools/testing/selftests/bpf/Makefile b/tools/testing/selftests/bpf/Makefile index 4ff5f4aada08..a32646f2e80a 100644 --- a/tools/testing/selftests/bpf/Makefile +++ b/tools/testing/selftests/bpf/Makefile @@ -28,7 +28,7 @@ LDLIBS += -lcap -lelf -lrt -lpthread TEST_GEN_PROGS = test_verifier test_tag test_maps test_lru_map test_lpm_map test_progs \ test_align test_verifier_log test_dev_cgroup test_tcpbpf_user \ test_sock test_btf test_sockmap get_cgroup_id_user test_socket_cookie \ - test_cgroup_storage test_select_reuseport test_section_names \ + test_cgroup_storage test_section_names \ test_netcnt test_tcpnotify_user test_sock_fields test_sysctl test_hashmap \ test_cgroup_attach xdping @@ -69,7 +69,8 @@ TEST_PROGS := test_kmod.sh \ test_tc_tunnel.sh \ test_tc_edt.sh \ test_xdping.sh \ - test_bpftool_build.sh + test_bpftool_build.sh \ + test_select_reuseport.sh TEST_PROGS_EXTENDED := with_addr.sh \ with_tunnels.sh \ @@ -80,7 +81,7 @@ TEST_PROGS_EXTENDED := with_addr.sh \ # Compile but not part of 'make run_tests' TEST_GEN_PROGS_EXTENDED = test_sock_addr test_skb_cgroup_id_user \ flow_dissector_load test_flow_dissector test_tcp_check_syncookie_user \ - test_lirc_mode2_user + test_lirc_mode2_user test_select_reuseport TEST_CUSTOM_PROGS = urandom_read diff --git a/tools/testing/selftests/bpf/test_select_reuseport.c b/tools/testing/selftests/bpf/test_select_reuseport.c index 7566c13eb51a..732cfeee189f 100644 --- a/tools/testing/selftests/bpf/test_select_reuseport.c +++ b/tools/testing/selftests/bpf/test_select_reuseport.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2018 Facebook */ +#define _GNU_SOURCE #include #include #include @@ -29,6 +30,12 @@ #define TCP_FO_SYSCTL "/proc/sys/net/ipv4/tcp_fastopen" #define REUSEPORT_ARRAY_SIZE 32 +#define BIND_TO_INANY true +#define BIND_TO_LOOPBACK (!BIND_TO_INANY) + +static enum bpf_map_type cfg_map_type = BPF_MAP_TYPE_REUSEPORT_SOCKARRAY; +static unsigned int cfg_sock_types = (1 << SOCK_STREAM) | (1 << SOCK_DGRAM); + static int result_map, tmp_index_ovr_map, linum_map, data_check_map; static enum result expected_results[NR_RESULTS]; static int sk_fds[REUSEPORT_ARRAY_SIZE]; @@ -61,7 +68,7 @@ static void create_maps(void) /* Creating reuseport_array */ attr.name = "reuseport_array"; - attr.map_type = BPF_MAP_TYPE_REUSEPORT_SOCKARRAY; + attr.map_type = cfg_map_type; attr.key_size = sizeof(__u32); attr.value_size = sizeof(__u32); attr.max_entries = REUSEPORT_ARRAY_SIZE; @@ -680,53 +687,131 @@ static void cleanup(void) bpf_object__close(obj); } +static const char *family_to_str(int family) +{ + switch (family) { + case AF_INET: + return "IPv4"; + case AF_INET6: + return "IPv6"; + default: + return "unknown"; + } +} + +static const char *type_to_str(int type) +{ + switch (type) { + case SOCK_STREAM: + return "TCP"; + case SOCK_DGRAM: + return "UDP"; + default: + return "unknown"; + } +} + +static void test_one(int family, int type, bool inany) +{ + int err; + + printf("######## %s/%s %-8s ########\n", + family_to_str(family), type_to_str(type), + inany ? "INANY" : "LOOPBACK"); + + setup_per_test(type, family, inany); + + test_err_inner_map(type, family); + + /* Install reuseport_array to the outer_map */ + err = bpf_map_update_elem(outer_map, &index_zero, &reuseport_array, + BPF_ANY); + CHECK(err == -1, "update_elem(outer_map)", + "err:%d errno:%d\n", err, errno); + + test_err_skb_data(type, family); + test_err_sk_select_port(type, family); + test_pass(type, family); + test_syncookie(type, family); + test_pass_on_err(type, family); + /* Must be the last test */ + test_detach_bpf(type, family); + + cleanup_per_test(); + printf("\n"); +} + static void test_all(void) { - /* Extra SOCK_STREAM to test bind_inany==true */ - const int types[] = { SOCK_STREAM, SOCK_DGRAM, SOCK_STREAM }; - const char * const type_strings[] = { "TCP", "UDP", "TCP" }; - const char * const family_strings[] = { "IPv6", "IPv4" }; + const int types[] = { SOCK_STREAM, SOCK_DGRAM }; const unsigned short families[] = { AF_INET6, AF_INET }; - const bool bind_inany[] = { false, false, true }; - int t, f, err; + int t, f; for (f = 0; f < ARRAY_SIZE(families); f++) { unsigned short family = families[f]; for (t = 0; t < ARRAY_SIZE(types); t++) { - bool inany = bind_inany[t]; int type = types[t]; - printf("######## %s/%s %s ########\n", - family_strings[f], type_strings[t], - inany ? " INANY " : "LOOPBACK"); + /* Socket type excluded from tests? */ + if (~cfg_sock_types & (1 << type)) + continue; - setup_per_test(type, family, inany); + test_one(family, type, BIND_TO_LOOPBACK); + test_one(family, type, BIND_TO_INANY); + } + } +} - test_err_inner_map(type, family); +static void __attribute__((noreturn)) usage(void) +{ + fprintf(stderr, + "Usage: %s [-m reuseport_sockarray|sockmap] [-t] [-u]\n", + program_invocation_short_name); + exit(1); +} - /* Install reuseport_array to the outer_map */ - err = bpf_map_update_elem(outer_map, &index_zero, - &reuseport_array, BPF_ANY); - CHECK(err == -1, "update_elem(outer_map)", - "err:%d errno:%d\n", err, errno); +static enum bpf_map_type parse_map_type(const char *optarg) +{ + if (!strcmp(optarg, "reuseport_sockarray")) + return BPF_MAP_TYPE_REUSEPORT_SOCKARRAY; + if (!strcmp(optarg, "sockmap")) + return BPF_MAP_TYPE_SOCKMAP; - test_err_skb_data(type, family); - test_err_sk_select_port(type, family); - test_pass(type, family); - test_syncookie(type, family); - test_pass_on_err(type, family); - /* Must be the last test */ - test_detach_bpf(type, family); + return BPF_MAP_TYPE_UNSPEC; +} - cleanup_per_test(); - printf("\n"); +static void parse_opts(int argc, char **argv) +{ + unsigned int sock_types = 0; + int c; + + while ((c = getopt(argc, argv, "hm:tu")) != -1) { + switch (c) { + case 'h': + usage(); + break; + case 'm': + cfg_map_type = parse_map_type(optarg); + break; + case 't': + sock_types |= 1 << SOCK_STREAM; + break; + case 'u': + sock_types |= 1 << SOCK_DGRAM; + break; } } + + if (cfg_map_type == BPF_MAP_TYPE_UNSPEC) + usage(); + if (sock_types != 0) + cfg_sock_types = sock_types; } -int main(int argc, const char **argv) +int main(int argc, char **argv) { + parse_opts(argc, argv); create_maps(); prepare_bpf_obj(); saved_tcp_fo = read_int_sysctl(TCP_FO_SYSCTL); diff --git a/tools/testing/selftests/bpf/test_select_reuseport.sh b/tools/testing/selftests/bpf/test_select_reuseport.sh new file mode 100755 index 000000000000..1951b4886021 --- /dev/null +++ b/tools/testing/selftests/bpf/test_select_reuseport.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 + +set -eu + +DIR=$(dirname $0) + +echo "Testing reuseport with REUSEPORT_SOCKARRAY..." +$DIR/test_select_reuseport -m reuseport_sockarray + +echo "Testing reuseport with SOCKMAP (TCP only)..." +$DIR/test_select_reuseport -m sockmap -t + +exit 0