bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Lorenz Bauer <lmb@cloudflare.com>
To: Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>
Cc: kernel-team@cloudflare.com, Lorenz Bauer <lmb@cloudflare.com>,
	netdev@vger.kernel.org, bpf@vger.kernel.org
Subject: [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup
Date: Tue, 10 Mar 2020 17:47:06 +0000	[thread overview]
Message-ID: <20200310174711.7490-1-lmb@cloudflare.com> (raw)

We want to use sockhash and sockmap to build the control plane for
our upcoming BPF socket dispatch work. We realised that it's
difficult to resize or otherwise rebuild these maps if needed,
because there is no way to get at their contents. This patch set
allows a privileged user to retrieve fds from these map types,
which removes this obstacle.

The approach here is different than that of program arrays and
nested maps, which return an ID that can be turned into an fd
using the BPF_*_GET_FD_BY_ID syscall. Sockets have IDs in the
form of cookies, however there seems to be no way to go from
a socket cookie to struct socket or struct file. Hence we
return an fd directly.

If unprivileged access is desired, the user can create the map
with value_size = 8, which makes lookup return the socket
cookie. It would be nicer if this behaviour was controllable at
the time of calling bpf_map_lookup_elem, but I've not found
a good solution for this.

Patches 1-3 do a bit of clean up, but I'm happy to drop them
if they don't make sense. Patch 4-5 are the interesting bit.

Lorenz Bauer (5):
  bpf: add map_copy_value hook
  bpf: convert queue and stack map to map_copy_value
  bpf: convert sock map and hash to map_copy_value
  bpf: sockmap, sockhash: return file descriptors from privileged lookup
  bpf: sockmap, sockhash: test looking up fds

 include/linux/bpf-cgroup.h                    |  5 --
 include/linux/bpf.h                           | 21 +-----
 include/linux/bpf_types.h                     |  2 +-
 kernel/bpf/arraymap.c                         | 13 +++-
 kernel/bpf/bpf_struct_ops.c                   |  7 +-
 kernel/bpf/hashtab.c                          | 10 ++-
 kernel/bpf/local_storage.c                    | 14 +++-
 kernel/bpf/queue_stack_maps.c                 | 18 +++++
 kernel/bpf/reuseport_array.c                  |  5 +-
 kernel/bpf/syscall.c                          | 23 +------
 net/core/sock_map.c                           | 67 ++++++++++++++-----
 .../selftests/bpf/prog_tests/sockmap_listen.c | 26 +++++--
 12 files changed, 130 insertions(+), 81 deletions(-)

-- 
2.20.1


             reply	other threads:[~2020-03-10 17:47 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-10 17:47 Lorenz Bauer [this message]
2020-03-10 17:47 ` [PATCH 1/5] bpf: add map_copy_value hook Lorenz Bauer
2020-03-10 17:47 ` [PATCH 2/5] bpf: convert queue and stack map to map_copy_value Lorenz Bauer
2020-03-11 14:00   ` Jakub Sitnicki
2020-03-11 22:31     ` John Fastabend
2020-03-10 17:47 ` [PATCH 3/5] bpf: convert sock map and hash " Lorenz Bauer
2020-03-11 13:55   ` Jakub Sitnicki
2020-03-10 17:47 ` [PATCH 4/5] bpf: sockmap, sockhash: return file descriptors from privileged lookup Lorenz Bauer
2020-03-11 23:27   ` John Fastabend
2020-03-17 10:17     ` Lorenz Bauer
2020-03-17 15:18   ` Jakub Sitnicki
2020-03-17 18:16     ` John Fastabend
2020-03-10 17:47 ` [PATCH 5/5] bpf: sockmap, sockhash: test looking up fds Lorenz Bauer
2020-03-11 13:52   ` Jakub Sitnicki
2020-03-11 17:24     ` Lorenz Bauer
2020-03-11 13:44 ` [PATCH 0/5] Return fds from privileged sockhash/sockmap lookup Jakub Sitnicki
2020-03-11 22:40   ` John Fastabend
2020-03-12  1:58 ` Alexei Starovoitov
2020-03-12  9:16   ` Lorenz Bauer
2020-03-12 17:58     ` Alexei Starovoitov
2020-03-12 19:32       ` John Fastabend
2020-03-13 11:03         ` Lorenz Bauer
2020-03-13 10:48       ` Lorenz Bauer
2020-03-14  2:58         ` Alexei Starovoitov
2020-03-17  9:55           ` Lorenz Bauer
2020-03-17 19:05             ` John Fastabend
2020-03-20 15:12               ` Lorenz Bauer
2020-04-07  3:08                 ` Alexei Starovoitov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200310174711.7490-1-lmb@cloudflare.com \
    --to=lmb@cloudflare.com \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=kernel-team@cloudflare.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).