bpf.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [bpf PATCH 0/9] Fixes for sockmap/tls from more complex BPF progs
@ 2020-01-08 21:13 John Fastabend
  2020-01-08 21:14 ` [bpf PATCH 1/9] bpf: sockmap/tls, during free we may call tcp_bpf_unhash() in loop John Fastabend
                   ` (8 more replies)
  0 siblings, 9 replies; 23+ messages in thread
From: John Fastabend @ 2020-01-08 21:13 UTC (permalink / raw)
  To: bpf; +Cc: netdev, john.fastabend, ast, daniel

To date our usage of sockmap/tls has been fairly simple, the BPF programs
did only well-defined pop, push, pull and apply/cork operations.

Now that we started to push more complex programs into sockmap we uncovered
a series of issues addressed here. Further OpenSSL3.0 version should be
released soon with kTLS support so its important to get any remaining
issues on BPF and kTLS support resolved.

Additionally, I have a patch under development to allow sockmap to be
enabled/disabled at runtime for Cilium endpoints. This allows us to stress
the map insert/delete with kTLS more than previously where Cilium only
added the socket to the map when it entered ESTABLISHED state and never
touched it from the control path side again relying on the sockets own
close() hook to remove it. The selftests are great but a cluster
full of thousands of sockets finds these things fairly quickly.

To test I have a set of test cases in test_sockmap.c that expose these
issues. Once we get fixes here merged and in bpf-next I'll submit the
tests to bpf-next tree to ensure we don't regress again. Also I've run
these patches in the Cilium CI with OpenSSL (master branch) this will
run tools such as netperf, ab, wrk2, curl, etc. to get a broad set of
testing.

I'm aware of two more issues that we are working to resolve in another
couple (probably two) patches. First we see an auth tag corruption in
kTLS when sending small 1byte chunks under stress. I've not pinned this
down yet. But, guessing because its under 1B stress tests it must be
some error path being triggered. And second we need to ensure BPF RX
programs are not skipped when kTLS ULP is loaded. This breaks some of
the sockmap selftests when running with kTLS. I'll send a follow up
for this.

Any review/comments appreciated. Thanks!

---

John Fastabend (9):
      bpf: sockmap/tls, during free we may call tcp_bpf_unhash() in loop
      bpf: sockmap, ensure sock lock held during tear down
      bpf: sockmap/tls, push write_space updates through ulp updates
      bpf: sockmap, skmsg helper overestimates push, pull, and pop bounds
      bpf: sockmap/tls, msg_push_data may leave end mark in place
      bpf: sockmap/tls, tls_sw can create a plaintext buf > encrypt buf
      bpf: sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining
      bpf: sockmap/tls, tls_push_record can not handle zero length skmsg
      bpf: sockmap/tls, fix pop data with SK_DROP return code


 include/linux/skmsg.h |   13 +++++++++----
 include/net/tcp.h     |    6 ++++--
 net/core/filter.c     |   11 ++++++-----
 net/core/skmsg.c      |    2 ++
 net/core/sock_map.c   |    7 ++++++-
 net/ipv4/tcp_bpf.c    |    5 +----
 net/ipv4/tcp_ulp.c    |    6 ++++--
 net/tls/tls_main.c    |   10 +++++++---
 net/tls/tls_sw.c      |   34 ++++++++++++++++++++++++++++++----
 9 files changed, 69 insertions(+), 25 deletions(-)

--
Signature

^ permalink raw reply	[flat|nested] 23+ messages in thread

end of thread, other threads:[~2020-01-10 23:20 UTC | newest]

Thread overview: 23+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-08 21:13 [bpf PATCH 0/9] Fixes for sockmap/tls from more complex BPF progs John Fastabend
2020-01-08 21:14 ` [bpf PATCH 1/9] bpf: sockmap/tls, during free we may call tcp_bpf_unhash() in loop John Fastabend
2020-01-09  1:34   ` Song Liu
2020-01-08 21:14 ` [bpf PATCH 2/9] bpf: sockmap, ensure sock lock held during tear down John Fastabend
2020-01-09 17:10   ` Song Liu
2020-01-08 21:14 ` [bpf PATCH 3/9] bpf: sockmap/tls, push write_space updates through ulp updates John Fastabend
2020-01-09 10:33   ` Jakub Sitnicki
2020-01-09 21:22     ` John Fastabend
2020-01-10 13:40       ` Jakub Sitnicki
2020-01-08 21:14 ` [bpf PATCH 4/9] bpf: sockmap, skmsg helper overestimates push, pull, and pop bounds John Fastabend
2020-01-09 18:37   ` Song Liu
2020-01-08 21:15 ` [bpf PATCH 5/9] bpf: sockmap/tls, msg_push_data may leave end mark in place John Fastabend
2020-01-09 18:51   ` Song Liu
2020-01-08 21:15 ` [bpf PATCH 6/9] bpf: sockmap/tls, tls_sw can create a plaintext buf > encrypt buf John Fastabend
2020-01-09 23:04   ` Jonathan Lemon
2020-01-08 21:15 ` [bpf PATCH 7/9] bpf: sockmap/tls, skmsg can have wrapped skmsg that needs extra chaining John Fastabend
2020-01-09 23:13   ` Jonathan Lemon
2020-01-08 21:16 ` [bpf PATCH 8/9] bpf: sockmap/tls, tls_push_record can not handle zero length skmsg John Fastabend
2020-01-09 20:08   ` Song Liu
2020-01-09 21:25     ` John Fastabend
2020-01-10 23:20       ` John Fastabend
2020-01-08 21:16 ` [bpf PATCH 9/9] bpf: sockmap/tls, fix pop data with SK_DROP return code John Fastabend
2020-01-09 23:28   ` Jonathan Lemon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).