From: Jakub Sitnicki <jakub@cloudflare.com>
To: bpf@vger.kernel.org
Cc: netdev@vger.kernel.org, kernel-team@cloudflare.com,
John Fastabend <john.fastabend@gmail.com>,
Lorenz Bauer <lmb@cloudflare.com>, Martin Lau <kafai@fb.com>
Subject: [PATCH bpf-next v7 06/11] bpf, sockmap: Return socket cookie on lookup from syscall
Date: Tue, 18 Feb 2020 17:10:18 +0000 [thread overview]
Message-ID: <20200218171023.844439-7-jakub@cloudflare.com> (raw)
In-Reply-To: <20200218171023.844439-1-jakub@cloudflare.com>
Tooling that populates the SOCK{MAP,HASH} with sockets from user-space
needs a way to inspect its contents. Returning the struct sock * that the
map holds to user-space is neither safe nor useful. An approach established
by REUSEPORT_SOCKARRAY is to return a socket cookie (a unique identifier)
instead.
Since socket cookies are u64 values, SOCK{MAP,HASH} need to support such a
value size for lookup to be possible. This requires special handling on
update, though. Attempts to do a lookup on a map holding u32 values will be
met with ENOSPC error.
Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
---
net/core/sock_map.c | 57 +++++++++++++++++++++++++++++++++++++++++----
1 file changed, 53 insertions(+), 4 deletions(-)
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index a5103112a344..f48c934d5da0 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -10,6 +10,7 @@
#include <linux/skmsg.h>
#include <linux/list.h>
#include <linux/jhash.h>
+#include <linux/sock_diag.h>
struct bpf_stab {
struct bpf_map map;
@@ -31,7 +32,8 @@ static struct bpf_map *sock_map_alloc(union bpf_attr *attr)
return ERR_PTR(-EPERM);
if (attr->max_entries == 0 ||
attr->key_size != 4 ||
- attr->value_size != 4 ||
+ (attr->value_size != sizeof(u32) &&
+ attr->value_size != sizeof(u64)) ||
attr->map_flags & ~SOCK_CREATE_FLAG_MASK)
return ERR_PTR(-EINVAL);
@@ -302,6 +304,21 @@ static void *sock_map_lookup(struct bpf_map *map, void *key)
return ERR_PTR(-EOPNOTSUPP);
}
+static void *sock_map_lookup_sys(struct bpf_map *map, void *key)
+{
+ struct sock *sk;
+
+ if (map->value_size != sizeof(u64))
+ return ERR_PTR(-ENOSPC);
+
+ sk = __sock_map_lookup_elem(map, *(u32 *)key);
+ if (!sk)
+ return ERR_PTR(-ENOENT);
+
+ sock_gen_cookie(sk);
+ return &sk->sk_cookie;
+}
+
static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
struct sock **psk)
{
@@ -445,11 +462,18 @@ static bool sock_map_sk_state_allowed(const struct sock *sk)
static int sock_map_update_elem(struct bpf_map *map, void *key,
void *value, u64 flags)
{
- u32 ufd = *(u32 *)value;
u32 idx = *(u32 *)key;
struct socket *sock;
struct sock *sk;
int ret;
+ u64 ufd;
+
+ if (map->value_size == sizeof(u64))
+ ufd = *(u64 *)value;
+ else
+ ufd = *(u32 *)value;
+ if (ufd > S32_MAX)
+ return -EINVAL;
sock = sockfd_lookup(ufd, &ret);
if (!sock)
@@ -557,6 +581,7 @@ const struct bpf_map_ops sock_map_ops = {
.map_alloc = sock_map_alloc,
.map_free = sock_map_free,
.map_get_next_key = sock_map_get_next_key,
+ .map_lookup_elem_sys_only = sock_map_lookup_sys,
.map_update_elem = sock_map_update_elem,
.map_delete_elem = sock_map_delete_elem,
.map_lookup_elem = sock_map_lookup,
@@ -787,10 +812,17 @@ static int sock_hash_update_common(struct bpf_map *map, void *key,
static int sock_hash_update_elem(struct bpf_map *map, void *key,
void *value, u64 flags)
{
- u32 ufd = *(u32 *)value;
struct socket *sock;
struct sock *sk;
int ret;
+ u64 ufd;
+
+ if (map->value_size == sizeof(u64))
+ ufd = *(u64 *)value;
+ else
+ ufd = *(u32 *)value;
+ if (ufd > S32_MAX)
+ return -EINVAL;
sock = sockfd_lookup(ufd, &ret);
if (!sock)
@@ -866,7 +898,8 @@ static struct bpf_map *sock_hash_alloc(union bpf_attr *attr)
return ERR_PTR(-EPERM);
if (attr->max_entries == 0 ||
attr->key_size == 0 ||
- attr->value_size != 4 ||
+ (attr->value_size != sizeof(u32) &&
+ attr->value_size != sizeof(u64)) ||
attr->map_flags & ~SOCK_CREATE_FLAG_MASK)
return ERR_PTR(-EINVAL);
if (attr->key_size > MAX_BPF_STACK)
@@ -943,6 +976,21 @@ static void sock_hash_free(struct bpf_map *map)
kfree(htab);
}
+static void *sock_hash_lookup_sys(struct bpf_map *map, void *key)
+{
+ struct sock *sk;
+
+ if (map->value_size != sizeof(u64))
+ return ERR_PTR(-ENOSPC);
+
+ sk = __sock_hash_lookup_elem(map, key);
+ if (!sk)
+ return ERR_PTR(-ENOENT);
+
+ sock_gen_cookie(sk);
+ return &sk->sk_cookie;
+}
+
static void sock_hash_release_progs(struct bpf_map *map)
{
psock_progs_drop(&container_of(map, struct bpf_htab, map)->progs);
@@ -1032,6 +1080,7 @@ const struct bpf_map_ops sock_hash_ops = {
.map_update_elem = sock_hash_update_elem,
.map_delete_elem = sock_hash_delete_elem,
.map_lookup_elem = sock_map_lookup,
+ .map_lookup_elem_sys_only = sock_hash_lookup_sys,
.map_release_uref = sock_hash_release_progs,
.map_check_btf = map_check_no_btf,
};
--
2.24.1
next prev parent reply other threads:[~2020-02-18 17:10 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-18 17:10 [PATCH bpf-next v7 00/11] Extend SOCKMAP/SOCKHASH to store listening sockets Jakub Sitnicki
2020-02-18 17:10 ` [PATCH bpf-next v7 01/11] net, sk_msg: Annotate lockless access to sk_prot on clone Jakub Sitnicki
2020-02-18 17:10 ` [PATCH bpf-next v7 02/11] net, sk_msg: Clear sk_user_data pointer on clone if tagged Jakub Sitnicki
2020-02-18 17:10 ` [PATCH bpf-next v7 03/11] tcp_bpf: Don't let child socket inherit parent protocol ops on copy Jakub Sitnicki
2020-02-21 3:28 ` John Fastabend
2020-02-18 17:10 ` [PATCH bpf-next v7 04/11] bpf, sockmap: Allow inserting listening TCP sockets into sockmap Jakub Sitnicki
2020-02-21 3:33 ` John Fastabend
2020-02-18 17:10 ` [PATCH bpf-next v7 05/11] bpf, sockmap: Don't set up upcalls and progs for listening sockets Jakub Sitnicki
2020-02-21 3:42 ` John Fastabend
2020-02-18 17:10 ` Jakub Sitnicki [this message]
2020-02-21 3:45 ` [PATCH bpf-next v7 06/11] bpf, sockmap: Return socket cookie on lookup from syscall John Fastabend
2020-02-18 17:10 ` [PATCH bpf-next v7 07/11] bpf, sockmap: Let all kernel-land lookup values in SOCKMAP/SOCKHASH Jakub Sitnicki
2020-02-21 3:46 ` John Fastabend
2020-02-18 17:10 ` [PATCH bpf-next v7 08/11] bpf: Allow selecting reuseport socket from a SOCKMAP/SOCKHASH Jakub Sitnicki
2020-02-18 17:10 ` [PATCH bpf-next v7 09/11] net: Generate reuseport group ID on group creation Jakub Sitnicki
2020-02-18 17:10 ` [PATCH bpf-next v7 10/11] selftests/bpf: Extend SK_REUSEPORT tests to cover SOCKMAP/SOCKHASH Jakub Sitnicki
2020-02-21 3:52 ` John Fastabend
2020-02-18 17:10 ` [PATCH bpf-next v7 11/11] selftests/bpf: Tests for sockmap/sockhash holding listening sockets Jakub Sitnicki
2020-02-21 3:56 ` John Fastabend
2020-02-21 21:41 ` [PATCH bpf-next v7 00/11] Extend SOCKMAP/SOCKHASH to store " Daniel Borkmann
2020-02-22 0:47 ` Alexei Starovoitov
2020-02-22 13:49 ` Jakub Sitnicki
2020-02-23 21:43 ` Alexei Starovoitov
2020-02-24 13:59 ` Jakub Sitnicki
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200218171023.844439-7-jakub@cloudflare.com \
--to=jakub@cloudflare.com \
--cc=bpf@vger.kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kafai@fb.com \
--cc=kernel-team@cloudflare.com \
--cc=lmb@cloudflare.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).