From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40D2BC282C2 for ; Sun, 10 Feb 2019 07:22:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id F2E392173C for ; Sun, 10 Feb 2019 07:22:28 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=fb.com header.i=@fb.com header.b="S6J58z6j" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725994AbfBJHWX (ORCPT ); Sun, 10 Feb 2019 02:22:23 -0500 Received: from mx0a-00082601.pphosted.com ([67.231.145.42]:35310 "EHLO mx0a-00082601.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725871AbfBJHWX (ORCPT ); Sun, 10 Feb 2019 02:22:23 -0500 Received: from pps.filterd (m0148461.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x1A7D3Gb018204 for ; Sat, 9 Feb 2019 23:22:22 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : mime-version : content-type; s=facebook; bh=MVE5uyXePKZlxsYseq+V0JS1e9HR/bwXehEVsKMqV7U=; b=S6J58z6jfi7ClpgiM3ktkFv1SSQ63scmG5qQIGT5bVPUORv8tJg8n/esjD1xO6IFYYNi thPoLbMpfmRIuXBi2O6Iqch4gni/rau8bzhFVhoKytyiax5VNC5m7KzuoSbw43qqM/aw 6tPJP8sHXSPzMEaxmpjqNLDhEGnYnsTidDQ= Received: from maileast.thefacebook.com ([199.201.65.23]) by mx0a-00082601.pphosted.com with ESMTP id 2qhvup1yub-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT) for ; Sat, 09 Feb 2019 23:22:22 -0800 Received: from mx-out.facebook.com (2620:10d:c0a1:3::13) by mail.thefacebook.com (2620:10d:c021:18::176) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1531.3; Sat, 9 Feb 2019 23:22:21 -0800 Received: by devbig005.ftw2.facebook.com (Postfix, from userid 6611) id 8BBAD29431B7; Sat, 9 Feb 2019 23:22:20 -0800 (PST) Smtp-Origin-Hostprefix: devbig From: Martin KaFai Lau Smtp-Origin-Hostname: devbig005.ftw2.facebook.com To: CC: Alexei Starovoitov , Daniel Borkmann , , Lawrence Brakmo Smtp-Origin-Cluster: ftw2c04 Subject: [PATCH v2 bpf-next 0/7] Add __sk_buff->sk, bpf_tcp_sock, BPF_FUNC_tcp_sock and BPF_FUNC_sk_fullsock Date: Sat, 9 Feb 2019 23:22:20 -0800 Message-ID: <20190210072220.1530061-1-kafai@fb.com> X-Mailer: git-send-email 2.17.1 X-FB-Internal: Safe MIME-Version: 1.0 Content-Type: text/plain X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-02-10_06:,, signatures=0 X-Proofpoint-Spam-Reason: safe X-FB-Internal: Safe Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This series adds __sk_buff->sk, "struct bpf_tcp_sock", BPF_FUNC_sk_fullsock and BPF_FUNC_tcp_sock. Together, they provide a common way to expose the members of "struct tcp_sock" and "struct bpf_sock" for the bpf_prog to access. The patch series first adds a bpf_sock pointer to __sk_buff and a new helper BPF_FUNC_sk_fullsock. It then adds BPF_FUNC_tcp_sock to get a bpf_tcp_sock pointer from a bpf_sock pointer. The current use case is to allow a cg_skb_bpf_prog to provide per cgroup traffic policing/shaping. Please see individual patch for details. v2: - Patch 1 depends on commit d623876646be ("bpf: Fix narrow load on a bpf_sock returned from sk_lookup()") in the bpf branch. - Add sk_to_full_sk() to bpf_sk_fullsock() and bpf_tcp_sock() such that there is a way to access the listener's sk and tcp_sk when __sk_buff->sk is a request_sock. The comments in the uapi bpf.h is updated accordingly. - bpf_ctx_range_till() is used in bpf_sock_common_is_valid_access() in patch 1. Saved a few lines. - Patch 2 is new in v2 and it adds "state", "dst_ip4", "dst_ip6" and "dst_port" to the bpf_sock. Narrow load is allowed on them. The "state" (i.e. sk_state) has already been used in INET_DIAG (e.g. ss -t) and getsockopt(TCP_INFO). - While at it in the new patch 2, also allow narrow load on some existing fields of the bpf_sock, which are "family", "type", "protocol" and "src_port". Only allow loading from first byte for now. i.e. does not allow narrow load starting from the 2nd byte. - Add some narrow load tests to the test_verifier's sock.c Martin KaFai Lau (7): bpf: Add a bpf_sock pointer to __sk_buff and a bpf_sk_fullsock helper bpf: Add state, dst_ip4, dst_ip6 and dst_port to bpf_sock bpf: Refactor sock_ops_convert_ctx_access bpf: Add struct bpf_tcp_sock and BPF_FUNC_tcp_sock bpf: Sync bpf.h to tools/ bpf: Add skb->sk, bpf_sk_fullsock and bpf_tcp_sock tests to test_verifer bpf: Add test_sock_fields for skb->sk and bpf_tcp_sock include/linux/bpf.h | 42 ++ include/uapi/linux/bpf.h | 72 ++- kernel/bpf/verifier.c | 159 ++++-- net/core/filter.c | 495 +++++++++++------- tools/include/uapi/linux/bpf.h | 72 ++- tools/testing/selftests/bpf/Makefile | 6 +- tools/testing/selftests/bpf/bpf_helpers.h | 4 + tools/testing/selftests/bpf/bpf_util.h | 9 + .../testing/selftests/bpf/test_sock_fields.c | 327 ++++++++++++ .../selftests/bpf/test_sock_fields_kern.c | 152 ++++++ .../selftests/bpf/verifier/ref_tracking.c | 4 +- tools/testing/selftests/bpf/verifier/sock.c | 384 ++++++++++++++ tools/testing/selftests/bpf/verifier/unpriv.c | 2 +- 13 files changed, 1493 insertions(+), 235 deletions(-) create mode 100644 tools/testing/selftests/bpf/test_sock_fields.c create mode 100644 tools/testing/selftests/bpf/test_sock_fields_kern.c create mode 100644 tools/testing/selftests/bpf/verifier/sock.c -- 2.17.1