Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d6f4177 authored by Daniel Borkmann's avatar Daniel Borkmann
Browse files

Merge branch 'bpf-reuseport-map' 



Martin KaFai Lau says:

====================
This series introduces a new map type "BPF_MAP_TYPE_REUSEPORT_SOCKARRAY"
and a new prog type BPF_PROG_TYPE_SK_REUSEPORT.

Here is a snippet from a commit message:

"To unleash the full potential of a bpf prog, it is essential for the
userspace to be capable of directly setting up a bpf map which can then
be consumed by the bpf prog to make decision.  In this case, decide which
SO_REUSEPORT sk to serve the incoming request.

By adding BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, the userspace has total control
and visibility on where a SO_REUSEPORT sk should be located in a bpf map.
The later patch will introduce BPF_PROG_TYPE_SK_REUSEPORT such that
the bpf prog can directly select a sk from the bpf map.  That will
raise the programmability of the bpf prog attached to a reuseport
group (a group of sk serving the same IP:PORT).

For example, in UDP, the bpf prog can peek into the payload (e.g.
through the "data" pointer introduced in the later patch) to learn
the application level's connection information and then decide which sk
to pick from a bpf map.  The userspace can tightly couple the sk's location
in a bpf map with the application logic in generating the UDP payload's
connection information.  This connection info contact/API stays within the
userspace.

Also, when used with map-in-map, the userspace can switch the
old-server-process's inner map to a new-server-process's inner map
in one call "bpf_map_update_elem(outer_map, &index, &new_reuseport_array)".
The bpf prog will then direct incoming requests to the new process instead
of the old process.  The old process can finish draining the pending
requests (e.g. by "accept()") before closing the old-fds.  [Note that
deleting a fd from a bpf map does not necessary mean the fd is closed]"
====================

Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
parents 74b247f4 91134d84

include/linux/bpf.h

+28 −0
Original line number Diff line number Diff line
@@ -524,6 +524,7 @@ static inline int bpf_map_attr_numa_node(const union bpf_attr *attr) 
}



struct bpf_prog *bpf_prog_get_type_path(const char *name, enum bpf_prog_type type);

int array_map_alloc_check(union bpf_attr *attr);



#else /* !CONFIG_BPF_SYSCALL */

static inline struct bpf_prog *bpf_prog_get(u32 ufd)
@@ -769,6 +770,33 @@ static inline void __xsk_map_flush(struct bpf_map *map) 
}

#endif



#if defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL)

void bpf_sk_reuseport_detach(struct sock *sk);

int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map, void *key,

				       void *value);

int bpf_fd_reuseport_array_update_elem(struct bpf_map *map, void *key,

				       void *value, u64 map_flags);

#else

static inline void bpf_sk_reuseport_detach(struct sock *sk)

{

}



#ifdef CONFIG_BPF_SYSCALL

static inline int bpf_fd_reuseport_array_lookup_elem(struct bpf_map *map,

						     void *key, void *value)

{

	return -EOPNOTSUPP;

}



static inline int bpf_fd_reuseport_array_update_elem(struct bpf_map *map,

						     void *key, void *value,

						     u64 map_flags)

{

	return -EOPNOTSUPP;

}

#endif /* CONFIG_BPF_SYSCALL */

#endif /* defined(CONFIG_INET) && defined(CONFIG_BPF_SYSCALL) */



/* verifier prototypes for helper functions called from eBPF programs */

extern const struct bpf_func_proto bpf_map_lookup_elem_proto;

extern const struct bpf_func_proto bpf_map_update_elem_proto;

include/linux/bpf_types.h

+6 −0
Original line number Diff line number Diff line
@@ -29,6 +29,9 @@ BPF_PROG_TYPE(BPF_PROG_TYPE_CGROUP_DEVICE, cg_dev) 
#ifdef CONFIG_BPF_LIRC_MODE2

BPF_PROG_TYPE(BPF_PROG_TYPE_LIRC_MODE2, lirc_mode2)

#endif

#ifdef CONFIG_INET

BPF_PROG_TYPE(BPF_PROG_TYPE_SK_REUSEPORT, sk_reuseport)

#endif



BPF_MAP_TYPE(BPF_MAP_TYPE_ARRAY, array_map_ops)

BPF_MAP_TYPE(BPF_MAP_TYPE_PERCPU_ARRAY, percpu_array_map_ops)
@@ -60,4 +63,7 @@ BPF_MAP_TYPE(BPF_MAP_TYPE_CPUMAP, cpu_map_ops) 
#if defined(CONFIG_XDP_SOCKETS)

BPF_MAP_TYPE(BPF_MAP_TYPE_XSKMAP, xsk_map_ops)

#endif

#ifdef CONFIG_INET

BPF_MAP_TYPE(BPF_MAP_TYPE_REUSEPORT_SOCKARRAY, reuseport_array_ops)

#endif

#endif

include/linux/filter.h

+16 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ struct seccomp_data; 
struct bpf_prog_aux;

struct xdp_rxq_info;

struct xdp_buff;

struct sock_reuseport;



/* ArgX, context and stack frame pointer register positions. Note,

 * Arg1, Arg2, Arg3, etc are used as argument mappings of function
@@ -752,6 +753,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); 
int sk_attach_bpf(u32 ufd, struct sock *sk);

int sk_reuseport_attach_filter(struct sock_fprog *fprog, struct sock *sk);

int sk_reuseport_attach_bpf(u32 ufd, struct sock *sk);

void sk_reuseport_prog_free(struct bpf_prog *prog);

int sk_detach_filter(struct sock *sk);

int sk_get_filter(struct sock *sk, struct sock_filter __user *filter,

		  unsigned int len);
@@ -833,6 +835,20 @@ void bpf_warn_invalid_xdp_action(u32 act); 
struct sock *do_sk_redirect_map(struct sk_buff *skb);

struct sock *do_msg_redirect_map(struct sk_msg_buff *md);



#ifdef CONFIG_INET

struct sock *bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,

				  struct bpf_prog *prog, struct sk_buff *skb,

				  u32 hash);

#else

static inline struct sock *

bpf_run_sk_reuseport(struct sock_reuseport *reuse, struct sock *sk,

		     struct bpf_prog *prog, struct sk_buff *skb,

		     u32 hash)

{

	return NULL;

}

#endif



#ifdef CONFIG_BPF_JIT

extern int bpf_jit_enable;

extern int bpf_jit_harden;

include/net/addrconf.h

+1 −0
Original line number Diff line number Diff line
@@ -108,6 +108,7 @@ int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr, 
		    u32 banned_flags);

bool inet_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2,

			  bool match_wildcard);

bool inet_rcv_saddr_any(const struct sock *sk);

void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr);

void addrconf_leave_solict(struct inet6_dev *idev, const struct in6_addr *addr);

include/net/sock_reuseport.h

+15 −4
Original line number Diff line number Diff line
@@ -5,25 +5,36 @@ 
#include <linux/filter.h>

#include <linux/skbuff.h>

#include <linux/types.h>

#include <linux/spinlock.h>

#include <net/sock.h>



extern spinlock_t reuseport_lock;



struct sock_reuseport {

	struct rcu_head		rcu;



	u16			max_socks;	/* length of socks */

	u16			num_socks;	/* elements in socks */

	/* The last synq overflow event timestamp of this

	 * reuse->socks[] group.

	 */

	unsigned int		synq_overflow_ts;

	/* ID stays the same even after the size of socks[] grows. */

	unsigned int		reuseport_id;

	bool			bind_inany;

	struct bpf_prog __rcu	*prog;		/* optional BPF sock selector */

	struct sock		*socks[0];	/* array of sock pointers */

};



extern int reuseport_alloc(struct sock *sk);

extern int reuseport_add_sock(struct sock *sk, struct sock *sk2);

extern int reuseport_alloc(struct sock *sk, bool bind_inany);

extern int reuseport_add_sock(struct sock *sk, struct sock *sk2,

			      bool bind_inany);

extern void reuseport_detach_sock(struct sock *sk);

extern struct sock *reuseport_select_sock(struct sock *sk,

					  u32 hash,

					  struct sk_buff *skb,

					  int hdr_len);

extern struct bpf_prog *reuseport_attach_prog(struct sock *sk,

					      struct bpf_prog *prog);

extern int reuseport_attach_prog(struct sock *sk, struct bpf_prog *prog);

int reuseport_get_id(struct sock_reuseport *reuse);



#endif  /* _SOCK_REUSEPORT_H */