Commit 4aeba328 authored by Alexei Starovoitov's avatar Alexei Starovoitov
Browse files

Merge branch 'fix-unconnected-udp' 



Daniel Borkmann says:

====================
Please refer to the patch 1/6 as the main patch with the details
on the current sendmsg hook API limitations and proposal to fix
it in order to work with basic applications like DNS. Remaining
patches are the usual uapi and tooling updates as well as test
cases. Thanks a lot!

v2 -> v3:
  - Add attach types to test_section_names.c and libbpf (Andrey)
  - Added given Acks, rest as-is
v1 -> v2:
  - Split off uapi header sync and bpftool bits (Martin, Alexei)
  - Added missing bpftool doc and bash completion as well
====================

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parents 1884c066 b714560f

include/linux/bpf-cgroup.h

+8 −0
Original line number Diff line number Diff line
@@ -238,6 +238,12 @@ int bpf_percpu_cgroup_storage_update(struct bpf_map *map, void *key, 
#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_SENDMSG, t_ctx)



#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP4_RECVMSG, NULL)



#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, BPF_CGROUP_UDP6_RECVMSG, NULL)



#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops)				       \

({									       \

	int __ret = 0;							       \
@@ -339,6 +345,8 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map, 
#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })

#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos,nbuf) ({ 0; })

include/uapi/linux/bpf.h

+2 −0
Original line number Diff line number Diff line
@@ -192,6 +192,8 @@ enum bpf_attach_type { 
	BPF_LIRC_MODE2,

	BPF_FLOW_DISSECTOR,

	BPF_CGROUP_SYSCTL,

	BPF_CGROUP_UDP4_RECVMSG,

	BPF_CGROUP_UDP6_RECVMSG,

	__MAX_BPF_ATTACH_TYPE

};

kernel/bpf/syscall.c

+8 −0
Original line number Diff line number Diff line
@@ -1581,6 +1581,8 @@ bpf_prog_load_check_attach_type(enum bpf_prog_type prog_type, 
		case BPF_CGROUP_INET6_CONNECT:

		case BPF_CGROUP_UDP4_SENDMSG:

		case BPF_CGROUP_UDP6_SENDMSG:

		case BPF_CGROUP_UDP4_RECVMSG:

		case BPF_CGROUP_UDP6_RECVMSG:

			return 0;

		default:

			return -EINVAL;
@@ -1875,6 +1877,8 @@ static int bpf_prog_attach(const union bpf_attr *attr) 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

		ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;

		break;

	case BPF_CGROUP_SOCK_OPS:
@@ -1960,6 +1964,8 @@ static int bpf_prog_detach(const union bpf_attr *attr) 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

		ptype = BPF_PROG_TYPE_CGROUP_SOCK_ADDR;

		break;

	case BPF_CGROUP_SOCK_OPS:
@@ -2011,6 +2017,8 @@ static int bpf_prog_query(const union bpf_attr *attr, 
	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

	case BPF_CGROUP_UDP6_RECVMSG:

	case BPF_CGROUP_SOCK_OPS:

	case BPF_CGROUP_DEVICE:

	case BPF_CGROUP_SYSCTL:

kernel/bpf/verifier.c

+8 −4
Original line number Diff line number Diff line
@@ -5361,9 +5361,12 @@ static int check_return_code(struct bpf_verifier_env *env) 
	struct tnum range = tnum_range(0, 1);



	switch (env->prog->type) {

	case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:

		if (env->prog->expected_attach_type == BPF_CGROUP_UDP4_RECVMSG ||

		    env->prog->expected_attach_type == BPF_CGROUP_UDP6_RECVMSG)

			range = tnum_range(1, 1);

	case BPF_PROG_TYPE_CGROUP_SKB:

	case BPF_PROG_TYPE_CGROUP_SOCK:

	case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:

	case BPF_PROG_TYPE_SOCK_OPS:

	case BPF_PROG_TYPE_CGROUP_DEVICE:

	case BPF_PROG_TYPE_CGROUP_SYSCTL:
@@ -5380,16 +5383,17 @@ static int check_return_code(struct bpf_verifier_env *env) 
	}



	if (!tnum_in(range, reg->var_off)) {

		verbose(env, "At program exit the register R0 ");

		if (!tnum_is_unknown(reg->var_off)) {

		char tn_buf[48];



		verbose(env, "At program exit the register R0 ");

		if (!tnum_is_unknown(reg->var_off)) {

			tnum_strn(tn_buf, sizeof(tn_buf), reg->var_off);

			verbose(env, "has value %s", tn_buf);

		} else {

			verbose(env, "has unknown scalar value");

		}

		verbose(env, " should have been 0 or 1\n");

		tnum_strn(tn_buf, sizeof(tn_buf), range);

		verbose(env, " should have been in %s\n", tn_buf);

		return -EINVAL;

	}

	return 0;

net/core/filter.c

+2 −0
Original line number Diff line number Diff line
@@ -6748,6 +6748,7 @@ static bool sock_addr_is_valid_access(int off, int size, 
		case BPF_CGROUP_INET4_BIND:

		case BPF_CGROUP_INET4_CONNECT:

		case BPF_CGROUP_UDP4_SENDMSG:

		case BPF_CGROUP_UDP4_RECVMSG:

			break;

		default:

			return false;
@@ -6758,6 +6759,7 @@ static bool sock_addr_is_valid_access(int off, int size, 
		case BPF_CGROUP_INET6_BIND:

		case BPF_CGROUP_INET6_CONNECT:

		case BPF_CGROUP_UDP6_SENDMSG:

		case BPF_CGROUP_UDP6_RECVMSG:

			break;

		default:

			return false;

CRA Git | Maintained and supported by SUSTech CRA and CCSE