Message ID | 20230808134049.1407498-8-leitao@debian.org |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp2345483vqr; Tue, 8 Aug 2023 12:23:53 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEzUzJ3AVT8959/1cgPnn8jsWA7XUy2XOwRjQdl8IX8IzB7DcRtkCqAm1/Q5p9Zr84Oc/2b X-Received: by 2002:a05:6512:2209:b0:4fb:cab9:ddf with SMTP id h9-20020a056512220900b004fbcab90ddfmr345068lfu.57.1691522632770; Tue, 08 Aug 2023 12:23:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691522632; cv=none; d=google.com; s=arc-20160816; b=LV3QqeMO/Z+G3vSocRCttR+ayx2SYULNBbz/FWy0Z2SckUDvKRjGbk3Qsq8OQw5lHP cE1piXcTexu3iqbSHk+o5KvsT7IWELxtKgdXLycwLtpfOw18fECIfs9sPnYOQmh1NFh6 jq7xc+QpCYOnKpN7WbNPktc9NhmY9cl5yfq0p06xP5rotAuHJt2NNT7ShK+lslfXROJV ZfyjUVyeQSStIcyNc+JRpGAUMuUxnN+5YfavbpNX3/BdE2lFh56PMth5Nh5zq97GzWgK ZBx07RCxnvDdkr2LkF/IJlq1vQ9td7108rsdulrTus7IP2dyuj1byg8KmfiAjTwyakmc 8PrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=D1FImuotzzVQ6nA+cw3aWKU2TeJBwRAYe/LnZXkkaFw=; fh=l1VDbM6J2p5aUkzf5Bk93PWv8dfwilEfhcujjbOTx18=; b=vdXfwYaqGLmw5O1pANIcuZz7cBq4/vy0BG82b3ZbYXT9sDLbu+Uw2BBXvTvO5UsBWw eo5IEmMi1/R4OGCGu0HYmhOilTXd1+DkSmb+IVPSSDUUc10Abj2I2qFBNenl7w216lhB vGwX9/+Z7DW3IxQoASGB3xJWNyRyrs3IQ9We0rh/eZsrMOl+lY0J1bsfMUbdFNevrhWl wyIuPIzYCyHauoQr2cmdifqJQqUssT44lnH3x74T+OMa/Wb0fINUfGU5sw4wR3dNdp3I r9QsNp/fOG/Nrl7Sy9pnZDnw2+1VXriKGfbnO5BaBGJwUfaFRTq9Gn5Bv+135f8ElbuE 019Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r23-20020aa7c157000000b0051e0d7a3fc9si8193881edp.37.2023.08.08.12.23.28; Tue, 08 Aug 2023 12:23:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235731AbjHHTRl (ORCPT <rfc822;aaronkmseo@gmail.com> + 99 others); Tue, 8 Aug 2023 15:17:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233408AbjHHTQX (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Tue, 8 Aug 2023 15:16:23 -0400 Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 61302F839C; Tue, 8 Aug 2023 09:39:15 -0700 (PDT) Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-4fe48d0ab0fso9142016e87.1; Tue, 08 Aug 2023 09:39:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691512724; x=1692117524; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=D1FImuotzzVQ6nA+cw3aWKU2TeJBwRAYe/LnZXkkaFw=; b=EkCA40kxooti6uJfoNlssQSr4NVwrGflalP+OqK6jMNA3ijjWS+eZs4M6eyBQVVYyI P3kHuvn9LiAnPomnRuO7ZHip+S52gzRIikunEID3OL7n7HeIdUT5PhF4xsmZ2oRinjvf hI9EDM5uZ10nKb5k70YeyEcWgKGdYOqMwJWqYWa6MPUnDk8e85F1A74l1R4jl6+I0Loj bsza1vqK10MbxmFz0x56knIi3keDR+l1SS98hIerkHxa27MgvqqWxnw8z51imILB3cOy e4hdzFvoGcN9QFehT/WvdSMqGVYKQckTSmdtAz7S91690wrq3TmUCCrrVAhqmGaDDRZW yOEA== X-Gm-Message-State: AOJu0Yxl9tj8oc6OXXvZgkWKC0MKrNfxqj53h9M+IjPt/ox4OyBb8DX/ LNnmSJHzDprRO/nUSjbjiN6TPpNHYjo= X-Received: by 2002:a2e:3307:0:b0:2b6:fe3c:c3c1 with SMTP id d7-20020a2e3307000000b002b6fe3cc3c1mr9358880ljc.4.1691502072628; Tue, 08 Aug 2023 06:41:12 -0700 (PDT) Received: from localhost (fwdproxy-cln-003.fbsv.net. [2a03:2880:31ff:3::face:b00c]) by smtp.gmail.com with ESMTPSA id s15-20020a170906284f00b00992e265495csm6650549ejc.212.2023.08.08.06.41.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Aug 2023 06:41:12 -0700 (PDT) From: Breno Leitao <leitao@debian.org> To: sdf@google.com, axboe@kernel.dk, asml.silence@gmail.com, willemdebruijn.kernel@gmail.com Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, io-uring@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com Subject: [PATCH v2 7/8] io_uring/cmd: BPF hook for getsockopt cmd Date: Tue, 8 Aug 2023 06:40:47 -0700 Message-Id: <20230808134049.1407498-8-leitao@debian.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230808134049.1407498-1-leitao@debian.org> References: <20230808134049.1407498-1-leitao@debian.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773690036230378614 X-GMAIL-MSGID: 1773690036230378614 |
Series |
io_uring: Initial support for {s,g}etsockopt commands
|
|
Commit Message
Breno Leitao
Aug. 8, 2023, 1:40 p.m. UTC
Add BPF hooks support for getsockopts io_uring command. So, bpf cgroups
programs can run when SOCKET_URING_OP_GETSOCKOPT command is called.
This implementation follows a similar approach to what
__sys_getsockopt() does, but, using USER_SOCKPTR() for optval instead of
kernel pointer.
Signed-off-by: Breno Leitao <leitao@debian.org>
---
io_uring/uring_cmd.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
Comments
Hi Breno, kernel test robot noticed the following build errors: [auto build test ERROR on next-20230808] [cannot apply to bpf-next/master bpf/master net/main net-next/main linus/master horms-ipvs/master v6.5-rc5 v6.5-rc4 v6.5-rc3 v6.5-rc5] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information] url: https://github.com/intel-lab-lkp/linux/commits/Breno-Leitao/net-expose-sock_use_custom_sol_socket/20230809-011901 base: next-20230808 patch link: https://lore.kernel.org/r/20230808134049.1407498-8-leitao%40debian.org patch subject: [PATCH v2 7/8] io_uring/cmd: BPF hook for getsockopt cmd config: x86_64-randconfig-r012-20230808 (https://download.01.org/0day-ci/archive/20230809/202308091149.ltz0y4QZ-lkp@intel.com/config) compiler: gcc-12 (Debian 12.2.0-14) 12.2.0 reproduce: (https://download.01.org/0day-ci/archive/20230809/202308091149.ltz0y4QZ-lkp@intel.com/reproduce) If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot <lkp@intel.com> | Closes: https://lore.kernel.org/oe-kbuild-all/202308091149.ltz0y4QZ-lkp@intel.com/ All errors (new ones prefixed by >>): In file included from include/linux/export.h:5, from include/linux/linkage.h:7, from include/linux/kernel.h:17, from io_uring/uring_cmd.c:2: io_uring/uring_cmd.c: In function 'io_uring_cmd_getsockopt': >> include/linux/bpf-cgroup.h:393:41: error: 'tcp_bpf_bypass_getsockopt' undeclared (first use in this function) 393 | tcp_bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:76:45: note: in definition of macro 'likely' 76 | # define likely(x) __builtin_expect(!!(x), 1) | ^ include/linux/indirect_call_wrapper.h:66:42: note: in expansion of macro 'INDIRECT_CALL_1' 66 | #define INDIRECT_CALL_INET_1(f, f1, ...) INDIRECT_CALL_1(f, f1, __VA_ARGS__) | ^~~~~~~~~~~~~~~ include/linux/bpf-cgroup.h:392:22: note: in expansion of macro 'INDIRECT_CALL_INET_1' 392 | !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~ io_uring/uring_cmd.c:191:23: note: in expansion of macro 'BPF_CGROUP_RUN_PROG_GETSOCKOPT' 191 | err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/bpf-cgroup.h:393:41: note: each undeclared identifier is reported only once for each function it appears in 393 | tcp_bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/compiler.h:76:45: note: in definition of macro 'likely' 76 | # define likely(x) __builtin_expect(!!(x), 1) | ^ include/linux/indirect_call_wrapper.h:66:42: note: in expansion of macro 'INDIRECT_CALL_1' 66 | #define INDIRECT_CALL_INET_1(f, f1, ...) INDIRECT_CALL_1(f, f1, __VA_ARGS__) | ^~~~~~~~~~~~~~~ include/linux/bpf-cgroup.h:392:22: note: in expansion of macro 'INDIRECT_CALL_INET_1' 392 | !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~ io_uring/uring_cmd.c:191:23: note: in expansion of macro 'BPF_CGROUP_RUN_PROG_GETSOCKOPT' 191 | err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from include/net/sock.h:62, from include/linux/bpf-cgroup.h:11, from io_uring/uring_cmd.c:9: >> include/linux/bpf-cgroup.h:393:41: error: implicit declaration of function 'tcp_bpf_bypass_getsockopt' [-Werror=implicit-function-declaration] 393 | tcp_bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~~~~~~ include/linux/indirect_call_wrapper.h:19:35: note: in definition of macro 'INDIRECT_CALL_1' 19 | likely(f == f1) ? f1(__VA_ARGS__) : f(__VA_ARGS__); \ | ^~ include/linux/bpf-cgroup.h:392:22: note: in expansion of macro 'INDIRECT_CALL_INET_1' 392 | !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \ | ^~~~~~~~~~~~~~~~~~~~ io_uring/uring_cmd.c:191:23: note: in expansion of macro 'BPF_CGROUP_RUN_PROG_GETSOCKOPT' 191 | err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ io_uring/uring_cmd.c: In function 'io_uring_cmd_setsockopt': io_uring/uring_cmd.c:223:58: error: 'koptval' undeclared (first use in this function); did you mean 'optval'? 223 | USER_SOCKPTR(koptval), optlen); | ^~~~~~~ | optval cc1: some warnings being treated as errors vim +/tcp_bpf_bypass_getsockopt +393 include/linux/bpf-cgroup.h 0d01da6afc5402 Stanislav Fomichev 2019-06-27 384 0d01da6afc5402 Stanislav Fomichev 2019-06-27 385 #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, optlen, \ 0d01da6afc5402 Stanislav Fomichev 2019-06-27 386 max_optlen, retval) \ 0d01da6afc5402 Stanislav Fomichev 2019-06-27 387 ({ \ 0d01da6afc5402 Stanislav Fomichev 2019-06-27 388 int __ret = retval; \ 46531a30364bd4 Pavel Begunkov 2022-01-27 389 if (cgroup_bpf_enabled(CGROUP_GETSOCKOPT) && \ 46531a30364bd4 Pavel Begunkov 2022-01-27 390 cgroup_bpf_sock_enabled(sock, CGROUP_GETSOCKOPT)) \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 391 if (!(sock)->sk_prot->bpf_bypass_getsockopt || \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 392 !INDIRECT_CALL_INET_1((sock)->sk_prot->bpf_bypass_getsockopt, \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 @393 tcp_bpf_bypass_getsockopt, \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 394 level, optname)) \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 395 __ret = __cgroup_bpf_run_filter_getsockopt( \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 396 sock, level, optname, optval, optlen, \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 397 max_optlen, retval); \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 398 __ret; \ 9cacf81f816111 Stanislav Fomichev 2021-01-15 399 }) 9cacf81f816111 Stanislav Fomichev 2021-01-15 400
Breno Leitao <leitao@debian.org> writes: > Add BPF hooks support for getsockopts io_uring command. So, bpf cgroups > programs can run when SOCKET_URING_OP_GETSOCKOPT command is called. > > This implementation follows a similar approach to what > __sys_getsockopt() does, but, using USER_SOCKPTR() for optval instead of > kernel pointer. > > Signed-off-by: Breno Leitao <leitao@debian.org> > --- > io_uring/uring_cmd.c | 18 +++++++++++++----- > 1 file changed, 13 insertions(+), 5 deletions(-) > > diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c > index dbba005a7290..3693e5779229 100644 > --- a/io_uring/uring_cmd.c > +++ b/io_uring/uring_cmd.c > @@ -5,6 +5,8 @@ > #include <linux/io_uring.h> > #include <linux/security.h> > #include <linux/nospec.h> > +#include <linux/compat.h> > +#include <linux/bpf-cgroup.h> > > #include <uapi/linux/io_uring.h> > #include <uapi/asm-generic/ioctls.h> > @@ -179,17 +181,23 @@ static inline int io_uring_cmd_getsockopt(struct socket *sock, > if (err) > return err; > > - if (level == SOL_SOCKET) { > + err = -EOPNOTSUPP; > + if (level == SOL_SOCKET) > err = sk_getsockopt(sock->sk, level, optname, > USER_SOCKPTR(optval), > KERNEL_SOCKPTR(&optlen)); > - if (err) > - return err; > > + if (!in_compat_syscall()) > + err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, > + optname, > + USER_SOCKPTR(optval), > + KERNEL_SOCKPTR(&optlen), > + optlen, err); I'm not sure if it makes sense to use in_compat_syscall() here. Can't this be invoked in a ring with ctx->compat set, but from outside a compat syscall context (i.e. from sqpoll or even a !compat io_uring_enter syscall)? I suspect you might need to check ctx->compact instead, but I'm not sure. Did you consider that? > + > + if (!err) > return optlen; > - } > > - return -EOPNOTSUPP; > + return err; > } > > static inline int io_uring_cmd_setsockopt(struct socket *sock,
Hello Gabriel, On Wed, Aug 09, 2023 at 12:46:27PM -0400, Gabriel Krisman Bertazi wrote: > Breno Leitao <leitao@debian.org> writes: > > > Add BPF hooks support for getsockopts io_uring command. So, bpf cgroups > > programs can run when SOCKET_URING_OP_GETSOCKOPT command is called. > > > > This implementation follows a similar approach to what > > __sys_getsockopt() does, but, using USER_SOCKPTR() for optval instead of > > kernel pointer. > > > > Signed-off-by: Breno Leitao <leitao@debian.org> > > --- > > io_uring/uring_cmd.c | 18 +++++++++++++----- > > 1 file changed, 13 insertions(+), 5 deletions(-) > > > > diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c > > index dbba005a7290..3693e5779229 100644 > > --- a/io_uring/uring_cmd.c > > +++ b/io_uring/uring_cmd.c > > @@ -5,6 +5,8 @@ > > #include <linux/io_uring.h> > > #include <linux/security.h> > > #include <linux/nospec.h> > > +#include <linux/compat.h> > > +#include <linux/bpf-cgroup.h> > > > > #include <uapi/linux/io_uring.h> > > #include <uapi/asm-generic/ioctls.h> > > @@ -179,17 +181,23 @@ static inline int io_uring_cmd_getsockopt(struct socket *sock, > > if (err) > > return err; > > > > - if (level == SOL_SOCKET) { > > + err = -EOPNOTSUPP; > > + if (level == SOL_SOCKET) > > err = sk_getsockopt(sock->sk, level, optname, > > USER_SOCKPTR(optval), > > KERNEL_SOCKPTR(&optlen)); > > - if (err) > > - return err; > > > > + if (!in_compat_syscall()) > > + err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, > > + optname, > > + USER_SOCKPTR(optval), > > + KERNEL_SOCKPTR(&optlen), > > + optlen, err); > > I'm not sure if it makes sense to use in_compat_syscall() here. Can't > this be invoked in a ring with ctx->compat set, but from outside a > compat syscall context (i.e. from sqpoll or even a !compat > io_uring_enter syscall)? I suspect you might need to check ctx->compact > instead, but I'm not sure. Did you consider that? I think that checking ctx->compat seems to be the right thing to do. I will update.
diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c index dbba005a7290..3693e5779229 100644 --- a/io_uring/uring_cmd.c +++ b/io_uring/uring_cmd.c @@ -5,6 +5,8 @@ #include <linux/io_uring.h> #include <linux/security.h> #include <linux/nospec.h> +#include <linux/compat.h> +#include <linux/bpf-cgroup.h> #include <uapi/linux/io_uring.h> #include <uapi/asm-generic/ioctls.h> @@ -179,17 +181,23 @@ static inline int io_uring_cmd_getsockopt(struct socket *sock, if (err) return err; - if (level == SOL_SOCKET) { + err = -EOPNOTSUPP; + if (level == SOL_SOCKET) err = sk_getsockopt(sock->sk, level, optname, USER_SOCKPTR(optval), KERNEL_SOCKPTR(&optlen)); - if (err) - return err; + if (!in_compat_syscall()) + err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, + optname, + USER_SOCKPTR(optval), + KERNEL_SOCKPTR(&optlen), + optlen, err); + + if (!err) return optlen; - } - return -EOPNOTSUPP; + return err; } static inline int io_uring_cmd_setsockopt(struct socket *sock,