Blame view
net/ipv4/bpf_tcp_ca.c
6.4 KB
0baf26b0f bpf: tcp: Support... |
1 2 3 4 5 6 7 8 9 |
// SPDX-License-Identifier: GPL-2.0 /* Copyright (c) 2019 Facebook */ #include <linux/types.h> #include <linux/bpf_verifier.h> #include <linux/bpf.h> #include <linux/btf.h> #include <linux/filter.h> #include <net/tcp.h> |
ab14fd4ee bpf: Add bpf_sk_s... |
10 |
#include <net/bpf_sk_storage.h> |
0baf26b0f bpf: tcp: Support... |
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 |
static u32 optional_ops[] = { offsetof(struct tcp_congestion_ops, init), offsetof(struct tcp_congestion_ops, release), offsetof(struct tcp_congestion_ops, set_state), offsetof(struct tcp_congestion_ops, cwnd_event), offsetof(struct tcp_congestion_ops, in_ack_event), offsetof(struct tcp_congestion_ops, pkts_acked), offsetof(struct tcp_congestion_ops, min_tso_segs), offsetof(struct tcp_congestion_ops, sndbuf_expand), offsetof(struct tcp_congestion_ops, cong_control), }; static u32 unsupported_ops[] = { offsetof(struct tcp_congestion_ops, get_info), }; static const struct btf_type *tcp_sock_type; static u32 tcp_sock_id, sock_id; static int bpf_tcp_ca_init(struct btf *btf) { s32 type_id; type_id = btf_find_by_name_kind(btf, "sock", BTF_KIND_STRUCT); if (type_id < 0) return -EINVAL; sock_id = type_id; type_id = btf_find_by_name_kind(btf, "tcp_sock", BTF_KIND_STRUCT); if (type_id < 0) return -EINVAL; tcp_sock_id = type_id; tcp_sock_type = btf_type_by_id(btf, tcp_sock_id); return 0; } static bool is_optional(u32 member_offset) { unsigned int i; for (i = 0; i < ARRAY_SIZE(optional_ops); i++) { if (member_offset == optional_ops[i]) return true; } return false; } static bool is_unsupported(u32 member_offset) { unsigned int i; for (i = 0; i < ARRAY_SIZE(unsupported_ops); i++) { if (member_offset == unsupported_ops[i]) return true; } return false; } extern struct btf *btf_vmlinux; static bool bpf_tcp_ca_is_valid_access(int off, int size, enum bpf_access_type type, const struct bpf_prog *prog, struct bpf_insn_access_aux *info) { if (off < 0 || off >= sizeof(__u64) * MAX_BPF_FUNC_ARGS) return false; if (type != BPF_READ) return false; if (off % size != 0) return false; if (!btf_ctx_access(off, size, type, prog, info)) return false; if (info->reg_type == PTR_TO_BTF_ID && info->btf_id == sock_id) /* promote it to tcp_sock */ info->btf_id = tcp_sock_id; return true; } static int bpf_tcp_ca_btf_struct_access(struct bpf_verifier_log *log, const struct btf_type *t, int off, int size, enum bpf_access_type atype, u32 *next_btf_id) { size_t end; if (atype == BPF_READ) return btf_struct_access(log, t, off, size, atype, next_btf_id); if (t != tcp_sock_type) { bpf_log(log, "only read is supported "); return -EACCES; } switch (off) { case bpf_ctx_range(struct inet_connection_sock, icsk_ca_priv): end = offsetofend(struct inet_connection_sock, icsk_ca_priv); break; case offsetof(struct inet_connection_sock, icsk_ack.pending): end = offsetofend(struct inet_connection_sock, icsk_ack.pending); break; case offsetof(struct tcp_sock, snd_cwnd): end = offsetofend(struct tcp_sock, snd_cwnd); break; case offsetof(struct tcp_sock, snd_cwnd_cnt): end = offsetofend(struct tcp_sock, snd_cwnd_cnt); break; case offsetof(struct tcp_sock, snd_ssthresh): end = offsetofend(struct tcp_sock, snd_ssthresh); break; case offsetof(struct tcp_sock, ecn_flags): end = offsetofend(struct tcp_sock, ecn_flags); break; default: bpf_log(log, "no write support to tcp_sock at off %d ", off); return -EACCES; } if (off + size > end) { bpf_log(log, "write access at off %d with size %d beyond the member of tcp_sock ended at %zu ", off, size, end); return -EACCES; } return NOT_INIT; } |
206057fe0 bpf: Add BPF_FUNC... |
149 150 151 152 153 154 155 156 157 158 159 160 161 |
BPF_CALL_2(bpf_tcp_send_ack, struct tcp_sock *, tp, u32, rcv_nxt) { /* bpf_tcp_ca prog cannot have NULL tp */ __tcp_send_ack((struct sock *)tp, rcv_nxt); return 0; } static const struct bpf_func_proto bpf_tcp_send_ack_proto = { .func = bpf_tcp_send_ack, .gpl_only = false, /* In case we want to report error later */ .ret_type = RET_INTEGER, .arg1_type = ARG_PTR_TO_BTF_ID, |
9436ef6e8 bpf: Allow specif... |
162 |
.arg1_btf_id = &tcp_sock_id, |
206057fe0 bpf: Add BPF_FUNC... |
163 |
.arg2_type = ARG_ANYTHING, |
206057fe0 bpf: Add BPF_FUNC... |
164 |
}; |
0baf26b0f bpf: tcp: Support... |
165 166 167 168 |
static const struct bpf_func_proto * bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) { |
206057fe0 bpf: Add BPF_FUNC... |
169 170 171 |
switch (func_id) { case BPF_FUNC_tcp_send_ack: return &bpf_tcp_send_ack_proto; |
ab14fd4ee bpf: Add bpf_sk_s... |
172 |
case BPF_FUNC_sk_storage_get: |
592a34986 bpf: Change bpf_s... |
173 |
return &bpf_sk_storage_get_proto; |
ab14fd4ee bpf: Add bpf_sk_s... |
174 |
case BPF_FUNC_sk_storage_delete: |
592a34986 bpf: Change bpf_s... |
175 |
return &bpf_sk_storage_delete_proto; |
206057fe0 bpf: Add BPF_FUNC... |
176 177 178 |
default: return bpf_base_func_proto(func_id); } |
0baf26b0f bpf: tcp: Support... |
179 180 181 182 183 184 185 186 187 188 189 190 191 192 |
} static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = { .get_func_proto = bpf_tcp_ca_get_func_proto, .is_valid_access = bpf_tcp_ca_is_valid_access, .btf_struct_access = bpf_tcp_ca_btf_struct_access, }; static int bpf_tcp_ca_init_member(const struct btf_type *t, const struct btf_member *member, void *kdata, const void *udata) { const struct tcp_congestion_ops *utcp_ca; struct tcp_congestion_ops *tcp_ca; |
0baf26b0f bpf: tcp: Support... |
193 194 195 196 197 198 199 200 201 202 203 204 205 206 |
int prog_fd; u32 moff; utcp_ca = (const struct tcp_congestion_ops *)udata; tcp_ca = (struct tcp_congestion_ops *)kdata; moff = btf_member_bit_offset(t, member) / 8; switch (moff) { case offsetof(struct tcp_congestion_ops, flags): if (utcp_ca->flags & ~TCP_CONG_MASK) return -EINVAL; tcp_ca->flags = utcp_ca->flags; return 1; case offsetof(struct tcp_congestion_ops, name): |
8e7ae2518 bpf: Sanitize the... |
207 208 |
if (bpf_obj_name_cpy(tcp_ca->name, utcp_ca->name, sizeof(tcp_ca->name)) <= 0) |
0baf26b0f bpf: tcp: Support... |
209 210 211 |
return -EINVAL; if (tcp_ca_find(utcp_ca->name)) return -EEXIST; |
0baf26b0f bpf: tcp: Support... |
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 |
return 1; } if (!btf_type_resolve_func_ptr(btf_vmlinux, member->type, NULL)) return 0; /* Ensure bpf_prog is provided for compulsory func ptr */ prog_fd = (int)(*(unsigned long *)(udata + moff)); if (!prog_fd && !is_optional(moff) && !is_unsupported(moff)) return -EINVAL; return 0; } static int bpf_tcp_ca_check_member(const struct btf_type *t, const struct btf_member *member) { if (is_unsupported(btf_member_bit_offset(t, member) / 8)) return -ENOTSUPP; return 0; } static int bpf_tcp_ca_reg(void *kdata) { return tcp_register_congestion_control(kdata); } static void bpf_tcp_ca_unreg(void *kdata) { tcp_unregister_congestion_control(kdata); } /* Avoid sparse warning. It is only used in bpf_struct_ops.c. */ extern struct bpf_struct_ops bpf_tcp_congestion_ops; struct bpf_struct_ops bpf_tcp_congestion_ops = { .verifier_ops = &bpf_tcp_ca_verifier_ops, .reg = bpf_tcp_ca_reg, .unreg = bpf_tcp_ca_unreg, .check_member = bpf_tcp_ca_check_member, .init_member = bpf_tcp_ca_init_member, .init = bpf_tcp_ca_init, .name = "tcp_congestion_ops", }; |