2020-01-09 08:35:08 +08:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
/* Copyright (c) 2019 Facebook */
|
|
|
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
#include <linux/bpf_verifier.h>
|
|
|
|
#include <linux/bpf.h>
|
|
|
|
#include <linux/btf.h>
|
2021-03-25 09:52:01 +08:00
|
|
|
#include <linux/btf_ids.h>
|
2020-01-09 08:35:08 +08:00
|
|
|
#include <linux/filter.h>
|
|
|
|
#include <net/tcp.h>
|
2020-03-20 23:21:01 +08:00
|
|
|
#include <net/bpf_sk_storage.h>
|
2020-01-09 08:35:08 +08:00
|
|
|
|
bpf: tcp: Allow bpf-tcp-cc to call bpf_(get|set)sockopt
This patch allows the bpf-tcp-cc to call bpf_setsockopt. One use
case is to allow a bpf-tcp-cc switching to another cc during init().
For example, when the tcp flow is not ecn ready, the bpf_dctcp
can switch to another cc by calling setsockopt(TCP_CONGESTION).
During setsockopt(TCP_CONGESTION), the new tcp-cc's init() will be
called and this could cause a recursion but it is stopped by the
current trampoline's logic (in the prog->active counter).
While retiring a bpf-tcp-cc (e.g. in tcp_v[46]_destroy_sock()),
the tcp stack calls bpf-tcp-cc's release(). To avoid the retiring
bpf-tcp-cc making further changes to the sk, bpf_setsockopt is not
available to the bpf-tcp-cc's release(). This will avoid release()
making setsockopt() call that will potentially allocate new resources.
Although the bpf-tcp-cc already has a more powerful way to read tcp_sock
from the PTR_TO_BTF_ID, it is usually expected that bpf_getsockopt and
bpf_setsockopt are available together. Thus, bpf_getsockopt() is also
added to all tcp_congestion_ops except release().
When the old bpf-tcp-cc is calling setsockopt(TCP_CONGESTION)
to switch to a new cc, the old bpf-tcp-cc will be released by
bpf_struct_ops_put(). Thus, this patch also puts the bpf_struct_ops_map
after a rcu grace period because the trampoline's image cannot be freed
while the old bpf-tcp-cc is still running.
bpf-tcp-cc can only access icsk_ca_priv as SCALAR. All kernel's
tcp-cc is also accessing the icsk_ca_priv as SCALAR. The size
of icsk_ca_priv has already been raised a few times to avoid
extra kmalloc and memory referencing. The only exception is the
kernel's tcp_cdg.c that stores a kmalloc()-ed pointer in icsk_ca_priv.
To avoid the old bpf-tcp-cc accidentally overriding this tcp_cdg's pointer
value stored in icsk_ca_priv after switching and without over-complicating
the bpf's verifier for this one exception in tcp_cdg, this patch does not
allow switching to tcp_cdg. If there is a need, bpf_tcp_cdg can be
implemented and then use the bpf_sk_storage as the extended storage.
bpf_sk_setsockopt proto has only been recently added and used
in bpf-sockopt and bpf-iter-tcp, so impose the tcp_cdg limitation in the
same proto instead of adding a new proto specifically for bpf-tcp-cc.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20210824173007.3976921-1-kafai@fb.com
2021-08-25 01:30:07 +08:00
|
|
|
/* "extern" is to avoid sparse warning. It is only used in bpf_struct_ops.c. */
|
|
|
|
extern struct bpf_struct_ops bpf_tcp_congestion_ops;
|
|
|
|
|
2020-01-09 08:35:08 +08:00
|
|
|
static u32 optional_ops[] = {
|
|
|
|
offsetof(struct tcp_congestion_ops, init),
|
|
|
|
offsetof(struct tcp_congestion_ops, release),
|
|
|
|
offsetof(struct tcp_congestion_ops, set_state),
|
|
|
|
offsetof(struct tcp_congestion_ops, cwnd_event),
|
|
|
|
offsetof(struct tcp_congestion_ops, in_ack_event),
|
|
|
|
offsetof(struct tcp_congestion_ops, pkts_acked),
|
|
|
|
offsetof(struct tcp_congestion_ops, min_tso_segs),
|
|
|
|
offsetof(struct tcp_congestion_ops, sndbuf_expand),
|
|
|
|
offsetof(struct tcp_congestion_ops, cong_control),
|
|
|
|
};
|
|
|
|
|
|
|
|
static u32 unsupported_ops[] = {
|
|
|
|
offsetof(struct tcp_congestion_ops, get_info),
|
|
|
|
};
|
|
|
|
|
|
|
|
static const struct btf_type *tcp_sock_type;
|
|
|
|
static u32 tcp_sock_id, sock_id;
|
|
|
|
|
|
|
|
static int bpf_tcp_ca_init(struct btf *btf)
|
|
|
|
{
|
|
|
|
s32 type_id;
|
|
|
|
|
|
|
|
type_id = btf_find_by_name_kind(btf, "sock", BTF_KIND_STRUCT);
|
|
|
|
if (type_id < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
sock_id = type_id;
|
|
|
|
|
|
|
|
type_id = btf_find_by_name_kind(btf, "tcp_sock", BTF_KIND_STRUCT);
|
|
|
|
if (type_id < 0)
|
|
|
|
return -EINVAL;
|
|
|
|
tcp_sock_id = type_id;
|
|
|
|
tcp_sock_type = btf_type_by_id(btf, tcp_sock_id);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool is_optional(u32 member_offset)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(optional_ops); i++) {
|
|
|
|
if (member_offset == optional_ops[i])
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static bool is_unsupported(u32 member_offset)
|
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
for (i = 0; i < ARRAY_SIZE(unsupported_ops); i++) {
|
|
|
|
if (member_offset == unsupported_ops[i])
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
extern struct btf *btf_vmlinux;
|
|
|
|
|
|
|
|
static bool bpf_tcp_ca_is_valid_access(int off, int size,
|
|
|
|
enum bpf_access_type type,
|
|
|
|
const struct bpf_prog *prog,
|
|
|
|
struct bpf_insn_access_aux *info)
|
|
|
|
{
|
|
|
|
if (off < 0 || off >= sizeof(__u64) * MAX_BPF_FUNC_ARGS)
|
|
|
|
return false;
|
|
|
|
if (type != BPF_READ)
|
|
|
|
return false;
|
|
|
|
if (off % size != 0)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (!btf_ctx_access(off, size, type, prog, info))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (info->reg_type == PTR_TO_BTF_ID && info->btf_id == sock_id)
|
|
|
|
/* promote it to tcp_sock */
|
|
|
|
info->btf_id = tcp_sock_id;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int bpf_tcp_ca_btf_struct_access(struct bpf_verifier_log *log,
|
bpf: Remove hard-coded btf_vmlinux assumption from BPF verifier
Remove a permeating assumption thoughout BPF verifier of vmlinux BTF. Instead,
wherever BTF type IDs are involved, also track the instance of struct btf that
goes along with the type ID. This allows to gradually add support for kernel
module BTFs and using/tracking module types across BPF helper calls and
registers.
This patch also renames btf_id() function to btf_obj_id() to minimize naming
clash with using btf_id to denote BTF *type* ID, rather than BTF *object*'s ID.
Also, altough btf_vmlinux can't get destructed and thus doesn't need
refcounting, module BTFs need that, so apply BTF refcounting universally when
BPF program is using BTF-powered attachment (tp_btf, fentry/fexit, etc). This
makes for simpler clean up code.
Now that BTF type ID is not enough to uniquely identify a BTF type, extend BPF
trampoline key to include BTF object ID. To differentiate that from target
program BPF ID, set 31st bit of type ID. BTF type IDs (at least currently) are
not allowed to take full 32 bits, so there is no danger of confusing that bit
with a valid BTF type ID.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20201203204634.1325171-10-andrii@kernel.org
2020-12-04 04:46:29 +08:00
|
|
|
const struct btf *btf,
|
2020-01-09 08:35:08 +08:00
|
|
|
const struct btf_type *t, int off,
|
|
|
|
int size, enum bpf_access_type atype,
|
|
|
|
u32 *next_btf_id)
|
|
|
|
{
|
|
|
|
size_t end;
|
|
|
|
|
|
|
|
if (atype == BPF_READ)
|
bpf: Remove hard-coded btf_vmlinux assumption from BPF verifier
Remove a permeating assumption thoughout BPF verifier of vmlinux BTF. Instead,
wherever BTF type IDs are involved, also track the instance of struct btf that
goes along with the type ID. This allows to gradually add support for kernel
module BTFs and using/tracking module types across BPF helper calls and
registers.
This patch also renames btf_id() function to btf_obj_id() to minimize naming
clash with using btf_id to denote BTF *type* ID, rather than BTF *object*'s ID.
Also, altough btf_vmlinux can't get destructed and thus doesn't need
refcounting, module BTFs need that, so apply BTF refcounting universally when
BPF program is using BTF-powered attachment (tp_btf, fentry/fexit, etc). This
makes for simpler clean up code.
Now that BTF type ID is not enough to uniquely identify a BTF type, extend BPF
trampoline key to include BTF object ID. To differentiate that from target
program BPF ID, set 31st bit of type ID. BTF type IDs (at least currently) are
not allowed to take full 32 bits, so there is no danger of confusing that bit
with a valid BTF type ID.
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20201203204634.1325171-10-andrii@kernel.org
2020-12-04 04:46:29 +08:00
|
|
|
return btf_struct_access(log, btf, t, off, size, atype, next_btf_id);
|
2020-01-09 08:35:08 +08:00
|
|
|
|
|
|
|
if (t != tcp_sock_type) {
|
|
|
|
bpf_log(log, "only read is supported\n");
|
|
|
|
return -EACCES;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (off) {
|
|
|
|
case bpf_ctx_range(struct inet_connection_sock, icsk_ca_priv):
|
|
|
|
end = offsetofend(struct inet_connection_sock, icsk_ca_priv);
|
|
|
|
break;
|
|
|
|
case offsetof(struct inet_connection_sock, icsk_ack.pending):
|
|
|
|
end = offsetofend(struct inet_connection_sock,
|
|
|
|
icsk_ack.pending);
|
|
|
|
break;
|
|
|
|
case offsetof(struct tcp_sock, snd_cwnd):
|
|
|
|
end = offsetofend(struct tcp_sock, snd_cwnd);
|
|
|
|
break;
|
|
|
|
case offsetof(struct tcp_sock, snd_cwnd_cnt):
|
|
|
|
end = offsetofend(struct tcp_sock, snd_cwnd_cnt);
|
|
|
|
break;
|
|
|
|
case offsetof(struct tcp_sock, snd_ssthresh):
|
|
|
|
end = offsetofend(struct tcp_sock, snd_ssthresh);
|
|
|
|
break;
|
|
|
|
case offsetof(struct tcp_sock, ecn_flags):
|
|
|
|
end = offsetofend(struct tcp_sock, ecn_flags);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
bpf_log(log, "no write support to tcp_sock at off %d\n", off);
|
|
|
|
return -EACCES;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (off + size > end) {
|
|
|
|
bpf_log(log,
|
|
|
|
"write access at off %d with size %d beyond the member of tcp_sock ended at %zu\n",
|
|
|
|
off, size, end);
|
|
|
|
return -EACCES;
|
|
|
|
}
|
|
|
|
|
|
|
|
return NOT_INIT;
|
|
|
|
}
|
|
|
|
|
2020-01-09 08:45:51 +08:00
|
|
|
BPF_CALL_2(bpf_tcp_send_ack, struct tcp_sock *, tp, u32, rcv_nxt)
|
|
|
|
{
|
|
|
|
/* bpf_tcp_ca prog cannot have NULL tp */
|
|
|
|
__tcp_send_ack((struct sock *)tp, rcv_nxt);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static const struct bpf_func_proto bpf_tcp_send_ack_proto = {
|
|
|
|
.func = bpf_tcp_send_ack,
|
|
|
|
.gpl_only = false,
|
|
|
|
/* In case we want to report error later */
|
|
|
|
.ret_type = RET_INTEGER,
|
|
|
|
.arg1_type = ARG_PTR_TO_BTF_ID,
|
2020-09-21 20:12:20 +08:00
|
|
|
.arg1_btf_id = &tcp_sock_id,
|
2020-01-09 08:45:51 +08:00
|
|
|
.arg2_type = ARG_ANYTHING,
|
|
|
|
};
|
|
|
|
|
bpf: tcp: Allow bpf-tcp-cc to call bpf_(get|set)sockopt
This patch allows the bpf-tcp-cc to call bpf_setsockopt. One use
case is to allow a bpf-tcp-cc switching to another cc during init().
For example, when the tcp flow is not ecn ready, the bpf_dctcp
can switch to another cc by calling setsockopt(TCP_CONGESTION).
During setsockopt(TCP_CONGESTION), the new tcp-cc's init() will be
called and this could cause a recursion but it is stopped by the
current trampoline's logic (in the prog->active counter).
While retiring a bpf-tcp-cc (e.g. in tcp_v[46]_destroy_sock()),
the tcp stack calls bpf-tcp-cc's release(). To avoid the retiring
bpf-tcp-cc making further changes to the sk, bpf_setsockopt is not
available to the bpf-tcp-cc's release(). This will avoid release()
making setsockopt() call that will potentially allocate new resources.
Although the bpf-tcp-cc already has a more powerful way to read tcp_sock
from the PTR_TO_BTF_ID, it is usually expected that bpf_getsockopt and
bpf_setsockopt are available together. Thus, bpf_getsockopt() is also
added to all tcp_congestion_ops except release().
When the old bpf-tcp-cc is calling setsockopt(TCP_CONGESTION)
to switch to a new cc, the old bpf-tcp-cc will be released by
bpf_struct_ops_put(). Thus, this patch also puts the bpf_struct_ops_map
after a rcu grace period because the trampoline's image cannot be freed
while the old bpf-tcp-cc is still running.
bpf-tcp-cc can only access icsk_ca_priv as SCALAR. All kernel's
tcp-cc is also accessing the icsk_ca_priv as SCALAR. The size
of icsk_ca_priv has already been raised a few times to avoid
extra kmalloc and memory referencing. The only exception is the
kernel's tcp_cdg.c that stores a kmalloc()-ed pointer in icsk_ca_priv.
To avoid the old bpf-tcp-cc accidentally overriding this tcp_cdg's pointer
value stored in icsk_ca_priv after switching and without over-complicating
the bpf's verifier for this one exception in tcp_cdg, this patch does not
allow switching to tcp_cdg. If there is a need, bpf_tcp_cdg can be
implemented and then use the bpf_sk_storage as the extended storage.
bpf_sk_setsockopt proto has only been recently added and used
in bpf-sockopt and bpf-iter-tcp, so impose the tcp_cdg limitation in the
same proto instead of adding a new proto specifically for bpf-tcp-cc.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20210824173007.3976921-1-kafai@fb.com
2021-08-25 01:30:07 +08:00
|
|
|
static u32 prog_ops_moff(const struct bpf_prog *prog)
|
|
|
|
{
|
|
|
|
const struct btf_member *m;
|
|
|
|
const struct btf_type *t;
|
|
|
|
u32 midx;
|
|
|
|
|
|
|
|
midx = prog->expected_attach_type;
|
|
|
|
t = bpf_tcp_congestion_ops.type;
|
|
|
|
m = &btf_type_member(t)[midx];
|
|
|
|
|
|
|
|
return btf_member_bit_offset(t, m) / 8;
|
|
|
|
}
|
|
|
|
|
2020-01-09 08:35:08 +08:00
|
|
|
static const struct bpf_func_proto *
|
|
|
|
bpf_tcp_ca_get_func_proto(enum bpf_func_id func_id,
|
|
|
|
const struct bpf_prog *prog)
|
|
|
|
{
|
2020-01-09 08:45:51 +08:00
|
|
|
switch (func_id) {
|
|
|
|
case BPF_FUNC_tcp_send_ack:
|
|
|
|
return &bpf_tcp_send_ack_proto;
|
2020-03-20 23:21:01 +08:00
|
|
|
case BPF_FUNC_sk_storage_get:
|
2020-09-25 08:04:02 +08:00
|
|
|
return &bpf_sk_storage_get_proto;
|
2020-03-20 23:21:01 +08:00
|
|
|
case BPF_FUNC_sk_storage_delete:
|
2020-09-25 08:04:02 +08:00
|
|
|
return &bpf_sk_storage_delete_proto;
|
bpf: tcp: Allow bpf-tcp-cc to call bpf_(get|set)sockopt
This patch allows the bpf-tcp-cc to call bpf_setsockopt. One use
case is to allow a bpf-tcp-cc switching to another cc during init().
For example, when the tcp flow is not ecn ready, the bpf_dctcp
can switch to another cc by calling setsockopt(TCP_CONGESTION).
During setsockopt(TCP_CONGESTION), the new tcp-cc's init() will be
called and this could cause a recursion but it is stopped by the
current trampoline's logic (in the prog->active counter).
While retiring a bpf-tcp-cc (e.g. in tcp_v[46]_destroy_sock()),
the tcp stack calls bpf-tcp-cc's release(). To avoid the retiring
bpf-tcp-cc making further changes to the sk, bpf_setsockopt is not
available to the bpf-tcp-cc's release(). This will avoid release()
making setsockopt() call that will potentially allocate new resources.
Although the bpf-tcp-cc already has a more powerful way to read tcp_sock
from the PTR_TO_BTF_ID, it is usually expected that bpf_getsockopt and
bpf_setsockopt are available together. Thus, bpf_getsockopt() is also
added to all tcp_congestion_ops except release().
When the old bpf-tcp-cc is calling setsockopt(TCP_CONGESTION)
to switch to a new cc, the old bpf-tcp-cc will be released by
bpf_struct_ops_put(). Thus, this patch also puts the bpf_struct_ops_map
after a rcu grace period because the trampoline's image cannot be freed
while the old bpf-tcp-cc is still running.
bpf-tcp-cc can only access icsk_ca_priv as SCALAR. All kernel's
tcp-cc is also accessing the icsk_ca_priv as SCALAR. The size
of icsk_ca_priv has already been raised a few times to avoid
extra kmalloc and memory referencing. The only exception is the
kernel's tcp_cdg.c that stores a kmalloc()-ed pointer in icsk_ca_priv.
To avoid the old bpf-tcp-cc accidentally overriding this tcp_cdg's pointer
value stored in icsk_ca_priv after switching and without over-complicating
the bpf's verifier for this one exception in tcp_cdg, this patch does not
allow switching to tcp_cdg. If there is a need, bpf_tcp_cdg can be
implemented and then use the bpf_sk_storage as the extended storage.
bpf_sk_setsockopt proto has only been recently added and used
in bpf-sockopt and bpf-iter-tcp, so impose the tcp_cdg limitation in the
same proto instead of adding a new proto specifically for bpf-tcp-cc.
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20210824173007.3976921-1-kafai@fb.com
2021-08-25 01:30:07 +08:00
|
|
|
case BPF_FUNC_setsockopt:
|
|
|
|
/* Does not allow release() to call setsockopt.
|
|
|
|
* release() is called when the current bpf-tcp-cc
|
|
|
|
* is retiring. It is not allowed to call
|
|
|
|
* setsockopt() to make further changes which
|
|
|
|
* may potentially allocate new resources.
|
|
|
|
*/
|
|
|
|
if (prog_ops_moff(prog) !=
|
|
|
|
offsetof(struct tcp_congestion_ops, release))
|
|
|
|
return &bpf_sk_setsockopt_proto;
|
|
|
|
return NULL;
|
|
|
|
case BPF_FUNC_getsockopt:
|
|
|
|
/* Since get/setsockopt is usually expected to
|
|
|
|
* be available together, disable getsockopt for
|
|
|
|
* release also to avoid usage surprise.
|
|
|
|
* The bpf-tcp-cc already has a more powerful way
|
|
|
|
* to read tcp_sock from the PTR_TO_BTF_ID.
|
|
|
|
*/
|
|
|
|
if (prog_ops_moff(prog) !=
|
|
|
|
offsetof(struct tcp_congestion_ops, release))
|
|
|
|
return &bpf_sk_getsockopt_proto;
|
|
|
|
return NULL;
|
2020-01-09 08:45:51 +08:00
|
|
|
default:
|
|
|
|
return bpf_base_func_proto(func_id);
|
|
|
|
}
|
2020-01-09 08:35:08 +08:00
|
|
|
}
|
|
|
|
|
2021-03-25 09:52:01 +08:00
|
|
|
BTF_SET_START(bpf_tcp_ca_kfunc_ids)
|
|
|
|
BTF_ID(func, tcp_reno_ssthresh)
|
|
|
|
BTF_ID(func, tcp_reno_cong_avoid)
|
|
|
|
BTF_ID(func, tcp_reno_undo_cwnd)
|
|
|
|
BTF_ID(func, tcp_slow_start)
|
|
|
|
BTF_ID(func, tcp_cong_avoid_ai)
|
|
|
|
BTF_SET_END(bpf_tcp_ca_kfunc_ids)
|
|
|
|
|
bpf: Introduce BPF support for kernel module function calls
This change adds support on the kernel side to allow for BPF programs to
call kernel module functions. Userspace will prepare an array of module
BTF fds that is passed in during BPF_PROG_LOAD using fd_array parameter.
In the kernel, the module BTFs are placed in the auxilliary struct for
bpf_prog, and loaded as needed.
The verifier then uses insn->off to index into the fd_array. insn->off
0 is reserved for vmlinux BTF (for backwards compat), so userspace must
use an fd_array index > 0 for module kfunc support. kfunc_btf_tab is
sorted based on offset in an array, and each offset corresponds to one
descriptor, with a max limit up to 256 such module BTFs.
We also change existing kfunc_tab to distinguish each element based on
imm, off pair as each such call will now be distinct.
Another change is to check_kfunc_call callback, which now include a
struct module * pointer, this is to be used in later patch such that the
kfunc_id and module pointer are matched for dynamically registered BTF
sets from loadable modules, so that same kfunc_id in two modules doesn't
lead to check_kfunc_call succeeding. For the duration of the
check_kfunc_call, the reference to struct module exists, as it returns
the pointer stored in kfunc_btf_tab.
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20211002011757.311265-2-memxor@gmail.com
2021-10-02 09:17:49 +08:00
|
|
|
static bool bpf_tcp_ca_check_kfunc_call(u32 kfunc_btf_id, struct module *owner)
|
2021-03-25 09:52:01 +08:00
|
|
|
{
|
2021-10-02 09:17:53 +08:00
|
|
|
if (btf_id_set_contains(&bpf_tcp_ca_kfunc_ids, kfunc_btf_id))
|
|
|
|
return true;
|
|
|
|
return bpf_check_mod_kfunc_call(&bpf_tcp_ca_kfunc_list, kfunc_btf_id, owner);
|
2021-03-25 09:52:01 +08:00
|
|
|
}
|
|
|
|
|
2020-01-09 08:35:08 +08:00
|
|
|
static const struct bpf_verifier_ops bpf_tcp_ca_verifier_ops = {
|
|
|
|
.get_func_proto = bpf_tcp_ca_get_func_proto,
|
|
|
|
.is_valid_access = bpf_tcp_ca_is_valid_access,
|
|
|
|
.btf_struct_access = bpf_tcp_ca_btf_struct_access,
|
2021-03-25 09:52:01 +08:00
|
|
|
.check_kfunc_call = bpf_tcp_ca_check_kfunc_call,
|
2020-01-09 08:35:08 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static int bpf_tcp_ca_init_member(const struct btf_type *t,
|
|
|
|
const struct btf_member *member,
|
|
|
|
void *kdata, const void *udata)
|
|
|
|
{
|
|
|
|
const struct tcp_congestion_ops *utcp_ca;
|
|
|
|
struct tcp_congestion_ops *tcp_ca;
|
|
|
|
int prog_fd;
|
|
|
|
u32 moff;
|
|
|
|
|
|
|
|
utcp_ca = (const struct tcp_congestion_ops *)udata;
|
|
|
|
tcp_ca = (struct tcp_congestion_ops *)kdata;
|
|
|
|
|
|
|
|
moff = btf_member_bit_offset(t, member) / 8;
|
|
|
|
switch (moff) {
|
|
|
|
case offsetof(struct tcp_congestion_ops, flags):
|
|
|
|
if (utcp_ca->flags & ~TCP_CONG_MASK)
|
|
|
|
return -EINVAL;
|
|
|
|
tcp_ca->flags = utcp_ca->flags;
|
|
|
|
return 1;
|
|
|
|
case offsetof(struct tcp_congestion_ops, name):
|
2020-03-14 09:02:09 +08:00
|
|
|
if (bpf_obj_name_cpy(tcp_ca->name, utcp_ca->name,
|
|
|
|
sizeof(tcp_ca->name)) <= 0)
|
2020-01-09 08:35:08 +08:00
|
|
|
return -EINVAL;
|
|
|
|
if (tcp_ca_find(utcp_ca->name))
|
|
|
|
return -EEXIST;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!btf_type_resolve_func_ptr(btf_vmlinux, member->type, NULL))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
/* Ensure bpf_prog is provided for compulsory func ptr */
|
|
|
|
prog_fd = (int)(*(unsigned long *)(udata + moff));
|
|
|
|
if (!prog_fd && !is_optional(moff) && !is_unsupported(moff))
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int bpf_tcp_ca_check_member(const struct btf_type *t,
|
|
|
|
const struct btf_member *member)
|
|
|
|
{
|
|
|
|
if (is_unsupported(btf_member_bit_offset(t, member) / 8))
|
|
|
|
return -ENOTSUPP;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int bpf_tcp_ca_reg(void *kdata)
|
|
|
|
{
|
|
|
|
return tcp_register_congestion_control(kdata);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void bpf_tcp_ca_unreg(void *kdata)
|
|
|
|
{
|
|
|
|
tcp_unregister_congestion_control(kdata);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct bpf_struct_ops bpf_tcp_congestion_ops = {
|
|
|
|
.verifier_ops = &bpf_tcp_ca_verifier_ops,
|
|
|
|
.reg = bpf_tcp_ca_reg,
|
|
|
|
.unreg = bpf_tcp_ca_unreg,
|
|
|
|
.check_member = bpf_tcp_ca_check_member,
|
|
|
|
.init_member = bpf_tcp_ca_init_member,
|
|
|
|
.init = bpf_tcp_ca_init,
|
|
|
|
.name = "tcp_congestion_ops",
|
|
|
|
};
|