search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
[drm/drm-misc.git] / net / core / skmsg.c
blobb1dcbd3be89e10a2c23072177b816a30f897de22
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2017 - 2018 Covalent IO, Inc. http://covalent.io */
3
4 #include <linux/skmsg.h>
5 #include <linux/skbuff.h>
6 #include <linux/scatterlist.h>
7
8 #include <net/sock.h>
9 #include <net/tcp.h>
10 #include <net/tls.h>
11 #include <trace/events/sock.h>
12
13 static bool sk_msg_try_coalesce_ok(struct sk_msg *msg, int elem_first_coalesce)
14 {
15 if (msg->sg.end > msg->sg.start &&
16 elem_first_coalesce < msg->sg.end)
17 return true;
18
19 if (msg->sg.end < msg->sg.start &&
20 (elem_first_coalesce > msg->sg.start ||
21 elem_first_coalesce < msg->sg.end))
22 return true;
23
24 return false;
25 }
26
27 int sk_msg_alloc(struct sock *sk, struct sk_msg *msg, int len,
28 int elem_first_coalesce)
29 {
30 struct page_frag *pfrag = sk_page_frag(sk);
31 u32 osize = msg->sg.size;
32 int ret = 0;
33
34 len -= msg->sg.size;
35 while (len > 0) {
36 struct scatterlist *sge;
37 u32 orig_offset;
38 int use, i;
39
40 if (!sk_page_frag_refill(sk, pfrag)) {
41 ret = -ENOMEM;
42 goto msg_trim;
43 }
44
45 orig_offset = pfrag->offset;
46 use = min_t(int, len, pfrag->size - orig_offset);
47 if (!sk_wmem_schedule(sk, use)) {
48 ret = -ENOMEM;
49 goto msg_trim;
50 }
51
52 i = msg->sg.end;
53 sk_msg_iter_var_prev(i);
54 sge = &msg->sg.data[i];
55
56 if (sk_msg_try_coalesce_ok(msg, elem_first_coalesce) &&
57 sg_page(sge) == pfrag->page &&
58 sge->offset + sge->length == orig_offset) {
59 sge->length += use;
60 } else {
61 if (sk_msg_full(msg)) {
62 ret = -ENOSPC;
63 break;
64 }
65
66 sge = &msg->sg.data[msg->sg.end];
67 sg_unmark_end(sge);
68 sg_set_page(sge, pfrag->page, use, orig_offset);
69 get_page(pfrag->page);
70 sk_msg_iter_next(msg, end);
71 }
72
73 sk_mem_charge(sk, use);
74 msg->sg.size += use;
75 pfrag->offset += use;
76 len -= use;
77 }
78
79 return ret;
80
81 msg_trim:
82 sk_msg_trim(sk, msg, osize);
83 return ret;
84 }
85 EXPORT_SYMBOL_GPL(sk_msg_alloc);
86
87 int sk_msg_clone(struct sock *sk, struct sk_msg *dst, struct sk_msg *src,
88 u32 off, u32 len)
89 {
90 int i = src->sg.start;
91 struct scatterlist *sge = sk_msg_elem(src, i);
92 struct scatterlist *sgd = NULL;
93 u32 sge_len, sge_off;
94
95 while (off) {
96 if (sge->length > off)
97 break;
98 off -= sge->length;
99 sk_msg_iter_var_next(i);
100 if (i == src->sg.end && off)
101 return -ENOSPC;
102 sge = sk_msg_elem(src, i);
103 }
104
105 while (len) {
106 sge_len = sge->length - off;
107 if (sge_len > len)
108 sge_len = len;
109
110 if (dst->sg.end)
111 sgd = sk_msg_elem(dst, dst->sg.end - 1);
112
113 if (sgd &&
114 (sg_page(sge) == sg_page(sgd)) &&
115 (sg_virt(sge) + off == sg_virt(sgd) + sgd->length)) {
116 sgd->length += sge_len;
117 dst->sg.size += sge_len;
118 } else if (!sk_msg_full(dst)) {
119 sge_off = sge->offset + off;
120 sk_msg_page_add(dst, sg_page(sge), sge_len, sge_off);
121 } else {
122 return -ENOSPC;
123 }
124
125 off = 0;
126 len -= sge_len;
127 sk_mem_charge(sk, sge_len);
128 sk_msg_iter_var_next(i);
129 if (i == src->sg.end && len)
130 return -ENOSPC;
131 sge = sk_msg_elem(src, i);
132 }
133
134 return 0;
135 }
136 EXPORT_SYMBOL_GPL(sk_msg_clone);
137
138 void sk_msg_return_zero(struct sock *sk, struct sk_msg *msg, int bytes)
139 {
140 int i = msg->sg.start;
141
142 do {
143 struct scatterlist *sge = sk_msg_elem(msg, i);
144
145 if (bytes < sge->length) {
146 sge->length -= bytes;
147 sge->offset += bytes;
148 sk_mem_uncharge(sk, bytes);
149 break;
150 }
151
152 sk_mem_uncharge(sk, sge->length);
153 bytes -= sge->length;
154 sge->length = 0;
155 sge->offset = 0;
156 sk_msg_iter_var_next(i);
157 } while (bytes && i != msg->sg.end);
158 msg->sg.start = i;
159 }
160 EXPORT_SYMBOL_GPL(sk_msg_return_zero);
161
162 void sk_msg_return(struct sock *sk, struct sk_msg *msg, int bytes)
163 {
164 int i = msg->sg.start;
165
166 do {
167 struct scatterlist *sge = &msg->sg.data[i];
168 int uncharge = (bytes < sge->length) ? bytes : sge->length;
169
170 sk_mem_uncharge(sk, uncharge);
171 bytes -= uncharge;
172 sk_msg_iter_var_next(i);
173 } while (i != msg->sg.end);
174 }
175 EXPORT_SYMBOL_GPL(sk_msg_return);
176
177 static int sk_msg_free_elem(struct sock *sk, struct sk_msg *msg, u32 i,
178 bool charge)
179 {
180 struct scatterlist *sge = sk_msg_elem(msg, i);
181 u32 len = sge->length;
182
183 /* When the skb owns the memory we free it from consume_skb path. */
184 if (!msg->skb) {
185 if (charge)
186 sk_mem_uncharge(sk, len);
187 put_page(sg_page(sge));
188 }
189 memset(sge, 0, sizeof(*sge));
190 return len;
191 }
192
193 static int __sk_msg_free(struct sock *sk, struct sk_msg *msg, u32 i,
194 bool charge)
195 {
196 struct scatterlist *sge = sk_msg_elem(msg, i);
197 int freed = 0;
198
199 while (msg->sg.size) {
200 msg->sg.size -= sge->length;
201 freed += sk_msg_free_elem(sk, msg, i, charge);
202 sk_msg_iter_var_next(i);
203 sk_msg_check_to_free(msg, i, msg->sg.size);
204 sge = sk_msg_elem(msg, i);
205 }
206 consume_skb(msg->skb);
207 sk_msg_init(msg);
208 return freed;
209 }
210
211 int sk_msg_free_nocharge(struct sock *sk, struct sk_msg *msg)
212 {
213 return __sk_msg_free(sk, msg, msg->sg.start, false);
214 }
215 EXPORT_SYMBOL_GPL(sk_msg_free_nocharge);
216
217 int sk_msg_free(struct sock *sk, struct sk_msg *msg)
218 {
219 return __sk_msg_free(sk, msg, msg->sg.start, true);
220 }
221 EXPORT_SYMBOL_GPL(sk_msg_free);
222
223 static void __sk_msg_free_partial(struct sock *sk, struct sk_msg *msg,
224 u32 bytes, bool charge)
225 {
226 struct scatterlist *sge;
227 u32 i = msg->sg.start;
228
229 while (bytes) {
230 sge = sk_msg_elem(msg, i);
231 if (!sge->length)
232 break;
233 if (bytes < sge->length) {
234 if (charge)
235 sk_mem_uncharge(sk, bytes);
236 sge->length -= bytes;
237 sge->offset += bytes;
238 msg->sg.size -= bytes;
239 break;
240 }
241
242 msg->sg.size -= sge->length;
243 bytes -= sge->length;
244 sk_msg_free_elem(sk, msg, i, charge);
245 sk_msg_iter_var_next(i);
246 sk_msg_check_to_free(msg, i, bytes);
247 }
248 msg->sg.start = i;
249 }
250
251 void sk_msg_free_partial(struct sock *sk, struct sk_msg *msg, u32 bytes)
252 {
253 __sk_msg_free_partial(sk, msg, bytes, true);
254 }
255 EXPORT_SYMBOL_GPL(sk_msg_free_partial);
256
257 void sk_msg_free_partial_nocharge(struct sock *sk, struct sk_msg *msg,
258 u32 bytes)
259 {
260 __sk_msg_free_partial(sk, msg, bytes, false);
261 }
262
263 void sk_msg_trim(struct sock *sk, struct sk_msg *msg, int len)
264 {
265 int trim = msg->sg.size - len;
266 u32 i = msg->sg.end;
267
268 if (trim <= 0) {
269 WARN_ON(trim < 0);
270 return;
271 }
272
273 sk_msg_iter_var_prev(i);
274 msg->sg.size = len;
275 while (msg->sg.data[i].length &&
276 trim >= msg->sg.data[i].length) {
277 trim -= msg->sg.data[i].length;
278 sk_msg_free_elem(sk, msg, i, true);
279 sk_msg_iter_var_prev(i);
280 if (!trim)
281 goto out;
282 }
283
284 msg->sg.data[i].length -= trim;
285 sk_mem_uncharge(sk, trim);
286 /* Adjust copybreak if it falls into the trimmed part of last buf */
287 if (msg->sg.curr == i && msg->sg.copybreak > msg->sg.data[i].length)
288 msg->sg.copybreak = msg->sg.data[i].length;
289 out:
290 sk_msg_iter_var_next(i);
291 msg->sg.end = i;
292
293 /* If we trim data a full sg elem before curr pointer update
294 * copybreak and current so that any future copy operations
295 * start at new copy location.
296 * However trimmed data that has not yet been used in a copy op
297 * does not require an update.
298 */
299 if (!msg->sg.size) {
300 msg->sg.curr = msg->sg.start;
301 msg->sg.copybreak = 0;
302 } else if (sk_msg_iter_dist(msg->sg.start, msg->sg.curr) >=
303 sk_msg_iter_dist(msg->sg.start, msg->sg.end)) {
304 sk_msg_iter_var_prev(i);
305 msg->sg.curr = i;
306 msg->sg.copybreak = msg->sg.data[i].length;
307 }
308 }
309 EXPORT_SYMBOL_GPL(sk_msg_trim);
310
311 int sk_msg_zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
312 struct sk_msg *msg, u32 bytes)
313 {
314 int i, maxpages, ret = 0, num_elems = sk_msg_elem_used(msg);
315 const int to_max_pages = MAX_MSG_FRAGS;
316 struct page *pages[MAX_MSG_FRAGS];
317 ssize_t orig, copied, use, offset;
318
319 orig = msg->sg.size;
320 while (bytes > 0) {
321 i = 0;
322 maxpages = to_max_pages - num_elems;
323 if (maxpages == 0) {
324 ret = -EFAULT;
325 goto out;
326 }
327
328 copied = iov_iter_get_pages2(from, pages, bytes, maxpages,
329 &offset);
330 if (copied <= 0) {
331 ret = -EFAULT;
332 goto out;
333 }
334
335 bytes -= copied;
336 msg->sg.size += copied;
337
338 while (copied) {
339 use = min_t(int, copied, PAGE_SIZE - offset);
340 sg_set_page(&msg->sg.data[msg->sg.end],
341 pages[i], use, offset);
342 sg_unmark_end(&msg->sg.data[msg->sg.end]);
343 sk_mem_charge(sk, use);
344
345 offset = 0;
346 copied -= use;
347 sk_msg_iter_next(msg, end);
348 num_elems++;
349 i++;
350 }
351 /* When zerocopy is mixed with sk_msg_*copy* operations we
352 * may have a copybreak set in this case clear and prefer
353 * zerocopy remainder when possible.
354 */
355 msg->sg.copybreak = 0;
356 msg->sg.curr = msg->sg.end;
357 }
358 out:
359 /* Revert iov_iter updates, msg will need to use 'trim' later if it
360 * also needs to be cleared.
361 */
362 if (ret)
363 iov_iter_revert(from, msg->sg.size - orig);
364 return ret;
365 }
366 EXPORT_SYMBOL_GPL(sk_msg_zerocopy_from_iter);
367
368 int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from,
369 struct sk_msg *msg, u32 bytes)
370 {
371 int ret = -ENOSPC, i = msg->sg.curr;
372 struct scatterlist *sge;
373 u32 copy, buf_size;
374 void *to;
375
376 do {
377 sge = sk_msg_elem(msg, i);
378 /* This is possible if a trim operation shrunk the buffer */
379 if (msg->sg.copybreak >= sge->length) {
380 msg->sg.copybreak = 0;
381 sk_msg_iter_var_next(i);
382 if (i == msg->sg.end)
383 break;
384 sge = sk_msg_elem(msg, i);
385 }
386
387 buf_size = sge->length - msg->sg.copybreak;
388 copy = (buf_size > bytes) ? bytes : buf_size;
389 to = sg_virt(sge) + msg->sg.copybreak;
390 msg->sg.copybreak += copy;
391 if (sk->sk_route_caps & NETIF_F_NOCACHE_COPY)
392 ret = copy_from_iter_nocache(to, copy, from);
393 else
394 ret = copy_from_iter(to, copy, from);
395 if (ret != copy) {
396 ret = -EFAULT;
397 goto out;
398 }
399 bytes -= copy;
400 if (!bytes)
401 break;
402 msg->sg.copybreak = 0;
403 sk_msg_iter_var_next(i);
404 } while (i != msg->sg.end);
405 out:
406 msg->sg.curr = i;
407 return ret;
408 }
409 EXPORT_SYMBOL_GPL(sk_msg_memcopy_from_iter);
410
411 /* Receive sk_msg from psock->ingress_msg to @msg. */
412 int sk_msg_recvmsg(struct sock *sk, struct sk_psock *psock, struct msghdr *msg,
413 int len, int flags)
414 {
415 struct iov_iter *iter = &msg->msg_iter;
416 int peek = flags & MSG_PEEK;
417 struct sk_msg *msg_rx;
418 int i, copied = 0;
419
420 msg_rx = sk_psock_peek_msg(psock);
421 while (copied != len) {
422 struct scatterlist *sge;
423
424 if (unlikely(!msg_rx))
425 break;
426
427 i = msg_rx->sg.start;
428 do {
429 struct page *page;
430 int copy;
431
432 sge = sk_msg_elem(msg_rx, i);
433 copy = sge->length;
434 page = sg_page(sge);
435 if (copied + copy > len)
436 copy = len - copied;
437 if (copy)
438 copy = copy_page_to_iter(page, sge->offset, copy, iter);
439 if (!copy) {
440 copied = copied ? copied : -EFAULT;
441 goto out;
442 }
443
444 copied += copy;
445 if (likely(!peek)) {
446 sge->offset += copy;
447 sge->length -= copy;
448 if (!msg_rx->skb)
449 sk_mem_uncharge(sk, copy);
450 msg_rx->sg.size -= copy;
451
452 if (!sge->length) {
453 sk_msg_iter_var_next(i);
454 if (!msg_rx->skb)
455 put_page(page);
456 }
457 } else {
458 /* Lets not optimize peek case if copy_page_to_iter
459 * didn't copy the entire length lets just break.
460 */
461 if (copy != sge->length)
462 goto out;
463 sk_msg_iter_var_next(i);
464 }
465
466 if (copied == len)
467 break;
468 } while ((i != msg_rx->sg.end) && !sg_is_last(sge));
469
470 if (unlikely(peek)) {
471 msg_rx = sk_psock_next_msg(psock, msg_rx);
472 if (!msg_rx)
473 break;
474 continue;
475 }
476
477 msg_rx->sg.start = i;
478 if (!sge->length && (i == msg_rx->sg.end || sg_is_last(sge))) {
479 msg_rx = sk_psock_dequeue_msg(psock);
480 kfree_sk_msg(msg_rx);
481 }
482 msg_rx = sk_psock_peek_msg(psock);
483 }
484 out:
485 return copied;
486 }
487 EXPORT_SYMBOL_GPL(sk_msg_recvmsg);
488
489 bool sk_msg_is_readable(struct sock *sk)
490 {
491 struct sk_psock *psock;
492 bool empty = true;
493
494 rcu_read_lock();
495 psock = sk_psock(sk);
496 if (likely(psock))
497 empty = list_empty(&psock->ingress_msg);
498 rcu_read_unlock();
499 return !empty;
500 }
501 EXPORT_SYMBOL_GPL(sk_msg_is_readable);
502
503 static struct sk_msg *alloc_sk_msg(gfp_t gfp)
504 {
505 struct sk_msg *msg;
506
507 msg = kzalloc(sizeof(*msg), gfp | __GFP_NOWARN);
508 if (unlikely(!msg))
509 return NULL;
510 sg_init_marker(msg->sg.data, NR_MSG_FRAG_IDS);
511 return msg;
512 }
513
514 static struct sk_msg *sk_psock_create_ingress_msg(struct sock *sk,
515 struct sk_buff *skb)
516 {
517 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
518 return NULL;
519
520 if (!sk_rmem_schedule(sk, skb, skb->truesize))
521 return NULL;
522
523 return alloc_sk_msg(GFP_KERNEL);
524 }
525
526 static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb,
527 u32 off, u32 len,
528 struct sk_psock *psock,
529 struct sock *sk,
530 struct sk_msg *msg)
531 {
532 int num_sge, copied;
533
534 num_sge = skb_to_sgvec(skb, msg->sg.data, off, len);
535 if (num_sge < 0) {
536 /* skb linearize may fail with ENOMEM, but lets simply try again
537 * later if this happens. Under memory pressure we don't want to
538 * drop the skb. We need to linearize the skb so that the mapping
539 * in skb_to_sgvec can not error.
540 */
541 if (skb_linearize(skb))
542 return -EAGAIN;
543
544 num_sge = skb_to_sgvec(skb, msg->sg.data, off, len);
545 if (unlikely(num_sge < 0))
546 return num_sge;
547 }
548
549 copied = len;
550 msg->sg.start = 0;
551 msg->sg.size = copied;
552 msg->sg.end = num_sge;
553 msg->skb = skb;
554
555 sk_psock_queue_msg(psock, msg);
556 sk_psock_data_ready(sk, psock);
557 return copied;
558 }
559
560 static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb,
561 u32 off, u32 len);
562
563 static int sk_psock_skb_ingress(struct sk_psock *psock, struct sk_buff *skb,
564 u32 off, u32 len)
565 {
566 struct sock *sk = psock->sk;
567 struct sk_msg *msg;
568 int err;
569
570 /* If we are receiving on the same sock skb->sk is already assigned,
571 * skip memory accounting and owner transition seeing it already set
572 * correctly.
573 */
574 if (unlikely(skb->sk == sk))
575 return sk_psock_skb_ingress_self(psock, skb, off, len);
576 msg = sk_psock_create_ingress_msg(sk, skb);
577 if (!msg)
578 return -EAGAIN;
579
580 /* This will transition ownership of the data from the socket where
581 * the BPF program was run initiating the redirect to the socket
582 * we will eventually receive this data on. The data will be released
583 * from skb_consume found in __tcp_bpf_recvmsg() after its been copied
584 * into user buffers.
585 */
586 skb_set_owner_r(skb, sk);
587 err = sk_psock_skb_ingress_enqueue(skb, off, len, psock, sk, msg);
588 if (err < 0)
589 kfree(msg);
590 return err;
591 }
592
593 /* Puts an skb on the ingress queue of the socket already assigned to the
594 * skb. In this case we do not need to check memory limits or skb_set_owner_r
595 * because the skb is already accounted for here.
596 */
597 static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb,
598 u32 off, u32 len)
599 {
600 struct sk_msg *msg = alloc_sk_msg(GFP_ATOMIC);
601 struct sock *sk = psock->sk;
602 int err;
603
604 if (unlikely(!msg))
605 return -EAGAIN;
606 skb_set_owner_r(skb, sk);
607 err = sk_psock_skb_ingress_enqueue(skb, off, len, psock, sk, msg);
608 if (err < 0)
609 kfree(msg);
610 return err;
611 }
612
613 static int sk_psock_handle_skb(struct sk_psock *psock, struct sk_buff *skb,
614 u32 off, u32 len, bool ingress)
615 {
616 int err = 0;
617
618 if (!ingress) {
619 if (!sock_writeable(psock->sk))
620 return -EAGAIN;
621 return skb_send_sock(psock->sk, skb, off, len);
622 }
623 skb_get(skb);
624 err = sk_psock_skb_ingress(psock, skb, off, len);
625 if (err < 0)
626 kfree_skb(skb);
627 return err;
628 }
629
630 static void sk_psock_skb_state(struct sk_psock *psock,
631 struct sk_psock_work_state *state,
632 int len, int off)
633 {
634 spin_lock_bh(&psock->ingress_lock);
635 if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) {
636 state->len = len;
637 state->off = off;
638 }
639 spin_unlock_bh(&psock->ingress_lock);
640 }
641
642 static void sk_psock_backlog(struct work_struct *work)
643 {
644 struct delayed_work *dwork = to_delayed_work(work);
645 struct sk_psock *psock = container_of(dwork, struct sk_psock, work);
646 struct sk_psock_work_state *state = &psock->work_state;
647 struct sk_buff *skb = NULL;
648 u32 len = 0, off = 0;
649 bool ingress;
650 int ret;
651
652 mutex_lock(&psock->work_mutex);
653 if (unlikely(state->len)) {
654 len = state->len;
655 off = state->off;
656 }
657
658 while ((skb = skb_peek(&psock->ingress_skb))) {
659 len = skb->len;
660 off = 0;
661 if (skb_bpf_strparser(skb)) {
662 struct strp_msg *stm = strp_msg(skb);
663
664 off = stm->offset;
665 len = stm->full_len;
666 }
667 ingress = skb_bpf_ingress(skb);
668 skb_bpf_redirect_clear(skb);
669 do {
670 ret = -EIO;
671 if (!sock_flag(psock->sk, SOCK_DEAD))
672 ret = sk_psock_handle_skb(psock, skb, off,
673 len, ingress);
674 if (ret <= 0) {
675 if (ret == -EAGAIN) {
676 sk_psock_skb_state(psock, state, len, off);
677
678 /* Delay slightly to prioritize any
679 * other work that might be here.
680 */
681 if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED))
682 schedule_delayed_work(&psock->work, 1);
683 goto end;
684 }
685 /* Hard errors break pipe and stop xmit. */
686 sk_psock_report_error(psock, ret ? -ret : EPIPE);
687 sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);
688 goto end;
689 }
690 off += ret;
691 len -= ret;
692 } while (len);
693
694 skb = skb_dequeue(&psock->ingress_skb);
695 kfree_skb(skb);
696 }
697 end:
698 mutex_unlock(&psock->work_mutex);
699 }
700
701 struct sk_psock *sk_psock_init(struct sock *sk, int node)
702 {
703 struct sk_psock *psock;
704 struct proto *prot;
705
706 write_lock_bh(&sk->sk_callback_lock);
707
708 if (sk_is_inet(sk) && inet_csk_has_ulp(sk)) {
709 psock = ERR_PTR(-EINVAL);
710 goto out;
711 }
712
713 if (sk->sk_user_data) {
714 psock = ERR_PTR(-EBUSY);
715 goto out;
716 }
717
718 psock = kzalloc_node(sizeof(*psock), GFP_ATOMIC | __GFP_NOWARN, node);
719 if (!psock) {
720 psock = ERR_PTR(-ENOMEM);
721 goto out;
722 }
723
724 prot = READ_ONCE(sk->sk_prot);
725 psock->sk = sk;
726 psock->eval = __SK_NONE;
727 psock->sk_proto = prot;
728 psock->saved_unhash = prot->unhash;
729 psock->saved_destroy = prot->destroy;
730 psock->saved_close = prot->close;
731 psock->saved_write_space = sk->sk_write_space;
732
733 INIT_LIST_HEAD(&psock->link);
734 spin_lock_init(&psock->link_lock);
735
736 INIT_DELAYED_WORK(&psock->work, sk_psock_backlog);
737 mutex_init(&psock->work_mutex);
738 INIT_LIST_HEAD(&psock->ingress_msg);
739 spin_lock_init(&psock->ingress_lock);
740 skb_queue_head_init(&psock->ingress_skb);
741
742 sk_psock_set_state(psock, SK_PSOCK_TX_ENABLED);
743 refcount_set(&psock->refcnt, 1);
744
745 __rcu_assign_sk_user_data_with_flags(sk, psock,
746 SK_USER_DATA_NOCOPY |
747 SK_USER_DATA_PSOCK);
748 sock_hold(sk);
749
750 out:
751 write_unlock_bh(&sk->sk_callback_lock);
752 return psock;
753 }
754 EXPORT_SYMBOL_GPL(sk_psock_init);
755
756 struct sk_psock_link *sk_psock_link_pop(struct sk_psock *psock)
757 {
758 struct sk_psock_link *link;
759
760 spin_lock_bh(&psock->link_lock);
761 link = list_first_entry_or_null(&psock->link, struct sk_psock_link,
762 list);
763 if (link)
764 list_del(&link->list);
765 spin_unlock_bh(&psock->link_lock);
766 return link;
767 }
768
769 static void __sk_psock_purge_ingress_msg(struct sk_psock *psock)
770 {
771 struct sk_msg *msg, *tmp;
772
773 list_for_each_entry_safe(msg, tmp, &psock->ingress_msg, list) {
774 list_del(&msg->list);
775 sk_msg_free(psock->sk, msg);
776 kfree(msg);
777 }
778 }
779
780 static void __sk_psock_zap_ingress(struct sk_psock *psock)
781 {
782 struct sk_buff *skb;
783
784 while ((skb = skb_dequeue(&psock->ingress_skb)) != NULL) {
785 skb_bpf_redirect_clear(skb);
786 sock_drop(psock->sk, skb);
787 }
788 __sk_psock_purge_ingress_msg(psock);
789 }
790
791 static void sk_psock_link_destroy(struct sk_psock *psock)
792 {
793 struct sk_psock_link *link, *tmp;
794
795 list_for_each_entry_safe(link, tmp, &psock->link, list) {
796 list_del(&link->list);
797 sk_psock_free_link(link);
798 }
799 }
800
801 void sk_psock_stop(struct sk_psock *psock)
802 {
803 spin_lock_bh(&psock->ingress_lock);
804 sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);
805 sk_psock_cork_free(psock);
806 spin_unlock_bh(&psock->ingress_lock);
807 }
808
809 static void sk_psock_done_strp(struct sk_psock *psock);
810
811 static void sk_psock_destroy(struct work_struct *work)
812 {
813 struct sk_psock *psock = container_of(to_rcu_work(work),
814 struct sk_psock, rwork);
815 /* No sk_callback_lock since already detached. */
816
817 sk_psock_done_strp(psock);
818
819 cancel_delayed_work_sync(&psock->work);
820 __sk_psock_zap_ingress(psock);
821 mutex_destroy(&psock->work_mutex);
822
823 psock_progs_drop(&psock->progs);
824
825 sk_psock_link_destroy(psock);
826 sk_psock_cork_free(psock);
827
828 if (psock->sk_redir)
829 sock_put(psock->sk_redir);
830 if (psock->sk_pair)
831 sock_put(psock->sk_pair);
832 sock_put(psock->sk);
833 kfree(psock);
834 }
835
836 void sk_psock_drop(struct sock *sk, struct sk_psock *psock)
837 {
838 write_lock_bh(&sk->sk_callback_lock);
839 sk_psock_restore_proto(sk, psock);
840 rcu_assign_sk_user_data(sk, NULL);
841 if (psock->progs.stream_parser)
842 sk_psock_stop_strp(sk, psock);
843 else if (psock->progs.stream_verdict || psock->progs.skb_verdict)
844 sk_psock_stop_verdict(sk, psock);
845 write_unlock_bh(&sk->sk_callback_lock);
846
847 sk_psock_stop(psock);
848
849 INIT_RCU_WORK(&psock->rwork, sk_psock_destroy);
850 queue_rcu_work(system_wq, &psock->rwork);
851 }
852 EXPORT_SYMBOL_GPL(sk_psock_drop);
853
854 static int sk_psock_map_verd(int verdict, bool redir)
855 {
856 switch (verdict) {
857 case SK_PASS:
858 return redir ? __SK_REDIRECT : __SK_PASS;
859 case SK_DROP:
860 default:
861 break;
862 }
863
864 return __SK_DROP;
865 }
866
867 int sk_psock_msg_verdict(struct sock *sk, struct sk_psock *psock,
868 struct sk_msg *msg)
869 {
870 struct bpf_prog *prog;
871 int ret;
872
873 rcu_read_lock();
874 prog = READ_ONCE(psock->progs.msg_parser);
875 if (unlikely(!prog)) {
876 ret = __SK_PASS;
877 goto out;
878 }
879
880 sk_msg_compute_data_pointers(msg);
881 msg->sk = sk;
882 ret = bpf_prog_run_pin_on_cpu(prog, msg);
883 ret = sk_psock_map_verd(ret, msg->sk_redir);
884 psock->apply_bytes = msg->apply_bytes;
885 if (ret == __SK_REDIRECT) {
886 if (psock->sk_redir) {
887 sock_put(psock->sk_redir);
888 psock->sk_redir = NULL;
889 }
890 if (!msg->sk_redir) {
891 ret = __SK_DROP;
892 goto out;
893 }
894 psock->redir_ingress = sk_msg_to_ingress(msg);
895 psock->sk_redir = msg->sk_redir;
896 sock_hold(psock->sk_redir);
897 }
898 out:
899 rcu_read_unlock();
900 return ret;
901 }
902 EXPORT_SYMBOL_GPL(sk_psock_msg_verdict);
903
904 static int sk_psock_skb_redirect(struct sk_psock *from, struct sk_buff *skb)
905 {
906 struct sk_psock *psock_other;
907 struct sock *sk_other;
908
909 sk_other = skb_bpf_redirect_fetch(skb);
910 /* This error is a buggy BPF program, it returned a redirect
911 * return code, but then didn't set a redirect interface.
912 */
913 if (unlikely(!sk_other)) {
914 skb_bpf_redirect_clear(skb);
915 sock_drop(from->sk, skb);
916 return -EIO;
917 }
918 psock_other = sk_psock(sk_other);
919 /* This error indicates the socket is being torn down or had another
920 * error that caused the pipe to break. We can't send a packet on
921 * a socket that is in this state so we drop the skb.
922 */
923 if (!psock_other || sock_flag(sk_other, SOCK_DEAD)) {
924 skb_bpf_redirect_clear(skb);
925 sock_drop(from->sk, skb);
926 return -EIO;
927 }
928 spin_lock_bh(&psock_other->ingress_lock);
929 if (!sk_psock_test_state(psock_other, SK_PSOCK_TX_ENABLED)) {
930 spin_unlock_bh(&psock_other->ingress_lock);
931 skb_bpf_redirect_clear(skb);
932 sock_drop(from->sk, skb);
933 return -EIO;
934 }
935
936 skb_queue_tail(&psock_other->ingress_skb, skb);
937 schedule_delayed_work(&psock_other->work, 0);
938 spin_unlock_bh(&psock_other->ingress_lock);
939 return 0;
940 }
941
942 static void sk_psock_tls_verdict_apply(struct sk_buff *skb,
943 struct sk_psock *from, int verdict)
944 {
945 switch (verdict) {
946 case __SK_REDIRECT:
947 sk_psock_skb_redirect(from, skb);
948 break;
949 case __SK_PASS:
950 case __SK_DROP:
951 default:
952 break;
953 }
954 }
955
956 int sk_psock_tls_strp_read(struct sk_psock *psock, struct sk_buff *skb)
957 {
958 struct bpf_prog *prog;
959 int ret = __SK_PASS;
960
961 rcu_read_lock();
962 prog = READ_ONCE(psock->progs.stream_verdict);
963 if (likely(prog)) {
964 skb->sk = psock->sk;
965 skb_dst_drop(skb);
966 skb_bpf_redirect_clear(skb);
967 ret = bpf_prog_run_pin_on_cpu(prog, skb);
968 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
969 skb->sk = NULL;
970 }
971 sk_psock_tls_verdict_apply(skb, psock, ret);
972 rcu_read_unlock();
973 return ret;
974 }
975 EXPORT_SYMBOL_GPL(sk_psock_tls_strp_read);
976
977 static int sk_psock_verdict_apply(struct sk_psock *psock, struct sk_buff *skb,
978 int verdict)
979 {
980 struct sock *sk_other;
981 int err = 0;
982 u32 len, off;
983
984 switch (verdict) {
985 case __SK_PASS:
986 err = -EIO;
987 sk_other = psock->sk;
988 if (sock_flag(sk_other, SOCK_DEAD) ||
989 !sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED))
990 goto out_free;
991
992 skb_bpf_set_ingress(skb);
993
994 /* If the queue is empty then we can submit directly
995 * into the msg queue. If its not empty we have to
996 * queue work otherwise we may get OOO data. Otherwise,
997 * if sk_psock_skb_ingress errors will be handled by
998 * retrying later from workqueue.
999 */
1000 if (skb_queue_empty(&psock->ingress_skb)) {
1001 len = skb->len;
1002 off = 0;
1003 if (skb_bpf_strparser(skb)) {
1004 struct strp_msg *stm = strp_msg(skb);
1005
1006 off = stm->offset;
1007 len = stm->full_len;
1008 }
1009 err = sk_psock_skb_ingress_self(psock, skb, off, len);
1010 }
1011 if (err < 0) {
1012 spin_lock_bh(&psock->ingress_lock);
1013 if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) {
1014 skb_queue_tail(&psock->ingress_skb, skb);
1015 schedule_delayed_work(&psock->work, 0);
1016 err = 0;
1017 }
1018 spin_unlock_bh(&psock->ingress_lock);
1019 if (err < 0)
1020 goto out_free;
1021 }
1022 break;
1023 case __SK_REDIRECT:
1024 tcp_eat_skb(psock->sk, skb);
1025 err = sk_psock_skb_redirect(psock, skb);
1026 break;
1027 case __SK_DROP:
1028 default:
1029 out_free:
1030 skb_bpf_redirect_clear(skb);
1031 tcp_eat_skb(psock->sk, skb);
1032 sock_drop(psock->sk, skb);
1033 }
1034
1035 return err;
1036 }
1037
1038 static void sk_psock_write_space(struct sock *sk)
1039 {
1040 struct sk_psock *psock;
1041 void (*write_space)(struct sock *sk) = NULL;
1042
1043 rcu_read_lock();
1044 psock = sk_psock(sk);
1045 if (likely(psock)) {
1046 if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED))
1047 schedule_delayed_work(&psock->work, 0);
1048 write_space = psock->saved_write_space;
1049 }
1050 rcu_read_unlock();
1051 if (write_space)
1052 write_space(sk);
1053 }
1054
1055 #if IS_ENABLED(CONFIG_BPF_STREAM_PARSER)
1056 static void sk_psock_strp_read(struct strparser *strp, struct sk_buff *skb)
1057 {
1058 struct sk_psock *psock;
1059 struct bpf_prog *prog;
1060 int ret = __SK_DROP;
1061 struct sock *sk;
1062
1063 rcu_read_lock();
1064 sk = strp->sk;
1065 psock = sk_psock(sk);
1066 if (unlikely(!psock)) {
1067 sock_drop(sk, skb);
1068 goto out;
1069 }
1070 prog = READ_ONCE(psock->progs.stream_verdict);
1071 if (likely(prog)) {
1072 skb->sk = sk;
1073 skb_dst_drop(skb);
1074 skb_bpf_redirect_clear(skb);
1075 ret = bpf_prog_run_pin_on_cpu(prog, skb);
1076 skb_bpf_set_strparser(skb);
1077 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
1078 skb->sk = NULL;
1079 }
1080 sk_psock_verdict_apply(psock, skb, ret);
1081 out:
1082 rcu_read_unlock();
1083 }
1084
1085 static int sk_psock_strp_read_done(struct strparser *strp, int err)
1086 {
1087 return err;
1088 }
1089
1090 static int sk_psock_strp_parse(struct strparser *strp, struct sk_buff *skb)
1091 {
1092 struct sk_psock *psock = container_of(strp, struct sk_psock, strp);
1093 struct bpf_prog *prog;
1094 int ret = skb->len;
1095
1096 rcu_read_lock();
1097 prog = READ_ONCE(psock->progs.stream_parser);
1098 if (likely(prog)) {
1099 skb->sk = psock->sk;
1100 ret = bpf_prog_run_pin_on_cpu(prog, skb);
1101 skb->sk = NULL;
1102 }
1103 rcu_read_unlock();
1104 return ret;
1105 }
1106
1107 /* Called with socket lock held. */
1108 static void sk_psock_strp_data_ready(struct sock *sk)
1109 {
1110 struct sk_psock *psock;
1111
1112 trace_sk_data_ready(sk);
1113
1114 rcu_read_lock();
1115 psock = sk_psock(sk);
1116 if (likely(psock)) {
1117 if (tls_sw_has_ctx_rx(sk)) {
1118 psock->saved_data_ready(sk);
1119 } else {
1120 write_lock_bh(&sk->sk_callback_lock);
1121 strp_data_ready(&psock->strp);
1122 write_unlock_bh(&sk->sk_callback_lock);
1123 }
1124 }
1125 rcu_read_unlock();
1126 }
1127
1128 int sk_psock_init_strp(struct sock *sk, struct sk_psock *psock)
1129 {
1130 int ret;
1131
1132 static const struct strp_callbacks cb = {
1133 .rcv_msg = sk_psock_strp_read,
1134 .read_sock_done = sk_psock_strp_read_done,
1135 .parse_msg = sk_psock_strp_parse,
1136 };
1137
1138 ret = strp_init(&psock->strp, sk, &cb);
1139 if (!ret)
1140 sk_psock_set_state(psock, SK_PSOCK_RX_STRP_ENABLED);
1141
1142 return ret;
1143 }
1144
1145 void sk_psock_start_strp(struct sock *sk, struct sk_psock *psock)
1146 {
1147 if (psock->saved_data_ready)
1148 return;
1149
1150 psock->saved_data_ready = sk->sk_data_ready;
1151 sk->sk_data_ready = sk_psock_strp_data_ready;
1152 sk->sk_write_space = sk_psock_write_space;
1153 }
1154
1155 void sk_psock_stop_strp(struct sock *sk, struct sk_psock *psock)
1156 {
1157 psock_set_prog(&psock->progs.stream_parser, NULL);
1158
1159 if (!psock->saved_data_ready)
1160 return;
1161
1162 sk->sk_data_ready = psock->saved_data_ready;
1163 psock->saved_data_ready = NULL;
1164 strp_stop(&psock->strp);
1165 }
1166
1167 static void sk_psock_done_strp(struct sk_psock *psock)
1168 {
1169 /* Parser has been stopped */
1170 if (sk_psock_test_state(psock, SK_PSOCK_RX_STRP_ENABLED))
1171 strp_done(&psock->strp);
1172 }
1173 #else
1174 static void sk_psock_done_strp(struct sk_psock *psock)
1175 {
1176 }
1177 #endif /* CONFIG_BPF_STREAM_PARSER */
1178
1179 static int sk_psock_verdict_recv(struct sock *sk, struct sk_buff *skb)
1180 {
1181 struct sk_psock *psock;
1182 struct bpf_prog *prog;
1183 int ret = __SK_DROP;
1184 int len = skb->len;
1185
1186 rcu_read_lock();
1187 psock = sk_psock(sk);
1188 if (unlikely(!psock)) {
1189 len = 0;
1190 tcp_eat_skb(sk, skb);
1191 sock_drop(sk, skb);
1192 goto out;
1193 }
1194 prog = READ_ONCE(psock->progs.stream_verdict);
1195 if (!prog)
1196 prog = READ_ONCE(psock->progs.skb_verdict);
1197 if (likely(prog)) {
1198 skb_dst_drop(skb);
1199 skb_bpf_redirect_clear(skb);
1200 ret = bpf_prog_run_pin_on_cpu(prog, skb);
1201 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
1202 }
1203 ret = sk_psock_verdict_apply(psock, skb, ret);
1204 if (ret < 0)
1205 len = ret;
1206 out:
1207 rcu_read_unlock();
1208 return len;
1209 }
1210
1211 static void sk_psock_verdict_data_ready(struct sock *sk)
1212 {
1213 struct socket *sock = sk->sk_socket;
1214 const struct proto_ops *ops;
1215 int copied;
1216
1217 trace_sk_data_ready(sk);
1218
1219 if (unlikely(!sock))
1220 return;
1221 ops = READ_ONCE(sock->ops);
1222 if (!ops || !ops->read_skb)
1223 return;
1224 copied = ops->read_skb(sk, sk_psock_verdict_recv);
1225 if (copied >= 0) {
1226 struct sk_psock *psock;
1227
1228 rcu_read_lock();
1229 psock = sk_psock(sk);
1230 if (psock)
1231 sk_psock_data_ready(sk, psock);
1232 rcu_read_unlock();
1233 }
1234 }
1235
1236 void sk_psock_start_verdict(struct sock *sk, struct sk_psock *psock)
1237 {
1238 if (psock->saved_data_ready)
1239 return;
1240
1241 psock->saved_data_ready = sk->sk_data_ready;
1242 sk->sk_data_ready = sk_psock_verdict_data_ready;
1243 sk->sk_write_space = sk_psock_write_space;
1244 }
1245
1246 void sk_psock_stop_verdict(struct sock *sk, struct sk_psock *psock)
1247 {
1248 psock_set_prog(&psock->progs.stream_verdict, NULL);
1249 psock_set_prog(&psock->progs.skb_verdict, NULL);
1250
1251 if (!psock->saved_data_ready)
1252 return;
1253
1254 sk->sk_data_ready = psock->saved_data_ready;
1255 psock->saved_data_ready = NULL;
1256 }
Kernel DRM miscellaneous fixes and cross-tree changes