search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 5.2
[linux-2.6/linux-2.6-arm.git] / net / ipv4 / tcp_bpf.c
blob3d1e1540138440a0c0f6a65aabd888626ad0e384
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2017 - 2018 Covalent IO, Inc. http://covalent.io */
3
4 #include <linux/skmsg.h>
5 #include <linux/filter.h>
6 #include <linux/bpf.h>
7 #include <linux/init.h>
8 #include <linux/wait.h>
9
10 #include <net/inet_common.h>
11 #include <net/tls.h>
12
13 static bool tcp_bpf_stream_read(const struct sock *sk)
14 {
15 struct sk_psock *psock;
16 bool empty = true;
17
18 rcu_read_lock();
19 psock = sk_psock(sk);
20 if (likely(psock))
21 empty = list_empty(&psock->ingress_msg);
22 rcu_read_unlock();
23 return !empty;
24 }
25
26 static int tcp_bpf_wait_data(struct sock *sk, struct sk_psock *psock,
27 int flags, long timeo, int *err)
28 {
29 DEFINE_WAIT_FUNC(wait, woken_wake_function);
30 int ret = 0;
31
32 if (!timeo)
33 return ret;
34
35 add_wait_queue(sk_sleep(sk), &wait);
36 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
37 ret = sk_wait_event(sk, &timeo,
38 !list_empty(&psock->ingress_msg) ||
39 !skb_queue_empty(&sk->sk_receive_queue), &wait);
40 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
41 remove_wait_queue(sk_sleep(sk), &wait);
42 return ret;
43 }
44
45 int __tcp_bpf_recvmsg(struct sock *sk, struct sk_psock *psock,
46 struct msghdr *msg, int len, int flags)
47 {
48 struct iov_iter *iter = &msg->msg_iter;
49 int peek = flags & MSG_PEEK;
50 int i, ret, copied = 0;
51 struct sk_msg *msg_rx;
52
53 msg_rx = list_first_entry_or_null(&psock->ingress_msg,
54 struct sk_msg, list);
55
56 while (copied != len) {
57 struct scatterlist *sge;
58
59 if (unlikely(!msg_rx))
60 break;
61
62 i = msg_rx->sg.start;
63 do {
64 struct page *page;
65 int copy;
66
67 sge = sk_msg_elem(msg_rx, i);
68 copy = sge->length;
69 page = sg_page(sge);
70 if (copied + copy > len)
71 copy = len - copied;
72 ret = copy_page_to_iter(page, sge->offset, copy, iter);
73 if (ret != copy) {
74 msg_rx->sg.start = i;
75 return -EFAULT;
76 }
77
78 copied += copy;
79 if (likely(!peek)) {
80 sge->offset += copy;
81 sge->length -= copy;
82 sk_mem_uncharge(sk, copy);
83 msg_rx->sg.size -= copy;
84
85 if (!sge->length) {
86 sk_msg_iter_var_next(i);
87 if (!msg_rx->skb)
88 put_page(page);
89 }
90 } else {
91 sk_msg_iter_var_next(i);
92 }
93
94 if (copied == len)
95 break;
96 } while (i != msg_rx->sg.end);
97
98 if (unlikely(peek)) {
99 msg_rx = list_next_entry(msg_rx, list);
100 continue;
101 }
102
103 msg_rx->sg.start = i;
104 if (!sge->length && msg_rx->sg.start == msg_rx->sg.end) {
105 list_del(&msg_rx->list);
106 if (msg_rx->skb)
107 consume_skb(msg_rx->skb);
108 kfree(msg_rx);
109 }
110 msg_rx = list_first_entry_or_null(&psock->ingress_msg,
111 struct sk_msg, list);
112 }
113
114 return copied;
115 }
116 EXPORT_SYMBOL_GPL(__tcp_bpf_recvmsg);
117
118 int tcp_bpf_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
119 int nonblock, int flags, int *addr_len)
120 {
121 struct sk_psock *psock;
122 int copied, ret;
123
124 if (unlikely(flags & MSG_ERRQUEUE))
125 return inet_recv_error(sk, msg, len, addr_len);
126 if (!skb_queue_empty(&sk->sk_receive_queue))
127 return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);
128
129 psock = sk_psock_get(sk);
130 if (unlikely(!psock))
131 return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);
132 lock_sock(sk);
133 msg_bytes_ready:
134 copied = __tcp_bpf_recvmsg(sk, psock, msg, len, flags);
135 if (!copied) {
136 int data, err = 0;
137 long timeo;
138
139 timeo = sock_rcvtimeo(sk, nonblock);
140 data = tcp_bpf_wait_data(sk, psock, flags, timeo, &err);
141 if (data) {
142 if (skb_queue_empty(&sk->sk_receive_queue))
143 goto msg_bytes_ready;
144 release_sock(sk);
145 sk_psock_put(sk, psock);
146 return tcp_recvmsg(sk, msg, len, nonblock, flags, addr_len);
147 }
148 if (err) {
149 ret = err;
150 goto out;
151 }
152 copied = -EAGAIN;
153 }
154 ret = copied;
155 out:
156 release_sock(sk);
157 sk_psock_put(sk, psock);
158 return ret;
159 }
160
161 static int bpf_tcp_ingress(struct sock *sk, struct sk_psock *psock,
162 struct sk_msg *msg, u32 apply_bytes, int flags)
163 {
164 bool apply = apply_bytes;
165 struct scatterlist *sge;
166 u32 size, copied = 0;
167 struct sk_msg *tmp;
168 int i, ret = 0;
169
170 tmp = kzalloc(sizeof(*tmp), __GFP_NOWARN | GFP_KERNEL);
171 if (unlikely(!tmp))
172 return -ENOMEM;
173
174 lock_sock(sk);
175 tmp->sg.start = msg->sg.start;
176 i = msg->sg.start;
177 do {
178 sge = sk_msg_elem(msg, i);
179 size = (apply && apply_bytes < sge->length) ?
180 apply_bytes : sge->length;
181 if (!sk_wmem_schedule(sk, size)) {
182 if (!copied)
183 ret = -ENOMEM;
184 break;
185 }
186
187 sk_mem_charge(sk, size);
188 sk_msg_xfer(tmp, msg, i, size);
189 copied += size;
190 if (sge->length)
191 get_page(sk_msg_page(tmp, i));
192 sk_msg_iter_var_next(i);
193 tmp->sg.end = i;
194 if (apply) {
195 apply_bytes -= size;
196 if (!apply_bytes)
197 break;
198 }
199 } while (i != msg->sg.end);
200
201 if (!ret) {
202 msg->sg.start = i;
203 msg->sg.size -= apply_bytes;
204 sk_psock_queue_msg(psock, tmp);
205 sk_psock_data_ready(sk, psock);
206 } else {
207 sk_msg_free(sk, tmp);
208 kfree(tmp);
209 }
210
211 release_sock(sk);
212 return ret;
213 }
214
215 static int tcp_bpf_push(struct sock *sk, struct sk_msg *msg, u32 apply_bytes,
216 int flags, bool uncharge)
217 {
218 bool apply = apply_bytes;
219 struct scatterlist *sge;
220 struct page *page;
221 int size, ret = 0;
222 u32 off;
223
224 while (1) {
225 bool has_tx_ulp;
226
227 sge = sk_msg_elem(msg, msg->sg.start);
228 size = (apply && apply_bytes < sge->length) ?
229 apply_bytes : sge->length;
230 off = sge->offset;
231 page = sg_page(sge);
232
233 tcp_rate_check_app_limited(sk);
234 retry:
235 has_tx_ulp = tls_sw_has_ctx_tx(sk);
236 if (has_tx_ulp) {
237 flags |= MSG_SENDPAGE_NOPOLICY;
238 ret = kernel_sendpage_locked(sk,
239 page, off, size, flags);
240 } else {
241 ret = do_tcp_sendpages(sk, page, off, size, flags);
242 }
243
244 if (ret <= 0)
245 return ret;
246 if (apply)
247 apply_bytes -= ret;
248 msg->sg.size -= ret;
249 sge->offset += ret;
250 sge->length -= ret;
251 if (uncharge)
252 sk_mem_uncharge(sk, ret);
253 if (ret != size) {
254 size -= ret;
255 off += ret;
256 goto retry;
257 }
258 if (!sge->length) {
259 put_page(page);
260 sk_msg_iter_next(msg, start);
261 sg_init_table(sge, 1);
262 if (msg->sg.start == msg->sg.end)
263 break;
264 }
265 if (apply && !apply_bytes)
266 break;
267 }
268
269 return 0;
270 }
271
272 static int tcp_bpf_push_locked(struct sock *sk, struct sk_msg *msg,
273 u32 apply_bytes, int flags, bool uncharge)
274 {
275 int ret;
276
277 lock_sock(sk);
278 ret = tcp_bpf_push(sk, msg, apply_bytes, flags, uncharge);
279 release_sock(sk);
280 return ret;
281 }
282
283 int tcp_bpf_sendmsg_redir(struct sock *sk, struct sk_msg *msg,
284 u32 bytes, int flags)
285 {
286 bool ingress = sk_msg_to_ingress(msg);
287 struct sk_psock *psock = sk_psock_get(sk);
288 int ret;
289
290 if (unlikely(!psock)) {
291 sk_msg_free(sk, msg);
292 return 0;
293 }
294 ret = ingress ? bpf_tcp_ingress(sk, psock, msg, bytes, flags) :
295 tcp_bpf_push_locked(sk, msg, bytes, flags, false);
296 sk_psock_put(sk, psock);
297 return ret;
298 }
299 EXPORT_SYMBOL_GPL(tcp_bpf_sendmsg_redir);
300
301 static int tcp_bpf_send_verdict(struct sock *sk, struct sk_psock *psock,
302 struct sk_msg *msg, int *copied, int flags)
303 {
304 bool cork = false, enospc = msg->sg.start == msg->sg.end;
305 struct sock *sk_redir;
306 u32 tosend, delta = 0;
307 int ret;
308
309 more_data:
310 if (psock->eval == __SK_NONE) {
311 /* Track delta in msg size to add/subtract it on SK_DROP from
312 * returned to user copied size. This ensures user doesn't
313 * get a positive return code with msg_cut_data and SK_DROP
314 * verdict.
315 */
316 delta = msg->sg.size;
317 psock->eval = sk_psock_msg_verdict(sk, psock, msg);
318 if (msg->sg.size < delta)
319 delta -= msg->sg.size;
320 else
321 delta = 0;
322 }
323
324 if (msg->cork_bytes &&
325 msg->cork_bytes > msg->sg.size && !enospc) {
326 psock->cork_bytes = msg->cork_bytes - msg->sg.size;
327 if (!psock->cork) {
328 psock->cork = kzalloc(sizeof(*psock->cork),
329 GFP_ATOMIC | __GFP_NOWARN);
330 if (!psock->cork)
331 return -ENOMEM;
332 }
333 memcpy(psock->cork, msg, sizeof(*msg));
334 return 0;
335 }
336
337 tosend = msg->sg.size;
338 if (psock->apply_bytes && psock->apply_bytes < tosend)
339 tosend = psock->apply_bytes;
340
341 switch (psock->eval) {
342 case __SK_PASS:
343 ret = tcp_bpf_push(sk, msg, tosend, flags, true);
344 if (unlikely(ret)) {
345 *copied -= sk_msg_free(sk, msg);
346 break;
347 }
348 sk_msg_apply_bytes(psock, tosend);
349 break;
350 case __SK_REDIRECT:
351 sk_redir = psock->sk_redir;
352 sk_msg_apply_bytes(psock, tosend);
353 if (psock->cork) {
354 cork = true;
355 psock->cork = NULL;
356 }
357 sk_msg_return(sk, msg, tosend);
358 release_sock(sk);
359 ret = tcp_bpf_sendmsg_redir(sk_redir, msg, tosend, flags);
360 lock_sock(sk);
361 if (unlikely(ret < 0)) {
362 int free = sk_msg_free_nocharge(sk, msg);
363
364 if (!cork)
365 *copied -= free;
366 }
367 if (cork) {
368 sk_msg_free(sk, msg);
369 kfree(msg);
370 msg = NULL;
371 ret = 0;
372 }
373 break;
374 case __SK_DROP:
375 default:
376 sk_msg_free_partial(sk, msg, tosend);
377 sk_msg_apply_bytes(psock, tosend);
378 *copied -= (tosend + delta);
379 return -EACCES;
380 }
381
382 if (likely(!ret)) {
383 if (!psock->apply_bytes) {
384 psock->eval = __SK_NONE;
385 if (psock->sk_redir) {
386 sock_put(psock->sk_redir);
387 psock->sk_redir = NULL;
388 }
389 }
390 if (msg &&
391 msg->sg.data[msg->sg.start].page_link &&
392 msg->sg.data[msg->sg.start].length)
393 goto more_data;
394 }
395 return ret;
396 }
397
398 static int tcp_bpf_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
399 {
400 struct sk_msg tmp, *msg_tx = NULL;
401 int flags = msg->msg_flags | MSG_NO_SHARED_FRAGS;
402 int copied = 0, err = 0;
403 struct sk_psock *psock;
404 long timeo;
405
406 psock = sk_psock_get(sk);
407 if (unlikely(!psock))
408 return tcp_sendmsg(sk, msg, size);
409
410 lock_sock(sk);
411 timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
412 while (msg_data_left(msg)) {
413 bool enospc = false;
414 u32 copy, osize;
415
416 if (sk->sk_err) {
417 err = -sk->sk_err;
418 goto out_err;
419 }
420
421 copy = msg_data_left(msg);
422 if (!sk_stream_memory_free(sk))
423 goto wait_for_sndbuf;
424 if (psock->cork) {
425 msg_tx = psock->cork;
426 } else {
427 msg_tx = &tmp;
428 sk_msg_init(msg_tx);
429 }
430
431 osize = msg_tx->sg.size;
432 err = sk_msg_alloc(sk, msg_tx, msg_tx->sg.size + copy, msg_tx->sg.end - 1);
433 if (err) {
434 if (err != -ENOSPC)
435 goto wait_for_memory;
436 enospc = true;
437 copy = msg_tx->sg.size - osize;
438 }
439
440 err = sk_msg_memcopy_from_iter(sk, &msg->msg_iter, msg_tx,
441 copy);
442 if (err < 0) {
443 sk_msg_trim(sk, msg_tx, osize);
444 goto out_err;
445 }
446
447 copied += copy;
448 if (psock->cork_bytes) {
449 if (size > psock->cork_bytes)
450 psock->cork_bytes = 0;
451 else
452 psock->cork_bytes -= size;
453 if (psock->cork_bytes && !enospc)
454 goto out_err;
455 /* All cork bytes are accounted, rerun the prog. */
456 psock->eval = __SK_NONE;
457 psock->cork_bytes = 0;
458 }
459
460 err = tcp_bpf_send_verdict(sk, psock, msg_tx, &copied, flags);
461 if (unlikely(err < 0))
462 goto out_err;
463 continue;
464 wait_for_sndbuf:
465 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
466 wait_for_memory:
467 err = sk_stream_wait_memory(sk, &timeo);
468 if (err) {
469 if (msg_tx && msg_tx != psock->cork)
470 sk_msg_free(sk, msg_tx);
471 goto out_err;
472 }
473 }
474 out_err:
475 if (err < 0)
476 err = sk_stream_error(sk, msg->msg_flags, err);
477 release_sock(sk);
478 sk_psock_put(sk, psock);
479 return copied ? copied : err;
480 }
481
482 static int tcp_bpf_sendpage(struct sock *sk, struct page *page, int offset,
483 size_t size, int flags)
484 {
485 struct sk_msg tmp, *msg = NULL;
486 int err = 0, copied = 0;
487 struct sk_psock *psock;
488 bool enospc = false;
489
490 psock = sk_psock_get(sk);
491 if (unlikely(!psock))
492 return tcp_sendpage(sk, page, offset, size, flags);
493
494 lock_sock(sk);
495 if (psock->cork) {
496 msg = psock->cork;
497 } else {
498 msg = &tmp;
499 sk_msg_init(msg);
500 }
501
502 /* Catch case where ring is full and sendpage is stalled. */
503 if (unlikely(sk_msg_full(msg)))
504 goto out_err;
505
506 sk_msg_page_add(msg, page, size, offset);
507 sk_mem_charge(sk, size);
508 copied = size;
509 if (sk_msg_full(msg))
510 enospc = true;
511 if (psock->cork_bytes) {
512 if (size > psock->cork_bytes)
513 psock->cork_bytes = 0;
514 else
515 psock->cork_bytes -= size;
516 if (psock->cork_bytes && !enospc)
517 goto out_err;
518 /* All cork bytes are accounted, rerun the prog. */
519 psock->eval = __SK_NONE;
520 psock->cork_bytes = 0;
521 }
522
523 err = tcp_bpf_send_verdict(sk, psock, msg, &copied, flags);
524 out_err:
525 release_sock(sk);
526 sk_psock_put(sk, psock);
527 return copied ? copied : err;
528 }
529
530 static void tcp_bpf_remove(struct sock *sk, struct sk_psock *psock)
531 {
532 struct sk_psock_link *link;
533
534 while ((link = sk_psock_link_pop(psock))) {
535 sk_psock_unlink(sk, link);
536 sk_psock_free_link(link);
537 }
538 }
539
540 static void tcp_bpf_unhash(struct sock *sk)
541 {
542 void (*saved_unhash)(struct sock *sk);
543 struct sk_psock *psock;
544
545 rcu_read_lock();
546 psock = sk_psock(sk);
547 if (unlikely(!psock)) {
548 rcu_read_unlock();
549 if (sk->sk_prot->unhash)
550 sk->sk_prot->unhash(sk);
551 return;
552 }
553
554 saved_unhash = psock->saved_unhash;
555 tcp_bpf_remove(sk, psock);
556 rcu_read_unlock();
557 saved_unhash(sk);
558 }
559
560 static void tcp_bpf_close(struct sock *sk, long timeout)
561 {
562 void (*saved_close)(struct sock *sk, long timeout);
563 struct sk_psock *psock;
564
565 lock_sock(sk);
566 rcu_read_lock();
567 psock = sk_psock(sk);
568 if (unlikely(!psock)) {
569 rcu_read_unlock();
570 release_sock(sk);
571 return sk->sk_prot->close(sk, timeout);
572 }
573
574 saved_close = psock->saved_close;
575 tcp_bpf_remove(sk, psock);
576 rcu_read_unlock();
577 release_sock(sk);
578 saved_close(sk, timeout);
579 }
580
581 enum {
582 TCP_BPF_IPV4,
583 TCP_BPF_IPV6,
584 TCP_BPF_NUM_PROTS,
585 };
586
587 enum {
588 TCP_BPF_BASE,
589 TCP_BPF_TX,
590 TCP_BPF_NUM_CFGS,
591 };
592
593 static struct proto *tcpv6_prot_saved __read_mostly;
594 static DEFINE_SPINLOCK(tcpv6_prot_lock);
595 static struct proto tcp_bpf_prots[TCP_BPF_NUM_PROTS][TCP_BPF_NUM_CFGS];
596
597 static void tcp_bpf_rebuild_protos(struct proto prot[TCP_BPF_NUM_CFGS],
598 struct proto *base)
599 {
600 prot[TCP_BPF_BASE] = *base;
601 prot[TCP_BPF_BASE].unhash = tcp_bpf_unhash;
602 prot[TCP_BPF_BASE].close = tcp_bpf_close;
603 prot[TCP_BPF_BASE].recvmsg = tcp_bpf_recvmsg;
604 prot[TCP_BPF_BASE].stream_memory_read = tcp_bpf_stream_read;
605
606 prot[TCP_BPF_TX] = prot[TCP_BPF_BASE];
607 prot[TCP_BPF_TX].sendmsg = tcp_bpf_sendmsg;
608 prot[TCP_BPF_TX].sendpage = tcp_bpf_sendpage;
609 }
610
611 static void tcp_bpf_check_v6_needs_rebuild(struct sock *sk, struct proto *ops)
612 {
613 if (sk->sk_family == AF_INET6 &&
614 unlikely(ops != smp_load_acquire(&tcpv6_prot_saved))) {
615 spin_lock_bh(&tcpv6_prot_lock);
616 if (likely(ops != tcpv6_prot_saved)) {
617 tcp_bpf_rebuild_protos(tcp_bpf_prots[TCP_BPF_IPV6], ops);
618 smp_store_release(&tcpv6_prot_saved, ops);
619 }
620 spin_unlock_bh(&tcpv6_prot_lock);
621 }
622 }
623
624 static int __init tcp_bpf_v4_build_proto(void)
625 {
626 tcp_bpf_rebuild_protos(tcp_bpf_prots[TCP_BPF_IPV4], &tcp_prot);
627 return 0;
628 }
629 core_initcall(tcp_bpf_v4_build_proto);
630
631 static void tcp_bpf_update_sk_prot(struct sock *sk, struct sk_psock *psock)
632 {
633 int family = sk->sk_family == AF_INET6 ? TCP_BPF_IPV6 : TCP_BPF_IPV4;
634 int config = psock->progs.msg_parser ? TCP_BPF_TX : TCP_BPF_BASE;
635
636 sk_psock_update_proto(sk, psock, &tcp_bpf_prots[family][config]);
637 }
638
639 static void tcp_bpf_reinit_sk_prot(struct sock *sk, struct sk_psock *psock)
640 {
641 int family = sk->sk_family == AF_INET6 ? TCP_BPF_IPV6 : TCP_BPF_IPV4;
642 int config = psock->progs.msg_parser ? TCP_BPF_TX : TCP_BPF_BASE;
643
644 /* Reinit occurs when program types change e.g. TCP_BPF_TX is removed
645 * or added requiring sk_prot hook updates. We keep original saved
646 * hooks in this case.
647 */
648 sk->sk_prot = &tcp_bpf_prots[family][config];
649 }
650
651 static int tcp_bpf_assert_proto_ops(struct proto *ops)
652 {
653 /* In order to avoid retpoline, we make assumptions when we call
654 * into ops if e.g. a psock is not present. Make sure they are
655 * indeed valid assumptions.
656 */
657 return ops->recvmsg == tcp_recvmsg &&
658 ops->sendmsg == tcp_sendmsg &&
659 ops->sendpage == tcp_sendpage ? 0 : -ENOTSUPP;
660 }
661
662 void tcp_bpf_reinit(struct sock *sk)
663 {
664 struct sk_psock *psock;
665
666 sock_owned_by_me(sk);
667
668 rcu_read_lock();
669 psock = sk_psock(sk);
670 tcp_bpf_reinit_sk_prot(sk, psock);
671 rcu_read_unlock();
672 }
673
674 int tcp_bpf_init(struct sock *sk)
675 {
676 struct proto *ops = READ_ONCE(sk->sk_prot);
677 struct sk_psock *psock;
678
679 sock_owned_by_me(sk);
680
681 rcu_read_lock();
682 psock = sk_psock(sk);
683 if (unlikely(!psock || psock->sk_proto ||
684 tcp_bpf_assert_proto_ops(ops))) {
685 rcu_read_unlock();
686 return -EINVAL;
687 }
688 tcp_bpf_check_v6_needs_rebuild(sk, ops);
689 tcp_bpf_update_sk_prot(sk, psock);
690 rcu_read_unlock();
691 return 0;
692 }
Mirror of linux-2.6-arm at arm.linux.org.uk