search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
io_uring: ensure finish_wait() is always called in __io_uring_task_cancel()
[linux/fpc-iii.git] / net / core / sock_map.c
blob64b5ec14ff50c99393acf344235f7f2c16b364a2
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2017 - 2018 Covalent IO, Inc. http://covalent.io */
3
4 #include <linux/bpf.h>
5 #include <linux/btf_ids.h>
6 #include <linux/filter.h>
7 #include <linux/errno.h>
8 #include <linux/file.h>
9 #include <linux/net.h>
10 #include <linux/workqueue.h>
11 #include <linux/skmsg.h>
12 #include <linux/list.h>
13 #include <linux/jhash.h>
14 #include <linux/sock_diag.h>
15 #include <net/udp.h>
16
17 struct bpf_stab {
18 struct bpf_map map;
19 struct sock **sks;
20 struct sk_psock_progs progs;
21 raw_spinlock_t lock;
22 };
23
24 #define SOCK_CREATE_FLAG_MASK \
25 (BPF_F_NUMA_NODE | BPF_F_RDONLY | BPF_F_WRONLY)
26
27 static struct bpf_map *sock_map_alloc(union bpf_attr *attr)
28 {
29 struct bpf_stab *stab;
30
31 if (!capable(CAP_NET_ADMIN))
32 return ERR_PTR(-EPERM);
33 if (attr->max_entries == 0 ||
34 attr->key_size != 4 ||
35 (attr->value_size != sizeof(u32) &&
36 attr->value_size != sizeof(u64)) ||
37 attr->map_flags & ~SOCK_CREATE_FLAG_MASK)
38 return ERR_PTR(-EINVAL);
39
40 stab = kzalloc(sizeof(*stab), GFP_USER | __GFP_ACCOUNT);
41 if (!stab)
42 return ERR_PTR(-ENOMEM);
43
44 bpf_map_init_from_attr(&stab->map, attr);
45 raw_spin_lock_init(&stab->lock);
46
47 stab->sks = bpf_map_area_alloc(stab->map.max_entries *
48 sizeof(struct sock *),
49 stab->map.numa_node);
50 if (!stab->sks) {
51 kfree(stab);
52 return ERR_PTR(-ENOMEM);
53 }
54
55 return &stab->map;
56 }
57
58 int sock_map_get_from_fd(const union bpf_attr *attr, struct bpf_prog *prog)
59 {
60 u32 ufd = attr->target_fd;
61 struct bpf_map *map;
62 struct fd f;
63 int ret;
64
65 if (attr->attach_flags || attr->replace_bpf_fd)
66 return -EINVAL;
67
68 f = fdget(ufd);
69 map = __bpf_map_get(f);
70 if (IS_ERR(map))
71 return PTR_ERR(map);
72 ret = sock_map_prog_update(map, prog, NULL, attr->attach_type);
73 fdput(f);
74 return ret;
75 }
76
77 int sock_map_prog_detach(const union bpf_attr *attr, enum bpf_prog_type ptype)
78 {
79 u32 ufd = attr->target_fd;
80 struct bpf_prog *prog;
81 struct bpf_map *map;
82 struct fd f;
83 int ret;
84
85 if (attr->attach_flags || attr->replace_bpf_fd)
86 return -EINVAL;
87
88 f = fdget(ufd);
89 map = __bpf_map_get(f);
90 if (IS_ERR(map))
91 return PTR_ERR(map);
92
93 prog = bpf_prog_get(attr->attach_bpf_fd);
94 if (IS_ERR(prog)) {
95 ret = PTR_ERR(prog);
96 goto put_map;
97 }
98
99 if (prog->type != ptype) {
100 ret = -EINVAL;
101 goto put_prog;
102 }
103
104 ret = sock_map_prog_update(map, NULL, prog, attr->attach_type);
105 put_prog:
106 bpf_prog_put(prog);
107 put_map:
108 fdput(f);
109 return ret;
110 }
111
112 static void sock_map_sk_acquire(struct sock *sk)
113 __acquires(&sk->sk_lock.slock)
114 {
115 lock_sock(sk);
116 preempt_disable();
117 rcu_read_lock();
118 }
119
120 static void sock_map_sk_release(struct sock *sk)
121 __releases(&sk->sk_lock.slock)
122 {
123 rcu_read_unlock();
124 preempt_enable();
125 release_sock(sk);
126 }
127
128 static void sock_map_add_link(struct sk_psock *psock,
129 struct sk_psock_link *link,
130 struct bpf_map *map, void *link_raw)
131 {
132 link->link_raw = link_raw;
133 link->map = map;
134 spin_lock_bh(&psock->link_lock);
135 list_add_tail(&link->list, &psock->link);
136 spin_unlock_bh(&psock->link_lock);
137 }
138
139 static void sock_map_del_link(struct sock *sk,
140 struct sk_psock *psock, void *link_raw)
141 {
142 bool strp_stop = false, verdict_stop = false;
143 struct sk_psock_link *link, *tmp;
144
145 spin_lock_bh(&psock->link_lock);
146 list_for_each_entry_safe(link, tmp, &psock->link, list) {
147 if (link->link_raw == link_raw) {
148 struct bpf_map *map = link->map;
149 struct bpf_stab *stab = container_of(map, struct bpf_stab,
150 map);
151 if (psock->parser.enabled && stab->progs.skb_parser)
152 strp_stop = true;
153 if (psock->parser.enabled && stab->progs.skb_verdict)
154 verdict_stop = true;
155 list_del(&link->list);
156 sk_psock_free_link(link);
157 }
158 }
159 spin_unlock_bh(&psock->link_lock);
160 if (strp_stop || verdict_stop) {
161 write_lock_bh(&sk->sk_callback_lock);
162 if (strp_stop)
163 sk_psock_stop_strp(sk, psock);
164 else
165 sk_psock_stop_verdict(sk, psock);
166 write_unlock_bh(&sk->sk_callback_lock);
167 }
168 }
169
170 static void sock_map_unref(struct sock *sk, void *link_raw)
171 {
172 struct sk_psock *psock = sk_psock(sk);
173
174 if (likely(psock)) {
175 sock_map_del_link(sk, psock, link_raw);
176 sk_psock_put(sk, psock);
177 }
178 }
179
180 static int sock_map_init_proto(struct sock *sk, struct sk_psock *psock)
181 {
182 struct proto *prot;
183
184 switch (sk->sk_type) {
185 case SOCK_STREAM:
186 prot = tcp_bpf_get_proto(sk, psock);
187 break;
188
189 case SOCK_DGRAM:
190 prot = udp_bpf_get_proto(sk, psock);
191 break;
192
193 default:
194 return -EINVAL;
195 }
196
197 if (IS_ERR(prot))
198 return PTR_ERR(prot);
199
200 sk_psock_update_proto(sk, psock, prot);
201 return 0;
202 }
203
204 static struct sk_psock *sock_map_psock_get_checked(struct sock *sk)
205 {
206 struct sk_psock *psock;
207
208 rcu_read_lock();
209 psock = sk_psock(sk);
210 if (psock) {
211 if (sk->sk_prot->close != sock_map_close) {
212 psock = ERR_PTR(-EBUSY);
213 goto out;
214 }
215
216 if (!refcount_inc_not_zero(&psock->refcnt))
217 psock = ERR_PTR(-EBUSY);
218 }
219 out:
220 rcu_read_unlock();
221 return psock;
222 }
223
224 static int sock_map_link(struct bpf_map *map, struct sk_psock_progs *progs,
225 struct sock *sk)
226 {
227 struct bpf_prog *msg_parser, *skb_parser, *skb_verdict;
228 struct sk_psock *psock;
229 int ret;
230
231 skb_verdict = READ_ONCE(progs->skb_verdict);
232 if (skb_verdict) {
233 skb_verdict = bpf_prog_inc_not_zero(skb_verdict);
234 if (IS_ERR(skb_verdict))
235 return PTR_ERR(skb_verdict);
236 }
237
238 skb_parser = READ_ONCE(progs->skb_parser);
239 if (skb_parser) {
240 skb_parser = bpf_prog_inc_not_zero(skb_parser);
241 if (IS_ERR(skb_parser)) {
242 ret = PTR_ERR(skb_parser);
243 goto out_put_skb_verdict;
244 }
245 }
246
247 msg_parser = READ_ONCE(progs->msg_parser);
248 if (msg_parser) {
249 msg_parser = bpf_prog_inc_not_zero(msg_parser);
250 if (IS_ERR(msg_parser)) {
251 ret = PTR_ERR(msg_parser);
252 goto out_put_skb_parser;
253 }
254 }
255
256 psock = sock_map_psock_get_checked(sk);
257 if (IS_ERR(psock)) {
258 ret = PTR_ERR(psock);
259 goto out_progs;
260 }
261
262 if (psock) {
263 if ((msg_parser && READ_ONCE(psock->progs.msg_parser)) ||
264 (skb_parser && READ_ONCE(psock->progs.skb_parser)) ||
265 (skb_verdict && READ_ONCE(psock->progs.skb_verdict))) {
266 sk_psock_put(sk, psock);
267 ret = -EBUSY;
268 goto out_progs;
269 }
270 } else {
271 psock = sk_psock_init(sk, map->numa_node);
272 if (IS_ERR(psock)) {
273 ret = PTR_ERR(psock);
274 goto out_progs;
275 }
276 }
277
278 if (msg_parser)
279 psock_set_prog(&psock->progs.msg_parser, msg_parser);
280
281 ret = sock_map_init_proto(sk, psock);
282 if (ret < 0)
283 goto out_drop;
284
285 write_lock_bh(&sk->sk_callback_lock);
286 if (skb_parser && skb_verdict && !psock->parser.enabled) {
287 ret = sk_psock_init_strp(sk, psock);
288 if (ret)
289 goto out_unlock_drop;
290 psock_set_prog(&psock->progs.skb_verdict, skb_verdict);
291 psock_set_prog(&psock->progs.skb_parser, skb_parser);
292 sk_psock_start_strp(sk, psock);
293 } else if (!skb_parser && skb_verdict && !psock->parser.enabled) {
294 psock_set_prog(&psock->progs.skb_verdict, skb_verdict);
295 sk_psock_start_verdict(sk,psock);
296 }
297 write_unlock_bh(&sk->sk_callback_lock);
298 return 0;
299 out_unlock_drop:
300 write_unlock_bh(&sk->sk_callback_lock);
301 out_drop:
302 sk_psock_put(sk, psock);
303 out_progs:
304 if (msg_parser)
305 bpf_prog_put(msg_parser);
306 out_put_skb_parser:
307 if (skb_parser)
308 bpf_prog_put(skb_parser);
309 out_put_skb_verdict:
310 if (skb_verdict)
311 bpf_prog_put(skb_verdict);
312 return ret;
313 }
314
315 static int sock_map_link_no_progs(struct bpf_map *map, struct sock *sk)
316 {
317 struct sk_psock *psock;
318 int ret;
319
320 psock = sock_map_psock_get_checked(sk);
321 if (IS_ERR(psock))
322 return PTR_ERR(psock);
323
324 if (!psock) {
325 psock = sk_psock_init(sk, map->numa_node);
326 if (IS_ERR(psock))
327 return PTR_ERR(psock);
328 }
329
330 ret = sock_map_init_proto(sk, psock);
331 if (ret < 0)
332 sk_psock_put(sk, psock);
333 return ret;
334 }
335
336 static void sock_map_free(struct bpf_map *map)
337 {
338 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
339 int i;
340
341 /* After the sync no updates or deletes will be in-flight so it
342 * is safe to walk map and remove entries without risking a race
343 * in EEXIST update case.
344 */
345 synchronize_rcu();
346 for (i = 0; i < stab->map.max_entries; i++) {
347 struct sock **psk = &stab->sks[i];
348 struct sock *sk;
349
350 sk = xchg(psk, NULL);
351 if (sk) {
352 lock_sock(sk);
353 rcu_read_lock();
354 sock_map_unref(sk, psk);
355 rcu_read_unlock();
356 release_sock(sk);
357 }
358 }
359
360 /* wait for psock readers accessing its map link */
361 synchronize_rcu();
362
363 bpf_map_area_free(stab->sks);
364 kfree(stab);
365 }
366
367 static void sock_map_release_progs(struct bpf_map *map)
368 {
369 psock_progs_drop(&container_of(map, struct bpf_stab, map)->progs);
370 }
371
372 static struct sock *__sock_map_lookup_elem(struct bpf_map *map, u32 key)
373 {
374 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
375
376 WARN_ON_ONCE(!rcu_read_lock_held());
377
378 if (unlikely(key >= map->max_entries))
379 return NULL;
380 return READ_ONCE(stab->sks[key]);
381 }
382
383 static void *sock_map_lookup(struct bpf_map *map, void *key)
384 {
385 struct sock *sk;
386
387 sk = __sock_map_lookup_elem(map, *(u32 *)key);
388 if (!sk)
389 return NULL;
390 if (sk_is_refcounted(sk) && !refcount_inc_not_zero(&sk->sk_refcnt))
391 return NULL;
392 return sk;
393 }
394
395 static void *sock_map_lookup_sys(struct bpf_map *map, void *key)
396 {
397 struct sock *sk;
398
399 if (map->value_size != sizeof(u64))
400 return ERR_PTR(-ENOSPC);
401
402 sk = __sock_map_lookup_elem(map, *(u32 *)key);
403 if (!sk)
404 return ERR_PTR(-ENOENT);
405
406 __sock_gen_cookie(sk);
407 return &sk->sk_cookie;
408 }
409
410 static int __sock_map_delete(struct bpf_stab *stab, struct sock *sk_test,
411 struct sock **psk)
412 {
413 struct sock *sk;
414 int err = 0;
415
416 raw_spin_lock_bh(&stab->lock);
417 sk = *psk;
418 if (!sk_test || sk_test == sk)
419 sk = xchg(psk, NULL);
420
421 if (likely(sk))
422 sock_map_unref(sk, psk);
423 else
424 err = -EINVAL;
425
426 raw_spin_unlock_bh(&stab->lock);
427 return err;
428 }
429
430 static void sock_map_delete_from_link(struct bpf_map *map, struct sock *sk,
431 void *link_raw)
432 {
433 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
434
435 __sock_map_delete(stab, sk, link_raw);
436 }
437
438 static int sock_map_delete_elem(struct bpf_map *map, void *key)
439 {
440 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
441 u32 i = *(u32 *)key;
442 struct sock **psk;
443
444 if (unlikely(i >= map->max_entries))
445 return -EINVAL;
446
447 psk = &stab->sks[i];
448 return __sock_map_delete(stab, NULL, psk);
449 }
450
451 static int sock_map_get_next_key(struct bpf_map *map, void *key, void *next)
452 {
453 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
454 u32 i = key ? *(u32 *)key : U32_MAX;
455 u32 *key_next = next;
456
457 if (i == stab->map.max_entries - 1)
458 return -ENOENT;
459 if (i >= stab->map.max_entries)
460 *key_next = 0;
461 else
462 *key_next = i + 1;
463 return 0;
464 }
465
466 static bool sock_map_redirect_allowed(const struct sock *sk);
467
468 static int sock_map_update_common(struct bpf_map *map, u32 idx,
469 struct sock *sk, u64 flags)
470 {
471 struct bpf_stab *stab = container_of(map, struct bpf_stab, map);
472 struct sk_psock_link *link;
473 struct sk_psock *psock;
474 struct sock *osk;
475 int ret;
476
477 WARN_ON_ONCE(!rcu_read_lock_held());
478 if (unlikely(flags > BPF_EXIST))
479 return -EINVAL;
480 if (unlikely(idx >= map->max_entries))
481 return -E2BIG;
482
483 link = sk_psock_init_link();
484 if (!link)
485 return -ENOMEM;
486
487 /* Only sockets we can redirect into/from in BPF need to hold
488 * refs to parser/verdict progs and have their sk_data_ready
489 * and sk_write_space callbacks overridden.
490 */
491 if (sock_map_redirect_allowed(sk))
492 ret = sock_map_link(map, &stab->progs, sk);
493 else
494 ret = sock_map_link_no_progs(map, sk);
495 if (ret < 0)
496 goto out_free;
497
498 psock = sk_psock(sk);
499 WARN_ON_ONCE(!psock);
500
501 raw_spin_lock_bh(&stab->lock);
502 osk = stab->sks[idx];
503 if (osk && flags == BPF_NOEXIST) {
504 ret = -EEXIST;
505 goto out_unlock;
506 } else if (!osk && flags == BPF_EXIST) {
507 ret = -ENOENT;
508 goto out_unlock;
509 }
510
511 sock_map_add_link(psock, link, map, &stab->sks[idx]);
512 stab->sks[idx] = sk;
513 if (osk)
514 sock_map_unref(osk, &stab->sks[idx]);
515 raw_spin_unlock_bh(&stab->lock);
516 return 0;
517 out_unlock:
518 raw_spin_unlock_bh(&stab->lock);
519 if (psock)
520 sk_psock_put(sk, psock);
521 out_free:
522 sk_psock_free_link(link);
523 return ret;
524 }
525
526 static bool sock_map_op_okay(const struct bpf_sock_ops_kern *ops)
527 {
528 return ops->op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB ||
529 ops->op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB ||
530 ops->op == BPF_SOCK_OPS_TCP_LISTEN_CB;
531 }
532
533 static bool sk_is_tcp(const struct sock *sk)
534 {
535 return sk->sk_type == SOCK_STREAM &&
536 sk->sk_protocol == IPPROTO_TCP;
537 }
538
539 static bool sk_is_udp(const struct sock *sk)
540 {
541 return sk->sk_type == SOCK_DGRAM &&
542 sk->sk_protocol == IPPROTO_UDP;
543 }
544
545 static bool sock_map_redirect_allowed(const struct sock *sk)
546 {
547 return sk_is_tcp(sk) && sk->sk_state != TCP_LISTEN;
548 }
549
550 static bool sock_map_sk_is_suitable(const struct sock *sk)
551 {
552 return sk_is_tcp(sk) || sk_is_udp(sk);
553 }
554
555 static bool sock_map_sk_state_allowed(const struct sock *sk)
556 {
557 if (sk_is_tcp(sk))
558 return (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_LISTEN);
559 else if (sk_is_udp(sk))
560 return sk_hashed(sk);
561
562 return false;
563 }
564
565 static int sock_hash_update_common(struct bpf_map *map, void *key,
566 struct sock *sk, u64 flags);
567
568 int sock_map_update_elem_sys(struct bpf_map *map, void *key, void *value,
569 u64 flags)
570 {
571 struct socket *sock;
572 struct sock *sk;
573 int ret;
574 u64 ufd;
575
576 if (map->value_size == sizeof(u64))
577 ufd = *(u64 *)value;
578 else
579 ufd = *(u32 *)value;
580 if (ufd > S32_MAX)
581 return -EINVAL;
582
583 sock = sockfd_lookup(ufd, &ret);
584 if (!sock)
585 return ret;
586 sk = sock->sk;
587 if (!sk) {
588 ret = -EINVAL;
589 goto out;
590 }
591 if (!sock_map_sk_is_suitable(sk)) {
592 ret = -EOPNOTSUPP;
593 goto out;
594 }
595
596 sock_map_sk_acquire(sk);
597 if (!sock_map_sk_state_allowed(sk))
598 ret = -EOPNOTSUPP;
599 else if (map->map_type == BPF_MAP_TYPE_SOCKMAP)
600 ret = sock_map_update_common(map, *(u32 *)key, sk, flags);
601 else
602 ret = sock_hash_update_common(map, key, sk, flags);
603 sock_map_sk_release(sk);
604 out:
605 fput(sock->file);
606 return ret;
607 }
608
609 static int sock_map_update_elem(struct bpf_map *map, void *key,
610 void *value, u64 flags)
611 {
612 struct sock *sk = (struct sock *)value;
613 int ret;
614
615 if (unlikely(!sk || !sk_fullsock(sk)))
616 return -EINVAL;
617
618 if (!sock_map_sk_is_suitable(sk))
619 return -EOPNOTSUPP;
620
621 local_bh_disable();
622 bh_lock_sock(sk);
623 if (!sock_map_sk_state_allowed(sk))
624 ret = -EOPNOTSUPP;
625 else if (map->map_type == BPF_MAP_TYPE_SOCKMAP)
626 ret = sock_map_update_common(map, *(u32 *)key, sk, flags);
627 else
628 ret = sock_hash_update_common(map, key, sk, flags);
629 bh_unlock_sock(sk);
630 local_bh_enable();
631 return ret;
632 }
633
634 BPF_CALL_4(bpf_sock_map_update, struct bpf_sock_ops_kern *, sops,
635 struct bpf_map *, map, void *, key, u64, flags)
636 {
637 WARN_ON_ONCE(!rcu_read_lock_held());
638
639 if (likely(sock_map_sk_is_suitable(sops->sk) &&
640 sock_map_op_okay(sops)))
641 return sock_map_update_common(map, *(u32 *)key, sops->sk,
642 flags);
643 return -EOPNOTSUPP;
644 }
645
646 const struct bpf_func_proto bpf_sock_map_update_proto = {
647 .func = bpf_sock_map_update,
648 .gpl_only = false,
649 .pkt_access = true,
650 .ret_type = RET_INTEGER,
651 .arg1_type = ARG_PTR_TO_CTX,
652 .arg2_type = ARG_CONST_MAP_PTR,
653 .arg3_type = ARG_PTR_TO_MAP_KEY,
654 .arg4_type = ARG_ANYTHING,
655 };
656
657 BPF_CALL_4(bpf_sk_redirect_map, struct sk_buff *, skb,
658 struct bpf_map *, map, u32, key, u64, flags)
659 {
660 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
661 struct sock *sk;
662
663 if (unlikely(flags & ~(BPF_F_INGRESS)))
664 return SK_DROP;
665
666 sk = __sock_map_lookup_elem(map, key);
667 if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
668 return SK_DROP;
669
670 tcb->bpf.flags = flags;
671 tcb->bpf.sk_redir = sk;
672 return SK_PASS;
673 }
674
675 const struct bpf_func_proto bpf_sk_redirect_map_proto = {
676 .func = bpf_sk_redirect_map,
677 .gpl_only = false,
678 .ret_type = RET_INTEGER,
679 .arg1_type = ARG_PTR_TO_CTX,
680 .arg2_type = ARG_CONST_MAP_PTR,
681 .arg3_type = ARG_ANYTHING,
682 .arg4_type = ARG_ANYTHING,
683 };
684
685 BPF_CALL_4(bpf_msg_redirect_map, struct sk_msg *, msg,
686 struct bpf_map *, map, u32, key, u64, flags)
687 {
688 struct sock *sk;
689
690 if (unlikely(flags & ~(BPF_F_INGRESS)))
691 return SK_DROP;
692
693 sk = __sock_map_lookup_elem(map, key);
694 if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
695 return SK_DROP;
696
697 msg->flags = flags;
698 msg->sk_redir = sk;
699 return SK_PASS;
700 }
701
702 const struct bpf_func_proto bpf_msg_redirect_map_proto = {
703 .func = bpf_msg_redirect_map,
704 .gpl_only = false,
705 .ret_type = RET_INTEGER,
706 .arg1_type = ARG_PTR_TO_CTX,
707 .arg2_type = ARG_CONST_MAP_PTR,
708 .arg3_type = ARG_ANYTHING,
709 .arg4_type = ARG_ANYTHING,
710 };
711
712 struct sock_map_seq_info {
713 struct bpf_map *map;
714 struct sock *sk;
715 u32 index;
716 };
717
718 struct bpf_iter__sockmap {
719 __bpf_md_ptr(struct bpf_iter_meta *, meta);
720 __bpf_md_ptr(struct bpf_map *, map);
721 __bpf_md_ptr(void *, key);
722 __bpf_md_ptr(struct sock *, sk);
723 };
724
725 DEFINE_BPF_ITER_FUNC(sockmap, struct bpf_iter_meta *meta,
726 struct bpf_map *map, void *key,
727 struct sock *sk)
728
729 static void *sock_map_seq_lookup_elem(struct sock_map_seq_info *info)
730 {
731 if (unlikely(info->index >= info->map->max_entries))
732 return NULL;
733
734 info->sk = __sock_map_lookup_elem(info->map, info->index);
735
736 /* can't return sk directly, since that might be NULL */
737 return info;
738 }
739
740 static void *sock_map_seq_start(struct seq_file *seq, loff_t *pos)
741 __acquires(rcu)
742 {
743 struct sock_map_seq_info *info = seq->private;
744
745 if (*pos == 0)
746 ++*pos;
747
748 /* pairs with sock_map_seq_stop */
749 rcu_read_lock();
750 return sock_map_seq_lookup_elem(info);
751 }
752
753 static void *sock_map_seq_next(struct seq_file *seq, void *v, loff_t *pos)
754 __must_hold(rcu)
755 {
756 struct sock_map_seq_info *info = seq->private;
757
758 ++*pos;
759 ++info->index;
760
761 return sock_map_seq_lookup_elem(info);
762 }
763
764 static int sock_map_seq_show(struct seq_file *seq, void *v)
765 __must_hold(rcu)
766 {
767 struct sock_map_seq_info *info = seq->private;
768 struct bpf_iter__sockmap ctx = {};
769 struct bpf_iter_meta meta;
770 struct bpf_prog *prog;
771
772 meta.seq = seq;
773 prog = bpf_iter_get_info(&meta, !v);
774 if (!prog)
775 return 0;
776
777 ctx.meta = &meta;
778 ctx.map = info->map;
779 if (v) {
780 ctx.key = &info->index;
781 ctx.sk = info->sk;
782 }
783
784 return bpf_iter_run_prog(prog, &ctx);
785 }
786
787 static void sock_map_seq_stop(struct seq_file *seq, void *v)
788 __releases(rcu)
789 {
790 if (!v)
791 (void)sock_map_seq_show(seq, NULL);
792
793 /* pairs with sock_map_seq_start */
794 rcu_read_unlock();
795 }
796
797 static const struct seq_operations sock_map_seq_ops = {
798 .start = sock_map_seq_start,
799 .next = sock_map_seq_next,
800 .stop = sock_map_seq_stop,
801 .show = sock_map_seq_show,
802 };
803
804 static int sock_map_init_seq_private(void *priv_data,
805 struct bpf_iter_aux_info *aux)
806 {
807 struct sock_map_seq_info *info = priv_data;
808
809 info->map = aux->map;
810 return 0;
811 }
812
813 static const struct bpf_iter_seq_info sock_map_iter_seq_info = {
814 .seq_ops = &sock_map_seq_ops,
815 .init_seq_private = sock_map_init_seq_private,
816 .seq_priv_size = sizeof(struct sock_map_seq_info),
817 };
818
819 static int sock_map_btf_id;
820 const struct bpf_map_ops sock_map_ops = {
821 .map_meta_equal = bpf_map_meta_equal,
822 .map_alloc = sock_map_alloc,
823 .map_free = sock_map_free,
824 .map_get_next_key = sock_map_get_next_key,
825 .map_lookup_elem_sys_only = sock_map_lookup_sys,
826 .map_update_elem = sock_map_update_elem,
827 .map_delete_elem = sock_map_delete_elem,
828 .map_lookup_elem = sock_map_lookup,
829 .map_release_uref = sock_map_release_progs,
830 .map_check_btf = map_check_no_btf,
831 .map_btf_name = "bpf_stab",
832 .map_btf_id = &sock_map_btf_id,
833 .iter_seq_info = &sock_map_iter_seq_info,
834 };
835
836 struct bpf_shtab_elem {
837 struct rcu_head rcu;
838 u32 hash;
839 struct sock *sk;
840 struct hlist_node node;
841 u8 key[];
842 };
843
844 struct bpf_shtab_bucket {
845 struct hlist_head head;
846 raw_spinlock_t lock;
847 };
848
849 struct bpf_shtab {
850 struct bpf_map map;
851 struct bpf_shtab_bucket *buckets;
852 u32 buckets_num;
853 u32 elem_size;
854 struct sk_psock_progs progs;
855 atomic_t count;
856 };
857
858 static inline u32 sock_hash_bucket_hash(const void *key, u32 len)
859 {
860 return jhash(key, len, 0);
861 }
862
863 static struct bpf_shtab_bucket *sock_hash_select_bucket(struct bpf_shtab *htab,
864 u32 hash)
865 {
866 return &htab->buckets[hash & (htab->buckets_num - 1)];
867 }
868
869 static struct bpf_shtab_elem *
870 sock_hash_lookup_elem_raw(struct hlist_head *head, u32 hash, void *key,
871 u32 key_size)
872 {
873 struct bpf_shtab_elem *elem;
874
875 hlist_for_each_entry_rcu(elem, head, node) {
876 if (elem->hash == hash &&
877 !memcmp(&elem->key, key, key_size))
878 return elem;
879 }
880
881 return NULL;
882 }
883
884 static struct sock *__sock_hash_lookup_elem(struct bpf_map *map, void *key)
885 {
886 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
887 u32 key_size = map->key_size, hash;
888 struct bpf_shtab_bucket *bucket;
889 struct bpf_shtab_elem *elem;
890
891 WARN_ON_ONCE(!rcu_read_lock_held());
892
893 hash = sock_hash_bucket_hash(key, key_size);
894 bucket = sock_hash_select_bucket(htab, hash);
895 elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
896
897 return elem ? elem->sk : NULL;
898 }
899
900 static void sock_hash_free_elem(struct bpf_shtab *htab,
901 struct bpf_shtab_elem *elem)
902 {
903 atomic_dec(&htab->count);
904 kfree_rcu(elem, rcu);
905 }
906
907 static void sock_hash_delete_from_link(struct bpf_map *map, struct sock *sk,
908 void *link_raw)
909 {
910 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
911 struct bpf_shtab_elem *elem_probe, *elem = link_raw;
912 struct bpf_shtab_bucket *bucket;
913
914 WARN_ON_ONCE(!rcu_read_lock_held());
915 bucket = sock_hash_select_bucket(htab, elem->hash);
916
917 /* elem may be deleted in parallel from the map, but access here
918 * is okay since it's going away only after RCU grace period.
919 * However, we need to check whether it's still present.
920 */
921 raw_spin_lock_bh(&bucket->lock);
922 elem_probe = sock_hash_lookup_elem_raw(&bucket->head, elem->hash,
923 elem->key, map->key_size);
924 if (elem_probe && elem_probe == elem) {
925 hlist_del_rcu(&elem->node);
926 sock_map_unref(elem->sk, elem);
927 sock_hash_free_elem(htab, elem);
928 }
929 raw_spin_unlock_bh(&bucket->lock);
930 }
931
932 static int sock_hash_delete_elem(struct bpf_map *map, void *key)
933 {
934 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
935 u32 hash, key_size = map->key_size;
936 struct bpf_shtab_bucket *bucket;
937 struct bpf_shtab_elem *elem;
938 int ret = -ENOENT;
939
940 hash = sock_hash_bucket_hash(key, key_size);
941 bucket = sock_hash_select_bucket(htab, hash);
942
943 raw_spin_lock_bh(&bucket->lock);
944 elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
945 if (elem) {
946 hlist_del_rcu(&elem->node);
947 sock_map_unref(elem->sk, elem);
948 sock_hash_free_elem(htab, elem);
949 ret = 0;
950 }
951 raw_spin_unlock_bh(&bucket->lock);
952 return ret;
953 }
954
955 static struct bpf_shtab_elem *sock_hash_alloc_elem(struct bpf_shtab *htab,
956 void *key, u32 key_size,
957 u32 hash, struct sock *sk,
958 struct bpf_shtab_elem *old)
959 {
960 struct bpf_shtab_elem *new;
961
962 if (atomic_inc_return(&htab->count) > htab->map.max_entries) {
963 if (!old) {
964 atomic_dec(&htab->count);
965 return ERR_PTR(-E2BIG);
966 }
967 }
968
969 new = bpf_map_kmalloc_node(&htab->map, htab->elem_size,
970 GFP_ATOMIC | __GFP_NOWARN,
971 htab->map.numa_node);
972 if (!new) {
973 atomic_dec(&htab->count);
974 return ERR_PTR(-ENOMEM);
975 }
976 memcpy(new->key, key, key_size);
977 new->sk = sk;
978 new->hash = hash;
979 return new;
980 }
981
982 static int sock_hash_update_common(struct bpf_map *map, void *key,
983 struct sock *sk, u64 flags)
984 {
985 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
986 u32 key_size = map->key_size, hash;
987 struct bpf_shtab_elem *elem, *elem_new;
988 struct bpf_shtab_bucket *bucket;
989 struct sk_psock_link *link;
990 struct sk_psock *psock;
991 int ret;
992
993 WARN_ON_ONCE(!rcu_read_lock_held());
994 if (unlikely(flags > BPF_EXIST))
995 return -EINVAL;
996
997 link = sk_psock_init_link();
998 if (!link)
999 return -ENOMEM;
1000
1001 /* Only sockets we can redirect into/from in BPF need to hold
1002 * refs to parser/verdict progs and have their sk_data_ready
1003 * and sk_write_space callbacks overridden.
1004 */
1005 if (sock_map_redirect_allowed(sk))
1006 ret = sock_map_link(map, &htab->progs, sk);
1007 else
1008 ret = sock_map_link_no_progs(map, sk);
1009 if (ret < 0)
1010 goto out_free;
1011
1012 psock = sk_psock(sk);
1013 WARN_ON_ONCE(!psock);
1014
1015 hash = sock_hash_bucket_hash(key, key_size);
1016 bucket = sock_hash_select_bucket(htab, hash);
1017
1018 raw_spin_lock_bh(&bucket->lock);
1019 elem = sock_hash_lookup_elem_raw(&bucket->head, hash, key, key_size);
1020 if (elem && flags == BPF_NOEXIST) {
1021 ret = -EEXIST;
1022 goto out_unlock;
1023 } else if (!elem && flags == BPF_EXIST) {
1024 ret = -ENOENT;
1025 goto out_unlock;
1026 }
1027
1028 elem_new = sock_hash_alloc_elem(htab, key, key_size, hash, sk, elem);
1029 if (IS_ERR(elem_new)) {
1030 ret = PTR_ERR(elem_new);
1031 goto out_unlock;
1032 }
1033
1034 sock_map_add_link(psock, link, map, elem_new);
1035 /* Add new element to the head of the list, so that
1036 * concurrent search will find it before old elem.
1037 */
1038 hlist_add_head_rcu(&elem_new->node, &bucket->head);
1039 if (elem) {
1040 hlist_del_rcu(&elem->node);
1041 sock_map_unref(elem->sk, elem);
1042 sock_hash_free_elem(htab, elem);
1043 }
1044 raw_spin_unlock_bh(&bucket->lock);
1045 return 0;
1046 out_unlock:
1047 raw_spin_unlock_bh(&bucket->lock);
1048 sk_psock_put(sk, psock);
1049 out_free:
1050 sk_psock_free_link(link);
1051 return ret;
1052 }
1053
1054 static int sock_hash_get_next_key(struct bpf_map *map, void *key,
1055 void *key_next)
1056 {
1057 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
1058 struct bpf_shtab_elem *elem, *elem_next;
1059 u32 hash, key_size = map->key_size;
1060 struct hlist_head *head;
1061 int i = 0;
1062
1063 if (!key)
1064 goto find_first_elem;
1065 hash = sock_hash_bucket_hash(key, key_size);
1066 head = &sock_hash_select_bucket(htab, hash)->head;
1067 elem = sock_hash_lookup_elem_raw(head, hash, key, key_size);
1068 if (!elem)
1069 goto find_first_elem;
1070
1071 elem_next = hlist_entry_safe(rcu_dereference(hlist_next_rcu(&elem->node)),
1072 struct bpf_shtab_elem, node);
1073 if (elem_next) {
1074 memcpy(key_next, elem_next->key, key_size);
1075 return 0;
1076 }
1077
1078 i = hash & (htab->buckets_num - 1);
1079 i++;
1080 find_first_elem:
1081 for (; i < htab->buckets_num; i++) {
1082 head = &sock_hash_select_bucket(htab, i)->head;
1083 elem_next = hlist_entry_safe(rcu_dereference(hlist_first_rcu(head)),
1084 struct bpf_shtab_elem, node);
1085 if (elem_next) {
1086 memcpy(key_next, elem_next->key, key_size);
1087 return 0;
1088 }
1089 }
1090
1091 return -ENOENT;
1092 }
1093
1094 static struct bpf_map *sock_hash_alloc(union bpf_attr *attr)
1095 {
1096 struct bpf_shtab *htab;
1097 int i, err;
1098
1099 if (!capable(CAP_NET_ADMIN))
1100 return ERR_PTR(-EPERM);
1101 if (attr->max_entries == 0 ||
1102 attr->key_size == 0 ||
1103 (attr->value_size != sizeof(u32) &&
1104 attr->value_size != sizeof(u64)) ||
1105 attr->map_flags & ~SOCK_CREATE_FLAG_MASK)
1106 return ERR_PTR(-EINVAL);
1107 if (attr->key_size > MAX_BPF_STACK)
1108 return ERR_PTR(-E2BIG);
1109
1110 htab = kzalloc(sizeof(*htab), GFP_USER | __GFP_ACCOUNT);
1111 if (!htab)
1112 return ERR_PTR(-ENOMEM);
1113
1114 bpf_map_init_from_attr(&htab->map, attr);
1115
1116 htab->buckets_num = roundup_pow_of_two(htab->map.max_entries);
1117 htab->elem_size = sizeof(struct bpf_shtab_elem) +
1118 round_up(htab->map.key_size, 8);
1119 if (htab->buckets_num == 0 ||
1120 htab->buckets_num > U32_MAX / sizeof(struct bpf_shtab_bucket)) {
1121 err = -EINVAL;
1122 goto free_htab;
1123 }
1124
1125 htab->buckets = bpf_map_area_alloc(htab->buckets_num *
1126 sizeof(struct bpf_shtab_bucket),
1127 htab->map.numa_node);
1128 if (!htab->buckets) {
1129 err = -ENOMEM;
1130 goto free_htab;
1131 }
1132
1133 for (i = 0; i < htab->buckets_num; i++) {
1134 INIT_HLIST_HEAD(&htab->buckets[i].head);
1135 raw_spin_lock_init(&htab->buckets[i].lock);
1136 }
1137
1138 return &htab->map;
1139 free_htab:
1140 kfree(htab);
1141 return ERR_PTR(err);
1142 }
1143
1144 static void sock_hash_free(struct bpf_map *map)
1145 {
1146 struct bpf_shtab *htab = container_of(map, struct bpf_shtab, map);
1147 struct bpf_shtab_bucket *bucket;
1148 struct hlist_head unlink_list;
1149 struct bpf_shtab_elem *elem;
1150 struct hlist_node *node;
1151 int i;
1152
1153 /* After the sync no updates or deletes will be in-flight so it
1154 * is safe to walk map and remove entries without risking a race
1155 * in EEXIST update case.
1156 */
1157 synchronize_rcu();
1158 for (i = 0; i < htab->buckets_num; i++) {
1159 bucket = sock_hash_select_bucket(htab, i);
1160
1161 /* We are racing with sock_hash_delete_from_link to
1162 * enter the spin-lock critical section. Every socket on
1163 * the list is still linked to sockhash. Since link
1164 * exists, psock exists and holds a ref to socket. That
1165 * lets us to grab a socket ref too.
1166 */
1167 raw_spin_lock_bh(&bucket->lock);
1168 hlist_for_each_entry(elem, &bucket->head, node)
1169 sock_hold(elem->sk);
1170 hlist_move_list(&bucket->head, &unlink_list);
1171 raw_spin_unlock_bh(&bucket->lock);
1172
1173 /* Process removed entries out of atomic context to
1174 * block for socket lock before deleting the psock's
1175 * link to sockhash.
1176 */
1177 hlist_for_each_entry_safe(elem, node, &unlink_list, node) {
1178 hlist_del(&elem->node);
1179 lock_sock(elem->sk);
1180 rcu_read_lock();
1181 sock_map_unref(elem->sk, elem);
1182 rcu_read_unlock();
1183 release_sock(elem->sk);
1184 sock_put(elem->sk);
1185 sock_hash_free_elem(htab, elem);
1186 }
1187 }
1188
1189 /* wait for psock readers accessing its map link */
1190 synchronize_rcu();
1191
1192 bpf_map_area_free(htab->buckets);
1193 kfree(htab);
1194 }
1195
1196 static void *sock_hash_lookup_sys(struct bpf_map *map, void *key)
1197 {
1198 struct sock *sk;
1199
1200 if (map->value_size != sizeof(u64))
1201 return ERR_PTR(-ENOSPC);
1202
1203 sk = __sock_hash_lookup_elem(map, key);
1204 if (!sk)
1205 return ERR_PTR(-ENOENT);
1206
1207 __sock_gen_cookie(sk);
1208 return &sk->sk_cookie;
1209 }
1210
1211 static void *sock_hash_lookup(struct bpf_map *map, void *key)
1212 {
1213 struct sock *sk;
1214
1215 sk = __sock_hash_lookup_elem(map, key);
1216 if (!sk)
1217 return NULL;
1218 if (sk_is_refcounted(sk) && !refcount_inc_not_zero(&sk->sk_refcnt))
1219 return NULL;
1220 return sk;
1221 }
1222
1223 static void sock_hash_release_progs(struct bpf_map *map)
1224 {
1225 psock_progs_drop(&container_of(map, struct bpf_shtab, map)->progs);
1226 }
1227
1228 BPF_CALL_4(bpf_sock_hash_update, struct bpf_sock_ops_kern *, sops,
1229 struct bpf_map *, map, void *, key, u64, flags)
1230 {
1231 WARN_ON_ONCE(!rcu_read_lock_held());
1232
1233 if (likely(sock_map_sk_is_suitable(sops->sk) &&
1234 sock_map_op_okay(sops)))
1235 return sock_hash_update_common(map, key, sops->sk, flags);
1236 return -EOPNOTSUPP;
1237 }
1238
1239 const struct bpf_func_proto bpf_sock_hash_update_proto = {
1240 .func = bpf_sock_hash_update,
1241 .gpl_only = false,
1242 .pkt_access = true,
1243 .ret_type = RET_INTEGER,
1244 .arg1_type = ARG_PTR_TO_CTX,
1245 .arg2_type = ARG_CONST_MAP_PTR,
1246 .arg3_type = ARG_PTR_TO_MAP_KEY,
1247 .arg4_type = ARG_ANYTHING,
1248 };
1249
1250 BPF_CALL_4(bpf_sk_redirect_hash, struct sk_buff *, skb,
1251 struct bpf_map *, map, void *, key, u64, flags)
1252 {
1253 struct tcp_skb_cb *tcb = TCP_SKB_CB(skb);
1254 struct sock *sk;
1255
1256 if (unlikely(flags & ~(BPF_F_INGRESS)))
1257 return SK_DROP;
1258
1259 sk = __sock_hash_lookup_elem(map, key);
1260 if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
1261 return SK_DROP;
1262
1263 tcb->bpf.flags = flags;
1264 tcb->bpf.sk_redir = sk;
1265 return SK_PASS;
1266 }
1267
1268 const struct bpf_func_proto bpf_sk_redirect_hash_proto = {
1269 .func = bpf_sk_redirect_hash,
1270 .gpl_only = false,
1271 .ret_type = RET_INTEGER,
1272 .arg1_type = ARG_PTR_TO_CTX,
1273 .arg2_type = ARG_CONST_MAP_PTR,
1274 .arg3_type = ARG_PTR_TO_MAP_KEY,
1275 .arg4_type = ARG_ANYTHING,
1276 };
1277
1278 BPF_CALL_4(bpf_msg_redirect_hash, struct sk_msg *, msg,
1279 struct bpf_map *, map, void *, key, u64, flags)
1280 {
1281 struct sock *sk;
1282
1283 if (unlikely(flags & ~(BPF_F_INGRESS)))
1284 return SK_DROP;
1285
1286 sk = __sock_hash_lookup_elem(map, key);
1287 if (unlikely(!sk || !sock_map_redirect_allowed(sk)))
1288 return SK_DROP;
1289
1290 msg->flags = flags;
1291 msg->sk_redir = sk;
1292 return SK_PASS;
1293 }
1294
1295 const struct bpf_func_proto bpf_msg_redirect_hash_proto = {
1296 .func = bpf_msg_redirect_hash,
1297 .gpl_only = false,
1298 .ret_type = RET_INTEGER,
1299 .arg1_type = ARG_PTR_TO_CTX,
1300 .arg2_type = ARG_CONST_MAP_PTR,
1301 .arg3_type = ARG_PTR_TO_MAP_KEY,
1302 .arg4_type = ARG_ANYTHING,
1303 };
1304
1305 struct sock_hash_seq_info {
1306 struct bpf_map *map;
1307 struct bpf_shtab *htab;
1308 u32 bucket_id;
1309 };
1310
1311 static void *sock_hash_seq_find_next(struct sock_hash_seq_info *info,
1312 struct bpf_shtab_elem *prev_elem)
1313 {
1314 const struct bpf_shtab *htab = info->htab;
1315 struct bpf_shtab_bucket *bucket;
1316 struct bpf_shtab_elem *elem;
1317 struct hlist_node *node;
1318
1319 /* try to find next elem in the same bucket */
1320 if (prev_elem) {
1321 node = rcu_dereference(hlist_next_rcu(&prev_elem->node));
1322 elem = hlist_entry_safe(node, struct bpf_shtab_elem, node);
1323 if (elem)
1324 return elem;
1325
1326 /* no more elements, continue in the next bucket */
1327 info->bucket_id++;
1328 }
1329
1330 for (; info->bucket_id < htab->buckets_num; info->bucket_id++) {
1331 bucket = &htab->buckets[info->bucket_id];
1332 node = rcu_dereference(hlist_first_rcu(&bucket->head));
1333 elem = hlist_entry_safe(node, struct bpf_shtab_elem, node);
1334 if (elem)
1335 return elem;
1336 }
1337
1338 return NULL;
1339 }
1340
1341 static void *sock_hash_seq_start(struct seq_file *seq, loff_t *pos)
1342 __acquires(rcu)
1343 {
1344 struct sock_hash_seq_info *info = seq->private;
1345
1346 if (*pos == 0)
1347 ++*pos;
1348
1349 /* pairs with sock_hash_seq_stop */
1350 rcu_read_lock();
1351 return sock_hash_seq_find_next(info, NULL);
1352 }
1353
1354 static void *sock_hash_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1355 __must_hold(rcu)
1356 {
1357 struct sock_hash_seq_info *info = seq->private;
1358
1359 ++*pos;
1360 return sock_hash_seq_find_next(info, v);
1361 }
1362
1363 static int sock_hash_seq_show(struct seq_file *seq, void *v)
1364 __must_hold(rcu)
1365 {
1366 struct sock_hash_seq_info *info = seq->private;
1367 struct bpf_iter__sockmap ctx = {};
1368 struct bpf_shtab_elem *elem = v;
1369 struct bpf_iter_meta meta;
1370 struct bpf_prog *prog;
1371
1372 meta.seq = seq;
1373 prog = bpf_iter_get_info(&meta, !elem);
1374 if (!prog)
1375 return 0;
1376
1377 ctx.meta = &meta;
1378 ctx.map = info->map;
1379 if (elem) {
1380 ctx.key = elem->key;
1381 ctx.sk = elem->sk;
1382 }
1383
1384 return bpf_iter_run_prog(prog, &ctx);
1385 }
1386
1387 static void sock_hash_seq_stop(struct seq_file *seq, void *v)
1388 __releases(rcu)
1389 {
1390 if (!v)
1391 (void)sock_hash_seq_show(seq, NULL);
1392
1393 /* pairs with sock_hash_seq_start */
1394 rcu_read_unlock();
1395 }
1396
1397 static const struct seq_operations sock_hash_seq_ops = {
1398 .start = sock_hash_seq_start,
1399 .next = sock_hash_seq_next,
1400 .stop = sock_hash_seq_stop,
1401 .show = sock_hash_seq_show,
1402 };
1403
1404 static int sock_hash_init_seq_private(void *priv_data,
1405 struct bpf_iter_aux_info *aux)
1406 {
1407 struct sock_hash_seq_info *info = priv_data;
1408
1409 info->map = aux->map;
1410 info->htab = container_of(aux->map, struct bpf_shtab, map);
1411 return 0;
1412 }
1413
1414 static const struct bpf_iter_seq_info sock_hash_iter_seq_info = {
1415 .seq_ops = &sock_hash_seq_ops,
1416 .init_seq_private = sock_hash_init_seq_private,
1417 .seq_priv_size = sizeof(struct sock_hash_seq_info),
1418 };
1419
1420 static int sock_hash_map_btf_id;
1421 const struct bpf_map_ops sock_hash_ops = {
1422 .map_meta_equal = bpf_map_meta_equal,
1423 .map_alloc = sock_hash_alloc,
1424 .map_free = sock_hash_free,
1425 .map_get_next_key = sock_hash_get_next_key,
1426 .map_update_elem = sock_map_update_elem,
1427 .map_delete_elem = sock_hash_delete_elem,
1428 .map_lookup_elem = sock_hash_lookup,
1429 .map_lookup_elem_sys_only = sock_hash_lookup_sys,
1430 .map_release_uref = sock_hash_release_progs,
1431 .map_check_btf = map_check_no_btf,
1432 .map_btf_name = "bpf_shtab",
1433 .map_btf_id = &sock_hash_map_btf_id,
1434 .iter_seq_info = &sock_hash_iter_seq_info,
1435 };
1436
1437 static struct sk_psock_progs *sock_map_progs(struct bpf_map *map)
1438 {
1439 switch (map->map_type) {
1440 case BPF_MAP_TYPE_SOCKMAP:
1441 return &container_of(map, struct bpf_stab, map)->progs;
1442 case BPF_MAP_TYPE_SOCKHASH:
1443 return &container_of(map, struct bpf_shtab, map)->progs;
1444 default:
1445 break;
1446 }
1447
1448 return NULL;
1449 }
1450
1451 int sock_map_prog_update(struct bpf_map *map, struct bpf_prog *prog,
1452 struct bpf_prog *old, u32 which)
1453 {
1454 struct sk_psock_progs *progs = sock_map_progs(map);
1455 struct bpf_prog **pprog;
1456
1457 if (!progs)
1458 return -EOPNOTSUPP;
1459
1460 switch (which) {
1461 case BPF_SK_MSG_VERDICT:
1462 pprog = &progs->msg_parser;
1463 break;
1464 case BPF_SK_SKB_STREAM_PARSER:
1465 pprog = &progs->skb_parser;
1466 break;
1467 case BPF_SK_SKB_STREAM_VERDICT:
1468 pprog = &progs->skb_verdict;
1469 break;
1470 default:
1471 return -EOPNOTSUPP;
1472 }
1473
1474 if (old)
1475 return psock_replace_prog(pprog, prog, old);
1476
1477 psock_set_prog(pprog, prog);
1478 return 0;
1479 }
1480
1481 static void sock_map_unlink(struct sock *sk, struct sk_psock_link *link)
1482 {
1483 switch (link->map->map_type) {
1484 case BPF_MAP_TYPE_SOCKMAP:
1485 return sock_map_delete_from_link(link->map, sk,
1486 link->link_raw);
1487 case BPF_MAP_TYPE_SOCKHASH:
1488 return sock_hash_delete_from_link(link->map, sk,
1489 link->link_raw);
1490 default:
1491 break;
1492 }
1493 }
1494
1495 static void sock_map_remove_links(struct sock *sk, struct sk_psock *psock)
1496 {
1497 struct sk_psock_link *link;
1498
1499 while ((link = sk_psock_link_pop(psock))) {
1500 sock_map_unlink(sk, link);
1501 sk_psock_free_link(link);
1502 }
1503 }
1504
1505 void sock_map_unhash(struct sock *sk)
1506 {
1507 void (*saved_unhash)(struct sock *sk);
1508 struct sk_psock *psock;
1509
1510 rcu_read_lock();
1511 psock = sk_psock(sk);
1512 if (unlikely(!psock)) {
1513 rcu_read_unlock();
1514 if (sk->sk_prot->unhash)
1515 sk->sk_prot->unhash(sk);
1516 return;
1517 }
1518
1519 saved_unhash = psock->saved_unhash;
1520 sock_map_remove_links(sk, psock);
1521 rcu_read_unlock();
1522 saved_unhash(sk);
1523 }
1524
1525 void sock_map_close(struct sock *sk, long timeout)
1526 {
1527 void (*saved_close)(struct sock *sk, long timeout);
1528 struct sk_psock *psock;
1529
1530 lock_sock(sk);
1531 rcu_read_lock();
1532 psock = sk_psock(sk);
1533 if (unlikely(!psock)) {
1534 rcu_read_unlock();
1535 release_sock(sk);
1536 return sk->sk_prot->close(sk, timeout);
1537 }
1538
1539 saved_close = psock->saved_close;
1540 sock_map_remove_links(sk, psock);
1541 rcu_read_unlock();
1542 release_sock(sk);
1543 saved_close(sk, timeout);
1544 }
1545
1546 static int sock_map_iter_attach_target(struct bpf_prog *prog,
1547 union bpf_iter_link_info *linfo,
1548 struct bpf_iter_aux_info *aux)
1549 {
1550 struct bpf_map *map;
1551 int err = -EINVAL;
1552
1553 if (!linfo->map.map_fd)
1554 return -EBADF;
1555
1556 map = bpf_map_get_with_uref(linfo->map.map_fd);
1557 if (IS_ERR(map))
1558 return PTR_ERR(map);
1559
1560 if (map->map_type != BPF_MAP_TYPE_SOCKMAP &&
1561 map->map_type != BPF_MAP_TYPE_SOCKHASH)
1562 goto put_map;
1563
1564 if (prog->aux->max_rdonly_access > map->key_size) {
1565 err = -EACCES;
1566 goto put_map;
1567 }
1568
1569 aux->map = map;
1570 return 0;
1571
1572 put_map:
1573 bpf_map_put_with_uref(map);
1574 return err;
1575 }
1576
1577 static void sock_map_iter_detach_target(struct bpf_iter_aux_info *aux)
1578 {
1579 bpf_map_put_with_uref(aux->map);
1580 }
1581
1582 static struct bpf_iter_reg sock_map_iter_reg = {
1583 .target = "sockmap",
1584 .attach_target = sock_map_iter_attach_target,
1585 .detach_target = sock_map_iter_detach_target,
1586 .show_fdinfo = bpf_iter_map_show_fdinfo,
1587 .fill_link_info = bpf_iter_map_fill_link_info,
1588 .ctx_arg_info_size = 2,
1589 .ctx_arg_info = {
1590 { offsetof(struct bpf_iter__sockmap, key),
1591 PTR_TO_RDONLY_BUF_OR_NULL },
1592 { offsetof(struct bpf_iter__sockmap, sk),
1593 PTR_TO_BTF_ID_OR_NULL },
1594 },
1595 };
1596
1597 static int __init bpf_sockmap_iter_init(void)
1598 {
1599 sock_map_iter_reg.ctx_arg_info[1].btf_id =
1600 btf_sock_ids[BTF_SOCK_TYPE_SOCK];
1601 return bpf_iter_reg_target(&sock_map_iter_reg);
1602 }
1603 late_initcall(bpf_sockmap_iter_init);
Linux with added FPC-III support