projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
selftests/bpf: Test skipping stacktrace
[linux-block.git] / net / core / bpf_sk_storage.c
CommitLineData
6ac99e8f
MKL		 1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2019 Facebook */
3#include <linux/rculist.h>
4#include <linux/list.h>
5#include <linux/hash.h>
6#include <linux/types.h>
7#include <linux/spinlock.h>
8#include <linux/bpf.h>
8e4597c6 9#include <linux/btf.h>
5ce6e77c 10#include <linux/btf_ids.h>
450af8d0 11#include <linux/bpf_local_storage.h>
6ac99e8f
MKL		 12#include <net/bpf_sk_storage.h>
13#include <net/sock.h>
1ed4d924 14#include <uapi/linux/sock_diag.h>
6ac99e8f 15#include <uapi/linux/btf.h>
0fe4b381 16#include <linux/rcupdate_trace.h>
6ac99e8f 17
4cc9ce4e
KS		 18DEFINE_BPF_STORAGE_CACHE(sk_cache);
19
1f00d375 20static struct bpf_local_storage_data *
e794bfdd 21bpf_sk_storage_lookup(struct sock *sk, struct bpf_map *map, bool cacheit_lockit)
6ac99e8f 22{
1f00d375
KS		 23 struct bpf_local_storage *sk_storage;
24 struct bpf_local_storage_map *smap;
6ac99e8f 25
0fe4b381
KS		 26 sk_storage =
27 rcu_dereference_check(sk->sk_bpf_storage, bpf_rcu_lock_held());
6ac99e8f
MKL		 28 if (!sk_storage)
29 return NULL;
30
1f00d375
KS		 31 smap = (struct bpf_local_storage_map *)map;
32 return bpf_local_storage_lookup(sk_storage, smap, cacheit_lockit);
6ac99e8f
MKL		 33}
34
e794bfdd 35static int bpf_sk_storage_del(struct sock *sk, struct bpf_map *map)
6ac99e8f 36{
1f00d375 37 struct bpf_local_storage_data *sdata;
6ac99e8f 38
e794bfdd 39 sdata = bpf_sk_storage_lookup(sk, map, false);
6ac99e8f
MKL		 40 if (!sdata)
41 return -ENOENT;
42
1f00d375 43 bpf_selem_unlink(SELEM(sdata));
6ac99e8f
MKL		 44
45 return 0;
46}
47
8f51dfc7 48/* Called by __sk_destruct() & bpf_sk_storage_clone() */
6ac99e8f
MKL		 49void bpf_sk_storage_free(struct sock *sk)
50{
1f00d375
KS		 51 struct bpf_local_storage_elem *selem;
52 struct bpf_local_storage *sk_storage;
6ac99e8f
MKL		 53 bool free_sk_storage = false;
54 struct hlist_node *n;
55
56 rcu_read_lock();
57 sk_storage = rcu_dereference(sk->sk_bpf_storage);
58 if (!sk_storage) {
59 rcu_read_unlock();
60 return;
61 }
62
63 /* Netiher the bpf_prog nor the bpf-map's syscall
64 * could be modifying the sk_storage->list now.
65 * Thus, no elem can be added-to or deleted-from the
66 * sk_storage->list by the bpf_prog or by the bpf-map's syscall.
67 *
1f00d375 68 * It is racing with bpf_local_storage_map_free() alone
6ac99e8f
MKL		 69 * when unlinking elem from the sk_storage->list and
70 * the map's bucket->list.
71 */
72 raw_spin_lock_bh(&sk_storage->lock);
73 hlist_for_each_entry_safe(selem, n, &sk_storage->list, snode) {
74 /* Always unlink from map before unlinking from
75 * sk_storage.
76 */
1f00d375
KS		 77 bpf_selem_unlink_map(selem);
78 free_sk_storage = bpf_selem_unlink_storage_nolock(sk_storage,
79 selem, true);
6ac99e8f
MKL		 80 }
81 raw_spin_unlock_bh(&sk_storage->lock);
82 rcu_read_unlock();
83
84 if (free_sk_storage)
85 kfree_rcu(sk_storage, rcu);
86}
87
e794bfdd 88static void bpf_sk_storage_map_free(struct bpf_map *map)
f836a56e
KS		 89{
90 struct bpf_local_storage_map *smap;
91
92 smap = (struct bpf_local_storage_map *)map;
93 bpf_local_storage_cache_idx_free(&sk_cache, smap->cache_idx);
bc235cdb 94 bpf_local_storage_map_free(smap, NULL);
6ac99e8f
MKL		 95}
96
e794bfdd 97static struct bpf_map *bpf_sk_storage_map_alloc(union bpf_attr *attr)
f836a56e
KS		 98{
99 struct bpf_local_storage_map *smap;
100
101 smap = bpf_local_storage_map_alloc(attr);
102 if (IS_ERR(smap))
103 return ERR_CAST(smap);
104
105 smap->cache_idx = bpf_local_storage_cache_idx_get(&sk_cache);
6ac99e8f
MKL		 106 return &smap->map;
107}
108
109static int notsupp_get_next_key(struct bpf_map *map, void *key,
110 void *next_key)
111{
112 return -ENOTSUPP;
113}
114
6ac99e8f
MKL		 115static void *bpf_fd_sk_storage_lookup_elem(struct bpf_map *map, void *key)
116{
1f00d375 117 struct bpf_local_storage_data *sdata;
6ac99e8f
MKL		 118 struct socket *sock;
119 int fd, err;
120
121 fd = *(int *)key;
122 sock = sockfd_lookup(fd, &err);
123 if (sock) {
e794bfdd 124 sdata = bpf_sk_storage_lookup(sock->sk, map, true);
6ac99e8f
MKL		 125 sockfd_put(sock);
126 return sdata ? sdata->data : NULL;
127 }
128
129 return ERR_PTR(err);
130}
131
132static int bpf_fd_sk_storage_update_elem(struct bpf_map *map, void *key,
133 void *value, u64 map_flags)
134{
1f00d375 135 struct bpf_local_storage_data *sdata;
6ac99e8f
MKL		 136 struct socket *sock;
137 int fd, err;
138
139 fd = *(int *)key;
140 sock = sockfd_lookup(fd, &err);
141 if (sock) {
f836a56e
KS		 142 sdata = bpf_local_storage_update(
143 sock->sk, (struct bpf_local_storage_map *)map, value,
b00fa38a 144 map_flags, GFP_ATOMIC);
6ac99e8f 145 sockfd_put(sock);
71f150f4 146 return PTR_ERR_OR_ZERO(sdata);
6ac99e8f
MKL		 147 }
148
149 return err;
150}
151
152static int bpf_fd_sk_storage_delete_elem(struct bpf_map *map, void *key)
153{
154 struct socket *sock;
155 int fd, err;
156
157 fd = *(int *)key;
158 sock = sockfd_lookup(fd, &err);
159 if (sock) {
e794bfdd 160 err = bpf_sk_storage_del(sock->sk, map);
6ac99e8f
MKL		 161 sockfd_put(sock);
162 return err;
163 }
164
165 return err;
166}
167
1f00d375 168static struct bpf_local_storage_elem *
8f51dfc7 169bpf_sk_storage_clone_elem(struct sock *newsk,
1f00d375
KS		 170 struct bpf_local_storage_map *smap,
171 struct bpf_local_storage_elem *selem)
8f51dfc7 172{
1f00d375 173 struct bpf_local_storage_elem *copy_selem;
8f51dfc7 174
b00fa38a 175 copy_selem = bpf_selem_alloc(smap, newsk, NULL, true, GFP_ATOMIC);
8f51dfc7
SF		 176 if (!copy_selem)
177 return NULL;
178
179 if (map_value_has_spin_lock(&smap->map))
180 copy_map_value_locked(&smap->map, SDATA(copy_selem)->data,
181 SDATA(selem)->data, true);
182 else
183 copy_map_value(&smap->map, SDATA(copy_selem)->data,
184 SDATA(selem)->data);
185
186 return copy_selem;
187}
188
189int bpf_sk_storage_clone(const struct sock *sk, struct sock *newsk)
190{
1f00d375
KS		 191 struct bpf_local_storage *new_sk_storage = NULL;
192 struct bpf_local_storage *sk_storage;
193 struct bpf_local_storage_elem *selem;
8f51dfc7
SF		 194 int ret = 0;
195
196 RCU_INIT_POINTER(newsk->sk_bpf_storage, NULL);
197
198 rcu_read_lock();
199 sk_storage = rcu_dereference(sk->sk_bpf_storage);
200
201 if (!sk_storage || hlist_empty(&sk_storage->list))
202 goto out;
203
204 hlist_for_each_entry_rcu(selem, &sk_storage->list, snode) {
1f00d375
KS		 205 struct bpf_local_storage_elem *copy_selem;
206 struct bpf_local_storage_map *smap;
8f51dfc7
SF		 207 struct bpf_map *map;
208
209 smap = rcu_dereference(SDATA(selem)->smap);
210 if (!(smap->map.map_flags & BPF_F_CLONE))
211 continue;
212
213 /* Note that for lockless listeners adding new element
1f00d375 214 * here can race with cleanup in bpf_local_storage_map_free.
8f51dfc7
SF		 215 * Try to grab map refcnt to make sure that it's still
216 * alive and prevent concurrent removal.
217 */
1e0bd5a0 218 map = bpf_map_inc_not_zero(&smap->map);
8f51dfc7
SF		 219 if (IS_ERR(map))
220 continue;
221
222 copy_selem = bpf_sk_storage_clone_elem(newsk, smap, selem);
223 if (!copy_selem) {
224 ret = -ENOMEM;
225 bpf_map_put(map);
226 goto out;
227 }
228
229 if (new_sk_storage) {
1f00d375
KS		 230 bpf_selem_link_map(smap, copy_selem);
231 bpf_selem_link_storage_nolock(new_sk_storage, copy_selem);
8f51dfc7 232 } else {
b00fa38a 233 ret = bpf_local_storage_alloc(newsk, smap, copy_selem, GFP_ATOMIC);
8f51dfc7
SF		 234 if (ret) {
235 kfree(copy_selem);
236 atomic_sub(smap->elem_size,
237 &newsk->sk_omem_alloc);
238 bpf_map_put(map);
239 goto out;
240 }
241
1f00d375
KS		 242 new_sk_storage =
243 rcu_dereference(copy_selem->local_storage);
8f51dfc7
SF		 244 }
245 bpf_map_put(map);
246 }
247
248out:
249 rcu_read_unlock();
250
251 /* In case of an error, don't free anything explicitly here, the
252 * caller is responsible to call bpf_sk_storage_free.
253 */
254
255 return ret;
256}
257
b00fa38a
JK		 258/* *gfp_flags* is a hidden argument provided by the verifier */
259BPF_CALL_5(bpf_sk_storage_get, struct bpf_map *, map, struct sock *, sk,
260 void *, value, u64, flags, gfp_t, gfp_flags)
6ac99e8f 261{
1f00d375 262 struct bpf_local_storage_data *sdata;
6ac99e8f 263
0fe4b381 264 WARN_ON_ONCE(!bpf_rcu_lock_held());
592a3498 265 if (!sk || !sk_fullsock(sk) || flags > BPF_SK_STORAGE_GET_F_CREATE)
6ac99e8f
MKL		 266 return (unsigned long)NULL;
267
e794bfdd 268 sdata = bpf_sk_storage_lookup(sk, map, true);
6ac99e8f
MKL		 269 if (sdata)
270 return (unsigned long)sdata->data;
271
272 if (flags == BPF_SK_STORAGE_GET_F_CREATE &&
273 /* Cannot add new elem to a going away sk.
274 * Otherwise, the new elem may become a leak
275 * (and also other memory issues during map
276 * destruction).
277 */
278 refcount_inc_not_zero(&sk->sk_refcnt)) {
f836a56e
KS		 279 sdata = bpf_local_storage_update(
280 sk, (struct bpf_local_storage_map *)map, value,
b00fa38a 281 BPF_NOEXIST, gfp_flags);
6ac99e8f
MKL		 282 /* sk must be a fullsock (guaranteed by verifier),
283 * so sock_gen_put() is unnecessary.
284 */
285 sock_put(sk);
286 return IS_ERR(sdata) ?
287 (unsigned long)NULL : (unsigned long)sdata->data;
288 }
289
290 return (unsigned long)NULL;
291}
292
293BPF_CALL_2(bpf_sk_storage_delete, struct bpf_map *, map, struct sock *, sk)
294{
0fe4b381 295 WARN_ON_ONCE(!bpf_rcu_lock_held());
592a3498
MKL		 296 if (!sk || !sk_fullsock(sk))
297 return -EINVAL;
298
6ac99e8f
MKL		 299 if (refcount_inc_not_zero(&sk->sk_refcnt)) {
300 int err;
301
e794bfdd 302 err = bpf_sk_storage_del(sk, map);
6ac99e8f
MKL		 303 sock_put(sk);
304 return err;
305 }
306
307 return -ENOENT;
308}
309
e794bfdd
MKL		 310static int bpf_sk_storage_charge(struct bpf_local_storage_map *smap,
311 void *owner, u32 size)
f836a56e 312{
9e838b02
MKL		 313 struct sock *sk = (struct sock *)owner;
314
315 /* same check as in sock_kmalloc() */
316 if (size <= sysctl_optmem_max &&
317 atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) {
318 atomic_add(size, &sk->sk_omem_alloc);
319 return 0;
320 }
321
322 return -ENOMEM;
f836a56e
KS		 323}
324
e794bfdd
MKL		 325static void bpf_sk_storage_uncharge(struct bpf_local_storage_map *smap,
326 void *owner, u32 size)
f836a56e
KS		 327{
328 struct sock *sk = owner;
329
330 atomic_sub(size, &sk->sk_omem_alloc);
331}
332
333static struct bpf_local_storage __rcu **
e794bfdd 334bpf_sk_storage_ptr(void *owner)
f836a56e
KS		 335{
336 struct sock *sk = owner;
337
338 return &sk->sk_bpf_storage;
339}
340
2872e9ac 341static int sk_storage_map_btf_id;
6ac99e8f 342const struct bpf_map_ops sk_storage_map_ops = {
f4d05259 343 .map_meta_equal = bpf_map_meta_equal,
1f00d375 344 .map_alloc_check = bpf_local_storage_map_alloc_check,
e794bfdd
MKL		 345 .map_alloc = bpf_sk_storage_map_alloc,
346 .map_free = bpf_sk_storage_map_free,
6ac99e8f
MKL		 347 .map_get_next_key = notsupp_get_next_key,
348 .map_lookup_elem = bpf_fd_sk_storage_lookup_elem,
349 .map_update_elem = bpf_fd_sk_storage_update_elem,
350 .map_delete_elem = bpf_fd_sk_storage_delete_elem,
1f00d375
KS		 351 .map_check_btf = bpf_local_storage_map_check_btf,
352 .map_btf_name = "bpf_local_storage_map",
2872e9ac 353 .map_btf_id = &sk_storage_map_btf_id,
e794bfdd
MKL		 354 .map_local_storage_charge = bpf_sk_storage_charge,
355 .map_local_storage_uncharge = bpf_sk_storage_uncharge,
356 .map_owner_storage_ptr = bpf_sk_storage_ptr,
6ac99e8f
MKL		 357};
358
359const struct bpf_func_proto bpf_sk_storage_get_proto = {
360 .func = bpf_sk_storage_get,
361 .gpl_only = false,
362 .ret_type = RET_PTR_TO_MAP_VALUE_OR_NULL,
363 .arg1_type = ARG_CONST_MAP_PTR,
592a3498 364 .arg2_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
6ac99e8f
MKL		 365 .arg3_type = ARG_PTR_TO_MAP_VALUE_OR_NULL,
366 .arg4_type = ARG_ANYTHING,
367};
368
f7c6cb1d
SF		 369const struct bpf_func_proto bpf_sk_storage_get_cg_sock_proto = {
370 .func = bpf_sk_storage_get,
371 .gpl_only = false,
372 .ret_type = RET_PTR_TO_MAP_VALUE_OR_NULL,
373 .arg1_type = ARG_CONST_MAP_PTR,
374 .arg2_type = ARG_PTR_TO_CTX, /* context is 'struct sock' */
375 .arg3_type = ARG_PTR_TO_MAP_VALUE_OR_NULL,
376 .arg4_type = ARG_ANYTHING,
377};
378
6ac99e8f
MKL		 379const struct bpf_func_proto bpf_sk_storage_delete_proto = {
380 .func = bpf_sk_storage_delete,
381 .gpl_only = false,
382 .ret_type = RET_INTEGER,
383 .arg1_type = ARG_CONST_MAP_PTR,
592a3498 384 .arg2_type = ARG_PTR_TO_BTF_ID_SOCK_COMMON,
30897832
KS		 385};
386
8e4597c6
MKL		 387static bool bpf_sk_storage_tracing_allowed(const struct bpf_prog *prog)
388{
389 const struct btf *btf_vmlinux;
390 const struct btf_type *t;
391 const char *tname;
392 u32 btf_id;
393
394 if (prog->aux->dst_prog)
395 return false;
396
397 /* Ensure the tracing program is not tracing
398 * any bpf_sk_storage*() function and also
399 * use the bpf_sk_storage_(get|delete) helper.
400 */
401 switch (prog->expected_attach_type) {
a50a85e4 402 case BPF_TRACE_ITER:
8e4597c6
MKL		 403 case BPF_TRACE_RAW_TP:
404 /* bpf_sk_storage has no trace point */
405 return true;
406 case BPF_TRACE_FENTRY:
407 case BPF_TRACE_FEXIT:
408 btf_vmlinux = bpf_get_btf_vmlinux();
409 btf_id = prog->aux->attach_btf_id;
410 t = btf_type_by_id(btf_vmlinux, btf_id);
411 tname = btf_name_by_offset(btf_vmlinux, t->name_off);
412 return !!strncmp(tname, "bpf_sk_storage",
413 strlen("bpf_sk_storage"));
414 default:
415 return false;
416 }
417
418 return false;
419}
420
b00fa38a
JK		 421/* *gfp_flags* is a hidden argument provided by the verifier */
422BPF_CALL_5(bpf_sk_storage_get_tracing, struct bpf_map *, map, struct sock *, sk,
423 void *, value, u64, flags, gfp_t, gfp_flags)
8e4597c6 424{
0fe4b381 425 WARN_ON_ONCE(!bpf_rcu_lock_held());
afa79d08 426 if (in_hardirq() || in_nmi())
8e4597c6
MKL		 427 return (unsigned long)NULL;
428
b00fa38a
JK		 429 return (unsigned long)____bpf_sk_storage_get(map, sk, value, flags,
430 gfp_flags);
8e4597c6
MKL		 431}
432
433BPF_CALL_2(bpf_sk_storage_delete_tracing, struct bpf_map *, map,
434 struct sock *, sk)
435{
0fe4b381 436 WARN_ON_ONCE(!bpf_rcu_lock_held());
afa79d08 437 if (in_hardirq() || in_nmi())
8e4597c6
MKL		 438 return -EPERM;
439
440 return ____bpf_sk_storage_delete(map, sk);
441}
442
443const struct bpf_func_proto bpf_sk_storage_get_tracing_proto = {
444 .func = bpf_sk_storage_get_tracing,
445 .gpl_only = false,
446 .ret_type = RET_PTR_TO_MAP_VALUE_OR_NULL,
447 .arg1_type = ARG_CONST_MAP_PTR,
448 .arg2_type = ARG_PTR_TO_BTF_ID,
449 .arg2_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
450 .arg3_type = ARG_PTR_TO_MAP_VALUE_OR_NULL,
451 .arg4_type = ARG_ANYTHING,
452 .allowed = bpf_sk_storage_tracing_allowed,
453};
454
455const struct bpf_func_proto bpf_sk_storage_delete_tracing_proto = {
456 .func = bpf_sk_storage_delete_tracing,
457 .gpl_only = false,
458 .ret_type = RET_INTEGER,
459 .arg1_type = ARG_CONST_MAP_PTR,
460 .arg2_type = ARG_PTR_TO_BTF_ID,
461 .arg2_btf_id = &btf_sock_ids[BTF_SOCK_TYPE_SOCK_COMMON],
462 .allowed = bpf_sk_storage_tracing_allowed,
463};
464
1ed4d924
MKL		 465struct bpf_sk_storage_diag {
466 u32 nr_maps;
467 struct bpf_map *maps[];
468};
469
470/* The reply will be like:
471 * INET_DIAG_BPF_SK_STORAGES (nla_nest)
472 * SK_DIAG_BPF_STORAGE (nla_nest)
473 * SK_DIAG_BPF_STORAGE_MAP_ID (nla_put_u32)
474 * SK_DIAG_BPF_STORAGE_MAP_VALUE (nla_reserve_64bit)
475 * SK_DIAG_BPF_STORAGE (nla_nest)
476 * SK_DIAG_BPF_STORAGE_MAP_ID (nla_put_u32)
477 * SK_DIAG_BPF_STORAGE_MAP_VALUE (nla_reserve_64bit)
478 * ....
479 */
480static int nla_value_size(u32 value_size)
481{
482 /* SK_DIAG_BPF_STORAGE (nla_nest)
483 * SK_DIAG_BPF_STORAGE_MAP_ID (nla_put_u32)
484 * SK_DIAG_BPF_STORAGE_MAP_VALUE (nla_reserve_64bit)
485 */
486 return nla_total_size(0) + nla_total_size(sizeof(u32)) +
487 nla_total_size_64bit(value_size);
488}
489
490void bpf_sk_storage_diag_free(struct bpf_sk_storage_diag *diag)
491{
492 u32 i;
493
494 if (!diag)
495 return;
496
497 for (i = 0; i < diag->nr_maps; i++)
498 bpf_map_put(diag->maps[i]);
499
500 kfree(diag);
501}
502EXPORT_SYMBOL_GPL(bpf_sk_storage_diag_free);
503
504static bool diag_check_dup(const struct bpf_sk_storage_diag *diag,
505 const struct bpf_map *map)
506{
507 u32 i;
508
509 for (i = 0; i < diag->nr_maps; i++) {
510 if (diag->maps[i] == map)
511 return true;
512 }
513
514 return false;
515}
516
517struct bpf_sk_storage_diag *
518bpf_sk_storage_diag_alloc(const struct nlattr *nla_stgs)
519{
520 struct bpf_sk_storage_diag *diag;
521 struct nlattr *nla;
522 u32 nr_maps = 0;
523 int rem, err;
524
1f00d375 525 /* bpf_local_storage_map is currently limited to CAP_SYS_ADMIN as
1ed4d924
MKL		 526 * the map_alloc_check() side also does.
527 */
2c78ee89 528 if (!bpf_capable())
1ed4d924
MKL		 529 return ERR_PTR(-EPERM);
530
531 nla_for_each_nested(nla, nla_stgs, rem) {
532 if (nla_type(nla) == SK_DIAG_BPF_STORAGE_REQ_MAP_FD)
533 nr_maps++;
534 }
535
fe0bdaec 536 diag = kzalloc(struct_size(diag, maps, nr_maps), GFP_KERNEL);
1ed4d924
MKL		 537 if (!diag)
538 return ERR_PTR(-ENOMEM);
539
540 nla_for_each_nested(nla, nla_stgs, rem) {
541 struct bpf_map *map;
542 int map_fd;
543
544 if (nla_type(nla) != SK_DIAG_BPF_STORAGE_REQ_MAP_FD)
545 continue;
546
547 map_fd = nla_get_u32(nla);
548 map = bpf_map_get(map_fd);
549 if (IS_ERR(map)) {
550 err = PTR_ERR(map);
551 goto err_free;
552 }
553 if (map->map_type != BPF_MAP_TYPE_SK_STORAGE) {
554 bpf_map_put(map);
555 err = -EINVAL;
556 goto err_free;
557 }
558 if (diag_check_dup(diag, map)) {
559 bpf_map_put(map);
560 err = -EEXIST;
561 goto err_free;
562 }
563 diag->maps[diag->nr_maps++] = map;
564 }
565
566 return diag;
567
568err_free:
569 bpf_sk_storage_diag_free(diag);
570 return ERR_PTR(err);
571}
572EXPORT_SYMBOL_GPL(bpf_sk_storage_diag_alloc);
573
1f00d375 574static int diag_get(struct bpf_local_storage_data *sdata, struct sk_buff *skb)
1ed4d924
MKL		 575{
576 struct nlattr *nla_stg, *nla_value;
1f00d375 577 struct bpf_local_storage_map *smap;
1ed4d924
MKL		 578
579 /* It cannot exceed max nlattr's payload */
1f00d375 580 BUILD_BUG_ON(U16_MAX - NLA_HDRLEN < BPF_LOCAL_STORAGE_MAX_VALUE_SIZE);
1ed4d924
MKL		 581
582 nla_stg = nla_nest_start(skb, SK_DIAG_BPF_STORAGE);
583 if (!nla_stg)
584 return -EMSGSIZE;
585
586 smap = rcu_dereference(sdata->smap);
587 if (nla_put_u32(skb, SK_DIAG_BPF_STORAGE_MAP_ID, smap->map.id))
588 goto errout;
589
590 nla_value = nla_reserve_64bit(skb, SK_DIAG_BPF_STORAGE_MAP_VALUE,
591 smap->map.value_size,
592 SK_DIAG_BPF_STORAGE_PAD);
593 if (!nla_value)
594 goto errout;
595
596 if (map_value_has_spin_lock(&smap->map))
597 copy_map_value_locked(&smap->map, nla_data(nla_value),
598 sdata->data, true);
599 else
600 copy_map_value(&smap->map, nla_data(nla_value), sdata->data);
601
602 nla_nest_end(skb, nla_stg);
603 return 0;
604
605errout:
606 nla_nest_cancel(skb, nla_stg);
607 return -EMSGSIZE;
608}
609
610static int bpf_sk_storage_diag_put_all(struct sock *sk, struct sk_buff *skb,
611 int stg_array_type,
612 unsigned int *res_diag_size)
613{
614 /* stg_array_type (e.g. INET_DIAG_BPF_SK_STORAGES) */
615 unsigned int diag_size = nla_total_size(0);
1f00d375
KS		 616 struct bpf_local_storage *sk_storage;
617 struct bpf_local_storage_elem *selem;
618 struct bpf_local_storage_map *smap;
1ed4d924
MKL		 619 struct nlattr *nla_stgs;
620 unsigned int saved_len;
621 int err = 0;
622
623 rcu_read_lock();
624
625 sk_storage = rcu_dereference(sk->sk_bpf_storage);
626 if (!sk_storage || hlist_empty(&sk_storage->list)) {
627 rcu_read_unlock();
628 return 0;
629 }
630
631 nla_stgs = nla_nest_start(skb, stg_array_type);
632 if (!nla_stgs)
633 /* Continue to learn diag_size */
634 err = -EMSGSIZE;
635
636 saved_len = skb->len;
637 hlist_for_each_entry_rcu(selem, &sk_storage->list, snode) {
638 smap = rcu_dereference(SDATA(selem)->smap);
639 diag_size += nla_value_size(smap->map.value_size);
640
641 if (nla_stgs && diag_get(SDATA(selem), skb))
642 /* Continue to learn diag_size */
643 err = -EMSGSIZE;
644 }
645
646 rcu_read_unlock();
647
648 if (nla_stgs) {
649 if (saved_len == skb->len)
650 nla_nest_cancel(skb, nla_stgs);
651 else
652 nla_nest_end(skb, nla_stgs);
653 }
654
655 if (diag_size == nla_total_size(0)) {
656 *res_diag_size = 0;
657 return 0;
658 }
659
660 *res_diag_size = diag_size;
661 return err;
662}
663
664int bpf_sk_storage_diag_put(struct bpf_sk_storage_diag *diag,
665 struct sock *sk, struct sk_buff *skb,
666 int stg_array_type,
667 unsigned int *res_diag_size)
668{
669 /* stg_array_type (e.g. INET_DIAG_BPF_SK_STORAGES) */
670 unsigned int diag_size = nla_total_size(0);
1f00d375
KS		 671 struct bpf_local_storage *sk_storage;
672 struct bpf_local_storage_data *sdata;
1ed4d924
MKL		 673 struct nlattr *nla_stgs;
674 unsigned int saved_len;
675 int err = 0;
676 u32 i;
677
678 *res_diag_size = 0;
679
680 /* No map has been specified. Dump all. */
681 if (!diag->nr_maps)
682 return bpf_sk_storage_diag_put_all(sk, skb, stg_array_type,
683 res_diag_size);
684
685 rcu_read_lock();
686 sk_storage = rcu_dereference(sk->sk_bpf_storage);
687 if (!sk_storage || hlist_empty(&sk_storage->list)) {
688 rcu_read_unlock();
689 return 0;
690 }
691
692 nla_stgs = nla_nest_start(skb, stg_array_type);
693 if (!nla_stgs)
694 /* Continue to learn diag_size */
695 err = -EMSGSIZE;
696
697 saved_len = skb->len;
698 for (i = 0; i < diag->nr_maps; i++) {
1f00d375
KS		 699 sdata = bpf_local_storage_lookup(sk_storage,
700 (struct bpf_local_storage_map *)diag->maps[i],
1ed4d924
MKL		 701 false);
702
703 if (!sdata)
704 continue;
705
706 diag_size += nla_value_size(diag->maps[i]->value_size);
707
708 if (nla_stgs && diag_get(sdata, skb))
709 /* Continue to learn diag_size */
710 err = -EMSGSIZE;
711 }
712 rcu_read_unlock();
713
714 if (nla_stgs) {
715 if (saved_len == skb->len)
716 nla_nest_cancel(skb, nla_stgs);
717 else
718 nla_nest_end(skb, nla_stgs);
719 }
720
721 if (diag_size == nla_total_size(0)) {
722 *res_diag_size = 0;
723 return 0;
724 }
725
726 *res_diag_size = diag_size;
727 return err;
728}
729EXPORT_SYMBOL_GPL(bpf_sk_storage_diag_put);
5ce6e77c
YS		 730
731struct bpf_iter_seq_sk_storage_map_info {
732 struct bpf_map *map;
733 unsigned int bucket_id;
734 unsigned skip_elems;
735};
736
1f00d375 737static struct bpf_local_storage_elem *
5ce6e77c 738bpf_sk_storage_map_seq_find_next(struct bpf_iter_seq_sk_storage_map_info *info,
1f00d375 739 struct bpf_local_storage_elem *prev_selem)
c69d2ddb 740 __acquires(RCU) __releases(RCU)
5ce6e77c 741{
1f00d375
KS		 742 struct bpf_local_storage *sk_storage;
743 struct bpf_local_storage_elem *selem;
5ce6e77c 744 u32 skip_elems = info->skip_elems;
1f00d375 745 struct bpf_local_storage_map *smap;
5ce6e77c
YS		 746 u32 bucket_id = info->bucket_id;
747 u32 i, count, n_buckets;
1f00d375 748 struct bpf_local_storage_map_bucket *b;
5ce6e77c 749
1f00d375 750 smap = (struct bpf_local_storage_map *)info->map;
5ce6e77c
YS		 751 n_buckets = 1U << smap->bucket_log;
752 if (bucket_id >= n_buckets)
753 return NULL;
754
755 /* try to find next selem in the same bucket */
756 selem = prev_selem;
757 count = 0;
758 while (selem) {
c69d2ddb 759 selem = hlist_entry_safe(rcu_dereference(hlist_next_rcu(&selem->map_node)),
1f00d375 760 struct bpf_local_storage_elem, map_node);
5ce6e77c
YS		 761 if (!selem) {
762 /* not found, unlock and go to the next bucket */
763 b = &smap->buckets[bucket_id++];
c69d2ddb 764 rcu_read_unlock();
5ce6e77c
YS		 765 skip_elems = 0;
766 break;
767 }
c69d2ddb 768 sk_storage = rcu_dereference(selem->local_storage);
5ce6e77c
YS		 769 if (sk_storage) {
770 info->skip_elems = skip_elems + count;
771 return selem;
772 }
773 count++;
774 }
775
776 for (i = bucket_id; i < (1U << smap->bucket_log); i++) {
777 b = &smap->buckets[i];
c69d2ddb 778 rcu_read_lock();
5ce6e77c 779 count = 0;
c69d2ddb
YS		 780 hlist_for_each_entry_rcu(selem, &b->list, map_node) {
781 sk_storage = rcu_dereference(selem->local_storage);
5ce6e77c
YS		 782 if (sk_storage && count >= skip_elems) {
783 info->bucket_id = i;
784 info->skip_elems = count;
785 return selem;
786 }
787 count++;
788 }
c69d2ddb 789 rcu_read_unlock();
5ce6e77c
YS		 790 skip_elems = 0;
791 }
792
793 info->bucket_id = i;
794 info->skip_elems = 0;
795 return NULL;
796}
797
798static void *bpf_sk_storage_map_seq_start(struct seq_file *seq, loff_t *pos)
799{
1f00d375 800 struct bpf_local_storage_elem *selem;
5ce6e77c
YS		 801
802 selem = bpf_sk_storage_map_seq_find_next(seq->private, NULL);
803 if (!selem)
804 return NULL;
805
806 if (*pos == 0)
807 ++*pos;
808 return selem;
809}
810
811static void *bpf_sk_storage_map_seq_next(struct seq_file *seq, void *v,
812 loff_t *pos)
813{
814 struct bpf_iter_seq_sk_storage_map_info *info = seq->private;
815
816 ++*pos;
817 ++info->skip_elems;
818 return bpf_sk_storage_map_seq_find_next(seq->private, v);
819}
820
821struct bpf_iter__bpf_sk_storage_map {
822 __bpf_md_ptr(struct bpf_iter_meta *, meta);
823 __bpf_md_ptr(struct bpf_map *, map);
824 __bpf_md_ptr(struct sock *, sk);
825 __bpf_md_ptr(void *, value);
826};
827
828DEFINE_BPF_ITER_FUNC(bpf_sk_storage_map, struct bpf_iter_meta *meta,
829 struct bpf_map *map, struct sock *sk,
830 void *value)
831
832static int __bpf_sk_storage_map_seq_show(struct seq_file *seq,
1f00d375 833 struct bpf_local_storage_elem *selem)
5ce6e77c
YS		 834{
835 struct bpf_iter_seq_sk_storage_map_info *info = seq->private;
836 struct bpf_iter__bpf_sk_storage_map ctx = {};
1f00d375 837 struct bpf_local_storage *sk_storage;
5ce6e77c
YS		 838 struct bpf_iter_meta meta;
839 struct bpf_prog *prog;
840 int ret = 0;
841
842 meta.seq = seq;
843 prog = bpf_iter_get_info(&meta, selem == NULL);
844 if (prog) {
845 ctx.meta = &meta;
846 ctx.map = info->map;
847 if (selem) {
c69d2ddb 848 sk_storage = rcu_dereference(selem->local_storage);
1f00d375 849 ctx.sk = sk_storage->owner;
5ce6e77c
YS		 850 ctx.value = SDATA(selem)->data;
851 }
852 ret = bpf_iter_run_prog(prog, &ctx);
853 }
854
855 return ret;
856}
857
858static int bpf_sk_storage_map_seq_show(struct seq_file *seq, void *v)
859{
860 return __bpf_sk_storage_map_seq_show(seq, v);
861}
862
863static void bpf_sk_storage_map_seq_stop(struct seq_file *seq, void *v)
c69d2ddb 864 __releases(RCU)
5ce6e77c 865{
c69d2ddb 866 if (!v)
5ce6e77c 867 (void)__bpf_sk_storage_map_seq_show(seq, v);
c69d2ddb
YS		 868 else
869 rcu_read_unlock();
5ce6e77c
YS		 870}
871
872static int bpf_iter_init_sk_storage_map(void *priv_data,
873 struct bpf_iter_aux_info *aux)
874{
875 struct bpf_iter_seq_sk_storage_map_info *seq_info = priv_data;
876
877 seq_info->map = aux->map;
878 return 0;
879}
880
5e7b3020
YS		 881static int bpf_iter_attach_map(struct bpf_prog *prog,
882 union bpf_iter_link_info *linfo,
883 struct bpf_iter_aux_info *aux)
5ce6e77c 884{
5e7b3020
YS		 885 struct bpf_map *map;
886 int err = -EINVAL;
887
888 if (!linfo->map.map_fd)
889 return -EBADF;
890
891 map = bpf_map_get_with_uref(linfo->map.map_fd);
892 if (IS_ERR(map))
893 return PTR_ERR(map);
5ce6e77c
YS		 894
895 if (map->map_type != BPF_MAP_TYPE_SK_STORAGE)
5e7b3020 896 goto put_map;
5ce6e77c 897
5e7b3020
YS		 898 if (prog->aux->max_rdonly_access > map->value_size) {
899 err = -EACCES;
900 goto put_map;
901 }
5ce6e77c 902
5e7b3020 903 aux->map = map;
5ce6e77c 904 return 0;
5e7b3020
YS		 905
906put_map:
907 bpf_map_put_with_uref(map);
908 return err;
909}
910
911static void bpf_iter_detach_map(struct bpf_iter_aux_info *aux)
912{
913 bpf_map_put_with_uref(aux->map);
5ce6e77c
YS		 914}
915
916static const struct seq_operations bpf_sk_storage_map_seq_ops = {
917 .start = bpf_sk_storage_map_seq_start,
918 .next = bpf_sk_storage_map_seq_next,
919 .stop = bpf_sk_storage_map_seq_stop,
920 .show = bpf_sk_storage_map_seq_show,
921};
922
923static const struct bpf_iter_seq_info iter_seq_info = {
924 .seq_ops = &bpf_sk_storage_map_seq_ops,
925 .init_seq_private = bpf_iter_init_sk_storage_map,
926 .fini_seq_private = NULL,
927 .seq_priv_size = sizeof(struct bpf_iter_seq_sk_storage_map_info),
928};
929
930static struct bpf_iter_reg bpf_sk_storage_map_reg_info = {
931 .target = "bpf_sk_storage_map",
5e7b3020
YS		 932 .attach_target = bpf_iter_attach_map,
933 .detach_target = bpf_iter_detach_map,
b76f2226
YS		 934 .show_fdinfo = bpf_iter_map_show_fdinfo,
935 .fill_link_info = bpf_iter_map_fill_link_info,
5ce6e77c
YS		 936 .ctx_arg_info_size = 2,
937 .ctx_arg_info = {
938 { offsetof(struct bpf_iter__bpf_sk_storage_map, sk),
939 PTR_TO_BTF_ID_OR_NULL },
940 { offsetof(struct bpf_iter__bpf_sk_storage_map, value),
20b2aff4 941 PTR_TO_BUF | PTR_MAYBE_NULL },
5ce6e77c
YS		 942 },
943 .seq_info = &iter_seq_info,
944};
945
946static int __init bpf_sk_storage_map_iter_init(void)
947{
948 bpf_sk_storage_map_reg_info.ctx_arg_info[0].btf_id =
949 btf_sock_ids[BTF_SOCK_TYPE_SOCK];
950 return bpf_iter_reg_target(&bpf_sk_storage_map_reg_info);
951}
952late_initcall(bpf_sk_storage_map_iter_init);
Linux 6.x block layer and io_uring tree(s)