projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: Introduce skb_send_sock() for sock_map
[linux-2.6-block.git] / net / core / skmsg.c
CommitLineData
604326b4
DB		 1// SPDX-License-Identifier: GPL-2.0
2/* Copyright (c) 2017 - 2018 Covalent IO, Inc. http://covalent.io */
3
4#include <linux/skmsg.h>
5#include <linux/skbuff.h>
6#include <linux/scatterlist.h>
7
8#include <net/sock.h>
9#include <net/tcp.h>
e91de6af 10#include <net/tls.h>
604326b4
DB		 11
12static bool sk_msg_try_coalesce_ok(struct sk_msg *msg, int elem_first_coalesce)
13{
14 if (msg->sg.end > msg->sg.start &&
15 elem_first_coalesce < msg->sg.end)
16 return true;
17
18 if (msg->sg.end < msg->sg.start &&
19 (elem_first_coalesce > msg->sg.start ||
20 elem_first_coalesce < msg->sg.end))
21 return true;
22
23 return false;
24}
25
26int sk_msg_alloc(struct sock *sk, struct sk_msg *msg, int len,
27 int elem_first_coalesce)
28{
29 struct page_frag *pfrag = sk_page_frag(sk);
30 int ret = 0;
31
32 len -= msg->sg.size;
33 while (len > 0) {
34 struct scatterlist *sge;
35 u32 orig_offset;
36 int use, i;
37
38 if (!sk_page_frag_refill(sk, pfrag))
39 return -ENOMEM;
40
41 orig_offset = pfrag->offset;
42 use = min_t(int, len, pfrag->size - orig_offset);
43 if (!sk_wmem_schedule(sk, use))
44 return -ENOMEM;
45
46 i = msg->sg.end;
47 sk_msg_iter_var_prev(i);
48 sge = &msg->sg.data[i];
49
50 if (sk_msg_try_coalesce_ok(msg, elem_first_coalesce) &&
51 sg_page(sge) == pfrag->page &&
52 sge->offset + sge->length == orig_offset) {
53 sge->length += use;
54 } else {
55 if (sk_msg_full(msg)) {
56 ret = -ENOSPC;
57 break;
58 }
59
60 sge = &msg->sg.data[msg->sg.end];
61 sg_unmark_end(sge);
62 sg_set_page(sge, pfrag->page, use, orig_offset);
63 get_page(pfrag->page);
64 sk_msg_iter_next(msg, end);
65 }
66
67 sk_mem_charge(sk, use);
68 msg->sg.size += use;
69 pfrag->offset += use;
70 len -= use;
71 }
72
73 return ret;
74}
75EXPORT_SYMBOL_GPL(sk_msg_alloc);
76
d829e9c4
DB		 77int sk_msg_clone(struct sock *sk, struct sk_msg *dst, struct sk_msg *src,
78 u32 off, u32 len)
79{
80 int i = src->sg.start;
81 struct scatterlist *sge = sk_msg_elem(src, i);
fda497e5 82 struct scatterlist *sgd = NULL;
d829e9c4
DB		 83 u32 sge_len, sge_off;
84
d829e9c4
DB		 85 while (off) {
86 if (sge->length > off)
87 break;
88 off -= sge->length;
89 sk_msg_iter_var_next(i);
90 if (i == src->sg.end && off)
91 return -ENOSPC;
92 sge = sk_msg_elem(src, i);
93 }
94
95 while (len) {
96 sge_len = sge->length - off;
d829e9c4
DB		 97 if (sge_len > len)
98 sge_len = len;
fda497e5
VG		 99
100 if (dst->sg.end)
101 sgd = sk_msg_elem(dst, dst->sg.end - 1);
102
103 if (sgd &&
104 (sg_page(sge) == sg_page(sgd)) &&
105 (sg_virt(sge) + off == sg_virt(sgd) + sgd->length)) {
106 sgd->length += sge_len;
107 dst->sg.size += sge_len;
108 } else if (!sk_msg_full(dst)) {
109 sge_off = sge->offset + off;
110 sk_msg_page_add(dst, sg_page(sge), sge_len, sge_off);
111 } else {
112 return -ENOSPC;
113 }
114
d829e9c4
DB		 115 off = 0;
116 len -= sge_len;
d829e9c4
DB		 117 sk_mem_charge(sk, sge_len);
118 sk_msg_iter_var_next(i);
119 if (i == src->sg.end && len)
120 return -ENOSPC;
121 sge = sk_msg_elem(src, i);
122 }
123
124 return 0;
125}
126EXPORT_SYMBOL_GPL(sk_msg_clone);
127
604326b4
DB		 128void sk_msg_return_zero(struct sock *sk, struct sk_msg *msg, int bytes)
129{
130 int i = msg->sg.start;
131
132 do {
133 struct scatterlist *sge = sk_msg_elem(msg, i);
134
135 if (bytes < sge->length) {
136 sge->length -= bytes;
137 sge->offset += bytes;
138 sk_mem_uncharge(sk, bytes);
139 break;
140 }
141
142 sk_mem_uncharge(sk, sge->length);
143 bytes -= sge->length;
144 sge->length = 0;
145 sge->offset = 0;
146 sk_msg_iter_var_next(i);
147 } while (bytes && i != msg->sg.end);
148 msg->sg.start = i;
149}
150EXPORT_SYMBOL_GPL(sk_msg_return_zero);
151
152void sk_msg_return(struct sock *sk, struct sk_msg *msg, int bytes)
153{
154 int i = msg->sg.start;
155
156 do {
157 struct scatterlist *sge = &msg->sg.data[i];
158 int uncharge = (bytes < sge->length) ? bytes : sge->length;
159
160 sk_mem_uncharge(sk, uncharge);
161 bytes -= uncharge;
162 sk_msg_iter_var_next(i);
163 } while (i != msg->sg.end);
164}
165EXPORT_SYMBOL_GPL(sk_msg_return);
166
167static int sk_msg_free_elem(struct sock *sk, struct sk_msg *msg, u32 i,
168 bool charge)
169{
170 struct scatterlist *sge = sk_msg_elem(msg, i);
171 u32 len = sge->length;
172
36cd0e69
JF		 173 /* When the skb owns the memory we free it from consume_skb path. */
174 if (!msg->skb) {
175 if (charge)
176 sk_mem_uncharge(sk, len);
604326b4 177 put_page(sg_page(sge));
36cd0e69 178 }
604326b4
DB		 179 memset(sge, 0, sizeof(*sge));
180 return len;
181}
182
183static int __sk_msg_free(struct sock *sk, struct sk_msg *msg, u32 i,
184 bool charge)
185{
186 struct scatterlist *sge = sk_msg_elem(msg, i);
187 int freed = 0;
188
189 while (msg->sg.size) {
190 msg->sg.size -= sge->length;
191 freed += sk_msg_free_elem(sk, msg, i, charge);
192 sk_msg_iter_var_next(i);
193 sk_msg_check_to_free(msg, i, msg->sg.size);
194 sge = sk_msg_elem(msg, i);
195 }
dd016aca 196 consume_skb(msg->skb);
604326b4
DB		 197 sk_msg_init(msg);
198 return freed;
199}
200
201int sk_msg_free_nocharge(struct sock *sk, struct sk_msg *msg)
202{
203 return __sk_msg_free(sk, msg, msg->sg.start, false);
204}
205EXPORT_SYMBOL_GPL(sk_msg_free_nocharge);
206
207int sk_msg_free(struct sock *sk, struct sk_msg *msg)
208{
209 return __sk_msg_free(sk, msg, msg->sg.start, true);
210}
211EXPORT_SYMBOL_GPL(sk_msg_free);
212
213static void __sk_msg_free_partial(struct sock *sk, struct sk_msg *msg,
214 u32 bytes, bool charge)
215{
216 struct scatterlist *sge;
217 u32 i = msg->sg.start;
218
219 while (bytes) {
220 sge = sk_msg_elem(msg, i);
221 if (!sge->length)
222 break;
223 if (bytes < sge->length) {
224 if (charge)
225 sk_mem_uncharge(sk, bytes);
226 sge->length -= bytes;
227 sge->offset += bytes;
228 msg->sg.size -= bytes;
229 break;
230 }
231
232 msg->sg.size -= sge->length;
233 bytes -= sge->length;
234 sk_msg_free_elem(sk, msg, i, charge);
235 sk_msg_iter_var_next(i);
236 sk_msg_check_to_free(msg, i, bytes);
237 }
238 msg->sg.start = i;
239}
240
241void sk_msg_free_partial(struct sock *sk, struct sk_msg *msg, u32 bytes)
242{
243 __sk_msg_free_partial(sk, msg, bytes, true);
244}
245EXPORT_SYMBOL_GPL(sk_msg_free_partial);
246
247void sk_msg_free_partial_nocharge(struct sock *sk, struct sk_msg *msg,
248 u32 bytes)
249{
250 __sk_msg_free_partial(sk, msg, bytes, false);
251}
252
253void sk_msg_trim(struct sock *sk, struct sk_msg *msg, int len)
254{
255 int trim = msg->sg.size - len;
256 u32 i = msg->sg.end;
257
258 if (trim <= 0) {
259 WARN_ON(trim < 0);
260 return;
261 }
262
263 sk_msg_iter_var_prev(i);
264 msg->sg.size = len;
265 while (msg->sg.data[i].length &&
266 trim >= msg->sg.data[i].length) {
267 trim -= msg->sg.data[i].length;
268 sk_msg_free_elem(sk, msg, i, true);
269 sk_msg_iter_var_prev(i);
270 if (!trim)
271 goto out;
272 }
273
274 msg->sg.data[i].length -= trim;
275 sk_mem_uncharge(sk, trim);
683916f6
JK		 276 /* Adjust copybreak if it falls into the trimmed part of last buf */
277 if (msg->sg.curr == i && msg->sg.copybreak > msg->sg.data[i].length)
278 msg->sg.copybreak = msg->sg.data[i].length;
604326b4 279out:
683916f6
JK		 280 sk_msg_iter_var_next(i);
281 msg->sg.end = i;
282
283 /* If we trim data a full sg elem before curr pointer update
284 * copybreak and current so that any future copy operations
285 * start at new copy location.
604326b4
DB		 286 * However trimed data that has not yet been used in a copy op
287 * does not require an update.
288 */
683916f6
JK		 289 if (!msg->sg.size) {
290 msg->sg.curr = msg->sg.start;
291 msg->sg.copybreak = 0;
292 } else if (sk_msg_iter_dist(msg->sg.start, msg->sg.curr) >=
293 sk_msg_iter_dist(msg->sg.start, msg->sg.end)) {
294 sk_msg_iter_var_prev(i);
604326b4
DB		 295 msg->sg.curr = i;
296 msg->sg.copybreak = msg->sg.data[i].length;
297 }
604326b4
DB		 298}
299EXPORT_SYMBOL_GPL(sk_msg_trim);
300
301int sk_msg_zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
302 struct sk_msg *msg, u32 bytes)
303{
304 int i, maxpages, ret = 0, num_elems = sk_msg_elem_used(msg);
305 const int to_max_pages = MAX_MSG_FRAGS;
306 struct page *pages[MAX_MSG_FRAGS];
307 ssize_t orig, copied, use, offset;
308
309 orig = msg->sg.size;
310 while (bytes > 0) {
311 i = 0;
312 maxpages = to_max_pages - num_elems;
313 if (maxpages == 0) {
314 ret = -EFAULT;
315 goto out;
316 }
317
318 copied = iov_iter_get_pages(from, pages, bytes, maxpages,
319 &offset);
320 if (copied <= 0) {
321 ret = -EFAULT;
322 goto out;
323 }
324
325 iov_iter_advance(from, copied);
326 bytes -= copied;
327 msg->sg.size += copied;
328
329 while (copied) {
330 use = min_t(int, copied, PAGE_SIZE - offset);
331 sg_set_page(&msg->sg.data[msg->sg.end],
332 pages[i], use, offset);
333 sg_unmark_end(&msg->sg.data[msg->sg.end]);
334 sk_mem_charge(sk, use);
335
336 offset = 0;
337 copied -= use;
338 sk_msg_iter_next(msg, end);
339 num_elems++;
340 i++;
341 }
342 /* When zerocopy is mixed with sk_msg_*copy* operations we
343 * may have a copybreak set in this case clear and prefer
344 * zerocopy remainder when possible.
345 */
346 msg->sg.copybreak = 0;
347 msg->sg.curr = msg->sg.end;
348 }
349out:
350 /* Revert iov_iter updates, msg will need to use 'trim' later if it
351 * also needs to be cleared.
352 */
353 if (ret)
354 iov_iter_revert(from, msg->sg.size - orig);
355 return ret;
356}
357EXPORT_SYMBOL_GPL(sk_msg_zerocopy_from_iter);
358
359int sk_msg_memcopy_from_iter(struct sock *sk, struct iov_iter *from,
360 struct sk_msg *msg, u32 bytes)
361{
362 int ret = -ENOSPC, i = msg->sg.curr;
363 struct scatterlist *sge;
364 u32 copy, buf_size;
365 void *to;
366
367 do {
368 sge = sk_msg_elem(msg, i);
369 /* This is possible if a trim operation shrunk the buffer */
370 if (msg->sg.copybreak >= sge->length) {
371 msg->sg.copybreak = 0;
372 sk_msg_iter_var_next(i);
373 if (i == msg->sg.end)
374 break;
375 sge = sk_msg_elem(msg, i);
376 }
377
378 buf_size = sge->length - msg->sg.copybreak;
379 copy = (buf_size > bytes) ? bytes : buf_size;
380 to = sg_virt(sge) + msg->sg.copybreak;
381 msg->sg.copybreak += copy;
382 if (sk->sk_route_caps & NETIF_F_NOCACHE_COPY)
383 ret = copy_from_iter_nocache(to, copy, from);
384 else
385 ret = copy_from_iter(to, copy, from);
386 if (ret != copy) {
387 ret = -EFAULT;
388 goto out;
389 }
390 bytes -= copy;
391 if (!bytes)
392 break;
393 msg->sg.copybreak = 0;
394 sk_msg_iter_var_next(i);
395 } while (i != msg->sg.end);
396out:
397 msg->sg.curr = i;
398 return ret;
399}
400EXPORT_SYMBOL_GPL(sk_msg_memcopy_from_iter);
401
6fa9201a
JF		 402static struct sk_msg *sk_psock_create_ingress_msg(struct sock *sk,
403 struct sk_buff *skb)
604326b4 404{
604326b4
DB		 405 struct sk_msg *msg;
406
36cd0e69 407 if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)
6fa9201a
JF		 408 return NULL;
409
410 if (!sk_rmem_schedule(sk, skb, skb->truesize))
411 return NULL;
36cd0e69 412
604326b4
DB		 413 msg = kzalloc(sizeof(*msg), __GFP_NOWARN | GFP_ATOMIC);
414 if (unlikely(!msg))
6fa9201a 415 return NULL;
604326b4
DB		 416
417 sk_msg_init(msg);
6fa9201a
JF		 418 return msg;
419}
420
421static int sk_psock_skb_ingress_enqueue(struct sk_buff *skb,
422 struct sk_psock *psock,
423 struct sock *sk,
424 struct sk_msg *msg)
425{
4363023d 426 int num_sge, copied;
6fa9201a 427
4363023d
JF		 428 /* skb linearize may fail with ENOMEM, but lets simply try again
429 * later if this happens. Under memory pressure we don't want to
430 * drop the skb. We need to linearize the skb so that the mapping
431 * in skb_to_sgvec can not error.
432 */
433 if (skb_linearize(skb))
434 return -EAGAIN;
435 num_sge = skb_to_sgvec(skb, msg->sg.data, 0, skb->len);
604326b4
DB		 436 if (unlikely(num_sge < 0)) {
437 kfree(msg);
438 return num_sge;
439 }
440
604326b4
DB		 441 copied = skb->len;
442 msg->sg.start = 0;
cabede8b 443 msg->sg.size = copied;
031097d9 444 msg->sg.end = num_sge;
604326b4
DB		 445 msg->skb = skb;
446
447 sk_psock_queue_msg(psock, msg);
552de910 448 sk_psock_data_ready(sk, psock);
604326b4
DB		 449 return copied;
450}
451
2443ca66
JF		 452static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb);
453
6fa9201a
JF		 454static int sk_psock_skb_ingress(struct sk_psock *psock, struct sk_buff *skb)
455{
456 struct sock *sk = psock->sk;
457 struct sk_msg *msg;
458
2443ca66
JF		 459 /* If we are receiving on the same sock skb->sk is already assigned,
460 * skip memory accounting and owner transition seeing it already set
461 * correctly.
462 */
463 if (unlikely(skb->sk == sk))
464 return sk_psock_skb_ingress_self(psock, skb);
6fa9201a
JF		 465 msg = sk_psock_create_ingress_msg(sk, skb);
466 if (!msg)
467 return -EAGAIN;
468
469 /* This will transition ownership of the data from the socket where
470 * the BPF program was run initiating the redirect to the socket
471 * we will eventually receive this data on. The data will be released
472 * from skb_consume found in __tcp_bpf_recvmsg() after its been copied
473 * into user buffers.
474 */
475 skb_set_owner_r(skb, sk);
476 return sk_psock_skb_ingress_enqueue(skb, psock, sk, msg);
477}
478
479/* Puts an skb on the ingress queue of the socket already assigned to the
480 * skb. In this case we do not need to check memory limits or skb_set_owner_r
481 * because the skb is already accounted for here.
482 */
483static int sk_psock_skb_ingress_self(struct sk_psock *psock, struct sk_buff *skb)
484{
485 struct sk_msg *msg = kzalloc(sizeof(*msg), __GFP_NOWARN | GFP_ATOMIC);
486 struct sock *sk = psock->sk;
487
488 if (unlikely(!msg))
489 return -EAGAIN;
490 sk_msg_init(msg);
491 return sk_psock_skb_ingress_enqueue(skb, psock, sk, msg);
492}
493
604326b4
DB		 494static int sk_psock_handle_skb(struct sk_psock *psock, struct sk_buff *skb,
495 u32 off, u32 len, bool ingress)
496{
9047f19e
JF		 497 if (!ingress) {
498 if (!sock_writeable(psock->sk))
499 return -EAGAIN;
604326b4 500 return skb_send_sock_locked(psock->sk, skb, off, len);
9047f19e
JF		 501 }
502 return sk_psock_skb_ingress(psock, skb);
604326b4
DB		 503}
504
505static void sk_psock_backlog(struct work_struct *work)
506{
507 struct sk_psock *psock = container_of(work, struct sk_psock, work);
508 struct sk_psock_work_state *state = &psock->work_state;
509 struct sk_buff *skb;
510 bool ingress;
511 u32 len, off;
512 int ret;
513
514 /* Lock sock to avoid losing sk_socket during loop. */
515 lock_sock(psock->sk);
516 if (state->skb) {
517 skb = state->skb;
518 len = state->len;
519 off = state->off;
520 state->skb = NULL;
521 goto start;
522 }
523
524 while ((skb = skb_dequeue(&psock->ingress_skb))) {
525 len = skb->len;
526 off = 0;
527start:
e3526bb9
CW		 528 ingress = skb_bpf_ingress(skb);
529 skb_bpf_redirect_clear(skb);
604326b4
DB		 530 do {
531 ret = -EIO;
532 if (likely(psock->sk->sk_socket))
533 ret = sk_psock_handle_skb(psock, skb, off,
534 len, ingress);
535 if (ret <= 0) {
536 if (ret == -EAGAIN) {
537 state->skb = skb;
538 state->len = len;
539 state->off = off;
540 goto end;
541 }
542 /* Hard errors break pipe and stop xmit. */
543 sk_psock_report_error(psock, ret ? -ret : EPIPE);
544 sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);
545 kfree_skb(skb);
546 goto end;
547 }
548 off += ret;
549 len -= ret;
550 } while (len);
551
552 if (!ingress)
553 kfree_skb(skb);
554 }
555end:
556 release_sock(psock->sk);
557}
558
559struct sk_psock *sk_psock_init(struct sock *sk, int node)
560{
7b219da4
LB		 561 struct sk_psock *psock;
562 struct proto *prot;
604326b4 563
7b219da4
LB		 564 write_lock_bh(&sk->sk_callback_lock);
565
566 if (inet_csk_has_ulp(sk)) {
567 psock = ERR_PTR(-EINVAL);
568 goto out;
569 }
570
571 if (sk->sk_user_data) {
572 psock = ERR_PTR(-EBUSY);
573 goto out;
574 }
575
576 psock = kzalloc_node(sizeof(*psock), GFP_ATOMIC | __GFP_NOWARN, node);
577 if (!psock) {
578 psock = ERR_PTR(-ENOMEM);
579 goto out;
580 }
581
582 prot = READ_ONCE(sk->sk_prot);
604326b4 583 psock->sk = sk;
7b219da4
LB		 584 psock->eval = __SK_NONE;
585 psock->sk_proto = prot;
586 psock->saved_unhash = prot->unhash;
587 psock->saved_close = prot->close;
588 psock->saved_write_space = sk->sk_write_space;
604326b4
DB		 589
590 INIT_LIST_HEAD(&psock->link);
591 spin_lock_init(&psock->link_lock);
592
593 INIT_WORK(&psock->work, sk_psock_backlog);
594 INIT_LIST_HEAD(&psock->ingress_msg);
b01fd6e8 595 spin_lock_init(&psock->ingress_lock);
604326b4
DB		 596 skb_queue_head_init(&psock->ingress_skb);
597
598 sk_psock_set_state(psock, SK_PSOCK_TX_ENABLED);
599 refcount_set(&psock->refcnt, 1);
600
f1ff5ce2 601 rcu_assign_sk_user_data_nocopy(sk, psock);
604326b4
DB		 602 sock_hold(sk);
603
7b219da4
LB		 604out:
605 write_unlock_bh(&sk->sk_callback_lock);
604326b4
DB		 606 return psock;
607}
608EXPORT_SYMBOL_GPL(sk_psock_init);
609
610struct sk_psock_link *sk_psock_link_pop(struct sk_psock *psock)
611{
612 struct sk_psock_link *link;
613
614 spin_lock_bh(&psock->link_lock);
615 link = list_first_entry_or_null(&psock->link, struct sk_psock_link,
616 list);
617 if (link)
618 list_del(&link->list);
619 spin_unlock_bh(&psock->link_lock);
620 return link;
621}
622
cd81cefb 623static void __sk_psock_purge_ingress_msg(struct sk_psock *psock)
604326b4
DB		 624{
625 struct sk_msg *msg, *tmp;
626
627 list_for_each_entry_safe(msg, tmp, &psock->ingress_msg, list) {
628 list_del(&msg->list);
629 sk_msg_free(psock->sk, msg);
630 kfree(msg);
631 }
632}
633
634static void sk_psock_zap_ingress(struct sk_psock *psock)
635{
e3526bb9
CW		 636 struct sk_buff *skb;
637
37f0e514 638 while ((skb = skb_dequeue(&psock->ingress_skb)) != NULL) {
e3526bb9
CW		 639 skb_bpf_redirect_clear(skb);
640 kfree_skb(skb);
641 }
b01fd6e8 642 spin_lock_bh(&psock->ingress_lock);
604326b4 643 __sk_psock_purge_ingress_msg(psock);
b01fd6e8 644 spin_unlock_bh(&psock->ingress_lock);
604326b4
DB		 645}
646
647static void sk_psock_link_destroy(struct sk_psock *psock)
648{
649 struct sk_psock_link *link, *tmp;
650
651 list_for_each_entry_safe(link, tmp, &psock->link, list) {
652 list_del(&link->list);
653 sk_psock_free_link(link);
654 }
655}
656
88759609
CW		 657static void sk_psock_done_strp(struct sk_psock *psock);
658
604326b4
DB		 659static void sk_psock_destroy_deferred(struct work_struct *gc)
660{
661 struct sk_psock *psock = container_of(gc, struct sk_psock, gc);
662
663 /* No sk_callback_lock since already detached. */
01489436 664
88759609 665 sk_psock_done_strp(psock);
604326b4
DB		 666
667 cancel_work_sync(&psock->work);
668
669 psock_progs_drop(&psock->progs);
670
671 sk_psock_link_destroy(psock);
672 sk_psock_cork_free(psock);
673 sk_psock_zap_ingress(psock);
674
675 if (psock->sk_redir)
676 sock_put(psock->sk_redir);
677 sock_put(psock->sk);
678 kfree(psock);
679}
680
8063e184 681static void sk_psock_destroy(struct rcu_head *rcu)
604326b4
DB		 682{
683 struct sk_psock *psock = container_of(rcu, struct sk_psock, rcu);
684
685 INIT_WORK(&psock->gc, sk_psock_destroy_deferred);
686 schedule_work(&psock->gc);
687}
604326b4
DB		 688
689void sk_psock_drop(struct sock *sk, struct sk_psock *psock)
690{
604326b4 691 sk_psock_cork_free(psock);
a136678c 692 sk_psock_zap_ingress(psock);
604326b4
DB		 693
694 write_lock_bh(&sk->sk_callback_lock);
95fa1454
JF		 695 sk_psock_restore_proto(sk, psock);
696 rcu_assign_sk_user_data(sk, NULL);
ae8b8332 697 if (psock->progs.stream_parser)
604326b4 698 sk_psock_stop_strp(sk, psock);
ae8b8332 699 else if (psock->progs.stream_verdict)
ef565928 700 sk_psock_stop_verdict(sk, psock);
604326b4
DB		 701 write_unlock_bh(&sk->sk_callback_lock);
702 sk_psock_clear_state(psock, SK_PSOCK_TX_ENABLED);
703
0245b80e 704 call_rcu(&psock->rcu, sk_psock_destroy);
604326b4
DB		 705}
706EXPORT_SYMBOL_GPL(sk_psock_drop);
707
708static int sk_psock_map_verd(int verdict, bool redir)
709{
710 switch (verdict) {
711 case SK_PASS:
712 return redir ? __SK_REDIRECT : __SK_PASS;
713 case SK_DROP:
714 default:
715 break;
716 }
717
718 return __SK_DROP;
719}
720
721int sk_psock_msg_verdict(struct sock *sk, struct sk_psock *psock,
722 struct sk_msg *msg)
723{
724 struct bpf_prog *prog;
725 int ret;
726
604326b4
DB		 727 rcu_read_lock();
728 prog = READ_ONCE(psock->progs.msg_parser);
729 if (unlikely(!prog)) {
730 ret = __SK_PASS;
731 goto out;
732 }
733
734 sk_msg_compute_data_pointers(msg);
735 msg->sk = sk;
3d9f773c 736 ret = bpf_prog_run_pin_on_cpu(prog, msg);
604326b4
DB		 737 ret = sk_psock_map_verd(ret, msg->sk_redir);
738 psock->apply_bytes = msg->apply_bytes;
739 if (ret == __SK_REDIRECT) {
740 if (psock->sk_redir)
741 sock_put(psock->sk_redir);
742 psock->sk_redir = msg->sk_redir;
743 if (!psock->sk_redir) {
744 ret = __SK_DROP;
745 goto out;
746 }
747 sock_hold(psock->sk_redir);
748 }
749out:
750 rcu_read_unlock();
604326b4
DB		 751 return ret;
752}
753EXPORT_SYMBOL_GPL(sk_psock_msg_verdict);
754
93dd5f18 755static void sk_psock_skb_redirect(struct sk_buff *skb)
604326b4
DB		 756{
757 struct sk_psock *psock_other;
758 struct sock *sk_other;
604326b4 759
e3526bb9 760 sk_other = skb_bpf_redirect_fetch(skb);
9047f19e
JF		 761 /* This error is a buggy BPF program, it returned a redirect
762 * return code, but then didn't set a redirect interface.
763 */
ca2f5f21
JF		 764 if (unlikely(!sk_other)) {
765 kfree_skb(skb);
766 return;
767 }
768 psock_other = sk_psock(sk_other);
9047f19e
JF		 769 /* This error indicates the socket is being torn down or had another
770 * error that caused the pipe to break. We can't send a packet on
771 * a socket that is in this state so we drop the skb.
772 */
ca2f5f21
JF		 773 if (!psock_other || sock_flag(sk_other, SOCK_DEAD) ||
774 !sk_psock_test_state(psock_other, SK_PSOCK_TX_ENABLED)) {
775 kfree_skb(skb);
776 return;
777 }
778
9047f19e
JF		 779 skb_queue_tail(&psock_other->ingress_skb, skb);
780 schedule_work(&psock_other->work);
ca2f5f21
JF		 781}
782
0b17ad25 783static void sk_psock_tls_verdict_apply(struct sk_buff *skb, struct sock *sk, int verdict)
e91de6af
JF		 784{
785 switch (verdict) {
786 case __SK_REDIRECT:
0b17ad25 787 skb_set_owner_r(skb, sk);
93dd5f18 788 sk_psock_skb_redirect(skb);
e91de6af
JF		 789 break;
790 case __SK_PASS:
791 case __SK_DROP:
792 default:
793 break;
794 }
795}
796
797int sk_psock_tls_strp_read(struct sk_psock *psock, struct sk_buff *skb)
798{
799 struct bpf_prog *prog;
800 int ret = __SK_PASS;
801
802 rcu_read_lock();
ae8b8332 803 prog = READ_ONCE(psock->progs.stream_verdict);
e91de6af 804 if (likely(prog)) {
0b17ad25
JF		 805 /* We skip full set_owner_r here because if we do a SK_PASS
806 * or SK_DROP we can skip skb memory accounting and use the
807 * TLS context.
808 */
809 skb->sk = psock->sk;
e3526bb9
CW		 810 skb_dst_drop(skb);
811 skb_bpf_redirect_clear(skb);
53334232 812 ret = bpf_prog_run_pin_on_cpu(prog, skb);
e3526bb9 813 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
0b17ad25 814 skb->sk = NULL;
e91de6af 815 }
0b17ad25 816 sk_psock_tls_verdict_apply(skb, psock->sk, ret);
e91de6af 817 rcu_read_unlock();
e91de6af
JF		 818 return ret;
819}
820EXPORT_SYMBOL_GPL(sk_psock_tls_strp_read);
821
ca2f5f21
JF		 822static void sk_psock_verdict_apply(struct sk_psock *psock,
823 struct sk_buff *skb, int verdict)
824{
825 struct sock *sk_other;
9ecbfb06 826 int err = -EIO;
ca2f5f21 827
604326b4 828 switch (verdict) {
51199405
JF		 829 case __SK_PASS:
830 sk_other = psock->sk;
831 if (sock_flag(sk_other, SOCK_DEAD) ||
832 !sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) {
833 goto out_free;
834 }
51199405 835
e3526bb9 836 skb_bpf_set_ingress(skb);
9ecbfb06
JF		 837
838 /* If the queue is empty then we can submit directly
839 * into the msg queue. If its not empty we have to
840 * queue work otherwise we may get OOO data. Otherwise,
841 * if sk_psock_skb_ingress errors will be handled by
842 * retrying later from workqueue.
843 */
844 if (skb_queue_empty(&psock->ingress_skb)) {
6fa9201a 845 err = sk_psock_skb_ingress_self(psock, skb);
9ecbfb06
JF		 846 }
847 if (err < 0) {
848 skb_queue_tail(&psock->ingress_skb, skb);
849 schedule_work(&psock->work);
850 }
cfea28f8 851 break;
604326b4 852 case __SK_REDIRECT:
93dd5f18 853 sk_psock_skb_redirect(skb);
ca2f5f21 854 break;
604326b4 855 case __SK_DROP:
604326b4
DB		 856 default:
857out_free:
858 kfree_skb(skb);
859 }
860}
861
88759609
CW		 862static void sk_psock_write_space(struct sock *sk)
863{
864 struct sk_psock *psock;
865 void (*write_space)(struct sock *sk) = NULL;
866
867 rcu_read_lock();
868 psock = sk_psock(sk);
869 if (likely(psock)) {
870 if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED))
871 schedule_work(&psock->work);
872 write_space = psock->saved_write_space;
873 }
874 rcu_read_unlock();
875 if (write_space)
876 write_space(sk);
877}
878
879#if IS_ENABLED(CONFIG_BPF_STREAM_PARSER)
604326b4
DB		 880static void sk_psock_strp_read(struct strparser *strp, struct sk_buff *skb)
881{
8025751d 882 struct sk_psock *psock;
604326b4
DB		 883 struct bpf_prog *prog;
884 int ret = __SK_DROP;
8025751d 885 struct sock *sk;
604326b4
DB		 886
887 rcu_read_lock();
8025751d
JF		 888 sk = strp->sk;
889 psock = sk_psock(sk);
890 if (unlikely(!psock)) {
891 kfree_skb(skb);
892 goto out;
893 }
0b17ad25 894 skb_set_owner_r(skb, sk);
ae8b8332 895 prog = READ_ONCE(psock->progs.stream_verdict);
604326b4 896 if (likely(prog)) {
e3526bb9
CW		 897 skb_dst_drop(skb);
898 skb_bpf_redirect_clear(skb);
53334232 899 ret = bpf_prog_run_pin_on_cpu(prog, skb);
e3526bb9 900 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
604326b4 901 }
604326b4 902 sk_psock_verdict_apply(psock, skb, ret);
8025751d 903out:
93dd5f18 904 rcu_read_unlock();
604326b4
DB		 905}
906
907static int sk_psock_strp_read_done(struct strparser *strp, int err)
908{
909 return err;
910}
911
912static int sk_psock_strp_parse(struct strparser *strp, struct sk_buff *skb)
913{
5a685cd9 914 struct sk_psock *psock = container_of(strp, struct sk_psock, strp);
604326b4
DB		 915 struct bpf_prog *prog;
916 int ret = skb->len;
917
918 rcu_read_lock();
ae8b8332 919 prog = READ_ONCE(psock->progs.stream_parser);
0b17ad25
JF		 920 if (likely(prog)) {
921 skb->sk = psock->sk;
53334232 922 ret = bpf_prog_run_pin_on_cpu(prog, skb);
0b17ad25
JF		 923 skb->sk = NULL;
924 }
604326b4
DB		 925 rcu_read_unlock();
926 return ret;
927}
928
929/* Called with socket lock held. */
552de910 930static void sk_psock_strp_data_ready(struct sock *sk)
604326b4
DB		 931{
932 struct sk_psock *psock;
933
934 rcu_read_lock();
935 psock = sk_psock(sk);
936 if (likely(psock)) {
e91de6af 937 if (tls_sw_has_ctx_rx(sk)) {
5a685cd9 938 psock->saved_data_ready(sk);
e91de6af
JF		 939 } else {
940 write_lock_bh(&sk->sk_callback_lock);
5a685cd9 941 strp_data_ready(&psock->strp);
e91de6af
JF		 942 write_unlock_bh(&sk->sk_callback_lock);
943 }
604326b4
DB		 944 }
945 rcu_read_unlock();
946}
947
88759609
CW		 948int sk_psock_init_strp(struct sock *sk, struct sk_psock *psock)
949{
950 static const struct strp_callbacks cb = {
951 .rcv_msg = sk_psock_strp_read,
952 .read_sock_done = sk_psock_strp_read_done,
953 .parse_msg = sk_psock_strp_parse,
954 };
955
5a685cd9 956 return strp_init(&psock->strp, sk, &cb);
88759609
CW		 957}
958
959void sk_psock_start_strp(struct sock *sk, struct sk_psock *psock)
960{
5a685cd9 961 if (psock->saved_data_ready)
88759609
CW		 962 return;
963
5a685cd9 964 psock->saved_data_ready = sk->sk_data_ready;
88759609
CW		 965 sk->sk_data_ready = sk_psock_strp_data_ready;
966 sk->sk_write_space = sk_psock_write_space;
88759609
CW		 967}
968
969void sk_psock_stop_strp(struct sock *sk, struct sk_psock *psock)
970{
5a685cd9 971 if (!psock->saved_data_ready)
88759609
CW		 972 return;
973
5a685cd9
CW		 974 sk->sk_data_ready = psock->saved_data_ready;
975 psock->saved_data_ready = NULL;
976 strp_stop(&psock->strp);
88759609
CW		 977}
978
979static void sk_psock_done_strp(struct sk_psock *psock)
980{
981 /* Parser has been stopped */
ae8b8332 982 if (psock->progs.stream_parser)
5a685cd9 983 strp_done(&psock->strp);
88759609
CW		 984}
985#else
986static void sk_psock_done_strp(struct sk_psock *psock)
987{
988}
989#endif /* CONFIG_BPF_STREAM_PARSER */
990
ef565928
JF		 991static int sk_psock_verdict_recv(read_descriptor_t *desc, struct sk_buff *skb,
992 unsigned int offset, size_t orig_len)
993{
994 struct sock *sk = (struct sock *)desc->arg.data;
995 struct sk_psock *psock;
996 struct bpf_prog *prog;
997 int ret = __SK_DROP;
998 int len = skb->len;
999
1000 /* clone here so sk_eat_skb() in tcp_read_sock does not drop our data */
1001 skb = skb_clone(skb, GFP_ATOMIC);
1002 if (!skb) {
1003 desc->error = -ENOMEM;
1004 return 0;
1005 }
1006
1007 rcu_read_lock();
1008 psock = sk_psock(sk);
1009 if (unlikely(!psock)) {
1010 len = 0;
1011 kfree_skb(skb);
1012 goto out;
1013 }
1014 skb_set_owner_r(skb, sk);
ae8b8332 1015 prog = READ_ONCE(psock->progs.stream_verdict);
ef565928 1016 if (likely(prog)) {
e3526bb9
CW		 1017 skb_dst_drop(skb);
1018 skb_bpf_redirect_clear(skb);
53334232 1019 ret = bpf_prog_run_pin_on_cpu(prog, skb);
e3526bb9 1020 ret = sk_psock_map_verd(ret, skb_bpf_redirect_fetch(skb));
ef565928
JF		 1021 }
1022 sk_psock_verdict_apply(psock, skb, ret);
1023out:
1024 rcu_read_unlock();
1025 return len;
1026}
1027
1028static void sk_psock_verdict_data_ready(struct sock *sk)
1029{
1030 struct socket *sock = sk->sk_socket;
1031 read_descriptor_t desc;
1032
1033 if (unlikely(!sock || !sock->ops || !sock->ops->read_sock))
1034 return;
1035
1036 desc.arg.data = sk;
1037 desc.error = 0;
1038 desc.count = 1;
1039
1040 sock->ops->read_sock(sk, &desc, sk_psock_verdict_recv);
1041}
1042
ef565928
JF		 1043void sk_psock_start_verdict(struct sock *sk, struct sk_psock *psock)
1044{
5a685cd9 1045 if (psock->saved_data_ready)
ef565928
JF		 1046 return;
1047
5a685cd9 1048 psock->saved_data_ready = sk->sk_data_ready;
ef565928
JF		 1049 sk->sk_data_ready = sk_psock_verdict_data_ready;
1050 sk->sk_write_space = sk_psock_write_space;
ef565928
JF		 1051}
1052
ef565928
JF		 1053void sk_psock_stop_verdict(struct sock *sk, struct sk_psock *psock)
1054{
5a685cd9 1055 if (!psock->saved_data_ready)
ef565928
JF		 1056 return;
1057
5a685cd9
CW		 1058 sk->sk_data_ready = psock->saved_data_ready;
1059 psock->saved_data_ready = NULL;
ef565928 1060}
Linux 6.x block layer and io_uring tree(s)