| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Mar 2023 19:58:54 +0800
From: "D. Wythe" <alibuda@...ux.alibaba.com>
To: Martin KaFai Lau <martin.lau@...ux.dev>
Cc: kuba@...nel.org, davem@...emloft.net, netdev@...r.kernel.org,
linux-s390@...r.kernel.org, linux-rdma@...r.kernel.org,
bpf@...r.kernel.org, kgraul@...ux.ibm.com, wenjia@...ux.ibm.com,
jaka@...ux.ibm.com, ast@...nel.org, daniel@...earbox.net,
andrii@...nel.org
Subject: Re: [PATCH bpf-next v2 2/2] bpf/selftests: add selftest for SMC bpf
capability
On 2/23/23 6:35 AM, Martin KaFai Lau wrote:
> On 2/21/23 4:18 AM, D. Wythe wrote:
>> From: "D. Wythe" <alibuda@...ux.alibaba.com>
>>
>> This PATCH adds a tiny selftest for SMC bpf capability,
>> making decisions on whether to use SMC by collecting
>> certain information from kernel smc sock.
>>
>> Follow the steps below to run this test.
>>
>> make -C tools/testing/selftests/bpf
>> cd tools/testing/selftests/bpf
>> sudo ./test_progs -t bpf_smc
>>
>> Results shows:
>> 18 bpf_smc:OK
>> Summary: 1/0 PASSED, 0 SKIPPED, 0 FAILED
>>
>> Signed-off-by: D. Wythe <alibuda@...ux.alibaba.com>
>> ---
>> tools/testing/selftests/bpf/prog_tests/bpf_smc.c | 39 +++
>> tools/testing/selftests/bpf/progs/bpf_smc.c | 315
>> +++++++++++++++++++++++
>> 2 files changed, 354 insertions(+)
>> create mode 100644 tools/testing/selftests/bpf/prog_tests/bpf_smc.c
>> create mode 100644 tools/testing/selftests/bpf/progs/bpf_smc.c
>>
>> diff --git a/tools/testing/selftests/bpf/prog_tests/bpf_smc.c
>> b/tools/testing/selftests/bpf/prog_tests/bpf_smc.c
>> new file mode 100644
>> index 0000000..b143932
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/prog_tests/bpf_smc.c
>> @@ -0,0 +1,39 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/* Copyright (c) 2019 Facebook */
>
> copy-and-paste left-over...
Sorry for that, but it might be more appropriate to delete it here... 😂
>
>> diff --git a/tools/testing/selftests/bpf/progs/bpf_smc.c
>> b/tools/testing/selftests/bpf/progs/bpf_smc.c
>> new file mode 100644
>> index 0000000..78c7976
>> --- /dev/null
>> +++ b/tools/testing/selftests/bpf/progs/bpf_smc.c
>> @@ -0,0 +1,315 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +
>> +#include <linux/bpf.h>
>> +#include <linux/stddef.h>
>> +#include <linux/smc.h>
>> +#include <stdbool.h>
>> +#include <linux/types.h>
>> +#include <bpf/bpf_helpers.h>
>> +#include <bpf/bpf_core_read.h>
>> +#include <bpf/bpf_tracing.h>
>> +
>> +#define BPF_STRUCT_OPS(name, args...) \
>> + SEC("struct_ops/"#name) \
>> + BPF_PROG(name, args)
>> +
>> +#define SMC_LISTEN (10)
>> +#define SMC_SOCK_CLOSED_TIMING (0)
>> +extern unsigned long CONFIG_HZ __kconfig;
>> +#define HZ CONFIG_HZ
>> +
>> +char _license[] SEC("license") = "GPL";
>> +#define max(a, b) ((a) > (b) ? (a) : (b))
>> +
>> +struct sock_common {
>> + unsigned char skc_state;
>> + __u16 skc_num;
>> +} __attribute__((preserve_access_index));
>> +
>> +struct sock {
>> + struct sock_common __sk_common;
>> + int sk_sndbuf;
>> +} __attribute__((preserve_access_index));
>> +
>> +struct inet_sock {
>> + struct sock sk;
>> +} __attribute__((preserve_access_index));
>> +
>> +struct inet_connection_sock {
>> + struct inet_sock icsk_inet;
>> +} __attribute__((preserve_access_index));
>> +
>> +struct tcp_sock {
>> + struct inet_connection_sock inet_conn;
>> + __u32 rcv_nxt;
>> + __u32 snd_nxt;
>> + __u32 snd_una;
>> + __u32 delivered;
>> + __u8 syn_data:1, /* SYN includes data */
>> + syn_fastopen:1, /* SYN includes Fast Open option */
>> + syn_fastopen_exp:1,/* SYN includes Fast Open exp. option */
>> + syn_fastopen_ch:1, /* Active TFO re-enabling probe */
>> + syn_data_acked:1,/* data in SYN is acked by SYN-ACK */
>> + save_syn:1, /* Save headers of SYN packet */
>> + is_cwnd_limited:1,/* forward progress limited by snd_cwnd? */
>> + syn_smc:1; /* SYN includes SMC */
>> +} __attribute__((preserve_access_index));
>> +
>> +struct socket {
>> + struct sock *sk;
>> +} __attribute__((preserve_access_index));
>
> All these tcp_sock, socket, inet_sock definitions can go away if it
> includes "vmlinux.h". tcp_ca_write_sk_pacing.c is a better example to
> follow. Try to define the "common" (eg. tcp, tc...etc) missing macros
> in bpf_tracing_net.h. The smc specific macros can stay in this file.
Got it, i'll fix this.
>> +static inline struct smc_prediction *smc_prediction_get(const struct
>> smc_sock *smc,
>> + const struct tcp_sock *tp, __u64 tstamp)
>> +{
>> + struct smc_prediction zero = {}, *smc_predictor;
>> + __u16 key;
>> + __u32 gap;
>> + int err;
>> +
>> + err = bpf_core_read(&key, sizeof(__u16),
>> &tp->inet_conn.icsk_inet.sk.__sk_common.skc_num);
>> + if (err)
>> + return NULL;
>> +
>> + /* BAD key */
>> + if (key == 0)
>> + return NULL;
>> +
>> + smc_predictor = bpf_map_lookup_elem(&negotiator_map, &key);
>> + if (!smc_predictor) {
>> + zero.start_tstamp = bpf_jiffies64();
>> + zero.pacing_delta = SMC_PREDICTION_MIN_PACING_DELTA;
>> + bpf_map_update_elem(&negotiator_map, &key, &zero, 0);
>> + smc_predictor = bpf_map_lookup_elem(&negotiator_map, &key);
>> + if (!smc_predictor)
>> + return NULL;
>> + }
>> +
>> + if (tstamp) {
>> + bpf_spin_lock(&smc_predictor->lock);
>> + gap = (tstamp - smc_predictor->start_tstamp) /
>> smc_predictor->pacing_delta;
>> + /* new splice */
>> + if (gap > 0) {
>> + smc_predictor->start_tstamp = tstamp;
>> + smc_predictor->last_rate_of_lcc =
>> + (smc_prediction_calt_rate(smc_predictor) * 7) >> (2
>> + gap);
>> + smc_predictor->closed_long_cc = 0;
>> + smc_predictor->closed_total_cc = 0;
>> + smc_predictor->incoming_long_cc = 0;
>> + }
>> + bpf_spin_unlock(&smc_predictor->lock);
>> + }
>> + return smc_predictor;
>> +}
>> +
>> +/* BPF struct ops for smc protocol negotiator */
>> +struct smc_sock_negotiator_ops {
>> + /* ret for negotiate */
>> + int (*negotiate)(struct smc_sock *smc);
>> +
>> + /* info gathering timing */
>> + void (*collect_info)(struct smc_sock *smc, int timing);
>> +};
>> +
>> +int BPF_STRUCT_OPS(bpf_smc_negotiate, struct smc_sock *smc)
>> +{
>> + struct smc_prediction *smc_predictor;
>> + struct tcp_sock *tp;
>> + struct sock *clcsk;
>> + int ret = SK_DROP;
>> + __u32 rate = 0;
>> +
>> + /* Only make decison during listen */
>> + if (smc->sk.__sk_common.skc_state != SMC_LISTEN)
>> + return SK_PASS;
>> +
>> + clcsk = BPF_CORE_READ(smc, clcsock, sk);
>
> Instead of using bpf_core_read here, why not directly gets the clcsk
> like the 'smc->sk.__sk_common.skc_state' above.
>
>> + if (!clcsk)
>> + goto error;
>> +
>> + tp = tcp_sk(clcsk);
>
> There is a bpf_skc_to_tcp_sock(). Give it a try after changing the
> above BPF_CORE_READ.
Copy that! thanks.
>
>> + if (!tp)
>> + goto error;
>> +
>> + smc_predictor = smc_prediction_get(smc, tp, bpf_jiffies64());
>> + if (!smc_predictor)
>> + return SK_PASS;
>> +
>> + bpf_spin_lock(&smc_predictor->lock);
>> +
>> + if (smc_predictor->incoming_long_cc == 0)
>> + goto out_locked_pass;
>> +
>> + if (smc_predictor->incoming_long_cc >
>> SMC_PREDICTION_MAX_LONGCC_PER_SPLICE) {
>> + ret = 100;
>> + goto out_locked_drop;
>> + }
>> +
>> + rate = smc_prediction_calt_rate(smc_predictor);
>> + if (rate < SMC_PREDICTION_LONGCC_RATE_THRESHOLD) {
>> + ret = 200;
>> + goto out_locked_drop;
>> + }
>> +out_locked_pass:
>> + smc_predictor->incoming_long_cc++;
>> + bpf_spin_unlock(&smc_predictor->lock);
>> + return SK_PASS;
>> +out_locked_drop:
>> + bpf_spin_unlock(&smc_predictor->lock);
>> +error:
>> + return SK_DROP;
>> +}
>> +
>> +void BPF_STRUCT_OPS(bpf_smc_collect_info, struct smc_sock *smc, int
>> timing)
>
> Try to stay with SEC("struct_ops/...") void BPF_PROG(....)
Got it. I have finished this modification in v4.
Powered by blists - more mailing lists