lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <2cb8660b-d582-4cef-9c44-80fd6f5c1d6c@linux.dev>
Date: Mon, 30 Sep 2024 18:46:57 +0800
From: Zhu Yanjun <yanjun.zhu@...ux.dev>
To: "D. Wythe" <alibuda@...ux.alibaba.com>, kgraul@...ux.ibm.com,
 wenjia@...ux.ibm.com, jaka@...ux.ibm.com, wintera@...ux.ibm.com,
 guwen@...ux.alibaba.com
Cc: kuba@...nel.org, davem@...emloft.net, netdev@...r.kernel.org,
 linux-s390@...r.kernel.org, linux-rdma@...r.kernel.org,
 tonylu@...ux.alibaba.com, pabeni@...hat.com, edumazet@...gle.com,
 bpf@...r.kernel.org
Subject: Re: [RFC PATCH net-next v2] net/smc: Introduce a hook to modify
 syn_smc at runtime

在 2024/9/30 15:15, D. Wythe 写道:
> 
> 
> On 9/29/24 7:56 PM, Zhu Yanjun wrote:
>> 在 2024/9/27 11:42, D. Wythe 写道:
>>> From: "D. Wythe" <alibuda@...ux.alibaba.com>
>>>
>>> The introduction of IPPROTO_SMC enables eBPF programs to determine
>>> whether to use SMC based on the context of socket creation, such as
>>> network namespaces, PID and comm name, etc.
>>>
>>> As a subsequent enhancement, this patch introduces a new hook for eBPF
>>> programs that allows decisions on whether to use SMC or not at runtime,
>>> including but not limited to local/remote IP address or ports. In
>>> simpler words, this feature allows modifications to syn_smc through eBPF
>>> programs before the TCP three-way handshake got established.
>>>
>>> Thanks to kfunc for making it easier for us to implement this feature in
>>> SMC.
>>>
>>> Signed-off-by: D. Wythe <alibuda@...ux.alibaba.com>
>>>
>>> ---
>>> v1 -> v2:
>>> 1. Fix wrong use of ireq->smc_ok, should be rx_opt->smc_ok.
>>> 2. Fix compile error when CONFIG_IPV6 or CONFIG_BPF_SYSCALL was not set.
>>>
>>> ---
>>>   include/linux/tcp.h  |  4 ++-
>>>   net/ipv4/tcp_input.c |  4 +--
>>>   net/smc/af_smc.c     | 75 +++++++++++++++++++++++++++++++++++++++++ 
>>> +++++------
>>>   3 files changed, 72 insertions(+), 11 deletions(-)
>>>
>>> diff --git a/include/linux/tcp.h b/include/linux/tcp.h
>>> index 6a5e08b..d028d76 100644
>>> --- a/include/linux/tcp.h
>>> +++ b/include/linux/tcp.h
>>> @@ -478,7 +478,9 @@ struct tcp_sock {
>>>   #endif
>>>   #if IS_ENABLED(CONFIG_SMC)
>>>       bool    syn_smc;    /* SYN includes SMC */
>>> -    bool    (*smc_hs_congested)(const struct sock *sk);
>>> +    void    (*smc_openreq_init)(struct request_sock *req,
>>> +                 const struct tcp_options_received *rx_opt,
>>> +                 struct sk_buff *skb, const struct sock *sk);
>>>   #endif
>>>   #if defined(CONFIG_TCP_MD5SIG) || defined(CONFIG_TCP_AO)
>>> diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
>>> index 9f314df..99f34f5 100644
>>> --- a/net/ipv4/tcp_input.c
>>> +++ b/net/ipv4/tcp_input.c
>>> @@ -7036,8 +7036,8 @@ static void tcp_openreq_init(struct 
>>> request_sock *req,
>>>       ireq->ir_num = ntohs(tcp_hdr(skb)->dest);
>>>       ireq->ir_mark = inet_request_mark(sk, skb);
>>>   #if IS_ENABLED(CONFIG_SMC)
>>> -    ireq->smc_ok = rx_opt->smc_ok && !(tcp_sk(sk)->smc_hs_congested &&
>>> -            tcp_sk(sk)->smc_hs_congested(sk));
>>> +    if (rx_opt->smc_ok && tcp_sk(sk)->smc_openreq_init)
>>> +        tcp_sk(sk)->smc_openreq_init(req, rx_opt, skb, sk);
>>>   #endif
>>>   }
>>> diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
>>> index 0316217..fdac7e2b 100644
>>> --- a/net/smc/af_smc.c
>>> +++ b/net/smc/af_smc.c
>>> @@ -70,6 +70,15 @@
>>>   static void smc_tcp_listen_work(struct work_struct *);
>>>   static void smc_connect_work(struct work_struct *);
>>> +__bpf_hook_start();
>>> +
>>> +__weak noinline int select_syn_smc(const struct sock *sk, struct 
>>> sockaddr *peer)
>>> +{
>>> +    return 1;
>>> +}
>>> +
>>> +__bpf_hook_end();
>>> +
>>>   int smc_nl_dump_hs_limitation(struct sk_buff *skb, struct 
>>> netlink_callback *cb)
>>>   {
>>>       struct smc_nl_dmp_ctx *cb_ctx = smc_nl_dmp_ctx(cb);
>>> @@ -156,19 +165,43 @@ static struct sock *smc_tcp_syn_recv_sock(const 
>>> struct sock *sk,
>>>       return NULL;
>>>   }
>>> -static bool smc_hs_congested(const struct sock *sk)
>>> +static void smc_openreq_init(struct request_sock *req,
>>> +                 const struct tcp_options_received *rx_opt,
>>> +                 struct sk_buff *skb, const struct sock *sk)
>>>   {
>>> +    struct inet_request_sock *ireq = inet_rsk(req);
>>> +    struct sockaddr_storage rmt_sockaddr = {0};
>>
>> A trivial problem.
>>
>> The following should be better?
>>
>> struct sockaddr_storage rmt_sockaddr = {};
>>
>> I think, we have discussed this problem in RDMA maillist for several 
>> times.
>>
>> Zhu Yanjun
> 
> 
> This is truly new information to me. Can you provide me with some 
> discussion links?
> Thanks.

It is a trivial problem. This is the link
https://www.spinics.net/lists/linux-rdma/msg119815.html

Zhu Yanjun

> 
> D. Wythe
> 
> 
>>
>>>       const struct smc_sock *smc;
>>>       smc = smc_clcsock_user_data(sk);
>>>       if (!smc)
>>> -        return true;
>>> +        return;
>>> -    if (workqueue_congested(WORK_CPU_UNBOUND, smc_hs_wq))
>>> -        return true;
>>> +    if (smc->limit_smc_hs && workqueue_congested(WORK_CPU_UNBOUND, 
>>> smc_hs_wq))
>>> +        goto out_no_smc;
>>> -    return false;
>>> +    rmt_sockaddr.ss_family = sk->sk_family;
>>> +
>>> +    if (rmt_sockaddr.ss_family == AF_INET) {
>>> +        struct sockaddr_in *rmt4_sockaddr =  (struct sockaddr_in 
>>> *)&rmt_sockaddr;
>>> +
>>> +        rmt4_sockaddr->sin_addr.s_addr = ireq->ir_rmt_addr;
>>> +        rmt4_sockaddr->sin_port    = ireq->ir_rmt_port;
>>> +#if IS_ENABLED(CONFIG_IPV6)
>>> +    } else {
>>> +        struct sockaddr_in6 *rmt6_sockaddr =  (struct sockaddr_in6 
>>> *)&rmt_sockaddr;
>>> +
>>> +        rmt6_sockaddr->sin6_addr = ireq->ir_v6_rmt_addr;
>>> +        rmt6_sockaddr->sin6_port = ireq->ir_rmt_port;
>>> +#endif /* CONFIG_IPV6 */
>>> +    }
>>> +
>>> +    ireq->smc_ok = select_syn_smc(sk, (struct sockaddr 
>>> *)&rmt_sockaddr);
>>> +    return;
>>> +out_no_smc:
>>> +    ireq->smc_ok = 0;
>>> +    return;
>>>   }
>>>   struct smc_hashinfo smc_v4_hashinfo = {
>>> @@ -1671,7 +1704,7 @@ int smc_connect(struct socket *sock, struct 
>>> sockaddr *addr,
>>>       }
>>>       smc_copy_sock_settings_to_clc(smc);
>>> -    tcp_sk(smc->clcsock->sk)->syn_smc = 1;
>>> +    tcp_sk(smc->clcsock->sk)->syn_smc = select_syn_smc(sk, addr);
>>>       if (smc->connect_nonblock) {
>>>           rc = -EALREADY;
>>>           goto out;
>>> @@ -2650,8 +2683,7 @@ int smc_listen(struct socket *sock, int backlog)
>>>       inet_csk(smc->clcsock->sk)->icsk_af_ops = &smc->af_ops;
>>> -    if (smc->limit_smc_hs)
>>> -        tcp_sk(smc->clcsock->sk)->smc_hs_congested = smc_hs_congested;
>>> +    tcp_sk(smc->clcsock->sk)->smc_openreq_init = smc_openreq_init;
>>>       rc = kernel_listen(smc->clcsock, backlog);
>>>       if (rc) {
>>> @@ -3475,6 +3507,24 @@ static void __net_exit 
>>> smc_net_stat_exit(struct net *net)
>>>       .exit = smc_net_stat_exit,
>>>   };
>>> +#if IS_ENABLED(CONFIG_BPF_SYSCALL)
>>> +BTF_SET8_START(bpf_smc_fmodret_ids)
>>> +BTF_ID_FLAGS(func, select_syn_smc)
>>> +BTF_SET8_END(bpf_smc_fmodret_ids)
>>> +
>>> +static const struct btf_kfunc_id_set bpf_smc_fmodret_set = {
>>> +    .owner = THIS_MODULE,
>>> +    .set   = &bpf_smc_fmodret_ids,
>>> +};
>>> +
>>> +static int bpf_smc_kfunc_init(void)
>>> +{
>>> +    return register_btf_fmodret_id_set(&bpf_smc_fmodret_set);
>>> +}
>>> +#else
>>> +static inline int bpf_smc_kfunc_init(void) { return 0; }
>>> +#endif /* CONFIG_BPF_SYSCALL */
>>> +
>>>   static int __init smc_init(void)
>>>   {
>>>       int rc;
>>> @@ -3574,8 +3624,17 @@ static int __init smc_init(void)
>>>           pr_err("%s: smc_inet_init fails with %d\n", __func__, rc);
>>>           goto out_ulp;
>>>       }
>>> +
>>> +    rc = bpf_smc_kfunc_init();
>>> +    if (rc) {
>>> +        pr_err("%s: bpf_smc_kfunc_init fails with %d\n", __func__, rc);
>>> +        goto out_inet;
>>> +    }
>>> +
>>>       static_branch_enable(&tcp_have_smc);
>>>       return 0;
>>> +out_inet:
>>> +    smc_inet_exit();
>>>   out_ulp:
>>>       tcp_unregister_ulp(&smc_ulp_ops);
>>>   out_lo:


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ