Skip to content

Commit d3b18ad

Browse files
jrfastabAlexei Starovoitov
jrfastab
authored and
Alexei Starovoitov
committed
tls: add bpf support to sk_msg handling
This work adds BPF sk_msg verdict program support to kTLS allowing BPF and kTLS to be combined together. Previously kTLS and sk_msg verdict programs were mutually exclusive in the ULP layer which created challenges for the orchestrator when trying to apply TCP based policy, for example. To resolve this, leveraging the work from previous patches that consolidates the use of sk_msg, we can finally enable BPF sk_msg verdict programs so they continue to run after the kTLS socket is created. No change in behavior when kTLS is not used in combination with BPF, the kselftest suite for kTLS also runs successfully. Joint work with Daniel. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Alexei Starovoitov <ast@kernel.org>
1 parent 924ad65 commit d3b18ad

File tree

2 files changed

+414
-66
lines changed

2 files changed

+414
-66
lines changed

include/linux/skmsg.h

Lines changed: 39 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,11 @@ struct sk_msg_sg {
2929
u32 size;
3030
u32 copybreak;
3131
bool copy[MAX_MSG_FRAGS];
32-
struct scatterlist data[MAX_MSG_FRAGS];
32+
/* The extra element is used for chaining the front and sections when
33+
* the list becomes partitioned (e.g. end < start). The crypto APIs
34+
* require the chaining.
35+
*/
36+
struct scatterlist data[MAX_MSG_FRAGS + 1];
3337
};
3438

3539
struct sk_msg {
@@ -112,6 +116,7 @@ void sk_msg_free_partial_nocharge(struct sock *sk, struct sk_msg *msg,
112116
u32 bytes);
113117

114118
void sk_msg_return(struct sock *sk, struct sk_msg *msg, int bytes);
119+
void sk_msg_return_zero(struct sock *sk, struct sk_msg *msg, int bytes);
115120

116121
int sk_msg_zerocopy_from_iter(struct sock *sk, struct iov_iter *from,
117122
struct sk_msg *msg, u32 bytes);
@@ -161,8 +166,9 @@ static inline void sk_msg_clear_meta(struct sk_msg *msg)
161166

162167
static inline void sk_msg_init(struct sk_msg *msg)
163168
{
169+
BUILD_BUG_ON(ARRAY_SIZE(msg->sg.data) - 1 != MAX_MSG_FRAGS);
164170
memset(msg, 0, sizeof(*msg));
165-
sg_init_marker(msg->sg.data, ARRAY_SIZE(msg->sg.data));
171+
sg_init_marker(msg->sg.data, MAX_MSG_FRAGS);
166172
}
167173

168174
static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src,
@@ -174,6 +180,12 @@ static inline void sk_msg_xfer(struct sk_msg *dst, struct sk_msg *src,
174180
src->sg.data[which].offset += size;
175181
}
176182

183+
static inline void sk_msg_xfer_full(struct sk_msg *dst, struct sk_msg *src)
184+
{
185+
memcpy(dst, src, sizeof(*src));
186+
sk_msg_init(src);
187+
}
188+
177189
static inline u32 sk_msg_elem_used(const struct sk_msg *msg)
178190
{
179191
return msg->sg.end >= msg->sg.start ?
@@ -229,6 +241,26 @@ static inline void sk_msg_page_add(struct sk_msg *msg, struct page *page,
229241
sk_msg_iter_next(msg, end);
230242
}
231243

244+
static inline void sk_msg_sg_copy(struct sk_msg *msg, u32 i, bool copy_state)
245+
{
246+
do {
247+
msg->sg.copy[i] = copy_state;
248+
sk_msg_iter_var_next(i);
249+
if (i == msg->sg.end)
250+
break;
251+
} while (1);
252+
}
253+
254+
static inline void sk_msg_sg_copy_set(struct sk_msg *msg, u32 start)
255+
{
256+
sk_msg_sg_copy(msg, start, true);
257+
}
258+
259+
static inline void sk_msg_sg_copy_clear(struct sk_msg *msg, u32 start)
260+
{
261+
sk_msg_sg_copy(msg, start, false);
262+
}
263+
232264
static inline struct sk_psock *sk_psock(const struct sock *sk)
233265
{
234266
return rcu_dereference_sk_user_data(sk);
@@ -245,6 +277,11 @@ static inline void sk_psock_queue_msg(struct sk_psock *psock,
245277
list_add_tail(&msg->list, &psock->ingress_msg);
246278
}
247279

280+
static inline bool sk_psock_queue_empty(const struct sk_psock *psock)
281+
{
282+
return psock ? list_empty(&psock->ingress_msg) : true;
283+
}
284+
248285
static inline void sk_psock_report_error(struct sk_psock *psock, int err)
249286
{
250287
struct sock *sk = psock->sk;

0 commit comments

Comments
 (0)