From patchwork Wed Apr 16 23:36:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054611 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1314E238D3B for ; Wed, 16 Apr 2025 23:36:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846598; cv=none; b=LTik5VlH5NugkERaEjxP+PgqTwaXFcYcjA8kahabXtfcxG73KZXiYiVpeYlSJ82DZkm6+/IraDhCWeJ/bGn6afrX2z8/tJRCS0odSjLCq8LberkBh1TJVyqjfRLNM2jkdnc+OWRARTLOnmtBISo/c40B2oBl+F8eaO2SqEY13gw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846598; c=relaxed/simple; bh=KvvIWgxv3s3xE/5AQwoMFofmI1CsY1mFQe9hDQS+7Mo=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=R26P5lBTQVD6dtr8yqSfj7bnrZoZhB8QLIYUwVlIFXRzZFdGniv2cYLpwkagcg0AYSkmA7cNj5+slkQwJdqUgzJrsgrdQ4wVqDQRBbVlwasWhGumqkq7ZLt25bhQh+Rokg8NR3md81BDh1wGRZGNp82nGTUurpJlsjgcWoOJImc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=fBUT0Nc+; arc=none smtp.client-ip=209.85.214.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="fBUT0Nc+" Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-223fd44daf8so400135ad.2 for ; Wed, 16 Apr 2025 16:36:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846596; x=1745451396; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=l38A+kfKiBznAOFQxGDyaUmwG8yyIm3KCv0gC2I/U+U=; b=fBUT0Nc+QL2iNV97vC5tt0BOVkzIODWFCuTW52M5n1CoQIalGCZD9tYJYJHKeNW0vd R+Wc/4CMz3iw7sQeuDkGE7VkLHDrE0g/zCQQWT3uM7hVPU92qZtsvHvVc6uA08y9JIyV vp8/sWgSGUCOeLA/mOeY4iyWCIQpZajWxSgDC6Yy+O7mxFRAAQyH17p/vNpFsPGlSNXb vFEjGIDzH86hU0unbeOQzLVMhDF1a38I16M8/vnOpmqXmZ/Y9HCbSaLQRkESce+7boXd 8vp0HCoSNJ6mBJMLgvkre2lUfEGJApJyVsK8hrI9uUUW3p3pbzpT9fYho0XlHvEwx5b7 cEjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846596; x=1745451396; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=l38A+kfKiBznAOFQxGDyaUmwG8yyIm3KCv0gC2I/U+U=; b=kv/SLTYoc9db0+MyzGh7WhwHJnvtVJa2QTPdaZXOR5jqz8beVqtXLf3H0rZMna8Wnb e26mvPdpg1u4rK5OwLfXkNgBD9ouwSP/i28dzwsAnKGIIrQHr4VTHAeAjoEmcyprknv3 5fLH1O02qbQnog+1Q2KTgaRaQgj9eDpb7+SGsrxB2ToPs+wdkBYE9Hsv2vXEuxN6prOn S121TnI2g9INWMvRdGj/NCrLXQvI6JSxTYggyYBJ121ETpM8yT1YHlYMOweR5bYsPpT6 OzIs01+yx5ehBvZTuWCoofRRb0B/dEJ88CcxiT/+xBsIlHZtpYTHo2P9+S2jsb0MCARP 4laA== X-Forwarded-Encrypted: i=1; AJvYcCXTADynz8zBkemQziCgCNas55yDXeY+MLdTxZ0BVPKDj8sRntTBhijq+2noJBpG2ESjASA=@vger.kernel.org X-Gm-Message-State: AOJu0YzGci9qC0ob7eJAFIvurKMV/ML+rYOvcvghxO4SVTAdWf+RGdaW t5eNyskTrXkLooUprIqtNN6ln+0GgIzKZ9q66EUhu52VSDbDIOTd1xV3Xv6H18A= X-Gm-Gg: ASbGnct3D7irTePQD3R/fksWQOIOs1Ff0Ny5FoAxp4CF7UgLg69xrkX1FR9Drq6FyY9 Chytnz3UURaNqe0Od5UgsszUw4ke7Sw6Se8BwxS3HSUQvCJPq+EdTAcHAS6OrWg+cPEYjLycvlY r4eJdbTPi3pm7aQxJXxW5mEPeiONACUT/ZvWe5edXPVnT90ClUz3+drmEptqbOlPEdrK1XzAwLO eR/Cuoy/ale9ZGnk6ehYqJ9Fc5v9cAVOn6Uif97nMWm714v7IuRKunAOWkxisofTcK5xWzPFcUt Hklk+5scKjdDEggI9NALCK1Dij/431Licl4qKLR+ X-Google-Smtp-Source: AGHT+IHTkXiguznErw50OU6KJAKk3cHRFD6nf8Oh/mRUgH0iT/11xftzybo7vJMwxq2Y7xsN8rpe2Q== X-Received: by 2002:a17:903:3ba4:b0:21d:cdb7:876c with SMTP id d9443c01a7336-22c3f9ad469mr8572595ad.3.1744846596319; Wed, 16 Apr 2025 16:36:36 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:35 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 1/6] bpf: udp: Make mem flags configurable through bpf_iter_udp_realloc_batch Date: Wed, 16 Apr 2025 16:36:16 -0700 Message-ID: <20250416233622.1212256-2-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Prepare for the next two patches which need to be able to choose either GFP_USER or GFP_ATOMIC for calls to bpf_iter_udp_realloc_batch by making memory flags configurable. Signed-off-by: Jordan Rife Reviewed-by: Kuniyuki Iwashima --- net/ipv4/udp.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index d0bffcfa56d8..0ac31dec339a 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -3395,7 +3395,7 @@ struct bpf_udp_iter_state { }; static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter, - unsigned int new_batch_sz); + unsigned int new_batch_sz, int flags); static struct sock *bpf_iter_udp_batch(struct seq_file *seq) { struct bpf_udp_iter_state *iter = seq->private; @@ -3471,7 +3471,8 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) iter->st_bucket_done = true; goto done; } - if (!resized && !bpf_iter_udp_realloc_batch(iter, batch_sks * 3 / 2)) { + if (!resized && !bpf_iter_udp_realloc_batch(iter, batch_sks * 3 / 2, + GFP_USER)) { resized = true; /* After allocating a larger batch, retry one more time to grab * the whole bucket. @@ -3825,12 +3826,12 @@ DEFINE_BPF_ITER_FUNC(udp, struct bpf_iter_meta *meta, struct udp_sock *udp_sk, uid_t uid, int bucket) static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter, - unsigned int new_batch_sz) + unsigned int new_batch_sz, int flags) { struct sock **new_batch; new_batch = kvmalloc_array(new_batch_sz, sizeof(*new_batch), - GFP_USER | __GFP_NOWARN); + flags | __GFP_NOWARN); if (!new_batch) return -ENOMEM; @@ -3853,7 +3854,7 @@ static int bpf_iter_init_udp(void *priv_data, struct bpf_iter_aux_info *aux) if (ret) return ret; - ret = bpf_iter_udp_realloc_batch(iter, INIT_BATCH_SZ); + ret = bpf_iter_udp_realloc_batch(iter, INIT_BATCH_SZ, GFP_USER); if (ret) bpf_iter_fini_seq_net(priv_data); From patchwork Wed Apr 16 23:36:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054612 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 627502459F4 for ; Wed, 16 Apr 2025 23:36:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846599; cv=none; b=mtxOyl6j2w4fSkmrIUjK6KDSVuEpezwYas448eh+A8H4y1e9qh9LnXIElMBK3B7U8hRAAUyqg3Aw8oLsV23j8kQuoM7A8nc61SQPDr59lIqaka2qwwhjqHucjTC/WGdVBehM13p6cdHIS+bTe3UiD/CXzYFOyjERgtw8BNkoVzg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846599; c=relaxed/simple; bh=T4u93ZK4i6nXowiYmrKs91AuEqAj01f9tIHi5qvZZRI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SJDwZgQIhvgR3680qhAQKQYBIGfMFBaFi2TQlGXn7ATEGeuqyl4cYb7+r+Qsz89tJ3Ywl1txctXk8LEO+fffhvYSVRmXbJFEbGDpYhx/1yb6/UPmUFcEIR2asm2YciSS9YlFTeQBnidlvBJiOzqNXa7n8dzslwENnCk3Zc2/9pc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=DE5AYBdx; arc=none smtp.client-ip=209.85.210.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="DE5AYBdx" Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-7393eab4a75so29559b3a.2 for ; Wed, 16 Apr 2025 16:36:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846597; x=1745451397; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8CU78l3KYCqubxrwFxUXf4O9o6ESmLMh5YiQPMirX7Y=; b=DE5AYBdxsml7PSOEFHXR/k3NCrt8YYnZCoZ1P3yS4y7qC6kedxoJsmZXbQjeZW/QGq H3rqIYQIGu4inr0xESD2bbGp1ktBr15RrOVKthhDkmz3rJ5XwY5wJKgqBEtSSJJW6btF ii8fGhEFIGUo3bYq490is3kzRlAEBbfETkcYutKPunQdpHonkLpUIqk7kQhQile99OLA /eehbQnMllTYkOwWBXQTvTJJB2QTMHArDADBGxBS5I5QptOhZdk2aKlhU5lYklR02Jtr 6JsIYBLxxfrJPhOb1nw9IVbGw6jSfET5IHewtHwoquqAkFziY9mD04ueMXa81X1teOX9 X6jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846597; x=1745451397; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8CU78l3KYCqubxrwFxUXf4O9o6ESmLMh5YiQPMirX7Y=; b=VUKX6dr3vtD1G2pDZCgFw7lYFD51OnScPyY7U3PbfL2MAjNkIb9SItVbqw+m2JEu6k rrTuMv0uIwuF9kFPlD01cc4NN/3VVO2GUmJlTFiTXYY18LcPl4t+YPiLWpMz3Ay8/cFM DcQNqmwNZf87InZ0WEOWcqVGEuSru9V4co0g8Dsd5pTWHoEM6IS28yhR1FphukxKdm6R FHL3fywf5hapfp94Q7p5XGxUGXpgyORFfy9+rpRSL6oo/eRrgJny5HeFaUZi2pnibHjr mpPgP64ewvBColDp36ZUCMHLH1TVBg+KW+gjaszXlLk7VNXxkKpVtA7DvrH6icomdngq ehMw== X-Forwarded-Encrypted: i=1; AJvYcCUxWmu6BOTS5P7An9mLRgFRh/ZlG2g5ra+AtYd2UCQ8QBDSqi7kBH4CBq3NkfUeNnRmQrA=@vger.kernel.org X-Gm-Message-State: AOJu0YyR9vWueDTf03my2AScWIEurxM/fA7WqQqCsOS6pf8sSjMG+Rt9 p//wnTrKR9xsLANETAjVXhn2MsVcNOzusdyC6BHHDWGgxjMNYGKA8tKZICL+McTf1e4iy6x+87u qfxM= X-Gm-Gg: ASbGncuGaYzrK6f4L1lJNVPeDb/zuLrrdGeB3/NHNNYSt/PAVj2rZtX/WCNZlODz/bD MtqZnIgZoSsPm3tfugTXqWVOp1f3EhV1Ko6Da1FEHF2KVVIzugwD48tyztTY8/dIQg2gcs6cIr2 GHvWDFL2CpP8cDvfEMb+G2KKjaThQbJVAvcrWFtDftcMCL8blvDfKsQjLz/PDBiZtfM0a42ALcD OAuSXeu8dSjylzYoXyvnhBfLfQCdzDH9QtbSQaPk9lrTRuistGKk9WB0pLOI8PEqx1gxcBsdEKm weTVXA5F4Mz05+JEBvqm7NcbExQ/pg== X-Google-Smtp-Source: AGHT+IFoTfKhWq7MvMwiRy0WQ4sULiT7A/Tqk3HaQunebL2abV0nZBjDhaQ98zdvgBb6fsIZpzdssw== X-Received: by 2002:a17:90b:4b08:b0:305:5f20:b28c with SMTP id 98e67ed59e1d1-3086d444463mr966294a91.5.1744846597432; Wed, 16 Apr 2025 16:36:37 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:37 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 2/6] bpf: udp: Make sure iter->batch always contains a full bucket snapshot Date: Wed, 16 Apr 2025 16:36:17 -0700 Message-ID: <20250416233622.1212256-3-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Require that iter->batch always contains a full bucket snapshot. This invariant is important to avoid skipping or repeating sockets during iteration when combined with the next few patches. Before, there were two cases where a call to bpf_iter_udp_batch may only capture part of a bucket: 1. When bpf_iter_udp_realloc_batch() returns -ENOMEM [1]. 2. When more sockets are added to the bucket while calling bpf_iter_udp_realloc_batch(), making the updated batch size insufficient [2]. In cases where the batch size only covers part of a bucket, it is possible to forget which sockets were already visited, especially if we have to process a bucket in more than two batches. This forces us to choose between repeating or skipping sockets, so don't allow this: 1. Stop iteration and propagate -ENOMEM up to userspace if reallocation fails instead of continuing with a partial batch. 2. Retry bpf_iter_udp_realloc_batch() up to two times if we fail to capture the full bucket. On the third attempt, hold onto the bucket lock (hslot2->lock) through bpf_iter_udp_realloc_batch() with GFP_ATOMIC to guarantee that the bucket size doesn't change before our next attempt. Try with GFP_USER first to improve the chances that memory allocation succeeds; only use GFP_ATOMIC as a last resort. Testing all scenarios directly is a bit difficult, but I did some manual testing to exercise the code paths where GFP_ATOMIC is used and where where ERR_PTR(err) is returned to make sure there are no deadlocks. I used the realloc test case included later in this series to trigger a scenario where a realloc happens inside bpf_iter_udp_realloc_batch and made a small code tweak to force the first two realloc attempts to allocate a too-small buffer, thus requiring another attempt until the GFP_ATOMIC case is hit. Some printks showed three reallocs with the tests passing: Apr 16 00:08:32 crow kernel: go again (mem_flags=GFP_USER) Apr 16 00:08:32 crow kernel: go again (mem_flags=GFP_USER) Apr 16 00:08:32 crow kernel: go again (mem_flags=GFP_ATOMIC) With this setup, I also forced bpf_iter_udp_realloc_batch to return -ENOMEM on one of the retries to ensure that iteration ends and that the read() in userspace fails, forced the hlist_empty condition to be true on the GFP_ATOMIC pass to test the first WARN_ON_ONCE condition code path, and walked back iter->end_sk on the GFP_ATOMIC pass to test the second WARN_ON_ONCE condition code path. In each case, locks were released and the loop terminated. [1]: https://lore.kernel.org/bpf/CABi4-ogUtMrH8-NVB6W8Xg_F_KDLq=yy-yu-tKr2udXE2Mu1Lg@mail.gmail.com/ [2]: https://lore.kernel.org/bpf/7ed28273-a716-4638-912d-f86f965e54bb@linux.dev/ Signed-off-by: Jordan Rife Suggested-by: Martin KaFai Lau --- net/ipv4/udp.c | 57 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 44 insertions(+), 13 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 0ac31dec339a..4802d3fa37ed 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -3377,6 +3377,7 @@ int udp4_seq_show(struct seq_file *seq, void *v) } #ifdef CONFIG_BPF_SYSCALL +#define MAX_REALLOC_ATTEMPTS 3 struct bpf_iter__udp { __bpf_md_ptr(struct bpf_iter_meta *, meta); __bpf_md_ptr(struct udp_sock *, udp_sk); @@ -3401,11 +3402,13 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) struct bpf_udp_iter_state *iter = seq->private; struct udp_iter_state *state = &iter->state; struct net *net = seq_file_net(seq); + int resizes = MAX_REALLOC_ATTEMPTS; int resume_bucket, resume_offset; struct udp_table *udptable; unsigned int batch_sks = 0; - bool resized = false; + spinlock_t *lock = NULL; struct sock *sk; + int err = 0; resume_bucket = state->bucket; resume_offset = iter->offset; @@ -3433,10 +3436,13 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) struct udp_hslot *hslot2 = &udptable->hash2[state->bucket].hslot; if (hlist_empty(&hslot2->head)) - continue; + goto next_bucket; iter->offset = 0; - spin_lock_bh(&hslot2->lock); + if (!lock) { + lock = &hslot2->lock; + spin_lock_bh(lock); + } udp_portaddr_for_each_entry(sk, &hslot2->head) { if (seq_sk_match(seq, sk)) { /* Resume from the last iterated socket at the @@ -3454,15 +3460,26 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) batch_sks++; } } - spin_unlock_bh(&hslot2->lock); if (iter->end_sk) break; +next_bucket: + /* Somehow the bucket was emptied or all matching sockets were + * removed while we held onto its lock. This should not happen. + */ + if (WARN_ON_ONCE(!resizes)) + /* Best effort; reset the resize budget and move on. */ + resizes = MAX_REALLOC_ATTEMPTS; + if (lock) + spin_unlock_bh(lock); + lock = NULL; } /* All done: no batch made. */ if (!iter->end_sk) - return NULL; + goto done; + + sk = iter->batch[0]; if (iter->end_sk == batch_sks) { /* Batching is done for the current bucket; return the first @@ -3471,16 +3488,30 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) iter->st_bucket_done = true; goto done; } - if (!resized && !bpf_iter_udp_realloc_batch(iter, batch_sks * 3 / 2, - GFP_USER)) { - resized = true; - /* After allocating a larger batch, retry one more time to grab - * the whole bucket. - */ - goto again; + + /* Somehow the batch size still wasn't big enough even though we held + * a lock on the bucket. This should not happen. + */ + if (WARN_ON_ONCE(!resizes)) + goto done; + + resizes--; + if (resizes) { + spin_unlock_bh(lock); + lock = NULL; + } + err = bpf_iter_udp_realloc_batch(iter, batch_sks * 3 / 2, + resizes ? GFP_USER : GFP_ATOMIC); + if (err) { + sk = ERR_PTR(err); + goto done; } + + goto again; done: - return iter->batch[0]; + if (lock) + spin_unlock_bh(lock); + return sk; } static void *bpf_iter_udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) From patchwork Wed Apr 16 23:36:18 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054613 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5422824BBF6 for ; Wed, 16 Apr 2025 23:36:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.52 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846600; cv=none; b=k7BzqXYb+L/UsZopqva9K9CqyrLqGojqqwrIo1jq+PPhZQ2O4865fOVmKQz4BhLiyUOdpeRCf+cgBXZF3SQl0bnom5eeBj6bGXhGJ1O6cGwONLeOhneAYAzW5DHBz2Vx0L21SjA34gzoP6mri/I0Qo4tDzU5M8x6kf3YWZ0Wl5Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846600; c=relaxed/simple; bh=zaE+396ROcTWAjcHFPe2BtH+pcEEuQFFjnAb9+BfFg4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=tdksMfgGFgV7zsK3h5OqDcJlsr7ZMXESBh+Nm7CDRlgJ/I/NFwMNK3BNZG6qXPL2H8qtZ7T8wy4YBoE7UcfRZKDepmkpmASbZCZZDn6Cc1+7+EVihGSkh28m30XR/dXxdf8mCwVRmvlhdZ2mmPVjZ9Hes6htBTN+App8bMAIxTc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=cX2vhnb1; arc=none smtp.client-ip=209.85.216.52 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="cX2vhnb1" Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-2ff62f9b6e4so26104a91.0 for ; Wed, 16 Apr 2025 16:36:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846598; x=1745451398; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pZ7SLZCLGXYTHRW+/oBLz9DzTLKdwrsn+Bb6jL5W9/U=; b=cX2vhnb1TA6QCWTkrXno73tJo8GDJWd8Lrm3rXuOjQMdb3GGt8PgS7HkYi45I4Fke2 zia0Ma5hWIyYwP4yvZ9MNkkY6qpRpfPPeyqMpkW2XjVlXvvcpPF+Kc9jaUFF87Xgl5DV 5OpLX8Ngvw+feCGQqzAYzvJduc/5o/G0Rg4AKZrx9jTHS1hjp4Sj0o6kH261R0BNhFIJ 5kkgknrKl3yy4Md9NubWuxmgGdNIH2H6B/yCDKqL5nfNATkEF7V3bT6J1SOnOoLGDwZS +8Psp9hfBmTafpk3Jj3eUfTh6k2QzRj1J1CWJo0MTgO3if2Cak/PskiD7lN3O2P+XeF2 t8BQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846598; x=1745451398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pZ7SLZCLGXYTHRW+/oBLz9DzTLKdwrsn+Bb6jL5W9/U=; b=Hk+0OJ8inNoeG6vSs0VUOpjQwFakDNJX8vYdGPuQvfb+JVW8sWKKYkHaVLQ8CCXUu/ jzcbK6wSaf1e8vuKlJjyeIWq3V5PWOJCJL/5E30USK2HiOTzxJaQovwfsAUNx7NZPczw aTBPEhoXRMXJ8zNmESjyvVkubCiO5vRn8GNF1DuYkvPkO1yJDwgfFmKPdrtDHJuxdsuK l3LQzuJWgK0Eh21Jndw4EQPtvznNBi/WwIaLKGiwAQhFHFBlAnNsaU0fsRQx7BfiUYGk hnHEhEvqzJ4aT6P8jQuR1z/NXcCNZ2aeFsdy+vW9iQHBwrnXolIKJt8hciPiZ2DGS8OE 8QyQ== X-Forwarded-Encrypted: i=1; AJvYcCWnhjL6Cn26P1cBz5CG+ekL4zTfDn9JqXcQZziHEMRrf9hBGHLzMPpv8iGtd418V3exjW8=@vger.kernel.org X-Gm-Message-State: AOJu0YyT29rQp7qGbaqtLItGr3NF3iK2ZVQI8vu8lgi9nIyatNZVBw0S fbV0rBTHya9/XyguuxiG5TMEcyOAdaDEJrrg0ISIoGazB3jr6O1Cj+5awTF9a5o= X-Gm-Gg: ASbGncuLQUe7T4f6t+gBLKLoSdUcJ4sUzxvlWaO0vAyXNkBPv8ehW8y9Ekd0vhe4CGy 3Ii7+uF/mqFx7h5umJMD7D3reiu4bqj0NYzgmxW9KthTUQkYqDZXxWvfVOI0ve0WC276wtVNLhH K9P5/QNWaeLsdxU9ThJkL0YET7rT72hazYX+EKHuCQPM1sO+bj4SnxVJj7X7kx9XnGkO4DJMFrA yiGMlTtv6IgLDutX6kl8eGGWePSOR691pH3cQ5lVLXI4hEa24XYsceWj7ACyr1CDStK/FxcCNu7 xkCpV/BEXmUHmiasAcdYGBBTXw1q2Q== X-Google-Smtp-Source: AGHT+IEy+ZlYYSjCwQTYAtozEIj2xsPa9bStRoPqXdQNWUMFyZVp69PgubRYmOZ1R5A+TsxwMVgNJQ== X-Received: by 2002:a17:90b:4d10:b0:2ff:78dd:2875 with SMTP id 98e67ed59e1d1-3086d45a927mr792822a91.5.1744846598511; Wed, 16 Apr 2025 16:36:38 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:38 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 3/6] bpf: udp: Use bpf_udp_iter_batch_item for bpf_udp_iter_state batch items Date: Wed, 16 Apr 2025 16:36:18 -0700 Message-ID: <20250416233622.1212256-4-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Prepare for the next patch that tracks cookies between iterations by converting struct sock **batch to union bpf_udp_iter_batch_item *batch inside struct bpf_udp_iter_state. Signed-off-by: Jordan Rife Reviewed-by: Kuniyuki Iwashima --- net/ipv4/udp.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 4802d3fa37ed..bcbee5cbb504 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -3385,13 +3385,17 @@ struct bpf_iter__udp { int bucket __aligned(8); }; +union bpf_udp_iter_batch_item { + struct sock *sock; +}; + struct bpf_udp_iter_state { struct udp_iter_state state; unsigned int cur_sk; unsigned int end_sk; unsigned int max_sk; int offset; - struct sock **batch; + union bpf_udp_iter_batch_item *batch; bool st_bucket_done; }; @@ -3455,7 +3459,7 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) } if (iter->end_sk < iter->max_sk) { sock_hold(sk); - iter->batch[iter->end_sk++] = sk; + iter->batch[iter->end_sk++].sock = sk; } batch_sks++; } @@ -3479,7 +3483,7 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) if (!iter->end_sk) goto done; - sk = iter->batch[0]; + sk = iter->batch[0].sock; if (iter->end_sk == batch_sks) { /* Batching is done for the current bucket; return the first @@ -3523,7 +3527,7 @@ static void *bpf_iter_udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) * done with seq_show(), so unref the iter->cur_sk. */ if (iter->cur_sk < iter->end_sk) { - sock_put(iter->batch[iter->cur_sk++]); + sock_put(iter->batch[iter->cur_sk++].sock); ++iter->offset; } @@ -3531,7 +3535,7 @@ static void *bpf_iter_udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) * available in the current bucket batch. */ if (iter->cur_sk < iter->end_sk) - sk = iter->batch[iter->cur_sk]; + sk = iter->batch[iter->cur_sk].sock; else /* Prepare a new batch. */ sk = bpf_iter_udp_batch(seq); @@ -3596,7 +3600,7 @@ static int bpf_iter_udp_seq_show(struct seq_file *seq, void *v) static void bpf_iter_udp_put_batch(struct bpf_udp_iter_state *iter) { while (iter->cur_sk < iter->end_sk) - sock_put(iter->batch[iter->cur_sk++]); + sock_put(iter->batch[iter->cur_sk++].sock); } static void bpf_iter_udp_seq_stop(struct seq_file *seq, void *v) @@ -3859,7 +3863,7 @@ DEFINE_BPF_ITER_FUNC(udp, struct bpf_iter_meta *meta, static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter, unsigned int new_batch_sz, int flags) { - struct sock **new_batch; + union bpf_udp_iter_batch_item *new_batch; new_batch = kvmalloc_array(new_batch_sz, sizeof(*new_batch), flags | __GFP_NOWARN); From patchwork Wed Apr 16 23:36:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054614 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F31424BC18 for ; Wed, 16 Apr 2025 23:36:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.53 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846602; cv=none; b=k5swJH4R1wDWeoh9egHmYiSTvLRRsR7IQuNHfxeBdhGzUFPuujXPhOYY7M/SHeUz4XicHHC3uxQT8kbB/UrAzyIe6Vvb/SKQ9H7VWa9prvD/MGzUCsOUUVOpiFsJigyfY4kHNnyrx9hhnRKPKZPjZLG2h91W0csaaTtv8Em2BaU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846602; c=relaxed/simple; bh=bUFOWvMoUKJYHlZIdNMIysvu0TspbyBzFdL58cqcIIQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=kCOyMf8iHua2Y9QhOAAZP0xHxKZDW+WK2d7+1WFFS9DkjrcP7NXlC1AoMG8iJmqRujoSXoT2rsFXjYamZ+dlGH5AeylOf6BnCyt4lozWSL0ix7iXLpKxLdbpyfRC9NuSBWwAzsi4QtwxdrhmcYVILxwC6/AP1dpjZiapJA8sJOw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=nY7J7Q/A; arc=none smtp.client-ip=209.85.216.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="nY7J7Q/A" Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-2ff62f9b6e4so26106a91.0 for ; Wed, 16 Apr 2025 16:36:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846600; x=1745451400; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=YOFGCskrGuqxeuMelYkFo5dOAfEDvjGh2tyjWMV1Nwo=; b=nY7J7Q/AJ4aREuQAl40ZTGvoOJ1I13+2gZeLYWIgMzkOJq+XWUegdEBYYWDtlWXvK8 +f4zKViX8k8sLAKLo/rf8VwoXT6xW4ffV4kWgPLW9wv4zgHXpwsenyn2SFMPkAFG8Flt 6QlZDnDgviGT7m9l9VDXx6jb+vJlpAPN5YX/kZMzDlPl5T8AjSdzE1rvpHYnsVfAnfkx UrqA+hUjB2YeHH8xWr7PxxYKmVfxCwjcd8goePUxWnMXY3K4K7tTbkfQDtoimfvYfpd3 5Xut8bJ073SGDJ7IV5r6T9LMx5bqlLuY8wNl/d9QArLKUwAl1l15SVAgHqllF7Hgr9GK 7HPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846600; x=1745451400; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=YOFGCskrGuqxeuMelYkFo5dOAfEDvjGh2tyjWMV1Nwo=; b=hVGU+qwRtJmaqS1F7r8k+cqf6dnyGh67Rbi0e2TkLasl6yaO/iSjrDxSbRSP6CkXAN Qxt2KcOeJbTPfb9KOE7fH1qSc4QNvNp2zYkp4F8AQrj7E0YJKkEu7HmozgecHChJJjxw KNoxMrg2iTf/ArPJ9D4pIW4Repp9Z8dj6Xx2hcSdNFyPr/GfpymrdOdTIGmKInb9k4Nt uLLFTSh/6va7Ns50Ay2S5SD/O0NI6LS+B1q6CsrdQmgIqar7UrmuJVAzkKR/y/943pSY ttyLIOGwdV0d2kusBWVpl1qJAxCyIpyBf0UFWjZ0dOVcZJb4viUP+PZWmL5zUpr+gwN/ pV/A== X-Forwarded-Encrypted: i=1; AJvYcCWavdcS2II7edNsTFSqDaIZD1N3PwRdflv8GKFHzynb8PK+G09QFwqw/H/75oG2DMsT37Y=@vger.kernel.org X-Gm-Message-State: AOJu0YzIGkrqLEB0zw3/QkOuRVctbx2RxEwBIRrDIOtqcg4bKpsTEbq1 cozvEsHWvfmUprOCu+BNLjhnDZCRUUzkJOs9OS98oPo1E5nsJ2AEjwGaqy2Qv8Q= X-Gm-Gg: ASbGncsLEM9cseFUx35TYFcUjNhf6gRqxE0Hb7ZU8bibvq0+4Lml6mMv7F+7Vl6MHqc TueIZEuU3muhih7yUv5ufkzh13YDYLbm2H+w7m1bHMpEif3H7cstOzlke4ZVpWMvmxMlsixtSE3 1SFzSmeBjgeU/qu1ecalmUjX8TPa6A3Hsm/Zqj1LCHLTOd7fEZcOSMqedNyKxKkiCrCB/ivvdV6 LGiB5fnNBNV5wn98AkdIl2sZo8fMAhBbcP2H6PnmCuMraZShbF8m7tvga2ib5OIXj0kd2FVfGrq fBSJAm9HRra0XMzL+elCPJA0Q/TYIpSVKleQ12CI X-Google-Smtp-Source: AGHT+IHNQgfjOgZH8VWVCeH/LSswEkVgEdCmHlJw0O+qgfADcxG7PTCeol9q9rtLEr8Fe0u3Y18uYg== X-Received: by 2002:a17:90b:4c4c:b0:305:5f25:59ad with SMTP id 98e67ed59e1d1-3086d47823bmr783331a91.7.1744846599598; Wed, 16 Apr 2025 16:36:39 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:39 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 4/6] bpf: udp: Avoid socket skips and repeats during iteration Date: Wed, 16 Apr 2025 16:36:19 -0700 Message-ID: <20250416233622.1212256-5-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Replace the offset-based approach for tracking progress through a bucket in the UDP table with one based on socket cookies. Remember the cookies of unprocessed sockets from the last batch and use this list to pick up where we left off or, in the case that the next socket disappears between reads, find the first socket after that point that still exists in the bucket and resume from there. In order to make the control flow a bit easier to follow inside bpf_iter_udp_batch, introduce the udp_portaddr_for_each_entry_from macro and use this to split bucket processing into two stages: finding the starting point and adding items to the next batch. Originally, I implemented this patch inside a single udp_portaddr_for_each_entry loop, as it was before, but I found the resulting logic a bit messy. Overall, this version seems more readable. Signed-off-by: Jordan Rife --- include/linux/udp.h | 3 ++ net/ipv4/udp.c | 77 ++++++++++++++++++++++++++++++++++----------- 2 files changed, 62 insertions(+), 18 deletions(-) diff --git a/include/linux/udp.h b/include/linux/udp.h index 0807e21cfec9..a69da9c4c1c5 100644 --- a/include/linux/udp.h +++ b/include/linux/udp.h @@ -209,6 +209,9 @@ static inline void udp_allow_gso(struct sock *sk) #define udp_portaddr_for_each_entry(__sk, list) \ hlist_for_each_entry(__sk, list, __sk_common.skc_portaddr_node) +#define udp_portaddr_for_each_entry_from(__sk) \ + hlist_for_each_entry_from(__sk, __sk_common.skc_portaddr_node) + #define udp_portaddr_for_each_entry_rcu(__sk, list) \ hlist_for_each_entry_rcu(__sk, list, __sk_common.skc_portaddr_node) diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index bcbee5cbb504..de698138bbe9 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -93,6 +93,7 @@ #include #include #include +#include #include #include #include @@ -3387,6 +3388,7 @@ struct bpf_iter__udp { union bpf_udp_iter_batch_item { struct sock *sock; + __u64 cookie; }; struct bpf_udp_iter_state { @@ -3394,28 +3396,44 @@ struct bpf_udp_iter_state { unsigned int cur_sk; unsigned int end_sk; unsigned int max_sk; - int offset; union bpf_udp_iter_batch_item *batch; bool st_bucket_done; }; static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter, unsigned int new_batch_sz, int flags); +static struct sock *bpf_iter_udp_resume(struct sock *first_sk, + union bpf_udp_iter_batch_item *cookies, + int n_cookies) +{ + struct sock *sk = NULL; + int i = 0; + + for (; i < n_cookies; i++) { + sk = first_sk; + udp_portaddr_for_each_entry_from(sk) + if (cookies[i].cookie == atomic64_read(&sk->sk_cookie)) + goto done; + } +done: + return sk; +} + static struct sock *bpf_iter_udp_batch(struct seq_file *seq) { struct bpf_udp_iter_state *iter = seq->private; struct udp_iter_state *state = &iter->state; + unsigned int find_cookie, end_cookie = 0; struct net *net = seq_file_net(seq); int resizes = MAX_REALLOC_ATTEMPTS; - int resume_bucket, resume_offset; struct udp_table *udptable; unsigned int batch_sks = 0; spinlock_t *lock = NULL; + int resume_bucket; struct sock *sk; int err = 0; resume_bucket = state->bucket; - resume_offset = iter->offset; /* The current batch is done, so advance the bucket. */ if (iter->st_bucket_done) @@ -3431,6 +3449,8 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) * before releasing the bucket lock. This allows BPF programs that are * called in seq_show to acquire the bucket lock if needed. */ + find_cookie = iter->cur_sk; + end_cookie = iter->end_sk; iter->cur_sk = 0; iter->end_sk = 0; iter->st_bucket_done = false; @@ -3442,21 +3462,29 @@ static struct sock *bpf_iter_udp_batch(struct seq_file *seq) if (hlist_empty(&hslot2->head)) goto next_bucket; - iter->offset = 0; if (!lock) { lock = &hslot2->lock; spin_lock_bh(lock); } - udp_portaddr_for_each_entry(sk, &hslot2->head) { + /* Initialize sk to the first socket in hslot2. */ + sk = hlist_entry_safe(hslot2->head.first, struct sock, + __sk_common.skc_portaddr_node); + /* Resume from the first (in iteration order) unseen socket from + * the last batch that still exists in resume_bucket. Most of + * the time this will just be where the last iteration left off + * in resume_bucket unless that socket disappeared between + * reads. + * + * Skip this if end_cookie isn't set; this is the first + * batch, we're on bucket zero, and we want to start from the + * beginning. + */ + if (state->bucket == resume_bucket && end_cookie) + sk = bpf_iter_udp_resume(sk, + &iter->batch[find_cookie], + end_cookie - find_cookie); + udp_portaddr_for_each_entry_from(sk) { if (seq_sk_match(seq, sk)) { - /* Resume from the last iterated socket at the - * offset in the bucket before iterator was stopped. - */ - if (state->bucket == resume_bucket && - iter->offset < resume_offset) { - ++iter->offset; - continue; - } if (iter->end_sk < iter->max_sk) { sock_hold(sk); iter->batch[iter->end_sk++].sock = sk; @@ -3526,10 +3554,8 @@ static void *bpf_iter_udp_seq_next(struct seq_file *seq, void *v, loff_t *pos) /* Whenever seq_next() is called, the iter->cur_sk is * done with seq_show(), so unref the iter->cur_sk. */ - if (iter->cur_sk < iter->end_sk) { + if (iter->cur_sk < iter->end_sk) sock_put(iter->batch[iter->cur_sk++].sock); - ++iter->offset; - } /* After updating iter->cur_sk, check if there are more sockets * available in the current bucket batch. @@ -3599,8 +3625,19 @@ static int bpf_iter_udp_seq_show(struct seq_file *seq, void *v) static void bpf_iter_udp_put_batch(struct bpf_udp_iter_state *iter) { - while (iter->cur_sk < iter->end_sk) - sock_put(iter->batch[iter->cur_sk++].sock); + union bpf_udp_iter_batch_item *item; + unsigned int cur_sk = iter->cur_sk; + __u64 cookie; + + /* Remember the cookies of the sockets we haven't seen yet, so we can + * pick up where we left off next time around. + */ + while (cur_sk < iter->end_sk) { + item = &iter->batch[cur_sk++]; + cookie = __sock_gen_cookie(item->sock); + sock_put(item->sock); + item->cookie = cookie; + } } static void bpf_iter_udp_seq_stop(struct seq_file *seq, void *v) @@ -3871,6 +3908,10 @@ static int bpf_iter_udp_realloc_batch(struct bpf_udp_iter_state *iter, return -ENOMEM; bpf_iter_udp_put_batch(iter); + /* Make sure the new batch has the cookies of the sockets we haven't + * visited yet. + */ + memcpy(new_batch, iter->batch, sizeof(*iter->batch) * iter->end_sk); kvfree(iter->batch); iter->batch = new_batch; iter->max_sk = new_batch_sz; From patchwork Wed Apr 16 23:36:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054615 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 67DDD24C071 for ; Wed, 16 Apr 2025 23:36:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846602; cv=none; b=OwD5r1ZSQUtCe72jYPHrULExgBm6QaTBCytwQ3ggxURjfd0hUwdUMO42nr8kze4yHvMJE3wXk1NLClQu5cMP2f2MIkuVyFOd69LIbGV+bHKJY4+b/FwjzEML9rbcfJvbG96sctlCP/UbJMcLosm8R0MC+VocjCAVcTBCUh4sYdI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846602; c=relaxed/simple; bh=8D3K8jEJFy2ljx8/dNSQp4nr5+k3ju7eECDWQX6lssg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Ysqij0sGlYxCda7AeKTELO422ct7IwA1ajn9EDQHtFn1T0IrhQWhGsjLUe/fl97jfPYwYTbOtSndQr0+x3nOfT8+x1hhRP1DE9Lqlgh2qsdNPfJHH80wk9cBIevzBhHxjjGPnorOc2eigLHs6844Jr1GZ3bBMbHdN2KG1OEbvuc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=YvyLQF9K; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="YvyLQF9K" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2240d930f13so342265ad.3 for ; Wed, 16 Apr 2025 16:36:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846601; x=1745451401; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4N8moraxYLNX0qhNglQq0LQLGcDgagzwGmqz/6Y4IFY=; b=YvyLQF9KuIaNLu4y4gs9Hg4hhBypacJCUsl/EkTHuVbWy93EDEHQizTbvvZ3gz2zM/ Pe7tCb3f0F0k8esr8aPzTHKXwdBWEvJfN2xBw+lSj1upoAYjdKFsu3o1sPsKFZnaMvJ3 P4PfVb0AR+E4BFihkSE4/CmghDYjy97pCzCrdblqaMrthMPXhiy+RXrHn+R6I9ecMrpS rlpuR4U1ni73o4O6vCTKkR+tlEvbEa1VF+JYKPdBhJbddcUTvxSbZ14n8vnQ77f1E4je czCguAWi7S2miOd2Cs2HTSVdsb580+vvPxQbtqI3b9aAGYOOY5YjV2HRrQ65uvJ2nkx/ Ho6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846601; x=1745451401; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4N8moraxYLNX0qhNglQq0LQLGcDgagzwGmqz/6Y4IFY=; b=d9oRon6YYBl/J8wZBkYNfTCrP+K8oYpPHi1dceaSDCdAQ+lPIA9qoxR07LCv1oX3oW /sl50OWpjkssaMQ4miDmebS10GZX2a0PCfalq/eelfABeGjKIKQIry/lVqXvfdWoXWzb TpZ2Gd6sxRYCJmXD42zVsQtAdRTMnmrOXs/udLM5rgN97dAwzNIGzYZauoA7ToV77zr4 rs58zQZSzkat6xcYE43wRX0zRKMOhA+XC7o2MDIqJ9MXCVCpBpIbfACrAs/1Bfhee3rF 9fdlVLypmTxQZcXsDXUnO/hWmv+x45cWsY9LXfJ1yDFilcF3P6eCwCtfxhk20c9qw/n5 HBMA== X-Forwarded-Encrypted: i=1; AJvYcCWBCrrjnhkyfPaZsE/gsOfW+jkMA5kUIAmZ6Wx9UyD9gjxzoyjAp/xf6kpz8+AMXfP0/r8=@vger.kernel.org X-Gm-Message-State: AOJu0Yy9/x6uQaXv7sR7n9DUzvAzuJ4Ma4ove7Oa3n43IuBq5Xb2y55A r8Ic3OwCowGjcexSAVb7EurBTJkzLw4HPkUGKfsWPSgeyT7Fx7NRikGwF5w0/iQ= X-Gm-Gg: ASbGncsMmSyO9lv2x86TdcIKrWI+RCCyG2qfB9+11maPboSTyiY7eC4ZDBIWERReHzZ O8R3Ku6/tea+0YJVAJCRogwUPKjSE3Mn8pBJKOegTbfBnFqzo/kNZFwE5/K8wJYyU3ZPXZJM3+x HVAppnMb237gbKBtHByZTozhg6KNSocLdRJgy05sBJrdGTeXDgh8OWIGAlYZrveRAFph3bi/AqG slX2gd1zl1jVtHLHxgguBGKUUfs6UyvgEbcCGxMFWuU7bcD61zsxPR6PJ9qC69QOxQuKuNceVOp IpNouGkj/VoYN7SQu3aLrOy1j59CjA== X-Google-Smtp-Source: AGHT+IHnbXJbtwKFENrQsWyLDWP3UqogQb4d8by1Iu379OI/WxHwrWCHo0akplDYxtdNQx+gwYTHsg== X-Received: by 2002:a17:90b:4b08:b0:305:5f20:b28c with SMTP id 98e67ed59e1d1-3086d444463mr966366a91.5.1744846600758; Wed, 16 Apr 2025 16:36:40 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:40 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 5/6] selftests/bpf: Return socket cookies from sock_iter_batch progs Date: Wed, 16 Apr 2025 16:36:20 -0700 Message-ID: <20250416233622.1212256-6-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Extend the iter_udp_soreuse and iter_tcp_soreuse programs to write the cookie of the current socket, so that we can track the identity of the sockets that the iterator has seen so far. Update the existing do_test function to account for this change to the iterator program output. At the same time, teach both programs to work with AF_INET as well. Signed-off-by: Jordan Rife --- .../bpf/prog_tests/sock_iter_batch.c | 33 +++++++++++-------- .../selftests/bpf/progs/bpf_tracing_net.h | 1 + .../selftests/bpf/progs/sock_iter_batch.c | 24 +++++++++++--- 3 files changed, 41 insertions(+), 17 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c b/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c index d56e18b25528..74dbe91806a0 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c @@ -9,12 +9,18 @@ static const int nr_soreuse = 4; +struct iter_out { + int idx; + __u64 cookie; +} __packed; + static void do_test(int sock_type, bool onebyone) { int err, i, nread, to_read, total_read, iter_fd = -1; - int first_idx, second_idx, indices[nr_soreuse]; + struct iter_out outputs[nr_soreuse]; struct bpf_link *link = NULL; struct sock_iter_batch *skel; + int first_idx, second_idx; int *fds[2] = {}; skel = sock_iter_batch__open(); @@ -34,6 +40,7 @@ static void do_test(int sock_type, bool onebyone) goto done; skel->rodata->ports[i] = ntohs(local_port); } + skel->rodata->sf = AF_INET6; err = sock_iter_batch__load(skel); if (!ASSERT_OK(err, "sock_iter_batch__load")) @@ -55,38 +62,38 @@ static void do_test(int sock_type, bool onebyone) * from a bucket and leave one socket out from * that bucket on purpose. */ - to_read = (nr_soreuse - 1) * sizeof(*indices); + to_read = (nr_soreuse - 1) * sizeof(*outputs); total_read = 0; first_idx = -1; do { - nread = read(iter_fd, indices, onebyone ? sizeof(*indices) : to_read); - if (nread <= 0 || nread % sizeof(*indices)) + nread = read(iter_fd, outputs, onebyone ? sizeof(*outputs) : to_read); + if (nread <= 0 || nread % sizeof(*outputs)) break; total_read += nread; if (first_idx == -1) - first_idx = indices[0]; - for (i = 0; i < nread / sizeof(*indices); i++) - ASSERT_EQ(indices[i], first_idx, "first_idx"); + first_idx = outputs[0].idx; + for (i = 0; i < nread / sizeof(*outputs); i++) + ASSERT_EQ(outputs[i].idx, first_idx, "first_idx"); } while (total_read < to_read); - ASSERT_EQ(nread, onebyone ? sizeof(*indices) : to_read, "nread"); + ASSERT_EQ(nread, onebyone ? sizeof(*outputs) : to_read, "nread"); ASSERT_EQ(total_read, to_read, "total_read"); free_fds(fds[first_idx], nr_soreuse); fds[first_idx] = NULL; /* Read the "whole" second bucket */ - to_read = nr_soreuse * sizeof(*indices); + to_read = nr_soreuse * sizeof(*outputs); total_read = 0; second_idx = !first_idx; do { - nread = read(iter_fd, indices, onebyone ? sizeof(*indices) : to_read); - if (nread <= 0 || nread % sizeof(*indices)) + nread = read(iter_fd, outputs, onebyone ? sizeof(*outputs) : to_read); + if (nread <= 0 || nread % sizeof(*outputs)) break; total_read += nread; - for (i = 0; i < nread / sizeof(*indices); i++) - ASSERT_EQ(indices[i], second_idx, "second_idx"); + for (i = 0; i < nread / sizeof(*outputs); i++) + ASSERT_EQ(outputs[i].idx, second_idx, "second_idx"); } while (total_read <= to_read); ASSERT_EQ(nread, 0, "nread"); /* Both so_reuseport ports should be in different buckets, so diff --git a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h index 659694162739..17db400f0e0d 100644 --- a/tools/testing/selftests/bpf/progs/bpf_tracing_net.h +++ b/tools/testing/selftests/bpf/progs/bpf_tracing_net.h @@ -128,6 +128,7 @@ #define sk_refcnt __sk_common.skc_refcnt #define sk_state __sk_common.skc_state #define sk_net __sk_common.skc_net +#define sk_rcv_saddr __sk_common.skc_rcv_saddr #define sk_v6_daddr __sk_common.skc_v6_daddr #define sk_v6_rcv_saddr __sk_common.skc_v6_rcv_saddr #define sk_flags __sk_common.skc_flags diff --git a/tools/testing/selftests/bpf/progs/sock_iter_batch.c b/tools/testing/selftests/bpf/progs/sock_iter_batch.c index 96531b0d9d55..8f483337e103 100644 --- a/tools/testing/selftests/bpf/progs/sock_iter_batch.c +++ b/tools/testing/selftests/bpf/progs/sock_iter_batch.c @@ -17,6 +17,12 @@ static bool ipv6_addr_loopback(const struct in6_addr *a) a->s6_addr32[2] | (a->s6_addr32[3] ^ bpf_htonl(1))) == 0; } +static bool ipv4_addr_loopback(__be32 a) +{ + return a == bpf_ntohl(0x7f000001); +} + +volatile const unsigned int sf; volatile const __u16 ports[2]; unsigned int bucket[2]; @@ -26,16 +32,20 @@ int iter_tcp_soreuse(struct bpf_iter__tcp *ctx) struct sock *sk = (struct sock *)ctx->sk_common; struct inet_hashinfo *hinfo; unsigned int hash; + __u64 sock_cookie; struct net *net; int idx; if (!sk) return 0; + sock_cookie = bpf_get_socket_cookie(sk); sk = bpf_core_cast(sk, struct sock); - if (sk->sk_family != AF_INET6 || + if (sk->sk_family != sf || sk->sk_state != TCP_LISTEN || - !ipv6_addr_loopback(&sk->sk_v6_rcv_saddr)) + sk->sk_family == AF_INET6 ? + !ipv6_addr_loopback(&sk->sk_v6_rcv_saddr) : + !ipv4_addr_loopback(sk->sk_rcv_saddr)) return 0; if (sk->sk_num == ports[0]) @@ -52,6 +62,7 @@ int iter_tcp_soreuse(struct bpf_iter__tcp *ctx) hinfo = net->ipv4.tcp_death_row.hashinfo; bucket[idx] = hash & hinfo->lhash2_mask; bpf_seq_write(ctx->meta->seq, &idx, sizeof(idx)); + bpf_seq_write(ctx->meta->seq, &sock_cookie, sizeof(sock_cookie)); return 0; } @@ -63,14 +74,18 @@ int iter_udp_soreuse(struct bpf_iter__udp *ctx) { struct sock *sk = (struct sock *)ctx->udp_sk; struct udp_table *udptable; + __u64 sock_cookie; int idx; if (!sk) return 0; + sock_cookie = bpf_get_socket_cookie(sk); sk = bpf_core_cast(sk, struct sock); - if (sk->sk_family != AF_INET6 || - !ipv6_addr_loopback(&sk->sk_v6_rcv_saddr)) + if (sk->sk_family != sf || + sk->sk_family == AF_INET6 ? + !ipv6_addr_loopback(&sk->sk_v6_rcv_saddr) : + !ipv4_addr_loopback(sk->sk_rcv_saddr)) return 0; if (sk->sk_num == ports[0]) @@ -84,6 +99,7 @@ int iter_udp_soreuse(struct bpf_iter__udp *ctx) udptable = sk->sk_net.net->ipv4.udp_table; bucket[idx] = udp_sk(sk)->udp_portaddr_hash & udptable->mask; bpf_seq_write(ctx->meta->seq, &idx, sizeof(idx)); + bpf_seq_write(ctx->meta->seq, &sock_cookie, sizeof(sock_cookie)); return 0; } From patchwork Wed Apr 16 23:36:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jordan Rife X-Patchwork-Id: 14054616 X-Patchwork-Delegate: bpf@iogearbox.net Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D056424C094 for ; Wed, 16 Apr 2025 23:36:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.47 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846604; cv=none; b=f/hajGZbW/zHsuBtUd+ZdGrjXPcfJx1MjanbXWzOXPPNg+arxnMYoDZiKcJB+szoakVySMJ54UE4JMpODaTELcnCTtLwr7ph9U+xQ0adz3BBNXkgLp2D8Pf9j8+37SZY31ITYFeCPv+AGiiQuXTvdR0DPmiOqDxlSqCk1d+4lxA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744846604; c=relaxed/simple; bh=cNXWBHt6J7e3H+76Mh3BMIenbMHu29MKu1h73tRrASw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UtTlMCOMlUw0JE1hcVedzVh8Ny9I8uESsFrTe74xZqKLsBCxmVT2udaErb6aODnJiL9TMa59YEmJqk/fz0H0fIsqIFGADF9wlzalepTmXCIfDhiPM4/pSYr8ERIHukAU5AANTYRdB/FOzIS1oqikNY7LMso0xs53DKDP/81cHvY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io; spf=none smtp.mailfrom=jrife.io; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b=ZELccGuc; arc=none smtp.client-ip=209.85.216.47 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=jrife.io Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=jrife.io Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=jrife-io.20230601.gappssmtp.com header.i=@jrife-io.20230601.gappssmtp.com header.b="ZELccGuc" Received: by mail-pj1-f47.google.com with SMTP id 98e67ed59e1d1-3032a9c7cfeso21007a91.1 for ; Wed, 16 Apr 2025 16:36:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jrife-io.20230601.gappssmtp.com; s=20230601; t=1744846602; x=1745451402; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KaKbW65uYaVDYGMsoIHJ/fjnTr1nbMz9f/dqAmx8e2I=; b=ZELccGucxnpTCVvo1Ht84YYFVTsAPEOEJye/ZhHcitv0MRM7yPhIeP+CRVbJ5Mm25+ ZvJnruVfqFuw8WHiYb6bjYxubrP5x0R9rqKO+yVxGL/+fc2JRFvGwy3beDUJ7SQa5yWr Jmr1e4nVGz5O6j3TfmwqJhWPfbI/jCq4fW9l6h4hyc9UADeRFYkfnFyNSE0IXrGu6Bqk UTFfx5eoaFoO2OFWW7lgSlKEL6mfMouAdm0Q+NRmuH6jA7J38ydEQvXSEBvsr3MFLND8 ZqGlYIugzURnVGTJzRGup4LEPd/SZv7t4roV7fAGxj4TTVNuoykuFqzWV60z0mwQRKVd x1Qg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744846602; x=1745451402; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KaKbW65uYaVDYGMsoIHJ/fjnTr1nbMz9f/dqAmx8e2I=; b=wBrxqiAJpPfvsIE9bJfX5KU6StmRgl5HPK9xV5hLGFA8lPdJKzne3F3x8LzMrfNYb4 v8rRGyp1bKZeE6RsZwj0pH5eq34Hq8WElkQCtsRrUPL6CxjLysR5r6rNBe2By79b2wTJ M2yuGiGISmQiJY65U+ULw+JmLBQ6ZGy7XR3NkhFZj1v3H4RazrlLRj3oeDc4mncUoD+S VQQN3RMDACIK+4d1K5U02i9QdUAsvJR5wCTLf+BtyvwNz0+SXZhUNL0TwFYlKiKxlVWU lG2lS2UJqbotZOgtSMCWb/vu9SlNAySKMnTsPbTT/8t8/denhyAdohtX/y42NsrdeE0K NngQ== X-Forwarded-Encrypted: i=1; AJvYcCUx4KMKLid05sYv/xp78UDw7bDVBSD1KfbvcTpg0Fo8Su8kUSE/+wuBer7rB0ECL3UOmgk=@vger.kernel.org X-Gm-Message-State: AOJu0Yzq5KLh4W4H7WMYpxrPdVPhFWVhSlkzmJfaGZeVhluXITPO8CtE SFspxurWoUNetXOEQJYAiGDZm8qaALEBpZXCI/aOFQ7ZvjFVppj5TTndGMibXrE= X-Gm-Gg: ASbGncvB24eFNePPlQGkojzB9MIkDU6In0qYFRstxwkjRbDFv79BRlXDQTbUVUJGstJ mM1T5745MB1amz4uVVbF2kr7U+OCadun6ST5k1LiwqVz8PxLYHmeCzo0C1MOifALD2HboZU6l36 67kn0RlzFnAEVz4hPL9YUttf8KCJHjx+T9skP6Qsy9tpulc37bSTDZ/EqJnp4zUkj2DK5SWSUbZ L+Y1Xi7DmFEZPiFmiQ8/4tu0IC+/i5AAv2eLHF1yxkUps+zWWpHO/0+OdWjirzEPtE4jtkfEJIV bTFb3sRESNFBu26LntXgV9Dg2jiPhA== X-Google-Smtp-Source: AGHT+IFf63WdRkCfzoK77laaTth6DZfn8jJCLkZYiZ/b23U1tlcuwiEslKOaodFkbuHHBlp53LGlbQ== X-Received: by 2002:a17:90b:3852:b0:306:b6ae:4d7a with SMTP id 98e67ed59e1d1-3086efc52c0mr413353a91.3.1744846601791; Wed, 16 Apr 2025 16:36:41 -0700 (PDT) Received: from t14.. ([2001:5a8:4528:b100:b7fc:bdc8:4289:858f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-308611d6166sm2269251a91.7.2025.04.16.16.36.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Apr 2025 16:36:41 -0700 (PDT) From: Jordan Rife To: netdev@vger.kernel.org, bpf@vger.kernel.org Cc: Jordan Rife , Aditi Ghag , Daniel Borkmann , Martin KaFai Lau , Willem de Bruijn , Kuniyuki Iwashima Subject: [PATCH v3 bpf-next 6/6] selftests/bpf: Add tests for bucket resume logic in UDP socket iterators Date: Wed, 16 Apr 2025 16:36:21 -0700 Message-ID: <20250416233622.1212256-7-jordan@jrife.io> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20250416233622.1212256-1-jordan@jrife.io> References: <20250416233622.1212256-1-jordan@jrife.io> Precedence: bulk X-Mailing-List: bpf@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: bpf@iogearbox.net Introduce a set of tests that exercise various bucket resume scenarios: * remove_seen resumes iteration after removing a socket from the bucket that we've already processed. Before, with the offset-based approach, this test would have skipped an unseen socket after resuming iteration. With the cookie-based approach, we now see all sockets exactly once. * remove_unseen exercises the condition where the next socket that we would have seen is removed from the bucket before we resume iteration. This tests the scenario where we need to scan past the first cookie in our remembered cookies list to find the socket from which to resume iteration. * remove_all exercises the condition where all sockets we remembered were removed from the bucket to make sure iteration terminates and returns no more results. * add_some exercises the condition where a few, but not enough to trigger a realloc, sockets are added to the head of the current bucket between reads. Before, with the offset-based approach, this test would have repeated sockets we've already seen. With the cookie-based approach, we now see all sockets exactly once. * force_realloc exercises the condition that we need to realloc the batch on a subsequent read, since more sockets than can be held in the current batch array were added to the current bucket. This exercies the logic inside bpf_iter_udp_realloc_batch that copies cookies into the new batch to make sure nothing is skipped or repeated. Signed-off-by: Jordan Rife --- .../bpf/prog_tests/sock_iter_batch.c | 414 ++++++++++++++++++ 1 file changed, 414 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c b/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c index 74dbe91806a0..218c7258c0e0 100644 --- a/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c +++ b/tools/testing/selftests/bpf/prog_tests/sock_iter_batch.c @@ -7,6 +7,7 @@ #define TEST_NS "sock_iter_batch_netns" +static const int init_batch_size = 16; static const int nr_soreuse = 4; struct iter_out { @@ -14,6 +15,418 @@ struct iter_out { __u64 cookie; } __packed; +struct sock_count { + __u64 cookie; + int count; +}; + +static int insert(__u64 cookie, struct sock_count counts[], int counts_len) +{ + int insert = -1; + int i = 0; + + for (; i < counts_len; i++) { + if (!counts[i].cookie) { + insert = i; + } else if (counts[i].cookie == cookie) { + insert = i; + break; + } + } + if (insert < 0) + return insert; + + counts[insert].cookie = cookie; + counts[insert].count++; + + return counts[insert].count; +} + +static int read_n(int iter_fd, int n, struct sock_count counts[], + int counts_len) +{ + struct iter_out out; + int nread = 1; + int i = 0; + + for (; nread > 0 && (n < 0 || i < n); i++) { + nread = read(iter_fd, &out, sizeof(out)); + if (!nread || !ASSERT_EQ(nread, sizeof(out), "nread")) + break; + ASSERT_GE(insert(out.cookie, counts, counts_len), 0, "insert"); + } + + ASSERT_TRUE(n < 0 || i == n, "n < 0 || i == n"); + + return i; +} + +static __u64 socket_cookie(int fd) +{ + __u64 cookie; + socklen_t cookie_len = sizeof(cookie); + + if (!ASSERT_OK(getsockopt(fd, SOL_SOCKET, SO_COOKIE, &cookie, + &cookie_len), "getsockopt(SO_COOKIE)")) + return 0; + return cookie; +} + +static bool was_seen(int fd, struct sock_count counts[], int counts_len) +{ + __u64 cookie = socket_cookie(fd); + int i = 0; + + for (; cookie && i < counts_len; i++) + if (cookie == counts[i].cookie) + return true; + + return false; +} + +static int get_seen_socket(int *fds, struct sock_count counts[], int n) +{ + int i = 0; + + for (; i < n; i++) + if (was_seen(fds[i], counts, n)) + return i; + return -1; +} + +static int get_nth_socket(int *fds, int fds_len, struct bpf_link *link, int n) +{ + int i, nread, iter_fd; + int nth_sock_idx = -1; + struct iter_out out; + + iter_fd = bpf_iter_create(bpf_link__fd(link)); + if (!ASSERT_OK_FD(iter_fd, "bpf_iter_create")) + return -1; + + for (; n >= 0; n--) { + nread = read(iter_fd, &out, sizeof(out)); + if (!nread || !ASSERT_GE(nread, 1, "nread")) + goto done; + } + + for (i = 0; i < fds_len && nth_sock_idx < 0; i++) + if (fds[i] >= 0 && socket_cookie(fds[i]) == out.cookie) + nth_sock_idx = i; +done: + close(iter_fd); + return nth_sock_idx; +} + +static int get_seen_count(int fd, struct sock_count counts[], int n) +{ + __u64 cookie = socket_cookie(fd); + int count = 0; + int i = 0; + + for (; cookie && !count && i < n; i++) + if (cookie == counts[i].cookie) + count = counts[i].count; + + return count; +} + +static void check_n_were_seen_once(int *fds, int fds_len, int n, + struct sock_count counts[], int counts_len) +{ + int seen_once = 0; + int seen_cnt; + int i = 0; + + for (; i < fds_len; i++) { + /* Skip any sockets that were closed or that weren't seen + * exactly once. + */ + if (fds[i] < 0) + continue; + seen_cnt = get_seen_count(fds[i], counts, counts_len); + if (seen_cnt && ASSERT_EQ(seen_cnt, 1, "seen_cnt")) + seen_once++; + } + + ASSERT_EQ(seen_once, n, "seen_once"); +} + +static void remove_seen(int family, int sock_type, const char *addr, __u16 port, + int *socks, int socks_len, struct sock_count *counts, + int counts_len, struct bpf_link *link, int iter_fd) +{ + int close_idx; + + /* Iterate through the first socks_len - 1 sockets. */ + read_n(iter_fd, socks_len - 1, counts, counts_len); + + /* Make sure we saw socks_len - 1 sockets exactly once. */ + check_n_were_seen_once(socks, socks_len, socks_len - 1, counts, + counts_len); + + /* Close a socket we've already seen to remove it from the bucket. */ + close_idx = get_seen_socket(socks, counts, counts_len); + if (!ASSERT_GE(close_idx, 0, "close_idx")) + return; + close(socks[close_idx]); + socks[close_idx] = -1; + + /* Iterate through the rest of the sockets. */ + read_n(iter_fd, -1, counts, counts_len); + + /* Make sure the last socket wasn't skipped and that there were no + * repeats. + */ + check_n_were_seen_once(socks, socks_len, socks_len - 1, counts, + counts_len); +} + +static void remove_unseen(int family, int sock_type, const char *addr, + __u16 port, int *socks, int socks_len, + struct sock_count *counts, int counts_len, + struct bpf_link *link, int iter_fd) +{ + int close_idx; + + /* Iterate through the first socket. */ + read_n(iter_fd, 1, counts, counts_len); + + /* Make sure we saw a socket from fds. */ + check_n_were_seen_once(socks, socks_len, 1, counts, counts_len); + + /* Close what would be the next socket in the bucket to exercise the + * condition where we need to skip past the first cookie we remembered. + */ + close_idx = get_nth_socket(socks, socks_len, link, 1); + if (!ASSERT_GE(close_idx, 0, "close_idx")) + return; + close(socks[close_idx]); + socks[close_idx] = -1; + + /* Iterate through the rest of the sockets. */ + read_n(iter_fd, -1, counts, counts_len); + + /* Make sure the remaining sockets were seen exactly once and that we + * didn't repeat the socket that was already seen. + */ + check_n_were_seen_once(socks, socks_len, socks_len - 1, counts, + counts_len); +} + +static void remove_all(int family, int sock_type, const char *addr, + __u16 port, int *socks, int socks_len, + struct sock_count *counts, int counts_len, + struct bpf_link *link, int iter_fd) +{ + int close_idx, i; + + /* Iterate through the first socket. */ + read_n(iter_fd, 1, counts, counts_len); + + /* Make sure we saw a socket from fds. */ + check_n_were_seen_once(socks, socks_len, 1, counts, counts_len); + + /* Close all remaining sockets to exhaust the list of saved cookies and + * exit without putting any sockets into the batch on the next read. + */ + for (i = 0; i < socks_len - 1; i++) { + close_idx = get_nth_socket(socks, socks_len, link, 1); + if (!ASSERT_GE(close_idx, 0, "close_idx")) + return; + close(socks[close_idx]); + socks[close_idx] = -1; + } + + /* Make sure there are no more sockets returned */ + ASSERT_EQ(read_n(iter_fd, -1, counts, counts_len), 0, "read_n"); +} + +static void add_some(int family, int sock_type, const char *addr, __u16 port, + int *socks, int socks_len, struct sock_count *counts, + int counts_len, struct bpf_link *link, int iter_fd) +{ + int *new_socks = NULL; + + /* Iterate through the first socks_len - 1 sockets. */ + read_n(iter_fd, socks_len - 1, counts, counts_len); + + /* Make sure we saw socks_len - 1 sockets exactly once. */ + check_n_were_seen_once(socks, socks_len, socks_len - 1, counts, + counts_len); + + /* Double the number of sockets in the bucket. */ + new_socks = start_reuseport_server(family, sock_type, addr, port, 0, + socks_len); + if (!ASSERT_OK_PTR(new_socks, "start_reuseport_server")) + goto done; + + /* Iterate through the rest of the sockets. */ + read_n(iter_fd, -1, counts, counts_len); + + /* Make sure each of the original sockets was seen exactly once. */ + check_n_were_seen_once(socks, socks_len, socks_len, counts, + counts_len); +done: + free_fds(new_socks, socks_len); +} + +static void force_realloc(int family, int sock_type, const char *addr, + __u16 port, int *socks, int socks_len, + struct sock_count *counts, int counts_len, + struct bpf_link *link, int iter_fd) +{ + int *new_socks = NULL; + + /* Iterate through the first socket just to initialize the batch. */ + read_n(iter_fd, 1, counts, counts_len); + + /* Double the number of sockets in the bucket to force a realloc on the + * next read. + */ + new_socks = start_reuseport_server(family, sock_type, addr, port, 0, + socks_len); + if (!ASSERT_OK_PTR(new_socks, "start_reuseport_server")) + goto done; + + /* Iterate through the rest of the sockets. */ + read_n(iter_fd, -1, counts, counts_len); + + /* Make sure each socket from the first set was seen exactly once. */ + check_n_were_seen_once(socks, socks_len, socks_len, counts, + counts_len); +done: + free_fds(new_socks, socks_len); +} + +struct test_case { + void (*test)(int family, int sock_type, const char *addr, __u16 port, + int *socks, int socks_len, struct sock_count *counts, + int counts_len, struct bpf_link *link, int iter_fd); + const char *description; + int init_socks; + int max_socks; + int sock_type; + int family; +}; + +static struct test_case resume_tests[] = { + { + .description = "udp: resume after removing a seen socket", + .init_socks = nr_soreuse, + .max_socks = nr_soreuse, + .sock_type = SOCK_DGRAM, + .family = AF_INET6, + .test = remove_seen, + }, + { + .description = "udp: resume after removing one unseen socket", + .init_socks = nr_soreuse, + .max_socks = nr_soreuse, + .sock_type = SOCK_DGRAM, + .family = AF_INET6, + .test = remove_unseen, + }, + { + .description = "udp: resume after removing all unseen sockets", + .init_socks = nr_soreuse, + .max_socks = nr_soreuse, + .sock_type = SOCK_DGRAM, + .family = AF_INET6, + .test = remove_all, + }, + { + .description = "udp: resume after adding a few sockets", + .init_socks = nr_soreuse, + .max_socks = nr_soreuse, + .sock_type = SOCK_DGRAM, + /* Use AF_INET so that new sockets are added to the head of the + * bucket's list. + */ + .family = AF_INET, + .test = add_some, + }, + { + .description = "udp: force a realloc to occur", + .init_socks = init_batch_size, + .max_socks = init_batch_size * 2, + .sock_type = SOCK_DGRAM, + /* Use AF_INET6 so that new sockets are added to the tail of the + * bucket's list, needing to be added to the next batch to force + * a realloc. + */ + .family = AF_INET6, + .test = force_realloc, + }, +}; + +static void do_resume_test(struct test_case *tc) +{ + static const __u16 port = 10001; + struct bpf_link *link = NULL; + struct sock_iter_batch *skel; + struct sock_count *counts; + int err, iter_fd = -1; + const char *addr; + int local_port; + int *fds; + + counts = calloc(tc->max_socks, sizeof(*counts)); + if (!counts) + return; + skel = sock_iter_batch__open(); + if (!ASSERT_OK_PTR(skel, "sock_iter_batch__open")) + return; + + /* Prepare a bucket of sockets in the kernel hashtable */ + addr = tc->family == AF_INET6 ? "::1" : "127.0.0.1"; + fds = start_reuseport_server(tc->family, tc->sock_type, addr, port, 0, + tc->init_socks); + if (!ASSERT_OK_PTR(fds, "start_reuseport_server")) + goto done; + local_port = get_socket_local_port(*fds); + if (!ASSERT_GE(local_port, 0, "get_socket_local_port")) + goto done; + skel->rodata->ports[0] = ntohs(local_port); + skel->rodata->sf = tc->family; + + err = sock_iter_batch__load(skel); + if (!ASSERT_OK(err, "sock_iter_batch__load")) + goto done; + + link = bpf_program__attach_iter(tc->sock_type == SOCK_STREAM ? + skel->progs.iter_tcp_soreuse : + skel->progs.iter_udp_soreuse, + NULL); + if (!ASSERT_OK_PTR(link, "bpf_program__attach_iter")) + goto done; + + iter_fd = bpf_iter_create(bpf_link__fd(link)); + if (!ASSERT_OK_FD(iter_fd, "bpf_iter_create")) + goto done; + + tc->test(tc->family, tc->sock_type, addr, port, fds, tc->init_socks, + counts, tc->max_socks, link, iter_fd); +done: + free(counts); + free_fds(fds, tc->init_socks); + if (iter_fd >= 0) + close(iter_fd); + bpf_link__destroy(link); + sock_iter_batch__destroy(skel); +} + +static void do_resume_tests(void) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(resume_tests); i++) { + if (test__start_subtest(resume_tests[i].description)) { + do_resume_test(&resume_tests[i]); + } + } +} + static void do_test(int sock_type, bool onebyone) { int err, i, nread, to_read, total_read, iter_fd = -1; @@ -135,6 +548,7 @@ void test_sock_iter_batch(void) do_test(SOCK_DGRAM, true); do_test(SOCK_DGRAM, false); } + do_resume_tests(); close_netns(nstoken); done: