tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Daniel Borkmann says:

====================
pull-request: bpf-next 2025-06-27

We've added 6 non-merge commits during the last 8 day(s) which contain
a total of 6 files changed, 120 insertions(+), 20 deletions(-).

The main changes are:

1) Fix RCU usage in task_cls_state() for BPF programs using helpers like
bpf_get_cgroup_classid_curr() outside of networking, from Charalampos
Mitrodimas.

2) Fix a sockmap race between map_update and a pending workqueue from
an earlier map_delete freeing the old psock where both pointed to the
same psock->sk, from Jiayuan Chen.

3) Fix a data corruption issue when using bpf_msg_pop_data() in kTLS which
failed to recalculate the ciphertext length, also from Jiayuan Chen.

4) Remove xdp_redirect_map{,_err} trace events since they are unused and
also hide XDP trace events under CONFIG_BPF_SYSCALL, from Steven Rostedt.

* tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next:
xdp: tracing: Hide some xdp events under CONFIG_BPF_SYSCALL
xdp: Remove unused events xdp_redirect_map and xdp_redirect_map_err
net, bpf: Fix RCU usage in task_cls_state() for BPF programs
selftests/bpf: Add test to cover ktls with bpf_msg_pop_data
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
bpf, sockmap: Fix psock incorrectly pointing to sk
====================

Link: https://patch.msgid.link/20250626230111.24772-1-daniel@iogearbox.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 32155c6f 4cd9d227

+120 -20
+2 -19
include/trace/events/xdp.h
··· 168 168 #define _trace_xdp_redirect_map_err(dev, xdp, to, map_type, map_id, index, err) \ 169 169 trace_xdp_redirect_err(dev, xdp, to, err, map_type, map_id, index) 170 170 171 - /* not used anymore, but kept around so as not to break old programs */ 172 - DEFINE_EVENT(xdp_redirect_template, xdp_redirect_map, 173 - TP_PROTO(const struct net_device *dev, 174 - const struct bpf_prog *xdp, 175 - const void *tgt, int err, 176 - enum bpf_map_type map_type, 177 - u32 map_id, u32 index), 178 - TP_ARGS(dev, xdp, tgt, err, map_type, map_id, index) 179 - ); 180 - 181 - DEFINE_EVENT(xdp_redirect_template, xdp_redirect_map_err, 182 - TP_PROTO(const struct net_device *dev, 183 - const struct bpf_prog *xdp, 184 - const void *tgt, int err, 185 - enum bpf_map_type map_type, 186 - u32 map_id, u32 index), 187 - TP_ARGS(dev, xdp, tgt, err, map_type, map_id, index) 188 - ); 189 - 171 + #ifdef CONFIG_BPF_SYSCALL 190 172 TRACE_EVENT(xdp_cpumap_kthread, 191 173 192 174 TP_PROTO(int map_id, unsigned int processed, unsigned int drops, ··· 282 300 __entry->sent, __entry->drops, 283 301 __entry->err) 284 302 ); 303 + #endif /* CONFIG_BPF_SYSCALL */ 285 304 286 305 /* Expect users already include <net/xdp.h>, but not xdp_priv.h */ 287 306 #include <net/xdp_priv.h>
+3 -1
net/core/netclassid_cgroup.c
··· 21 21 struct cgroup_cls_state *task_cls_state(struct task_struct *p) 22 22 { 23 23 return css_cls_state(task_css_check(p, net_cls_cgrp_id, 24 - rcu_read_lock_bh_held())); 24 + rcu_read_lock_held() || 25 + rcu_read_lock_bh_held() || 26 + rcu_read_lock_trace_held())); 25 27 } 26 28 EXPORT_SYMBOL_GPL(task_cls_state); 27 29
+7
net/core/skmsg.c
··· 656 656 bool ingress; 657 657 int ret; 658 658 659 + /* If sk is quickly removed from the map and then added back, the old 660 + * psock should not be scheduled, because there are now two psocks 661 + * pointing to the same sk. 662 + */ 663 + if (!sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) 664 + return; 665 + 659 666 /* Increment the psock refcnt to synchronize with close(fd) path in 660 667 * sock_map_close(), ensuring we wait for backlog thread completion 661 668 * before sk_socket freed. If refcnt increment fails, it indicates
+13
net/tls/tls_sw.c
··· 872 872 delta = msg->sg.size; 873 873 psock->eval = sk_psock_msg_verdict(sk, psock, msg); 874 874 delta -= msg->sg.size; 875 + 876 + if ((s32)delta > 0) { 877 + /* It indicates that we executed bpf_msg_pop_data(), 878 + * causing the plaintext data size to decrease. 879 + * Therefore the encrypted data size also needs to 880 + * correspondingly decrease. We only need to subtract 881 + * delta to calculate the new ciphertext length since 882 + * ktls does not support block encryption. 883 + */ 884 + struct sk_msg *enc = &ctx->open_rec->msg_encrypted; 885 + 886 + sk_msg_trim(sk, enc, enc->sg.size - delta); 887 + } 875 888 } 876 889 if (msg->cork_bytes && msg->cork_bytes > msg->sg.size && 877 890 !enospc && !full_record) {
+91
tools/testing/selftests/bpf/prog_tests/sockmap_ktls.c
··· 314 314 test_sockmap_ktls__destroy(skel); 315 315 } 316 316 317 + static void test_sockmap_ktls_tx_pop(int family, int sotype) 318 + { 319 + char msg[37] = "0123456789abcdefghijklmnopqrstuvwxyz\0"; 320 + int c = 0, p = 0, one = 1, sent, recvd; 321 + struct test_sockmap_ktls *skel; 322 + int prog_fd, map_fd; 323 + char rcv[50] = {0}; 324 + int err; 325 + int i, m, r; 326 + 327 + skel = test_sockmap_ktls__open_and_load(); 328 + if (!ASSERT_TRUE(skel, "open ktls skel")) 329 + return; 330 + 331 + err = create_pair(family, sotype, &c, &p); 332 + if (!ASSERT_OK(err, "create_pair()")) 333 + goto out; 334 + 335 + prog_fd = bpf_program__fd(skel->progs.prog_sk_policy); 336 + map_fd = bpf_map__fd(skel->maps.sock_map); 337 + 338 + err = bpf_prog_attach(prog_fd, map_fd, BPF_SK_MSG_VERDICT, 0); 339 + if (!ASSERT_OK(err, "bpf_prog_attach sk msg")) 340 + goto out; 341 + 342 + err = bpf_map_update_elem(map_fd, &one, &c, BPF_NOEXIST); 343 + if (!ASSERT_OK(err, "bpf_map_update_elem(c)")) 344 + goto out; 345 + 346 + err = init_ktls_pairs(c, p); 347 + if (!ASSERT_OK(err, "init_ktls_pairs(c, p)")) 348 + goto out; 349 + 350 + struct { 351 + int pop_start; 352 + int pop_len; 353 + } pop_policy[] = { 354 + /* trim the start */ 355 + {0, 2}, 356 + {0, 10}, 357 + {1, 2}, 358 + {1, 10}, 359 + /* trim the end */ 360 + {35, 2}, 361 + /* New entries should be added before this line */ 362 + {-1, -1}, 363 + }; 364 + 365 + i = 0; 366 + while (pop_policy[i].pop_start >= 0) { 367 + skel->bss->pop_start = pop_policy[i].pop_start; 368 + skel->bss->pop_end = pop_policy[i].pop_len; 369 + 370 + sent = send(c, msg, sizeof(msg), 0); 371 + if (!ASSERT_EQ(sent, sizeof(msg), "send(msg)")) 372 + goto out; 373 + 374 + recvd = recv_timeout(p, rcv, sizeof(rcv), MSG_DONTWAIT, 1); 375 + if (!ASSERT_EQ(recvd, sizeof(msg) - pop_policy[i].pop_len, "pop len mismatch")) 376 + goto out; 377 + 378 + /* verify the data 379 + * msg: 0123456789a bcdefghij klmnopqrstuvwxyz 380 + * | | 381 + * popped data 382 + */ 383 + for (m = 0, r = 0; m < sizeof(msg);) { 384 + /* skip checking the data that has been popped */ 385 + if (m >= pop_policy[i].pop_start && 386 + m <= pop_policy[i].pop_start + pop_policy[i].pop_len - 1) { 387 + m++; 388 + continue; 389 + } 390 + 391 + if (!ASSERT_EQ(msg[m], rcv[r], "data mismatch")) 392 + goto out; 393 + m++; 394 + r++; 395 + } 396 + i++; 397 + } 398 + out: 399 + if (c) 400 + close(c); 401 + if (p) 402 + close(p); 403 + test_sockmap_ktls__destroy(skel); 404 + } 405 + 317 406 static void run_tests(int family, enum bpf_map_type map_type) 318 407 { 319 408 int map; ··· 427 338 test_sockmap_ktls_tx_cork(family, sotype, true); 428 339 if (test__start_subtest("tls tx egress with no buf")) 429 340 test_sockmap_ktls_tx_no_buf(family, sotype, true); 341 + if (test__start_subtest("tls tx with pop")) 342 + test_sockmap_ktls_tx_pop(family, sotype); 430 343 } 431 344 432 345 void test_sockmap_ktls(void)
+4
tools/testing/selftests/bpf/progs/test_sockmap_ktls.c
··· 7 7 int push_start; 8 8 int push_end; 9 9 int apply_bytes; 10 + int pop_start; 11 + int pop_end; 10 12 11 13 struct { 12 14 __uint(type, BPF_MAP_TYPE_SOCKMAP); ··· 24 22 bpf_msg_cork_bytes(msg, cork_byte); 25 23 if (push_start > 0 && push_end > 0) 26 24 bpf_msg_push_data(msg, push_start, push_end, 0); 25 + if (pop_start >= 0 && pop_end > 0) 26 + bpf_msg_pop_data(msg, pop_start, pop_end, 0); 27 27 28 28 return SK_PASS; 29 29 }