Unverified Commit eafe5220 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!3977 Terrace Service Acceleration 

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/5BLF6VRBG3X2VZHD53SJSPWAH6SQCTBL/ 
Terrace Service Acceleration.

Lu Wei (1):
  net: core: Add a GID field to struct sock.

Wang Yufen (2):
  bpf: Add new bpf helper to get SO_ORIGINAL_DST/REPLY_SRC
  bpf, sockmap: Add sk_rmem_alloc check for sockmap

Zhengchao Shao (1):
  bpf: Add bpf_get_sockops_uid_gid helper function


-- 
2.34.1
 
https://gitee.com/openeuler/kernel/issues/I8KU3B 
 
Link:https://gitee.com/openeuler/kernel/pulls/3977

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parents 5cab1e7e af437584

include/net/netfilter/nf_conntrack.h

+6 −0
Original line number Diff line number Diff line
@@ -377,4 +377,10 @@ int nf_ct_handle_fragments(struct net *net, struct sk_buff *skb, 
#define MODULE_ALIAS_NFCT_HELPER(helper) \

        MODULE_ALIAS("nfct-helper-" helper)



#if IS_ENABLED(CONFIG_NETACC_TERRACE)

typedef int (*bpf_getorigdst_opt_func)(struct sock *sk, int optname,

				       void *optval, int *optlen, int dir);

extern bpf_getorigdst_opt_func bpf_getorigdst_opt;

#endif



#endif /* _NF_CONNTRACK_H */

include/net/sock.h

+18 −0
Original line number Diff line number Diff line
@@ -300,6 +300,7 @@ struct sk_filter; 
  *	@sk_ack_backlog: current listen backlog

  *	@sk_max_ack_backlog: listen backlog set in listen()

  *	@sk_uid: user id of owner

  *	@sk_gid: group id of owner

  *	@sk_prefer_busy_poll: prefer busypolling over softirq processing

  *	@sk_busy_poll_budget: napi processing budget when busypolling

  *	@sk_priority: %SO_PRIORITY setting
@@ -545,6 +546,13 @@ struct sock { 
	struct rcu_head		sk_rcu;

	netns_tracker		ns_tracker;

	struct hlist_node	sk_bind2_node;



#if IS_ENABLED(CONFIG_NETACC_TERRACE)

	union {

		kgid_t	sk_gid;

		u64	sk_gid_padding;

	};

#endif

};



enum sk_pacing {
@@ -2117,6 +2125,9 @@ static inline void sock_graft(struct sock *sk, struct socket *parent) 
	parent->sk = sk;

	sk_set_socket(sk, parent);

	sk->sk_uid = SOCK_INODE(parent)->i_uid;

#if IS_ENABLED(CONFIG_NETACC_TERRACE)

	sk->sk_gid = SOCK_INODE(parent)->i_gid;

#endif

	security_sock_graft(sk, parent);

	write_unlock_bh(&sk->sk_callback_lock);

}
@@ -2130,6 +2141,13 @@ static inline kuid_t sock_net_uid(const struct net *net, const struct sock *sk) 
	return sk ? sk->sk_uid : make_kuid(net->user_ns, 0);

}



#if IS_ENABLED(CONFIG_NETACC_TERRACE)

static inline kgid_t sock_net_gid(const struct net *net, const struct sock *sk)

{

	return sk ? sk->sk_gid : make_kgid(net->user_ns, 0);

}

#endif



static inline u32 net_tx_rndhash(void)

{

	u32 v = get_random_u32();

include/uapi/linux/netfilter_ipv4.h

+2 −0
Original line number Diff line number Diff line
@@ -50,6 +50,8 @@ enum nf_ip_hook_priorities { 
/* 2.2 firewalling (+ masq) went from 64 through 76 */

/* 2.4 firewalling went 64 through 67. */

#define SO_ORIGINAL_DST 80

#define BPF_SO_ORIGINAL_DST 800

#define BPF_SO_REPLY_SRC 801





#endif /* _UAPI__LINUX_IP_NETFILTER_H */

net/Kconfig

+7 −0
Original line number Diff line number Diff line
@@ -514,4 +514,11 @@ config NETACC_BPF 
	help

	  Network acceleration in bpf.



config NETACC_TERRACE

	bool "Terrace Service Acceleration"

	default y

	help

	  Accelerating intra-node communication on the data plane of the

	  Terrace service.



endif   # if NET

net/core/filter.c

+66 −0
Original line number Diff line number Diff line
@@ -5595,6 +5595,65 @@ static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock, 
	return ret;

}



#if IS_ENABLED(CONFIG_NETACC_TERRACE)

#define SK_BPF_GID_UID  18000



#include <net/netfilter/nf_conntrack.h>

#include <linux/netfilter_ipv4.h>



bpf_getorigdst_opt_func bpf_getorigdst_opt;

EXPORT_SYMBOL(bpf_getorigdst_opt);



static int bpf_sock_ops_get_uid_gid(struct bpf_sock_ops_kern *bpf_sock,

				    char *optval, int optlen)

{

	struct sock *sk = bpf_sock->sk;

	kuid_t uid;

	kgid_t gid;



	if (!sk || !sk_fullsock(sk) || optlen < sizeof(u64))

		return -EINVAL;



	uid = sock_net_uid(sock_net(sk), sk);

	gid = sock_net_gid(sock_net(sk), sk);



	*(u32 *)optval = from_kgid_munged(sock_net(sk)->user_ns, gid);

	*((u32 *)optval + 1) = from_kuid_munged(sock_net(sk)->user_ns, uid);



	return sizeof(u64);

}



static int bpf_sk_original_addr(struct bpf_sock_ops_kern *bpf_sock,

				int optname, char *optval, int optlen)

{

	struct sock *sk = bpf_sock->sk;

	int ret = -EINVAL;



	if (!sk_fullsock(sk))

		goto err_clear;



	if (!bpf_getorigdst_opt)

		goto err_clear;



#if IS_ENABLED(CONFIG_NF_CONNTRACK)

	if (optname == BPF_SO_ORIGINAL_DST)

		ret = bpf_getorigdst_opt(sk, optname, optval, &optlen,

					 IP_CT_DIR_ORIGINAL);

	else

		ret = bpf_getorigdst_opt(sk, optname, optval, &optlen,

					 IP_CT_DIR_REPLY);

	if (ret < 0)

		goto err_clear;

	return ret;

#endif



err_clear:

	memset(optval, 0, optlen);

	return ret;

}



#endif



BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,

	   int, level, int, optname, char *, optval, int, optlen)

{
@@ -5619,6 +5678,13 @@ BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock, 


		return ret;

	}

#if IS_ENABLED(CONFIG_NETACC_TERRACE)

	if (level == SOL_IP && optname == SK_BPF_GID_UID)

		return bpf_sock_ops_get_uid_gid(bpf_sock, optval, optlen);

	else if (level == SOL_IP && (optname == BPF_SO_ORIGINAL_DST ||

				     optname == BPF_SO_REPLY_SRC))

		return bpf_sk_original_addr(bpf_sock, optname, optval, optlen);

#endif



	return _bpf_getsockopt(bpf_sock->sk, level, optname, optval, optlen);

}