Message ID | 160381601522.1435097.11103677488984953095.stgit@firesoul |
---|---|
State | Superseded |
Headers | show |
Series | bpf: New approach for BPF MTU handling | expand |
On 10/27/20 10:26 AM, Jesper Dangaard Brouer wrote: > The BPF-helpers for FIB lookup (bpf_xdp_fib_lookup and bpf_skb_fib_lookup) > can perform MTU check and return BPF_FIB_LKUP_RET_FRAG_NEEDED. The BPF-prog > don't know the MTU value that caused this rejection. > > If the BPF-prog wants to implement PMTU (Path MTU Discovery) (rfc1191) it > need to know this MTU value for the ICMP packet. > > Patch change lookup and result struct bpf_fib_lookup, to contain this MTU > value as output via a union with 'tot_len' as this is the value used for > the MTU lookup. > > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> > --- > include/uapi/linux/bpf.h | 11 +++++++++-- > net/core/filter.c | 17 ++++++++++++----- > tools/include/uapi/linux/bpf.h | 11 +++++++++-- > 3 files changed, 30 insertions(+), 9 deletions(-) > Reviewed-by: David Ahern <dsahern@kernel.org>
Hi Jesper, url: https://github.com/0day-ci/linux/commits/Jesper-Dangaard-Brouer/bpf-New-approach-for-BPF-MTU-handling/20201028-002919 base: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git master config: i386-randconfig-m021-20201026 (attached as .config) compiler: gcc-9 (Debian 9.3.0-15) 9.3.0 If you fix the issue, kindly add following tag as appropriate Reported-by: kernel test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> New smatch warnings: net/core/filter.c:5395 bpf_ipv4_fib_lookup() error: uninitialized symbol 'mtu'. vim +/mtu +5395 net/core/filter.c 87f5fc7e48dd317 David Ahern 2018-05-09 5281 static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, 4f74fede40df8db David Ahern 2018-05-21 5282 u32 flags, bool check_mtu) 87f5fc7e48dd317 David Ahern 2018-05-09 5283 { eba618abacade71 David Ahern 2019-04-02 5284 struct fib_nh_common *nhc; 87f5fc7e48dd317 David Ahern 2018-05-09 5285 struct in_device *in_dev; 87f5fc7e48dd317 David Ahern 2018-05-09 5286 struct neighbour *neigh; 87f5fc7e48dd317 David Ahern 2018-05-09 5287 struct net_device *dev; 87f5fc7e48dd317 David Ahern 2018-05-09 5288 struct fib_result res; 87f5fc7e48dd317 David Ahern 2018-05-09 5289 struct flowi4 fl4; 87f5fc7e48dd317 David Ahern 2018-05-09 5290 int err; 4f74fede40df8db David Ahern 2018-05-21 5291 u32 mtu; ^^^^^^^^ 87f5fc7e48dd317 David Ahern 2018-05-09 5292 87f5fc7e48dd317 David Ahern 2018-05-09 5293 dev = dev_get_by_index_rcu(net, params->ifindex); 87f5fc7e48dd317 David Ahern 2018-05-09 5294 if (unlikely(!dev)) 87f5fc7e48dd317 David Ahern 2018-05-09 5295 return -ENODEV; 87f5fc7e48dd317 David Ahern 2018-05-09 5296 87f5fc7e48dd317 David Ahern 2018-05-09 5297 /* verify forwarding is enabled on this interface */ 87f5fc7e48dd317 David Ahern 2018-05-09 5298 in_dev = __in_dev_get_rcu(dev); 87f5fc7e48dd317 David Ahern 2018-05-09 5299 if (unlikely(!in_dev || !IN_DEV_FORWARD(in_dev))) 4c79579b44b1876 David Ahern 2018-06-26 5300 return BPF_FIB_LKUP_RET_FWD_DISABLED; 87f5fc7e48dd317 David Ahern 2018-05-09 5301 87f5fc7e48dd317 David Ahern 2018-05-09 5302 if (flags & BPF_FIB_LOOKUP_OUTPUT) { 87f5fc7e48dd317 David Ahern 2018-05-09 5303 fl4.flowi4_iif = 1; 87f5fc7e48dd317 David Ahern 2018-05-09 5304 fl4.flowi4_oif = params->ifindex; 87f5fc7e48dd317 David Ahern 2018-05-09 5305 } else { 87f5fc7e48dd317 David Ahern 2018-05-09 5306 fl4.flowi4_iif = params->ifindex; 87f5fc7e48dd317 David Ahern 2018-05-09 5307 fl4.flowi4_oif = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5308 } 87f5fc7e48dd317 David Ahern 2018-05-09 5309 fl4.flowi4_tos = params->tos & IPTOS_RT_MASK; 87f5fc7e48dd317 David Ahern 2018-05-09 5310 fl4.flowi4_scope = RT_SCOPE_UNIVERSE; 87f5fc7e48dd317 David Ahern 2018-05-09 5311 fl4.flowi4_flags = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5312 87f5fc7e48dd317 David Ahern 2018-05-09 5313 fl4.flowi4_proto = params->l4_protocol; 87f5fc7e48dd317 David Ahern 2018-05-09 5314 fl4.daddr = params->ipv4_dst; 87f5fc7e48dd317 David Ahern 2018-05-09 5315 fl4.saddr = params->ipv4_src; 87f5fc7e48dd317 David Ahern 2018-05-09 5316 fl4.fl4_sport = params->sport; 87f5fc7e48dd317 David Ahern 2018-05-09 5317 fl4.fl4_dport = params->dport; 1869e226a7b3ef7 David Ahern 2020-09-13 5318 fl4.flowi4_multipath_hash = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5319 87f5fc7e48dd317 David Ahern 2018-05-09 5320 if (flags & BPF_FIB_LOOKUP_DIRECT) { 87f5fc7e48dd317 David Ahern 2018-05-09 5321 u32 tbid = l3mdev_fib_table_rcu(dev) ? : RT_TABLE_MAIN; 87f5fc7e48dd317 David Ahern 2018-05-09 5322 struct fib_table *tb; 87f5fc7e48dd317 David Ahern 2018-05-09 5323 87f5fc7e48dd317 David Ahern 2018-05-09 5324 tb = fib_get_table(net, tbid); 87f5fc7e48dd317 David Ahern 2018-05-09 5325 if (unlikely(!tb)) 4c79579b44b1876 David Ahern 2018-06-26 5326 return BPF_FIB_LKUP_RET_NOT_FWDED; 87f5fc7e48dd317 David Ahern 2018-05-09 5327 87f5fc7e48dd317 David Ahern 2018-05-09 5328 err = fib_table_lookup(tb, &fl4, &res, FIB_LOOKUP_NOREF); 87f5fc7e48dd317 David Ahern 2018-05-09 5329 } else { 87f5fc7e48dd317 David Ahern 2018-05-09 5330 fl4.flowi4_mark = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5331 fl4.flowi4_secid = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5332 fl4.flowi4_tun_key.tun_id = 0; 87f5fc7e48dd317 David Ahern 2018-05-09 5333 fl4.flowi4_uid = sock_net_uid(net, NULL); 87f5fc7e48dd317 David Ahern 2018-05-09 5334 87f5fc7e48dd317 David Ahern 2018-05-09 5335 err = fib_lookup(net, &fl4, &res, FIB_LOOKUP_NOREF); 87f5fc7e48dd317 David Ahern 2018-05-09 5336 } 87f5fc7e48dd317 David Ahern 2018-05-09 5337 4c79579b44b1876 David Ahern 2018-06-26 5338 if (err) { 4c79579b44b1876 David Ahern 2018-06-26 5339 /* map fib lookup errors to RTN_ type */ 4c79579b44b1876 David Ahern 2018-06-26 5340 if (err == -EINVAL) 4c79579b44b1876 David Ahern 2018-06-26 5341 return BPF_FIB_LKUP_RET_BLACKHOLE; 4c79579b44b1876 David Ahern 2018-06-26 5342 if (err == -EHOSTUNREACH) 4c79579b44b1876 David Ahern 2018-06-26 5343 return BPF_FIB_LKUP_RET_UNREACHABLE; 4c79579b44b1876 David Ahern 2018-06-26 5344 if (err == -EACCES) 4c79579b44b1876 David Ahern 2018-06-26 5345 return BPF_FIB_LKUP_RET_PROHIBIT; 4c79579b44b1876 David Ahern 2018-06-26 5346 4c79579b44b1876 David Ahern 2018-06-26 5347 return BPF_FIB_LKUP_RET_NOT_FWDED; 4c79579b44b1876 David Ahern 2018-06-26 5348 } 4c79579b44b1876 David Ahern 2018-06-26 5349 4c79579b44b1876 David Ahern 2018-06-26 5350 if (res.type != RTN_UNICAST) 4c79579b44b1876 David Ahern 2018-06-26 5351 return BPF_FIB_LKUP_RET_NOT_FWDED; 87f5fc7e48dd317 David Ahern 2018-05-09 5352 5481d73f81549e2 David Ahern 2019-06-03 5353 if (fib_info_num_path(res.fi) > 1) 87f5fc7e48dd317 David Ahern 2018-05-09 5354 fib_select_path(net, &res, &fl4, NULL); 87f5fc7e48dd317 David Ahern 2018-05-09 5355 4f74fede40df8db David Ahern 2018-05-21 5356 if (check_mtu) { 4f74fede40df8db David Ahern 2018-05-21 5357 mtu = ip_mtu_from_fib_result(&res, params->ipv4_dst); 88ffc2c2e37ebb3 Jesper Dangaard Brouer 2020-10-27 5358 if (params->tot_len > mtu) { 88ffc2c2e37ebb3 Jesper Dangaard Brouer 2020-10-27 5359 params->mtu = mtu; /* union with tot_len */ 4c79579b44b1876 David Ahern 2018-06-26 5360 return BPF_FIB_LKUP_RET_FRAG_NEEDED; 4f74fede40df8db David Ahern 2018-05-21 5361 } 88ffc2c2e37ebb3 Jesper Dangaard Brouer 2020-10-27 5362 } "mtu" not initialized on else path. 4f74fede40df8db David Ahern 2018-05-21 5363 eba618abacade71 David Ahern 2019-04-02 5364 nhc = res.nhc; 87f5fc7e48dd317 David Ahern 2018-05-09 5365 87f5fc7e48dd317 David Ahern 2018-05-09 5366 /* do not handle lwt encaps right now */ eba618abacade71 David Ahern 2019-04-02 5367 if (nhc->nhc_lwtstate) 4c79579b44b1876 David Ahern 2018-06-26 5368 return BPF_FIB_LKUP_RET_UNSUPP_LWT; 87f5fc7e48dd317 David Ahern 2018-05-09 5369 eba618abacade71 David Ahern 2019-04-02 5370 dev = nhc->nhc_dev; 87f5fc7e48dd317 David Ahern 2018-05-09 5371 87f5fc7e48dd317 David Ahern 2018-05-09 5372 params->rt_metric = res.fi->fib_priority; d1c362e1dd68a42 Toke Høiland-Jørgensen 2020-10-09 5373 params->ifindex = dev->ifindex; 87f5fc7e48dd317 David Ahern 2018-05-09 5374 87f5fc7e48dd317 David Ahern 2018-05-09 5375 /* xdp and cls_bpf programs are run in RCU-bh so 87f5fc7e48dd317 David Ahern 2018-05-09 5376 * rcu_read_lock_bh is not needed here 87f5fc7e48dd317 David Ahern 2018-05-09 5377 */ 6f5f68d05ec0f64 David Ahern 2019-04-05 5378 if (likely(nhc->nhc_gw_family != AF_INET6)) { 6f5f68d05ec0f64 David Ahern 2019-04-05 5379 if (nhc->nhc_gw_family) 6f5f68d05ec0f64 David Ahern 2019-04-05 5380 params->ipv4_dst = nhc->nhc_gw.ipv4; 6f5f68d05ec0f64 David Ahern 2019-04-05 5381 6f5f68d05ec0f64 David Ahern 2019-04-05 5382 neigh = __ipv4_neigh_lookup_noref(dev, 6f5f68d05ec0f64 David Ahern 2019-04-05 5383 (__force u32)params->ipv4_dst); 6f5f68d05ec0f64 David Ahern 2019-04-05 5384 } else { 6f5f68d05ec0f64 David Ahern 2019-04-05 5385 struct in6_addr *dst = (struct in6_addr *)params->ipv6_dst; 6f5f68d05ec0f64 David Ahern 2019-04-05 5386 6f5f68d05ec0f64 David Ahern 2019-04-05 5387 params->family = AF_INET6; 6f5f68d05ec0f64 David Ahern 2019-04-05 5388 *dst = nhc->nhc_gw.ipv6; 6f5f68d05ec0f64 David Ahern 2019-04-05 5389 neigh = __ipv6_neigh_lookup_noref_stub(dev, dst); 6f5f68d05ec0f64 David Ahern 2019-04-05 5390 } 6f5f68d05ec0f64 David Ahern 2019-04-05 5391 4c79579b44b1876 David Ahern 2018-06-26 5392 if (!neigh) 4c79579b44b1876 David Ahern 2018-06-26 5393 return BPF_FIB_LKUP_RET_NO_NEIGH; 87f5fc7e48dd317 David Ahern 2018-05-09 5394 88ffc2c2e37ebb3 Jesper Dangaard Brouer 2020-10-27 @5395 return bpf_fib_set_fwd_params(params, neigh, dev, mtu); ^^^ Uninitialized variable warning. 87f5fc7e48dd317 David Ahern 2018-05-09 5396 } --- 0-DAY CI Kernel Test Service, Intel Corporation https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
On Wed, 28 Oct 2020 15:49:42 +0300 Dan Carpenter <dan.carpenter@oracle.com> wrote: > If you fix the issue, kindly add following tag as appropriate > Reported-by: kernel test robot <lkp@intel.com> > Reported-by: Dan Carpenter <dan.carpenter@oracle.com> > > New smatch warnings: > net/core/filter.c:5395 bpf_ipv4_fib_lookup() error: uninitialized symbol 'mtu'. I will fix and send V5. -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat LinkedIn: http://www.linkedin.com/in/brouer
On Tue, 27 Oct 2020 11:15:31 -0600 David Ahern <dsahern@gmail.com> wrote: > On 10/27/20 10:26 AM, Jesper Dangaard Brouer wrote: > > The BPF-helpers for FIB lookup (bpf_xdp_fib_lookup and bpf_skb_fib_lookup) > > can perform MTU check and return BPF_FIB_LKUP_RET_FRAG_NEEDED. The BPF-prog > > don't know the MTU value that caused this rejection. > > > > If the BPF-prog wants to implement PMTU (Path MTU Discovery) (rfc1191) it > > need to know this MTU value for the ICMP packet. > > > > Patch change lookup and result struct bpf_fib_lookup, to contain this MTU > > value as output via a union with 'tot_len' as this is the value used for > > the MTU lookup. > > > > Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> > > --- > > include/uapi/linux/bpf.h | 11 +++++++++-- > > net/core/filter.c | 17 ++++++++++++----- > > tools/include/uapi/linux/bpf.h | 11 +++++++++-- > > 3 files changed, 30 insertions(+), 9 deletions(-) > > Reviewed-by: David Ahern <dsahern@kernel.org> Thanks a lot for the review. I didn't propagate-it-over in V5 of this patch, as I changed the name of the output member from mtu to mtu_result in V5. Please review V5 and give your review consent.
diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index e6ceac3f7d62..03c042e3a34c 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -2219,6 +2219,9 @@ union bpf_attr { * * > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the * packet is not forwarded or needs assist from full stack * + * If lookup fails with BPF_FIB_LKUP_RET_FRAG_NEEDED, then the MTU + * was exceeded and result params->mtu contains the MTU. + * * long bpf_sock_hash_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags) * Description * Add an entry to, or update a sockhash *map* referencing sockets. @@ -4872,9 +4875,13 @@ struct bpf_fib_lookup { __be16 sport; __be16 dport; - /* total length of packet from network header - used for MTU check */ - __u16 tot_len; + union { /* used for MTU check */ + /* input to lookup */ + __u16 tot_len; /* total length of packet from network hdr */ + /* output: MTU value (if requested check_mtu) */ + __u16 mtu; + }; /* input: L3 device index for lookup * output: device index from FIB lookup */ diff --git a/net/core/filter.c b/net/core/filter.c index 1ee97fdeea64..caa427edc563 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5265,12 +5265,13 @@ static const struct bpf_func_proto bpf_skb_get_xfrm_state_proto = { #if IS_ENABLED(CONFIG_INET) || IS_ENABLED(CONFIG_IPV6) static int bpf_fib_set_fwd_params(struct bpf_fib_lookup *params, const struct neighbour *neigh, - const struct net_device *dev) + const struct net_device *dev, u32 mtu) { memcpy(params->dmac, neigh->ha, ETH_ALEN); memcpy(params->smac, dev->dev_addr, ETH_ALEN); params->h_vlan_TCI = 0; params->h_vlan_proto = 0; + params->mtu = mtu; return 0; } @@ -5354,8 +5355,10 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, if (check_mtu) { mtu = ip_mtu_from_fib_result(&res, params->ipv4_dst); - if (params->tot_len > mtu) + if (params->tot_len > mtu) { + params->mtu = mtu; /* union with tot_len */ return BPF_FIB_LKUP_RET_FRAG_NEEDED; + } } nhc = res.nhc; @@ -5389,7 +5392,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, if (!neigh) return BPF_FIB_LKUP_RET_NO_NEIGH; - return bpf_fib_set_fwd_params(params, neigh, dev); + return bpf_fib_set_fwd_params(params, neigh, dev, mtu); } #endif @@ -5481,8 +5484,10 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, if (check_mtu) { mtu = ipv6_stub->ip6_mtu_from_fib6(&res, dst, src); - if (params->tot_len > mtu) + if (params->tot_len > mtu) { + params->mtu = mtu; /* union with tot_len */ return BPF_FIB_LKUP_RET_FRAG_NEEDED; + } } if (res.nh->fib_nh_lws) @@ -5502,7 +5507,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, if (!neigh) return BPF_FIB_LKUP_RET_NO_NEIGH; - return bpf_fib_set_fwd_params(params, neigh, dev); + return bpf_fib_set_fwd_params(params, neigh, dev, mtu); } #endif @@ -5571,6 +5576,8 @@ BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, skb, dev = dev_get_by_index_rcu(net, params->ifindex); if (!is_skb_forwardable(dev, skb)) rc = BPF_FIB_LKUP_RET_FRAG_NEEDED; + + params->mtu = dev->mtu; /* union with tot_len */ } return rc; diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index e6ceac3f7d62..03c042e3a34c 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h @@ -2219,6 +2219,9 @@ union bpf_attr { * * > 0 one of **BPF_FIB_LKUP_RET_** codes explaining why the * packet is not forwarded or needs assist from full stack * + * If lookup fails with BPF_FIB_LKUP_RET_FRAG_NEEDED, then the MTU + * was exceeded and result params->mtu contains the MTU. + * * long bpf_sock_hash_update(struct bpf_sock_ops *skops, struct bpf_map *map, void *key, u64 flags) * Description * Add an entry to, or update a sockhash *map* referencing sockets. @@ -4872,9 +4875,13 @@ struct bpf_fib_lookup { __be16 sport; __be16 dport; - /* total length of packet from network header - used for MTU check */ - __u16 tot_len; + union { /* used for MTU check */ + /* input to lookup */ + __u16 tot_len; /* total length of packet from network hdr */ + /* output: MTU value (if requested check_mtu) */ + __u16 mtu; + }; /* input: L3 device index for lookup * output: device index from FIB lookup */
The BPF-helpers for FIB lookup (bpf_xdp_fib_lookup and bpf_skb_fib_lookup) can perform MTU check and return BPF_FIB_LKUP_RET_FRAG_NEEDED. The BPF-prog don't know the MTU value that caused this rejection. If the BPF-prog wants to implement PMTU (Path MTU Discovery) (rfc1191) it need to know this MTU value for the ICMP packet. Patch change lookup and result struct bpf_fib_lookup, to contain this MTU value as output via a union with 'tot_len' as this is the value used for the MTU lookup. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> --- include/uapi/linux/bpf.h | 11 +++++++++-- net/core/filter.c | 17 ++++++++++++----- tools/include/uapi/linux/bpf.h | 11 +++++++++-- 3 files changed, 30 insertions(+), 9 deletions(-)