1 // SPDX-License-Identifier: GPL-2.0
3 * To speed up listener socket lookup, create an array to store all sockets
4 * listening on the same port. This allows a decision to be made after finding
5 * the first socket. An optional BPF program can also be configured for
6 * selecting the socket index from the array of available sockets.
10 #include <net/sock_reuseport.h>
11 #include <linux/bpf.h>
12 #include <linux/idr.h>
13 #include <linux/filter.h>
14 #include <linux/rcupdate.h>
16 #define INIT_SOCKS 128
18 DEFINE_SPINLOCK(reuseport_lock);
20 static DEFINE_IDA(reuseport_ida);
21 static int reuseport_resurrect(struct sock *sk, struct sock_reuseport *old_reuse,
22 struct sock_reuseport *reuse, bool bind_inany);
24 static int reuseport_sock_index(struct sock *sk,
25 const struct sock_reuseport *reuse,
32 right = reuse->num_socks;
34 left = reuse->max_socks - reuse->num_closed_socks;
35 right = reuse->max_socks;
38 for (; left < right; left++)
39 if (reuse->socks[left] == sk)
44 static void __reuseport_add_sock(struct sock *sk,
45 struct sock_reuseport *reuse)
47 reuse->socks[reuse->num_socks] = sk;
48 /* paired with smp_rmb() in reuseport_(select|migrate)_sock() */
53 static bool __reuseport_detach_sock(struct sock *sk,
54 struct sock_reuseport *reuse)
56 int i = reuseport_sock_index(sk, reuse, false);
61 reuse->socks[i] = reuse->socks[reuse->num_socks - 1];
67 static void __reuseport_add_closed_sock(struct sock *sk,
68 struct sock_reuseport *reuse)
70 reuse->socks[reuse->max_socks - reuse->num_closed_socks - 1] = sk;
71 /* paired with READ_ONCE() in inet_csk_bind_conflict() */
72 WRITE_ONCE(reuse->num_closed_socks, reuse->num_closed_socks + 1);
75 static bool __reuseport_detach_closed_sock(struct sock *sk,
76 struct sock_reuseport *reuse)
78 int i = reuseport_sock_index(sk, reuse, true);
83 reuse->socks[i] = reuse->socks[reuse->max_socks - reuse->num_closed_socks];
84 /* paired with READ_ONCE() in inet_csk_bind_conflict() */
85 WRITE_ONCE(reuse->num_closed_socks, reuse->num_closed_socks - 1);
90 static struct sock_reuseport *__reuseport_alloc(unsigned int max_socks)
92 unsigned int size = sizeof(struct sock_reuseport) +
93 sizeof(struct sock *) * max_socks;
94 struct sock_reuseport *reuse = kzalloc(size, GFP_ATOMIC);
99 reuse->max_socks = max_socks;
101 RCU_INIT_POINTER(reuse->prog, NULL);
105 int reuseport_alloc(struct sock *sk, bool bind_inany)
107 struct sock_reuseport *reuse;
110 /* bh lock used since this function call may precede hlist lock in
111 * soft irq of receive path or setsockopt from process context
113 spin_lock_bh(&reuseport_lock);
115 /* Allocation attempts can occur concurrently via the setsockopt path
116 * and the bind/hash path. Nothing to do when we lose the race.
118 reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
119 lockdep_is_held(&reuseport_lock));
121 if (reuse->num_closed_socks) {
122 /* sk was shutdown()ed before */
123 ret = reuseport_resurrect(sk, reuse, NULL, bind_inany);
127 /* Only set reuse->bind_inany if the bind_inany is true.
128 * Otherwise, it will overwrite the reuse->bind_inany
129 * which was set by the bind/hash path.
132 reuse->bind_inany = bind_inany;
136 reuse = __reuseport_alloc(INIT_SOCKS);
142 id = ida_alloc(&reuseport_ida, GFP_ATOMIC);
149 reuse->reuseport_id = id;
150 reuse->bind_inany = bind_inany;
151 reuse->socks[0] = sk;
152 reuse->num_socks = 1;
153 rcu_assign_pointer(sk->sk_reuseport_cb, reuse);
156 spin_unlock_bh(&reuseport_lock);
160 EXPORT_SYMBOL(reuseport_alloc);
162 static struct sock_reuseport *reuseport_grow(struct sock_reuseport *reuse)
164 struct sock_reuseport *more_reuse;
165 u32 more_socks_size, i;
167 more_socks_size = reuse->max_socks * 2U;
168 if (more_socks_size > U16_MAX) {
169 if (reuse->num_closed_socks) {
170 /* Make room by removing a closed sk.
171 * The child has already been migrated.
172 * Only reqsk left at this point.
176 sk = reuse->socks[reuse->max_socks - reuse->num_closed_socks];
177 RCU_INIT_POINTER(sk->sk_reuseport_cb, NULL);
178 __reuseport_detach_closed_sock(sk, reuse);
186 more_reuse = __reuseport_alloc(more_socks_size);
190 more_reuse->num_socks = reuse->num_socks;
191 more_reuse->num_closed_socks = reuse->num_closed_socks;
192 more_reuse->prog = reuse->prog;
193 more_reuse->reuseport_id = reuse->reuseport_id;
194 more_reuse->bind_inany = reuse->bind_inany;
195 more_reuse->has_conns = reuse->has_conns;
197 memcpy(more_reuse->socks, reuse->socks,
198 reuse->num_socks * sizeof(struct sock *));
199 memcpy(more_reuse->socks +
200 (more_reuse->max_socks - more_reuse->num_closed_socks),
201 reuse->socks + (reuse->max_socks - reuse->num_closed_socks),
202 reuse->num_closed_socks * sizeof(struct sock *));
203 more_reuse->synq_overflow_ts = READ_ONCE(reuse->synq_overflow_ts);
205 for (i = 0; i < reuse->max_socks; ++i)
206 rcu_assign_pointer(reuse->socks[i]->sk_reuseport_cb,
209 /* Note: we use kfree_rcu here instead of reuseport_free_rcu so
210 * that reuse and more_reuse can temporarily share a reference
213 kfree_rcu(reuse, rcu);
217 static void reuseport_free_rcu(struct rcu_head *head)
219 struct sock_reuseport *reuse;
221 reuse = container_of(head, struct sock_reuseport, rcu);
222 sk_reuseport_prog_free(rcu_dereference_protected(reuse->prog, 1));
223 ida_free(&reuseport_ida, reuse->reuseport_id);
228 * reuseport_add_sock - Add a socket to the reuseport group of another.
229 * @sk: New socket to add to the group.
230 * @sk2: Socket belonging to the existing reuseport group.
231 * @bind_inany: Whether or not the group is bound to a local INANY address.
233 * May return ENOMEM and not add socket to group under memory pressure.
235 int reuseport_add_sock(struct sock *sk, struct sock *sk2, bool bind_inany)
237 struct sock_reuseport *old_reuse, *reuse;
239 if (!rcu_access_pointer(sk2->sk_reuseport_cb)) {
240 int err = reuseport_alloc(sk2, bind_inany);
246 spin_lock_bh(&reuseport_lock);
247 reuse = rcu_dereference_protected(sk2->sk_reuseport_cb,
248 lockdep_is_held(&reuseport_lock));
249 old_reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
250 lockdep_is_held(&reuseport_lock));
251 if (old_reuse && old_reuse->num_closed_socks) {
252 /* sk was shutdown()ed before */
253 int err = reuseport_resurrect(sk, old_reuse, reuse, reuse->bind_inany);
255 spin_unlock_bh(&reuseport_lock);
259 if (old_reuse && old_reuse->num_socks != 1) {
260 spin_unlock_bh(&reuseport_lock);
264 if (reuse->num_socks + reuse->num_closed_socks == reuse->max_socks) {
265 reuse = reuseport_grow(reuse);
267 spin_unlock_bh(&reuseport_lock);
272 __reuseport_add_sock(sk, reuse);
273 rcu_assign_pointer(sk->sk_reuseport_cb, reuse);
275 spin_unlock_bh(&reuseport_lock);
278 call_rcu(&old_reuse->rcu, reuseport_free_rcu);
281 EXPORT_SYMBOL(reuseport_add_sock);
283 static int reuseport_resurrect(struct sock *sk, struct sock_reuseport *old_reuse,
284 struct sock_reuseport *reuse, bool bind_inany)
286 if (old_reuse == reuse) {
287 /* If sk was in the same reuseport group, just pop sk out of
288 * the closed section and push sk into the listening section.
290 __reuseport_detach_closed_sock(sk, old_reuse);
291 __reuseport_add_sock(sk, old_reuse);
296 /* In bind()/listen() path, we cannot carry over the eBPF prog
297 * for the shutdown()ed socket. In setsockopt() path, we should
298 * not change the eBPF prog of listening sockets by attaching a
299 * prog to the shutdown()ed socket. Thus, we will allocate a new
300 * reuseport group and detach sk from the old group.
304 reuse = __reuseport_alloc(INIT_SOCKS);
308 id = ida_alloc(&reuseport_ida, GFP_ATOMIC);
314 reuse->reuseport_id = id;
315 reuse->bind_inany = bind_inany;
317 /* Move sk from the old group to the new one if
318 * - all the other listeners in the old group were close()d or
319 * shutdown()ed, and then sk2 has listen()ed on the same port
321 * - sk listen()ed without bind() (or with autobind), was
322 * shutdown()ed, and then listen()s on another port which
325 if (reuse->num_socks + reuse->num_closed_socks == reuse->max_socks) {
326 reuse = reuseport_grow(reuse);
332 __reuseport_detach_closed_sock(sk, old_reuse);
333 __reuseport_add_sock(sk, reuse);
334 rcu_assign_pointer(sk->sk_reuseport_cb, reuse);
336 if (old_reuse->num_socks + old_reuse->num_closed_socks == 0)
337 call_rcu(&old_reuse->rcu, reuseport_free_rcu);
342 void reuseport_detach_sock(struct sock *sk)
344 struct sock_reuseport *reuse;
346 spin_lock_bh(&reuseport_lock);
347 reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
348 lockdep_is_held(&reuseport_lock));
350 /* reuseport_grow() has detached a closed sk */
354 /* Notify the bpf side. The sk may be added to a sockarray
355 * map. If so, sockarray logic will remove it from the map.
357 * Other bpf map types that work with reuseport, like sockmap,
358 * don't need an explicit callback from here. They override sk
359 * unhash/close ops to remove the sk from the map before we
362 bpf_sk_reuseport_detach(sk);
364 rcu_assign_pointer(sk->sk_reuseport_cb, NULL);
366 if (!__reuseport_detach_closed_sock(sk, reuse))
367 __reuseport_detach_sock(sk, reuse);
369 if (reuse->num_socks + reuse->num_closed_socks == 0)
370 call_rcu(&reuse->rcu, reuseport_free_rcu);
373 spin_unlock_bh(&reuseport_lock);
375 EXPORT_SYMBOL(reuseport_detach_sock);
377 void reuseport_stop_listen_sock(struct sock *sk)
379 if (sk->sk_protocol == IPPROTO_TCP) {
380 struct sock_reuseport *reuse;
381 struct bpf_prog *prog;
383 spin_lock_bh(&reuseport_lock);
385 reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
386 lockdep_is_held(&reuseport_lock));
387 prog = rcu_dereference_protected(reuse->prog,
388 lockdep_is_held(&reuseport_lock));
390 if (sock_net(sk)->ipv4.sysctl_tcp_migrate_req ||
391 (prog && prog->expected_attach_type == BPF_SK_REUSEPORT_SELECT_OR_MIGRATE)) {
392 /* Migration capable, move sk from the listening section
393 * to the closed section.
395 bpf_sk_reuseport_detach(sk);
397 __reuseport_detach_sock(sk, reuse);
398 __reuseport_add_closed_sock(sk, reuse);
400 spin_unlock_bh(&reuseport_lock);
404 spin_unlock_bh(&reuseport_lock);
407 /* Not capable to do migration, detach immediately */
408 reuseport_detach_sock(sk);
410 EXPORT_SYMBOL(reuseport_stop_listen_sock);
412 static struct sock *run_bpf_filter(struct sock_reuseport *reuse, u16 socks,
413 struct bpf_prog *prog, struct sk_buff *skb,
416 struct sk_buff *nskb = NULL;
419 if (skb_shared(skb)) {
420 nskb = skb_clone(skb, GFP_ATOMIC);
426 /* temporarily advance data past protocol header */
427 if (!pskb_pull(skb, hdr_len)) {
431 index = bpf_prog_run_save_cb(prog, skb);
432 __skb_push(skb, hdr_len);
439 return reuse->socks[index];
442 static struct sock *reuseport_select_sock_by_hash(struct sock_reuseport *reuse,
443 u32 hash, u16 num_socks)
447 i = j = reciprocal_scale(hash, num_socks);
448 while (reuse->socks[i]->sk_state == TCP_ESTABLISHED) {
456 return reuse->socks[i];
460 * reuseport_select_sock - Select a socket from an SO_REUSEPORT group.
461 * @sk: First socket in the group.
462 * @hash: When no BPF filter is available, use this hash to select.
463 * @skb: skb to run through BPF filter.
464 * @hdr_len: BPF filter expects skb data pointer at payload data. If
465 * the skb does not yet point at the payload, this parameter represents
466 * how far the pointer needs to advance to reach the payload.
467 * Returns a socket that should receive the packet (or NULL on error).
469 struct sock *reuseport_select_sock(struct sock *sk,
474 struct sock_reuseport *reuse;
475 struct bpf_prog *prog;
476 struct sock *sk2 = NULL;
480 reuse = rcu_dereference(sk->sk_reuseport_cb);
482 /* if memory allocation failed or add call is not yet complete */
486 prog = rcu_dereference(reuse->prog);
487 socks = READ_ONCE(reuse->num_socks);
489 /* paired with smp_wmb() in __reuseport_add_sock() */
495 if (prog->type == BPF_PROG_TYPE_SK_REUSEPORT)
496 sk2 = bpf_run_sk_reuseport(reuse, sk, prog, skb, NULL, hash);
498 sk2 = run_bpf_filter(reuse, socks, prog, skb, hdr_len);
501 /* no bpf or invalid bpf result: fall back to hash usage */
503 sk2 = reuseport_select_sock_by_hash(reuse, hash, socks);
510 EXPORT_SYMBOL(reuseport_select_sock);
513 * reuseport_migrate_sock - Select a socket from an SO_REUSEPORT group.
514 * @sk: close()ed or shutdown()ed socket in the group.
515 * @migrating_sk: ESTABLISHED/SYN_RECV full socket in the accept queue or
516 * NEW_SYN_RECV request socket during 3WHS.
517 * @skb: skb to run through BPF filter.
518 * Returns a socket (with sk_refcnt +1) that should accept the child socket
519 * (or NULL on error).
521 struct sock *reuseport_migrate_sock(struct sock *sk,
522 struct sock *migrating_sk,
525 struct sock_reuseport *reuse;
526 struct sock *nsk = NULL;
527 bool allocated = false;
528 struct bpf_prog *prog;
534 reuse = rcu_dereference(sk->sk_reuseport_cb);
538 socks = READ_ONCE(reuse->num_socks);
539 if (unlikely(!socks))
542 /* paired with smp_wmb() in __reuseport_add_sock() */
545 hash = migrating_sk->sk_hash;
546 prog = rcu_dereference(reuse->prog);
547 if (!prog || prog->expected_attach_type != BPF_SK_REUSEPORT_SELECT_OR_MIGRATE) {
548 if (sock_net(sk)->ipv4.sysctl_tcp_migrate_req)
554 skb = alloc_skb(0, GFP_ATOMIC);
560 nsk = bpf_run_sk_reuseport(reuse, sk, prog, skb, migrating_sk, hash);
567 nsk = reuseport_select_sock_by_hash(reuse, hash, socks);
569 if (IS_ERR_OR_NULL(nsk) || unlikely(!refcount_inc_not_zero(&nsk->sk_refcnt))) {
579 __NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPMIGRATEREQFAILURE);
582 EXPORT_SYMBOL(reuseport_migrate_sock);
584 int reuseport_attach_prog(struct sock *sk, struct bpf_prog *prog)
586 struct sock_reuseport *reuse;
587 struct bpf_prog *old_prog;
589 if (sk_unhashed(sk)) {
592 if (!sk->sk_reuseport)
595 err = reuseport_alloc(sk, false);
598 } else if (!rcu_access_pointer(sk->sk_reuseport_cb)) {
599 /* The socket wasn't bound with SO_REUSEPORT */
603 spin_lock_bh(&reuseport_lock);
604 reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
605 lockdep_is_held(&reuseport_lock));
606 old_prog = rcu_dereference_protected(reuse->prog,
607 lockdep_is_held(&reuseport_lock));
608 rcu_assign_pointer(reuse->prog, prog);
609 spin_unlock_bh(&reuseport_lock);
611 sk_reuseport_prog_free(old_prog);
614 EXPORT_SYMBOL(reuseport_attach_prog);
616 int reuseport_detach_prog(struct sock *sk)
618 struct sock_reuseport *reuse;
619 struct bpf_prog *old_prog;
622 spin_lock_bh(&reuseport_lock);
623 reuse = rcu_dereference_protected(sk->sk_reuseport_cb,
624 lockdep_is_held(&reuseport_lock));
626 /* reuse must be checked after acquiring the reuseport_lock
627 * because reuseport_grow() can detach a closed sk.
630 spin_unlock_bh(&reuseport_lock);
631 return sk->sk_reuseport ? -ENOENT : -EINVAL;
634 if (sk_unhashed(sk) && reuse->num_closed_socks) {
635 spin_unlock_bh(&reuseport_lock);
639 old_prog = rcu_replace_pointer(reuse->prog, old_prog,
640 lockdep_is_held(&reuseport_lock));
641 spin_unlock_bh(&reuseport_lock);
646 sk_reuseport_prog_free(old_prog);
649 EXPORT_SYMBOL(reuseport_detach_prog);
projects / platform / kernel / linux-rpi.git / blob