bpf: Support narrow loads from bpf_sock_addr.user_port

bpf_sock_addr.user_port supports only 4-byte load and it leads to ugly
code in BPF programs, like:

	volatile __u32 user_port = ctx->user_port;
	__u16 port = bpf_ntohs(user_port);

Since otherwise clang may optimize the load to be 2-byte and it's
rejected by verifier.

Add support for 1- and 2-byte loads same way as it's supported for other
fields in bpf_sock_addr like user_ip4, msg_src_ip4, etc.

Signed-off-by: Andrey Ignatov <rdna@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/c1e983f4c17573032601d0b2b1f9d1274f24bc16.1589420814.git.rdna@fb.com

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index bfb31c1..85cfdff 100644 (file)
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -3728,7 +3728,7 @@ struct bpf_sock_addr {
        __u32 user_ip6[4];      /* Allows 1,2,4,8-byte read and 4,8-byte write.
                                 * Stored in network byte order.
                                 */
-       __u32 user_port;        /* Allows 4-byte read and write.
+       __u32 user_port;        /* Allows 1,2,4-byte read and 4-byte write.
                                 * Stored in network byte order
                                 */
        __u32 family;           /* Allows 4-byte read, but no write */

diff --git a/net/core/filter.c b/net/core/filter.c
index da06349..1fe8c0c 100644 (file)
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -7029,6 +7029,7 @@ static bool sock_addr_is_valid_access(int off, int size,
        case bpf_ctx_range(struct bpf_sock_addr, msg_src_ip4):
        case bpf_ctx_range_till(struct bpf_sock_addr, msg_src_ip6[0],
                                msg_src_ip6[3]):
+       case bpf_ctx_range(struct bpf_sock_addr, user_port):
                if (type == BPF_READ) {
                        bpf_ctx_record_field_size(info, size_default);
 
@@ -7059,10 +7060,6 @@ static bool sock_addr_is_valid_access(int off, int size,
                                return false;
                }
                break;
-       case bpf_ctx_range(struct bpf_sock_addr, user_port):
-               if (size != size_default)
-                       return false;
-               break;
        case offsetof(struct bpf_sock_addr, sk):
                if (type != BPF_READ)
                        return false;
@@ -7958,8 +7955,8 @@ static u32 sock_addr_convert_ctx_access(enum bpf_access_type type,
                                        struct bpf_insn *insn_buf,
                                        struct bpf_prog *prog, u32 *target_size)
 {
+       int off, port_size = sizeof_field(struct sockaddr_in6, sin6_port);
        struct bpf_insn *insn = insn_buf;
-       int off;
 
        switch (si->off) {
        case offsetof(struct bpf_sock_addr, user_family):
@@ -7994,9 +7991,11 @@ static u32 sock_addr_convert_ctx_access(enum bpf_access_type type,
                             offsetof(struct sockaddr_in6, sin6_port));
                BUILD_BUG_ON(sizeof_field(struct sockaddr_in, sin_port) !=
                             sizeof_field(struct sockaddr_in6, sin6_port));
-               SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD(struct bpf_sock_addr_kern,
-                                                    struct sockaddr_in6, uaddr,
-                                                    sin6_port, tmp_reg);
+               /* Account for sin6_port being smaller than user_port. */
+               port_size = min(port_size, BPF_LDST_BYTES(si));
+               SOCK_ADDR_LOAD_OR_STORE_NESTED_FIELD_SIZE_OFF(
+                       struct bpf_sock_addr_kern, struct sockaddr_in6, uaddr,
+                       sin6_port, bytes_to_bpf_size(port_size), 0, tmp_reg);
                break;
 
        case offsetof(struct bpf_sock_addr, family):

diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index bfb31c1..85cfdff 100644 (file)
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -3728,7 +3728,7 @@ struct bpf_sock_addr {
        __u32 user_ip6[4];      /* Allows 1,2,4,8-byte read and 4,8-byte write.
                                 * Stored in network byte order.
                                 */
-       __u32 user_port;        /* Allows 4-byte read and write.
+       __u32 user_port;        /* Allows 1,2,4-byte read and 4-byte write.
                                 * Stored in network byte order
                                 */
        __u32 family;           /* Allows 4-byte read, but no write */