• Martin KaFai Lau's avatar
    bpf: Enable BPF_PROG_TYPE_SK_REUSEPORT bpf prog in reuseport selection · 8217ca65
    Martin KaFai Lau authored
    
    
    This patch allows a BPF_PROG_TYPE_SK_REUSEPORT bpf prog to select a
    SO_REUSEPORT sk from a BPF_MAP_TYPE_REUSEPORT_ARRAY introduced in
    the earlier patch.  "bpf_run_sk_reuseport()" will return -ECONNREFUSED
    when the BPF_PROG_TYPE_SK_REUSEPORT prog returns SK_DROP.
    The callers, in inet[6]_hashtable.c and ipv[46]/udp.c, are modified to
    handle this case and return NULL immediately instead of continuing the
    sk search from its hashtable.
    
    It re-uses the existing SO_ATTACH_REUSEPORT_EBPF setsockopt to attach
    BPF_PROG_TYPE_SK_REUSEPORT.  The "sk_reuseport_attach_bpf()" will check
    if the attaching bpf prog is in the new SK_REUSEPORT or the existing
    SOCKET_FILTER type and then check different things accordingly.
    
    One level of "__reuseport_attach_prog()" call is removed.  The
    "sk_unhashed() && ..." and "sk->sk_reuseport_cb" tests are pushed
    back to "reuseport_attach_prog()" in sock_reuseport.c.  sock_reuseport.c
    seems to have more knowledge on those test requirements than filter.c.
    In "reuseport_attach_prog()", after new_prog is attached to reuse->prog,
    the old_prog (if any) is also directly freed instead of returning the
    old_prog to the caller and asking the caller to free.
    
    The sysctl_optmem_max check is moved back to the
    "sk_reuseport_attach_filter()" and "sk_reuseport_attach_bpf()".
    As of other bpf prog types, the new BPF_PROG_TYPE_SK_REUSEPORT is only
    bounded by the usual "bpf_prog_charge_memlock()" during load time
    instead of bounded by both bpf_prog_charge_memlock and sysctl_optmem_max.
    
    Signed-off-by: default avatarMartin KaFai Lau <kafai@fb.com>
    Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
    Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
    8217ca65