Commits · 0day-ci/linux

This change adds a selftest script that performs a comprehensive behavioral/functional test of all userspace PM capabilities by exercising all the newly added APIs and changes to support said capabilities. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change adds to self-testing support for the MPTCP netlink interface by capturing various MPTCP netlink events (and all their metadata) associated with connections, subflows and local address announcements. It can be incorporated into self-test scripts that exercise the MPTCP netlink commands to then precisely validate those operations through the dispatched MPTCP netlink events in response to those commands. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates the "pm_nl_ctl" testing sample with a "dsf" (destroy subflow) option to support the newly added netlink interface command MPTCP_PM_CMD_SUBFLOW_DESTROY over the chosen MPTCP connection. E.g. ./pm_nl_ctl dsf lip 10.0.2.1 lport 44567 rip 10.0.2.2 rport 56789 token 823274047 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates the "pm_nl_ctl" testing sample with a "csf" (create subflow) option to support the newly added netlink interface command MPTCP_PM_CMD_SUBFLOW_CREATE over the chosen MPTCP connection. E.g. ./pm_nl_ctl csf lip 10.0.2.1 lid 23 rip 10.0.2.2 rport 56789 token 823274047 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This allows userspace to tell kernel to add a new subflow to an existing mptcp connection. Userspace provides the token to identify the mptcp-level connection that needs a change in active subflows and the local and remote addresses of the new or the to-be-removed subflow. MPTCP_PM_CMD_SUBFLOW_CREATE requires the following parameters: { token, { loc_id, family, loc_addr4 | loc_addr6 }, { family, rem_addr4 | rem_addr6, rem_port } MPTCP_PM_CMD_SUBFLOW_DESTROY requires the following parameters: { token, { family, loc_addr4 | loc_addr6, loc_port }, { family, rem_addr4 | rem_addr6, rem_port } Signed-off-by: Florian Westphal <fw@strlen.de> Co-developed-by: Kishen Maloor <kishen.maloor@intel.com> Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates the "pm_nl_ctl" testing sample with a "rem" (remove) option to support the newly added netlink interface command MPTCP_PM_CMD_REMOVE to issue REMOVE_ADDR signals over the chosen MPTCP connection. E.g. ./pm_nl_ctl rem token 823274047 id 23 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change adds a MPTCP netlink command for issuing REMOVE_ADDR signals for a specific address over the chosen MPTCP connection from a userspace path manager. The command requires the following parameters: {token, loc_id}. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates the "pm_nl_ctl" testing sample with an "ann" (announce) option to support the newly added netlink interface command MPTCP_PM_CMD_ANNOUNCE to issue ADD_ADDR advertisements over the chosen MPTCP connection. E.g. ./pm_nl_ctl ann 192.168.122.75 token 823274047 id 25 dev enp1s0 Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change adds a MPTCP netlink interface for issuing ADD_ADDR advertisements over the chosen MPTCP connection from a userspace path manager. The command requires the following parameters: { token, { loc_id, family, daddr4 | daddr6 [, dport] } [, if_idx], flags/signal }. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

Next patch will need to parse MPTCP_PM_ATTR_ADDR attributes and fill an mptcp_addr_info structure from a different genl command callback. To avoid copy-paste, split the existing function to a helper that does the common part and then call the helper from the (renamed)mptcp_pm_parse_entry function. Signed-off-by: Florian Westphal <fw@strlen.de>

This change introduces a parallel path in the kernel for retrieving the local id, flags, if_index for an addr entry in the context of an MPTCP connection that's being managed by a userspace PM. The userspace and in-kernel PM modes deviate in their procedures for obtaining this information. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change adds a new internal function to store/retrieve local addrs announced by userspace PM implementations from the kernel context. The function does not stipulate any limitation on the # of addrs, and handles the requirements of three scenarios: 1) ADD_ADDR announcements (which require that a local id be provided), 2) retrieving the local id associated with an address, also where one may need to be assigned, and 3) reissuance of ADD_ADDRs when there's a successful match of addr/id. The list of all stored local addr entries is held under the MPTCP sock structure. This list, if not released by the REMOVE_ADDR flow is freed while the sock is destructed. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change allows userspace PM implementations to reissue ADD_ADDR announcements (if necessary) based on their chosen policy. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

When ADD_ADDR announcements use the port associated with an active subflow, this change ensures that a listening socket is bound to the announced address and port for subsequently receiving MP_JOINs from the remote end. In case there's a recorded lsk bound to that address+port, it is reused. But if a listening socket for this address is already held by the application then no further action is taken. When a listening socket is created, it is stored in struct mptcp_pm_add_entry and released accordingly. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates mptcp_pm_nl_create_listen_socket() to create listening sockets bound to IPv6 addresses (where IPv6 is supported). Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates struct mptcp_pm_addr_entry to store a listening socket (lsk) reference, i.e. a pointer to a reference counted structure containing the lsk (struct socket *) instead of the lsk itself. Code blocks that directly operated on the lsk in struct mptcp_pm_addr_entry have been updated to work with the lsk ref instead, utilizing the new helper functions that operate on lsk refs. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

The kernel maintains listening sockets bound to announced addresses via the ADD_ADDR option to be able to receive MP_JOIN requests. Path managers may choose to advertise the same address over multiple MPTCP connections. So this change provides a simple framework to manage a list of all distinct listning sockets created in a namespace by encapsulating it in a structure that is ref counted and can be shared across multiple connections. The sockets (and their enclosing structure) are released when there are no more references. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change updates internal logic to permit subflows to be established from either the client or server ends of MPTCP connections. This symmetry and added flexibility may be harnessed by PM implementations running on either end in creating new subflows. The essence of this change lies in not relying on the "server_side" flag (which continues to be available if needed). Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

Per RFC 8684, if no port is specified in an ADD_ADDR message, MPTCP SHOULD attempt to connect to the specified address on the same port as the port that is already in use by the subflow on which the ADD_ADDR signal was sent. To facilitate that, this change reflects the specific remote port in use by that subflow in MPTCP_EVENT_ANNOUNCED events. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This change reads the addr id assigned to the remote endpoint of a subflow from the MP_JOIN SYN/ACK message and stores it in the related subflow context. The remote id was not being captured prior to this change, and will now provide a consistent view of remote endpoints and their ids as seen through netlink events. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

All numerical restrictions on # of addresses/subflows currently apply only to in-kernel PM managed connections. Thus this change removes limitations on adding new subflows by non-kernel (e.g. userspace) PMs. Signed-off-by: Kishen Maloor <kishen.maloor@intel.com>

This commit is useful for automated builds, e.g. from Intel's kbuild. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>

Currently supported: - Github Actions: - build-validation: check different combinations of validation - IRC: send notifications to the IRC channel - Update TopGit tree: sync with net-next and then override the export branch. - Cirrus: - Run tests in a KVM: selftests, kunit, packetdrill, etc. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>

Helps detection UaF, which apparently kasan misses with kmem_cache allocator. We also need to always set the SOCK_RCU_FREE flag, to preserved the current code leveraging SLAB_TYPESAFE_BY_RCU. This latter change will make unreachable some existing errors path, but I don't see other options. Signed-off-by: Paolo Abeni <pabeni@redhat.com>

All commits older than this one are non MPTCP-related features for any tree. Following commits are MPTCP-related modifications needed only for our tests suite. This commit is useful to easily find where are non MPTCP-related features for any tree. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>

This patch adds verifier side tests for the new bpf_mptcp_sock() helper. Currently, there is no easy way to test the token field since we cannot get back the mptcp_sock, this could be a future amelioration. Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Nicolas Rybowski <nicolas.rybowski@tessares.net>

This patch adds a base for MPTCP specific tests. It is currently limited to the is_mptcp field in case of plain TCP connection because there is no easy way to get the subflow sk from a msk in userspace. This implies that we cannot lookup the sk_storage attached to the subflow sk in the sockops program. Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Nicolas Rybowski <nicolas.rybowski@tessares.net>

In order to precisely identify the parent MPTCP connection of a subflow, it is required to access the mptcp_sock's token which uniquely identify a MPTCP connection. This patch adds a new structure 'bpf_mptcp_sock' exposing the 'token' field of the 'mptcp_sock' extracted from a subflow's 'tcp_sock'. It also adds the declaration of a new BPF helper of the same name to expose the newly defined structure in the userspace BPF API. This is the foundation to expose more MPTCP-specific fields through BPF. Currently, it is limited to the field 'token' of the msk but it is easily extensible. Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Nicolas Rybowski <nicolas.rybowski@tessares.net>

is_mptcp is a field from struct tcp_sock used to indicate that the current tcp_sock is part of the MPTCP protocol. In this protocol, a first socket (mptcp_sock) is created with sk_protocol set to IPPROTO_MPTCP (=262) for control purpose but it isn't directly on the wire. This is the role of the subflow (kernel) sockets which are classical tcp_sock with sk_protocol set to IPPROTO_TCP. The only way to differentiate such sockets from plain TCP sockets is the is_mptcp field from tcp_sock. Such an exposure in BPF is thus required to be able to differentiate plain TCP sockets from MPTCP subflow sockets in BPF_PROG_TYPE_SOCK_OPS programs. The choice has been made to silently pass the case when CONFIG_MPTCP is unset by defaulting is_mptcp to 0 in order to make BPF independent of the MPTCP configuration. Another solution is to make the verifier fail in 'bpf_tcp_sock_is_valid_ctx_access' but this will add an additional '#ifdef CONFIG_MPTCP' in the BPF code and a same injected BPF program will not run if MPTCP is not set. An example use-case is provided in https://github.com/multipath-tcp/mptcp_net-next/tree/scripts/bpf/examples Suggested-by: Matthieu Baerts <matthieu.baerts@tessares.net> Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net> Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Nicolas Rybowski <nicolas.rybowski@tessares.net>

All commits older than this one are MPTCP-related features for net-next tree. Following commits are non MPTCP-related features for any tree. This commit is useful to easily find where are MPTCP-related features for net-next tree. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>

MPTCP join self-tests are a bit fragile as they reply on delays instead of events to catch-up with the expected sockets states. Replace the delay with state checking where possible and reduce the number of sleeps in the most complex scenarios. This will both reduce the tests run-time and will improve stability. Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>

These tests ensure that the in-kernel path manager is bypassed when the userspace path manager is configured. Kernel code is still responsible for ADD_ADDR echo, so also make sure that's working. Tested-by: Geliang Tang <geliang.tang@suse.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

The new net.mptcp.pm_type sysctl determines which path manager will be used by each newly-created MPTCP socket. v2: Handle builds without CONFIG_SYSCTL v3: Clarify logic for type-specific PM init (Geliang Tang and Paolo Abeni) Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

Userspace-managed sockets should not have their subflows or advertisements changed by the kernel path manager. v3: Use helper function for PM mode (Paolo Abeni) Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

When a MPTCP connection is managed by a userspace PM, bypass the kernel PM for incoming advertisements and subflow events. Netlink events are still sent to userspace. v2: Remove unneeded check in mptcp_pm_rm_addr_received() (Kishen Maloor) v3: Add and use helper function for PM mode (Paolo Abeni) Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>

Commits on Dec 16, 2021