We want to use sockhash and sockmap to build the control plane for our upcoming BPF socket dispatch work. We realised that it's difficult to resize or otherwise rebuild these maps if needed, because there is no way to get at their contents. This patch set allows a privileged user to retrieve fds from these map types, which removes this obstacle. The approach here is different than that of program arrays and nested maps, which return an ID that can be turned into an fd using the BPF_*_GET_FD_BY_ID syscall. Sockets have IDs in the form of cookies, however there seems to be no way to go from a socket cookie to struct socket or struct file. Hence we return an fd directly. If unprivileged access is desired, the user can create the map with value_size = 8, which makes lookup return the socket cookie. It would be nicer if this behaviour was controllable at the time of calling bpf_map_lookup_elem, but I've not found a good solution for this. Patches 1-3 do a bit of clean up, but I'm happy to drop them if they don't make sense. Patch 4-5 are the interesting bit. Lorenz Bauer (5): bpf: add map_copy_value hook bpf: convert queue and stack map to map_copy_value bpf: convert sock map and hash to map_copy_value bpf: sockmap, sockhash: return file descriptors from privileged lookup bpf: sockmap, sockhash: test looking up fds include/linux/bpf-cgroup.h | 5 -- include/linux/bpf.h | 21 +----- include/linux/bpf_types.h | 2 +- kernel/bpf/arraymap.c | 13 +++- kernel/bpf/bpf_struct_ops.c | 7 +- kernel/bpf/hashtab.c | 10 ++- kernel/bpf/local_storage.c | 14 +++- kernel/bpf/queue_stack_maps.c | 18 +++++ kernel/bpf/reuseport_array.c | 5 +- kernel/bpf/syscall.c | 23 +------ net/core/sock_map.c | 67 ++++++++++++++----- .../selftests/bpf/prog_tests/sockmap_listen.c | 26 +++++-- 12 files changed, 130 insertions(+), 81 deletions(-) -- 2.20.1
