git.baikalelectronics.ru Git - kernel.git/commit

author	brakmo <brakmo@fb.com>
	Tue, 28 May 2019 23:59:36 +0000 (16:59 -0700)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 31 May 2019 23:41:29 +0000 (16:41 -0700)
commit	8f599c179221280e35792675f6e5c74cc04c3608
tree	bb669628f303c2d9e20a218c8dbed541d40504ea	tree \| snapshot
parent	57b40cc74cb6807481b3a8e3ddb2147b6c418b69	commit \| diff

bpf: cgroup inet skb programs can return 0 to 3

Allows cgroup inet skb programs to return values in the range [0, 3].
The second bit is used to deterine if congestion occurred and higher
level protocol should decrease rate. E.g. TCP would call tcp_enter_cwr()

The bpf_prog must set expected_attach_type to BPF_CGROUP_INET_EGRESS
at load time if it uses the new return values (i.e. 2 or 3).

The expected_attach_type is currently not enforced for
BPF_PROG_TYPE_CGROUP_SKB. e.g Meaning the current bpf_prog with
expected_attach_type setting to BPF_CGROUP_INET_EGRESS can attach to
BPF_CGROUP_INET_INGRESS. Blindly enforcing expected_attach_type will
break backward compatibility.

This patch adds a enforce_expected_attach_type bit to only
enforce the expected_attach_type when it uses the new
return value.

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/linux/filter.h		diff \| blob \| history
kernel/bpf/syscall.c		diff \| blob \| history
kernel/bpf/verifier.c		diff \| blob \| history