Alexei Starovoitov wrote:

On Sat, Nov 23, 2019 at 12:07:48PM +0100, Jakub Sitnicki wrote:

quoted

SOCKMAP now supports storing references to listening sockets. Nothing keeps
us from using it as an array of sockets to select from in SK_REUSEPORT
programs.

Whitelist the map type with the BPF helper for selecting socket. However,
impose a restriction that the selected socket needs to be a listening TCP
socket or a bound UDP socket (connected or not).

The only other map type that works with the BPF reuseport helper,
REUSEPORT_SOCKARRAY, has a corresponding check in its update operation
handler.

Signed-off-by: Jakub Sitnicki <jakub@cloudflare.com>
---

[...]

quoted

diff --git a/net/core/filter.c b/net/core/filter.c
index 49ded4a7588a..e3fb77353248 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c

@@ -8723,6 +8723,8 @@ BPF_CALL_4(sk_select_reuseport, struct sk_reuseport_kern *, reuse_kern,
 	selected_sk = map->ops->map_lookup_elem(map, key);
 	if (!selected_sk)
 		return -ENOENT;
+	if (!sock_flag(selected_sk, SOCK_RCU_FREE))
+		return -EINVAL;

hmm. I wonder whether this breaks existing users...

There is already this check in reuseport_array_update_check()

	/*
	 * sk must be hashed (i.e. listening in the TCP case or binded
	 * in the UDP case) and
	 * it must also be a SO_REUSEPORT sk (i.e. reuse cannot be NULL).
	 *
	 * Also, sk will be used in bpf helper that is protected by
	 * rcu_read_lock().
	 */
	if (!sock_flag(nsk, SOCK_RCU_FREE) || !sk_hashed(nsk) || !nsk_reuse)
		return -EINVAL;

So I believe it should not cause any problems with existing users. Perhaps
we could consolidate the checks a bit or move it into the update paths if we
wanted. I assume Jakub was just ensuring we don't get here with SOCK_RCU_FREE
set from any of the new paths now. I'll let him answer though.

Martin,
what do you think?

More eyes the better.

Could you also take a look at other patches too?
In particular patch 7?

Agreed would be good to give 7/8 a look I'm not too familiar with the
selftests there.