From nobody Sun Jul 5 05:55:55 2026 Received: from sender4-of-o54.zoho.com (sender4-of-o54.zoho.com [136.143.188.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6813C30676C for ; Fri, 3 Jul 2026 16:57:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.188.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097861; cv=pass; b=rbQ3DFX4Nm6I5UTv62WftbdLS2P5gPag9CaBx/rbLD99lTZP+6ZBm04fnanbOOAXBFRUDaBrkc5pFmZW33eDUu0M65ChJwCpe1q2r+Suc00lVy7gqoYI4lxhDaBmBNDw0+sDb5289sbvx7AlVAbV9lpo1ggr/Gi3+gKtYTjBowc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097861; c=relaxed/simple; bh=XuqcazP8+8FDqXMByHdO7ztJJVq/eyaMt1v0Y89fTg8=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DSXhkurM3GWFv0TGxocdgwHzcvNGZ/gQD9oCqbSU5eA+xxQMdmDbPc0hxwmgmlhBLPmZIEFj8H2JmiDbPzmHcu/mnipXbcyLMz5uSEb1MgRrHTnbBv41PrWSdh0mNJ6Wter7b+Ik17t0J3AYKCw4tTZEXodUiRj1W7ixFzqsnEE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com; spf=pass smtp.mailfrom=mpiricsoftware.com; dkim=fail (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b=LkIN4QSS reason="key not found in DNS"; arc=pass smtp.client-ip=136.143.188.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b="LkIN4QSS" ARC-Seal: i=1; a=rsa-sha256; t=1783097849; cv=none; d=zohomail.com; s=zohoarc; b=LRNJFWeBFTCiQ5K5u2NqPG4avgzzFK4dR1iOD90FakSGj1QyzilDqaw9antGdgoN2vnJ61WzU4udBFp3UCYzUzLDIzGJtk+nXs9nfA7K1tlDG4XPBUXi9so7Hbi+JN5F2IGQkbWneEHu+UZl4dTmvXGpvnPt6XSXqK9ynsrjhJs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1783097849; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=T5NEEPyFFIc9t8KgWhQPC75QblX0ePkupywQO2Uenm8=; b=U/pH5d807sAdTGF3s1cB7uHhjWliMsua46UMC9O0RvYQbUc8y7Ck4xSfgJYTRqiPfxRY+6gf/8XQrPOM+aJ+umD4FJ8aQoanCQir8PkI2GWyRuRHKBjcJm3ywgXrgbPdqWaz8cGOL0CvwWfnbvA8gv5vPK9QTHHIFqH4w5CdWzg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=mpiricsoftware.com; spf=pass smtp.mailfrom=shardul.b@mpiricsoftware.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1783097849; s=mpiric; d=mpiricsoftware.com; i=shardul.b@mpiricsoftware.com; h=From:From:Date:Date:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Message-Id:References:In-Reply-To:To:To:Cc:Cc:Reply-To; bh=T5NEEPyFFIc9t8KgWhQPC75QblX0ePkupywQO2Uenm8=; b=LkIN4QSShe6K8E9cYFWcy0hi+CuwIAOlurmE3+BEFEiaPvLf+pgz18LTwm3jIQO2 ibEjfBCijq5ZeEWIPfOK6OziUA5XW1bkFswaTsjUycyWCHDMdFPoQHDgZDMYhDF8ZW1 lPeiWM9dEBYq3Hh4MMibH+3pLd6rz7SU9SSI7nck= Received: by mx.zohomail.com with SMTPS id 1783097846010703.9697947227534; Fri, 3 Jul 2026 09:57:26 -0700 (PDT) From: Shardul Bankar Date: Fri, 03 Jul 2026 22:27:09 +0530 Subject: [PATCH mptcp-next v2 1/5] Squash to "bpf: Export mptcp packet scheduler helpers" Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260703-mptcp_bpf_kfunc_fixes-v2-1-87ae3c64dc7e@mpiricsoftware.com> References: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> In-Reply-To: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> To: mptcp@lists.linux.dev, Geliang Tang Cc: Matthieu Baerts , Mat Martineau , Paolo Abeni , kalpan.jani@mpiricsoftware.com, janak@mpiric.us, shardulsb08@gmail.com, Shardul Bankar X-Mailer: b4 0.15.2 X-ZohoMailClient: External mptcp_set_timeout() is exposed to BPF MPTCP packet schedulers as a kfunc taking a generic "struct sock *". The verifier only checks that the argument is a trusted struct sock; it cannot distinguish an MPTCP-level socket (msk) from a subflow's TCP socket. A scheduler get_send() program can therefore pass a subflow socket (e.g. msk->first, or the result of bpf_mptcp_subflow_tcp_sock()), which mptcp_set_timeout() upcasts via mptcp_sk() and iterates as msk->conn_list. On a subflow socket those bytes are live TCP state, so the walk yields a wild mptcp_subflow_context and the subsequent subflow->tcp_sock dereference faults (GPF / KASAN user-memory-access). Narrow the kfunc-facing type: register a bpf_mptcp_set_timeout() wrapper taking "struct mptcp_sock *" instead of the raw mptcp_set_timeout() symbol, so the verifier's BTF-id check rejects a non-msk socket at program load time. A scheduler that passes its msk is unaffected. The in-tree burst scheduler selftest is updated to the wrapper name in a separate squash-to. Found by an MPTCP protocol-flow harness extending BRF (arXiv:2305.08782). Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Shardul Bankar --- net/mptcp/bpf.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/mptcp/bpf.c b/net/mptcp/bpf.c index 0845061ddc65c..9355fb53e89d5 100644 --- a/net/mptcp/bpf.c +++ b/net/mptcp/bpf.c @@ -301,6 +301,11 @@ bpf_sk_stream_memory_free(const struct mptcp_subflow_c= ontext *subflow) return false; } =20 +__bpf_kfunc static void bpf_mptcp_set_timeout(struct mptcp_sock *msk) +{ + mptcp_set_timeout((struct sock *)msk); +} + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(bpf_mptcp_iter_kfunc_ids) @@ -319,7 +324,7 @@ BTF_ID_FLAGS(func, bpf_mptcp_subflow_ctx, KF_RET_NULL) BTF_ID_FLAGS(func, bpf_mptcp_subflow_tcp_sock, KF_RET_NULL) BTF_ID_FLAGS(func, mptcp_subflow_set_scheduled) BTF_ID_FLAGS(func, mptcp_subflow_active) -BTF_ID_FLAGS(func, mptcp_set_timeout) +BTF_ID_FLAGS(func, bpf_mptcp_set_timeout) BTF_ID_FLAGS(func, mptcp_wnd_end) BTF_ID_FLAGS(func, bpf_sk_stream_memory_free) BTF_ID_FLAGS(func, mptcp_pm_subflow_chk_stale, KF_SLEEPABLE) --=20 2.34.1 From nobody Sun Jul 5 05:55:55 2026 Received: from sender4-of-o54.zoho.com (sender4-of-o54.zoho.com [136.143.188.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D400B2F25F0 for ; Fri, 3 Jul 2026 16:57:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.188.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097872; cv=pass; b=AsdNh+nqZ9Eak6rbayfwWSI8W0ggOtiG80SDHZk7kEctlycPs+W39uD9Lc5LV+06zr/GnG8E0THVfJrW1Hxe4YDZj275ZiWJ8PwZN6eaNmBySc+OBW/ZJYcbLXIplsI8TzS/ZcWYeQlk1ccRh5YCS1XJALthyuboCZOTl9w63mM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097872; c=relaxed/simple; bh=jitpQd2+8qWaDrPhdre+KCi8xQcPh0sEIVxHTwUPKqI=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=LCXEr+CaZWHZAXVrAkNJiGtO/Ia8iR3hkgFLgsTsLgC6ZXRePwqwc+5SIo55eqEy+kSIJEoXUmrxT7DeAoPPQyi9aHAvrtKvvm/m2oNQ0Yih9f1igU45+hTY9UUm5xz6ooXi3DEkKfG53Ez/Txs4skspQF9GuNbGdP7TFU5F8d8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com; spf=pass smtp.mailfrom=mpiricsoftware.com; dkim=fail (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b=u25YVHoC reason="key not found in DNS"; arc=pass smtp.client-ip=136.143.188.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b="u25YVHoC" ARC-Seal: i=1; a=rsa-sha256; t=1783097851; cv=none; d=zohomail.com; s=zohoarc; b=eylmZ+r8DzB/RaGtT8j2jg79X8870YluLoVLsVE+MKt5dLe4IRyCdEbcQDO5H/g/Z2XmtbPOZbx/ZLR0/sKeWygEucFNjRxMMIQAIsVa2/WJ0Oatcz0OCEuYoP5xR0NjT6hJCT4Muyl3qVPoFprkW5RL04fVQZZxOW/A+LPNu9w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1783097851; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=oAz/coNgtv/PXSMi7xpEgJ38onaRCDNm5A7nN60kG5w=; b=FvEibQf4fQoTxqGL6cK+pj7E9wMUYIpY97fuE6igSj9Me2I8bBDw3GIUaOrhFYDcjN6w5fhLLmYbZGInGQ3O/j3JL4tiHdW0/f/pT7GF1zgO5YPfHjdOv3dLywdQBM0wkCFqxauUsyTOrwR5NWY9P2a1qTobxG9xVpXbV9mAMv4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=mpiricsoftware.com; spf=pass smtp.mailfrom=shardul.b@mpiricsoftware.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1783097851; s=mpiric; d=mpiricsoftware.com; i=shardul.b@mpiricsoftware.com; h=From:From:Date:Date:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Message-Id:References:In-Reply-To:To:To:Cc:Cc:Reply-To; bh=oAz/coNgtv/PXSMi7xpEgJ38onaRCDNm5A7nN60kG5w=; b=u25YVHoCKZywlXovXuLUfuSEPrb3MpyGL5Ys1/Y7Csri/nT3T+RhsQyVDMBbONJK Hgf8AnMyeuXVDA7EsTTqkjlhtbGb+hcigffReZYZxnN2SJ2EAuXVYxW5DhziEmQybx4 3BHS09l8g9q4Pvq51jR9YBU8mQK+S70WHmMtO+Ok= Received: by mx.zohomail.com with SMTPS id 1783097849791117.08005737241285; Fri, 3 Jul 2026 09:57:29 -0700 (PDT) From: Shardul Bankar Date: Fri, 03 Jul 2026 22:27:10 +0530 Subject: [PATCH mptcp-next v2 2/5] Squash to "bpf: Export mptcp packet scheduler helpers" Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260703-mptcp_bpf_kfunc_fixes-v2-2-87ae3c64dc7e@mpiricsoftware.com> References: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> In-Reply-To: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> To: mptcp@lists.linux.dev, Geliang Tang Cc: Matthieu Baerts , Mat Martineau , Paolo Abeni , kalpan.jani@mpiricsoftware.com, janak@mpiric.us, shardulsb08@gmail.com, Shardul Bankar X-Mailer: b4 0.15.2 X-ZohoMailClient: External mptcp_pm_subflow_chk_stale() is exposed to BPF MPTCP packet schedulers as a kfunc taking a generic "struct sock *ssk", but it treats ssk as a subflow TCP socket: it derives the subflow context with mptcp_subflow_ctx(), an unchecked cast of inet_csk(ssk)->icsk_ulp_data, then reads and writes through it. The verifier only proves ssk is a trusted struct sock, not that it is one of msk's subflows, so a mistyped or foreign socket would make the helper operate on a bogus context. Register a bpf_mptcp_pm_subflow_chk_stale() wrapper that validates ssk is a full MPTCP subflow TCP socket belonging to the passed msk before calling the helper, which assumes both but checks neither. This mirrors bpf_mptcp_subflow_ctx(). A scheduler passing one of its own subflows is unaffected; the in-tree burst scheduler selftest is updated to the wrapper name in a separate squash-to. Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Shardul Bankar --- net/mptcp/bpf.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/net/mptcp/bpf.c b/net/mptcp/bpf.c index 9355fb53e89d5..e2d2c3394ad71 100644 --- a/net/mptcp/bpf.c +++ b/net/mptcp/bpf.c @@ -306,6 +306,18 @@ __bpf_kfunc static void bpf_mptcp_set_timeout(struct m= ptcp_sock *msk) mptcp_set_timeout((struct sock *)msk); } =20 +__bpf_kfunc static void +bpf_mptcp_pm_subflow_chk_stale(const struct mptcp_sock *msk, struct sock *= ssk) +{ + if (ssk && sk_fullsock(ssk) && ssk->sk_type =3D=3D SOCK_STREAM && + ssk->sk_protocol =3D=3D IPPROTO_TCP && sk_is_mptcp(ssk)) { + struct mptcp_subflow_context *subflow =3D mptcp_subflow_ctx(ssk); + + if (subflow && subflow->conn =3D=3D (const struct sock *)msk) + mptcp_pm_subflow_chk_stale(msk, ssk); + } +} + __bpf_kfunc_end_defs(); =20 BTF_KFUNCS_START(bpf_mptcp_iter_kfunc_ids) @@ -327,7 +339,7 @@ BTF_ID_FLAGS(func, mptcp_subflow_active) BTF_ID_FLAGS(func, bpf_mptcp_set_timeout) BTF_ID_FLAGS(func, mptcp_wnd_end) BTF_ID_FLAGS(func, bpf_sk_stream_memory_free) -BTF_ID_FLAGS(func, mptcp_pm_subflow_chk_stale, KF_SLEEPABLE) +BTF_ID_FLAGS(func, bpf_mptcp_pm_subflow_chk_stale, KF_SLEEPABLE) BTF_KFUNCS_END(bpf_mptcp_common_kfunc_ids) =20 static int bpf_mptcp_common_kfunc_filter(const struct bpf_prog *prog, u32 = kfunc_id) --=20 2.34.1 From nobody Sun Jul 5 05:55:55 2026 Received: from sender4-of-o54.zoho.com (sender4-of-o54.zoho.com [136.143.188.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C483A2F25F0 for ; Fri, 3 Jul 2026 16:57:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.188.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097880; cv=pass; b=mAMvhnMfL2v98l2adYysYeVZI53mi12+PuOmMZibuo1QBe1oNPWCrwzmzCyZ4TIyhLqo3l/LUgVacWi3+ghoyv4nPz+662cUOp+BrUqZBDeYvffx38fX8jl1r+Cw762q05C93UboFG1Y1WfhF05vTfp5hLE54okEMP6Tssgbth8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097880; c=relaxed/simple; bh=x3FOASwRgJ9JiR3X/540C2XI/QabO5fA8OFY+akqCos=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=DzH+lqLIQiuFSk2LEAdKXvWAa2ji+PtJpTI5QdIvA/p6feYivklKrKEs+ycdfRmv0uArRNEREXWUNfxYACqazMYgArqp39Lfan19luGbPqVme56xB4CYU23KJ6cNTTdQ4ZLb4t7OeVCHnXnoPpDLvJ7y01HhgJAxZzy+xFjJlE4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com; spf=pass smtp.mailfrom=mpiricsoftware.com; dkim=fail (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b=V2dT9T2f reason="key not found in DNS"; arc=pass smtp.client-ip=136.143.188.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b="V2dT9T2f" ARC-Seal: i=1; a=rsa-sha256; t=1783097855; cv=none; d=zohomail.com; s=zohoarc; b=WpBLZ8unb+BIeSZ8umszvPmRV3fqNuF4HNOBUktyfavxBuDbtsg+iCSJj4s1N9Hp0OKTH5qppegN953LKLxwdrwxJGV1sHbzyk1wWj43IfagJjKV4OIh/3KvTlrYb0j90+0FM/JZs3+QLpPeGe68eRRik7aIu1ky3+S01lCcF/A= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1783097855; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=NKHSLkH/TJRsSbq7fyp/wMx2DN5jrBz2S57uFZ/hzqk=; b=fotL2vcY8hNJZDNFaoJZehpo3EDi1n72zec5UlOgQONgGZxAJVg13xPbLPAaBlWvO2KMIe9gwQWBsOl/R9GhjzEkgi/TH1It6icB58uKViBsBtYxdfQ05jxq/Xa3/LyMmGCouKlHOLR6kKEqL/WZMtKQtMFFDWDubb01v9e24bQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=mpiricsoftware.com; spf=pass smtp.mailfrom=shardul.b@mpiricsoftware.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1783097855; s=mpiric; d=mpiricsoftware.com; i=shardul.b@mpiricsoftware.com; h=From:From:Date:Date:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Message-Id:References:In-Reply-To:To:To:Cc:Cc:Reply-To; bh=NKHSLkH/TJRsSbq7fyp/wMx2DN5jrBz2S57uFZ/hzqk=; b=V2dT9T2fGQ0pbs3ZMiLVRNsIaIpduhIcMw7bCBXYRfI/mqo2XZeps0HfbmDnMjjM ygwAbw3vSLe+yunJUWes4Zohi7vrVf3IK4T/LQ9YiW1WT5x7ziN8tVnX1erhqKJVfvz LiW2zxXIVKkV1jdV3rrDELxEGFOkvyZC44tTHPYw= Received: by mx.zohomail.com with SMTPS id 1783097853491389.2793988394534; Fri, 3 Jul 2026 09:57:33 -0700 (PDT) From: Shardul Bankar Date: Fri, 03 Jul 2026 22:27:11 +0530 Subject: [PATCH mptcp-next v2 3/5] Squash to "selftests/bpf: Add bpf_burst scheduler & test" Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260703-mptcp_bpf_kfunc_fixes-v2-3-87ae3c64dc7e@mpiricsoftware.com> References: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> In-Reply-To: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> To: mptcp@lists.linux.dev, Geliang Tang Cc: Matthieu Baerts , Mat Martineau , Paolo Abeni , kalpan.jani@mpiricsoftware.com, janak@mpiric.us, shardulsb08@gmail.com, Shardul Bankar X-Mailer: b4 0.15.2 X-ZohoMailClient: External The bpf_burst scheduler selftest calls the mptcp_set_timeout() and mptcp_pm_subflow_chk_stale() kfuncs by their raw names. The companion squash-to patches to "bpf: Export mptcp packet scheduler helpers" narrow those kfuncs behind bpf_mptcp_set_timeout() and bpf_mptcp_pm_subflow_chk_stale() wrappers. Update the burst scheduler's extern declarations and call sites to the wrapper names so it keeps building and loading. Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Shardul Bankar --- tools/testing/selftests/bpf/progs/mptcp_bpf_burst.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/mptcp_bpf_burst.c b/tools/te= sting/selftests/bpf/progs/mptcp_bpf_burst.c index 8ff529d38a595..408c65ed897b5 100644 --- a/tools/testing/selftests/bpf/progs/mptcp_bpf_burst.c +++ b/tools/testing/selftests/bpf/progs/mptcp_bpf_burst.c @@ -22,10 +22,10 @@ struct bpf_subflow_send_info { #define RB_EMPTY_ROOT(root) (READ_ONCE((root)->rb_node) =3D=3D NULL) =20 extern bool mptcp_subflow_active(struct mptcp_subflow_context *subflow) __= ksym; -extern void mptcp_set_timeout(struct sock *sk) __ksym; +extern void bpf_mptcp_set_timeout(struct mptcp_sock *msk) __ksym; extern __u64 mptcp_wnd_end(const struct mptcp_sock *msk) __ksym; extern bool bpf_sk_stream_memory_free(const struct mptcp_subflow_context *= subflow) __ksym; -extern void mptcp_pm_subflow_chk_stale(const struct mptcp_sock *msk, struc= t sock *ssk) __ksym; +extern void bpf_mptcp_pm_subflow_chk_stale(const struct mptcp_sock *msk, s= truct sock *ssk) __ksym; =20 static __always_inline __u64 div_u64(__u64 dividend, __u32 divisor) { @@ -99,7 +99,7 @@ int BPF_PROG(bpf_burst_get_send, struct mptcp_sock *msk) send_info[backup].linger_time =3D linger_time; } } - mptcp_set_timeout(sk); + bpf_mptcp_set_timeout(msk); =20 /* pick the best backup if no other subflow is active */ if (!nr_active) @@ -140,7 +140,7 @@ int BPF_PROG(bpf_burst_get_retrans, struct mptcp_sock *= msk) =20 /* still data outstanding at TCP level? skip this */ if (!tcp_rtx_and_write_queues_empty(ssk)) { - mptcp_pm_subflow_chk_stale(msk, ssk); + bpf_mptcp_pm_subflow_chk_stale(msk, ssk); min_stale_count =3D min(min_stale_count, subflow->stale_count); continue; } --=20 2.34.1 From nobody Sun Jul 5 05:55:55 2026 Received: from sender4-of-o54.zoho.com (sender4-of-o54.zoho.com [136.143.188.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5558F2F25F0 for ; Fri, 3 Jul 2026 16:58:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.188.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097889; cv=pass; b=bjznEVtMAz3+3TkFIeMzYb1YMZqyeOvWu2ANx11RZeSw/kglTCPE2R/dKe48na3+izGcHr35di+Fcb4Abf+GSoqy4um+ZM7CVrdjMlNYcDRoKkOD/JZcseer7/hc6zlcCoPyM4lV8SmSiReJY7fYSwSZKgSnDmULSRHR0wSvz7A= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097889; c=relaxed/simple; bh=z04UbkS9plFhwokOUxl1KJmA8b0O4M45RmMbS0qTF+0=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=uULilFOUxe3ZTjLMW38l1yGhCVx7dG4AL9DrvMj9TYAZsnzwCtrPjxFI27zFOV0vmvwsTcHPW1ZCCXIsJO+zgIernoglsd6lHokJ72ZhH9KQtEPuIedlNIts08Q/+p0JJuVkPIWTTggGW4M5jafRzaPoIG5LCu7wgTPt2KLbfTk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com; spf=pass smtp.mailfrom=mpiricsoftware.com; dkim=fail (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b=pwHaf79L reason="key not found in DNS"; arc=pass smtp.client-ip=136.143.188.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b="pwHaf79L" ARC-Seal: i=1; a=rsa-sha256; t=1783097859; cv=none; d=zohomail.com; s=zohoarc; b=ZuQOlGfRJ46UqF3ZHH6vvaNCUbwuNnYVQiUXFT54Afo6vLkJcALlvwz3SV76yQg0pRFsler2Hx2It6GsBunBmf6OH2icL4MC8dMqGU/e+aadcxNJA1OdTQE3a4mWCG0XcdgUoGtS3xOGlYGjulchDeczOfumvC0GutG7yLTMXG8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1783097859; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=Xxl9xK6Vh21e7AFjWb+3zKxiqLq6a0rRaNckSfXr0Z0=; b=gjaxrSr/j0Jh79TJFxJ0aHSQYhJzmT+OxTgZ4p+SauOmrxCtW0lKE9EwsC9JKs9iJGlMr2u1qNV9AXA+PjSl7xX8URfvuFGndrVHFu2EFYLj/vxWxQkEGp6gOcE7Ph3It0MjK6w6vEMsqncjZNZTqo9vqEeuLceRGYeTNYaerzM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=mpiricsoftware.com; spf=pass smtp.mailfrom=shardul.b@mpiricsoftware.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1783097859; s=mpiric; d=mpiricsoftware.com; i=shardul.b@mpiricsoftware.com; h=From:From:Date:Date:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Message-Id:References:In-Reply-To:To:To:Cc:Cc:Reply-To; bh=Xxl9xK6Vh21e7AFjWb+3zKxiqLq6a0rRaNckSfXr0Z0=; b=pwHaf79LLD24XRMHcQqi7//RNWx3jjD1ZQEt+dAdY7UFCfMOw/ZVPKV/vjQZZKa0 owIQfpIdOJrx/Ohcs1qrlNxohM9QwZDxvFrbDx2LKUIiwF7jqmhwSxV3fbRQYFSf2FE Uz9T57aS2CvoXgBdL2Qb6EzbBuVBs4BzwEDPhQ3Y= Received: by mx.zohomail.com with SMTPS id 1783097857181592.5619918238758; Fri, 3 Jul 2026 09:57:37 -0700 (PDT) From: Shardul Bankar Date: Fri, 03 Jul 2026 22:27:12 +0530 Subject: [PATCH mptcp-next v2 4/5] DO-NOT-MERGE: selftests/bpf: mptcp: verify scheduler rejects non-msk socket to set_timeout Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260703-mptcp_bpf_kfunc_fixes-v2-4-87ae3c64dc7e@mpiricsoftware.com> References: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> In-Reply-To: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> To: mptcp@lists.linux.dev, Geliang Tang Cc: Matthieu Baerts , Mat Martineau , Paolo Abeni , kalpan.jani@mpiricsoftware.com, janak@mpiric.us, shardulsb08@gmail.com, Shardul Bankar X-Mailer: b4 0.15.2 X-ZohoMailClient: External Add a negative test for the bpf_mptcp_set_timeout() kfunc: a BPF MPTCP scheduler whose get_send() passes a subflow TCP socket to it, where the kfunc takes a struct mptcp_sock *, must be rejected by the verifier at program load time. This guards against widening the kfunc argument back to a generic struct sock *, which would reintroduce the socket type confusion between an MPTCP-level socket and a subflow TCP socket. Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Shardul Bankar --- tools/testing/selftests/bpf/prog_tests/mptcp.c | 32 +++++++++++++ .../selftests/bpf/progs/mptcp_bpf_bad_sched.c | 56 ++++++++++++++++++= ++++ 2 files changed, 88 insertions(+) diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing= /selftests/bpf/prog_tests/mptcp.c index 7f48fd9e94e1e..177e5318029d4 100644 --- a/tools/testing/selftests/bpf/prog_tests/mptcp.c +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c @@ -18,6 +18,7 @@ #include "mptcp_bpf_rr.skel.h" #include "mptcp_bpf_red.skel.h" #include "mptcp_bpf_burst.skel.h" +#include "mptcp_bpf_bad_sched.skel.h" =20 #define NS_TEST "mptcp_ns" #define ADDR_1 "10.0.1.1" @@ -813,6 +814,35 @@ static void test_burst(void) mptcp_bpf_burst__destroy(skel); } =20 +static void test_bad_sched(void) +{ + struct mptcp_bpf_bad_sched *skel; + char *log =3D NULL; + int err; + + /* + * bad_sched_get_send() passes a subflow TCP socket to + * bpf_mptcp_set_timeout(), which takes a struct mptcp_sock *. The + * verifier must reject this socket type confusion at load time, and + * for the right reason: assert the specific verifier message. + */ + skel =3D mptcp_bpf_bad_sched__open(); + if (!ASSERT_OK_PTR(skel, "open: bad_sched")) + return; + + if (start_libbpf_log_capture()) + goto destroy; + + err =3D mptcp_bpf_bad_sched__load(skel); + log =3D stop_libbpf_log_capture(); + ASSERT_ERR(err, "load: bad_sched must be rejected"); + ASSERT_HAS_SUBSTR(log, "expected pointer to STRUCT mptcp_sock", + "verifier rejects subflow sock to bpf_mptcp_set_timeout"); + free(log); +destroy: + mptcp_bpf_bad_sched__destroy(skel); +} + void test_mptcp(void) { if (test__start_subtest("base")) @@ -835,4 +865,6 @@ void test_mptcp(void) test_red(); if (test__start_subtest("burst")) test_burst(); + if (test__start_subtest("bad_sched")) + test_bad_sched(); } diff --git a/tools/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c b/tool= s/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c new file mode 100644 index 0000000000000..70e7da42f13a9 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c @@ -0,0 +1,56 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (c) 2026, Mpiric Software. */ + +/* + * A scheduler that passes a subflow TCP socket to bpf_mptcp_set_timeout(), + * which takes a struct mptcp_sock *. The verifier must reject this at load + * time; see the bad_sched subtest in prog_tests/mptcp.c. + */ +#include "mptcp_bpf.h" +#include + +char _license[] SEC("license") =3D "GPL"; + +extern void bpf_mptcp_set_timeout(struct mptcp_sock *msk) __ksym; + +SEC("struct_ops") +void BPF_PROG(bad_sched_init, struct mptcp_sock *msk) +{ +} + +SEC("struct_ops") +void BPF_PROG(bad_sched_release, struct mptcp_sock *msk) +{ +} + +SEC("struct_ops") +int BPF_PROG(bad_sched_get_send, struct mptcp_sock *msk) +{ + struct mptcp_subflow_context *subflow; + struct sock *ssk; + + bpf_for_each(mptcp_subflow, subflow, (struct sock *)msk) { + ssk =3D bpf_mptcp_subflow_tcp_sock(subflow); + if (!ssk) + return -1; + /* + * ssk is a subflow TCP socket (struct sock *), not an msk. + * Passing it to bpf_mptcp_set_timeout(), which takes a + * struct mptcp_sock *, is a socket type confusion that the + * verifier must reject at load time ("expected pointer to + * STRUCT mptcp_sock"). + */ + bpf_mptcp_set_timeout((struct mptcp_sock *)ssk); + mptcp_subflow_set_scheduled(subflow, true); + return 0; + } + return -1; +} + +SEC(".struct_ops.link") +struct mptcp_sched_ops bad_sched =3D { + .init =3D (void *)bad_sched_init, + .release =3D (void *)bad_sched_release, + .get_send =3D (void *)bad_sched_get_send, + .name =3D "bpf_bad_sched", +}; --=20 2.34.1 From nobody Sun Jul 5 05:55:55 2026 Received: from sender4-of-o54.zoho.com (sender4-of-o54.zoho.com [136.143.188.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35869279917 for ; Fri, 3 Jul 2026 16:58:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=pass smtp.client-ip=136.143.188.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097898; cv=pass; b=R8snNwPfAvJTe6Uy2NSvUDBHBWqZkf2lJSUV6Wa3lUj314Yy/+vMBVa6p4FncGPfKMzgAt6vT3o4oq6wuGPeHZQGyFjk9434kmSAiujtJtD1YNig1139PoeSx+MYMIt5EIxgbAnvzBgzDyckhJ8oCiD2SGyRsxZBjHNyZzICrEI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1783097898; c=relaxed/simple; bh=PBZk+X+zay5nYmuEXtIoToO+sxPsG/PhuKBW/BwG42Y=; h=From:Date:Subject:MIME-Version:Content-Type:Message-Id:References: In-Reply-To:To:Cc; b=BC8IARrUg3db5Wz7D1xpLcjCEqg8OJabe5daUO3ohVjeklemx9pG0bFEiENiqA1hdQy5q6O4KaDvhlniBC/od+ODvMdN4ZSsiOGQ9W5/RbVhF+NBHwPjBKmrIIMJZfp1zjwO3xyD8wP0kLaekbuEMBI/M9EDfwQSXCzSycoXOpY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com; spf=pass smtp.mailfrom=mpiricsoftware.com; dkim=fail (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b=FE93siVw reason="key not found in DNS"; arc=pass smtp.client-ip=136.143.188.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=mpiricsoftware.com Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=mpiricsoftware.com header.i=shardul.b@mpiricsoftware.com header.b="FE93siVw" ARC-Seal: i=1; a=rsa-sha256; t=1783097863; cv=none; d=zohomail.com; s=zohoarc; b=nRL4uIdM22oPBMCGfAKpskR2wlkROxqnb9vQg0y4C181RCgULU+eLpt6rbX2ikJQxIdBg2MchPIJ8dFur/nkkeyUWCa8bPfeZuMNXwuxAK1XyxjHNA04cUatn9y32R/mxxGV/h/yQovwj93vy8C+4RSSU1yvCdAXlo1qceti8Zw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1783097863; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=WAQWMWIzY8OIcUEjR7NG7A7tTUa0mOmLqY1I2BAmeDU=; b=kuW49CyTe7ahRQcZ4D4YZETj3dACcI0NT6Vq86XfYNhxp0O3QC0Q73wueNIgiqjFY0+JUPoRfyeKSpvDohkwgnGtEvm+UIQYhrbLJrUqYHXwf35IRzmbEG0ww+y4Tt6T8R8HGiXP6kcGXPMe0UNncsSGbMYKyzfVevS6Nqh6aP0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=mpiricsoftware.com; spf=pass smtp.mailfrom=shardul.b@mpiricsoftware.com; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1783097863; s=mpiric; d=mpiricsoftware.com; i=shardul.b@mpiricsoftware.com; h=From:From:Date:Date:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Message-Id:References:In-Reply-To:To:To:Cc:Cc:Reply-To; bh=WAQWMWIzY8OIcUEjR7NG7A7tTUa0mOmLqY1I2BAmeDU=; b=FE93siVwdZSHAr6x6YqPXeKl0CNSXyFIQPakjpfnXJg0y5xP/rrly3jAne/5tXMB fnbS7vUf1/g3o2MyR7L2ngqwzZgXBpSv6gESrZSHMOjIGcwkeE/K+uRBuwMDTf2sZC5 JuwesFwlDMF4Ku1JGYADF6x9tM80UftwESYFZIMc= Received: by mx.zohomail.com with SMTPS id 1783097860844788.9807823215981; Fri, 3 Jul 2026 09:57:40 -0700 (PDT) From: Shardul Bankar Date: Fri, 03 Jul 2026 22:27:13 +0530 Subject: [PATCH mptcp-next v2 5/5] DO-NOT-MERGE: selftests/bpf: mptcp: extend bad scheduler test to the kfunc type contract Precedence: bulk X-Mailing-List: mptcp@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-Id: <20260703-mptcp_bpf_kfunc_fixes-v2-5-87ae3c64dc7e@mpiricsoftware.com> References: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> In-Reply-To: <20260703-mptcp_bpf_kfunc_fixes-v2-0-87ae3c64dc7e@mpiricsoftware.com> To: mptcp@lists.linux.dev, Geliang Tang Cc: Matthieu Baerts , Mat Martineau , Paolo Abeni , kalpan.jani@mpiricsoftware.com, janak@mpiric.us, shardulsb08@gmail.com, Shardul Bankar X-Mailer: b4 0.15.2 X-ZohoMailClient: External The bad_sched test covers one socket type confusion: a subflow TCP socket passed to bpf_mptcp_set_timeout(), which takes a struct mptcp_sock *. Extend it into a small suite that guards the narrow-typed scheduler kfunc surface against that bug class, covering both confusion directions: - a subflow sock passed to mptcp_wnd_end() (struct mptcp_sock *), the same direction as the set_timeout case; - the msk passed to mptcp_subflow_set_scheduled() (struct mptcp_subflow_context *), the inverse direction. Each malicious scheduler is its own struct_ops map. They are loaded one at a time via bpf_map__set_autocreate(), so each load failure is checked against its own verifier type-mismatch message. Assisted-by: Claude:claude-opus-4-8 Signed-off-by: Shardul Bankar --- tools/testing/selftests/bpf/prog_tests/mptcp.c | 56 ++++++++++++++++--= ---- .../selftests/bpf/progs/mptcp_bpf_bad_sched.c | 48 +++++++++++++++++++ 2 files changed, 89 insertions(+), 15 deletions(-) diff --git a/tools/testing/selftests/bpf/prog_tests/mptcp.c b/tools/testing= /selftests/bpf/prog_tests/mptcp.c index 177e5318029d4..6f5d8f3ac784f 100644 --- a/tools/testing/selftests/bpf/prog_tests/mptcp.c +++ b/tools/testing/selftests/bpf/prog_tests/mptcp.c @@ -814,32 +814,58 @@ static void test_burst(void) mptcp_bpf_burst__destroy(skel); } =20 -static void test_bad_sched(void) +static void load_bad_sched(struct mptcp_bpf_bad_sched *skel, const char *m= sg) { - struct mptcp_bpf_bad_sched *skel; char *log =3D NULL; int err; =20 + if (start_libbpf_log_capture()) + return; + + err =3D mptcp_bpf_bad_sched__load(skel); + log =3D stop_libbpf_log_capture(); + ASSERT_ERR(err, "load: bad scheduler must be rejected"); + ASSERT_HAS_SUBSTR(log, msg, "verifier type-mismatch message"); + free(log); +} + +static void test_bad_sched(void) +{ + struct mptcp_bpf_bad_sched *skel; + /* - * bad_sched_get_send() passes a subflow TCP socket to - * bpf_mptcp_set_timeout(), which takes a struct mptcp_sock *. The - * verifier must reject this socket type confusion at load time, and - * for the right reason: assert the specific verifier message. + * Each scheduler in mptcp_bpf_bad_sched passes a wrong-subtype socket + * to a narrow-typed scheduler kfunc; the verifier must reject each at + * load time with the specific type-mismatch message. The skel holds + * several such schedulers, so enable one struct_ops map at a time; + * loading them together would fail atomically. */ + + /* subflow sock -> bpf_mptcp_set_timeout(struct mptcp_sock *) */ skel =3D mptcp_bpf_bad_sched__open(); if (!ASSERT_OK_PTR(skel, "open: bad_sched")) return; + bpf_map__set_autocreate(skel->maps.bad_wnd_end, false); + bpf_map__set_autocreate(skel->maps.bad_set_sched, false); + load_bad_sched(skel, "expected pointer to STRUCT mptcp_sock"); + mptcp_bpf_bad_sched__destroy(skel); =20 - if (start_libbpf_log_capture()) - goto destroy; + /* subflow sock -> mptcp_wnd_end(struct mptcp_sock *) */ + skel =3D mptcp_bpf_bad_sched__open(); + if (!ASSERT_OK_PTR(skel, "open: bad_wnd_end")) + return; + bpf_map__set_autocreate(skel->maps.bad_sched, false); + bpf_map__set_autocreate(skel->maps.bad_set_sched, false); + load_bad_sched(skel, "expected pointer to STRUCT mptcp_sock"); + mptcp_bpf_bad_sched__destroy(skel); =20 - err =3D mptcp_bpf_bad_sched__load(skel); - log =3D stop_libbpf_log_capture(); - ASSERT_ERR(err, "load: bad_sched must be rejected"); - ASSERT_HAS_SUBSTR(log, "expected pointer to STRUCT mptcp_sock", - "verifier rejects subflow sock to bpf_mptcp_set_timeout"); - free(log); -destroy: + /* msk -> mptcp_subflow_set_scheduled(struct mptcp_subflow_context *) */ + skel =3D mptcp_bpf_bad_sched__open(); + if (!ASSERT_OK_PTR(skel, "open: bad_set_sched")) + return; + bpf_map__set_autocreate(skel->maps.bad_sched, false); + bpf_map__set_autocreate(skel->maps.bad_wnd_end, false); + load_bad_sched(skel, "expected pointer to STRUCT mptcp_subflow_context"); mptcp_bpf_bad_sched__destroy(skel); } =20 diff --git a/tools/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c b/tool= s/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c index 70e7da42f13a9..a744de8b82859 100644 --- a/tools/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c +++ b/tools/testing/selftests/bpf/progs/mptcp_bpf_bad_sched.c @@ -12,6 +12,7 @@ char _license[] SEC("license") =3D "GPL"; =20 extern void bpf_mptcp_set_timeout(struct mptcp_sock *msk) __ksym; +extern __u64 mptcp_wnd_end(const struct mptcp_sock *msk) __ksym; =20 SEC("struct_ops") void BPF_PROG(bad_sched_init, struct mptcp_sock *msk) @@ -54,3 +55,50 @@ struct mptcp_sched_ops bad_sched =3D { .get_send =3D (void *)bad_sched_get_send, .name =3D "bpf_bad_sched", }; + +/* + * Same confusion class as bad_sched, on another struct mptcp_sock * kfunc: + * feed a subflow TCP socket to mptcp_wnd_end(). The verifier must reject = it + * ("expected pointer to STRUCT mptcp_sock"). get_send is the only required + * scheduler op, so the rest are omitted. + */ +SEC("struct_ops") +int BPF_PROG(bad_wnd_end_get_send, struct mptcp_sock *msk) +{ + struct mptcp_subflow_context *subflow; + struct sock *ssk; + + bpf_for_each(mptcp_subflow, subflow, (struct sock *)msk) { + ssk =3D bpf_mptcp_subflow_tcp_sock(subflow); + if (!ssk) + return -1; + if (mptcp_wnd_end((struct mptcp_sock *)ssk)) + return 0; + return -1; + } + return -1; +} + +SEC(".struct_ops.link") +struct mptcp_sched_ops bad_wnd_end =3D { + .get_send =3D (void *)bad_wnd_end_get_send, + .name =3D "bpf_bad_wnd_end", +}; + +/* + * Inverse confusion: feed the msk to mptcp_subflow_set_scheduled(), which + * takes a struct mptcp_subflow_context *. The verifier must reject it + * ("expected pointer to STRUCT mptcp_subflow_context"). + */ +SEC("struct_ops") +int BPF_PROG(bad_set_sched_get_send, struct mptcp_sock *msk) +{ + mptcp_subflow_set_scheduled((struct mptcp_subflow_context *)msk, true); + return 0; +} + +SEC(".struct_ops.link") +struct mptcp_sched_ops bad_set_sched =3D { + .get_send =3D (void *)bad_set_sched_get_send, + .name =3D "bpf_bad_set_sch", +}; --=20 2.34.1