[PATCH mptcp-next v2 0/7] bpf sched updates

Geliang Tang posted 7 patches 1 week, 5 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/multipath-tcp/mptcp_net-next tags/patchew/cover.1782106180.git.tanggeliang@kylinos.cn
There is a newer version of this series
net/mptcp/bpf.c                               | 16 +-----
.../selftests/bpf/progs/mptcp_bpf_burst.c     | 53 +++++++++++++++----
.../selftests/bpf/progs/mptcp_bpf_first.c     | 17 +++---
.../selftests/bpf/progs/mptcp_bpf_rr.c        | 30 ++++++-----
4 files changed, 71 insertions(+), 45 deletions(-)
[PATCH mptcp-next v2 0/7] bpf sched updates
Posted by Geliang Tang 1 week, 5 days ago
From: Geliang Tang <tanggeliang@kylinos.cn>

v2:
 - new patches 2-7, address Sashiko's comments to drop __ign in
   arguments of bpf_sk_stream_memory_free() and bpf_mptcp_subflow_ctx().

v1:
 - Link: https://patchwork.kernel.org/project/mptcp/patch/10a30ed6484cc4d48009625f1ed8e12802e78e94.1781699193.git.tanggeliang@kylinos.cn/

This series addresses BPF verifier issues in the MPTCP packet scheduler
helpers and their selftests.

The initial motivation was to fix an incorrect return value in
bpf_sk_stream_memory_free(): the function returns bool but erroneously
returned NULL. This was fixed by changing it to false and dropping the
KF_RET_NULL flag.

However, further review revealed that both bpf_sk_stream_memory_free()
and bpf_mptcp_subflow_ctx() used the __ign suffix on their pointer
arguments to bypass verifier checks. This approach is unsafe because it
allows untrusted pointers to be passed into kfuncs, potentially leading
to verifier rejection or runtime issues. In practice, passing pointers
like msk->first (which are not marked as trusted) to these kfuncs
triggers the verifier error "R1 must be referenced or trusted".

To resolve this cleanly, the series:

- Removes bpf_sk_stream_memory_free() entirely, as its functionality can
  be implemented inline in the BPF scheduler (burst) using MPTCP-specific
  memory checks (msk->notsent_lowat and subflow send buffer).

- Removes the __ign suffix from bpf_mptcp_subflow_ctx() and updates all
  BPF schedulers (first, rr, burst) to avoid calling it. Instead, they
  use bpf_for_each(mptcp_subflow) iterations to obtain trusted subflow
  pointers directly, eliminating the need for reverse lookup from an
  untrusted sock pointer.

With these changes, all BPF scheduler tests pass verification and
function correctly.

Geliang Tang (7):
  Squash to "bpf: Export mptcp packet scheduler helpers"
  Squash to "bpf: Export mptcp packet scheduler helpers" 2
  Squash to "selftests/bpf: Add bpf_burst scheduler & test"
  Squash to "bpf: Export mptcp packet scheduler helpers" 3
  Squash to "selftests/bpf: Add bpf_first scheduler & test"
  Squash to "selftests/bpf: Add bpf_rr scheduler & test"
  Squash to "selftests/bpf: Add bpf_burst scheduler & test" 2

 net/mptcp/bpf.c                               | 16 +-----
 .../selftests/bpf/progs/mptcp_bpf_burst.c     | 53 +++++++++++++++----
 .../selftests/bpf/progs/mptcp_bpf_first.c     | 17 +++---
 .../selftests/bpf/progs/mptcp_bpf_rr.c        | 30 ++++++-----
 4 files changed, 71 insertions(+), 45 deletions(-)

-- 
2.53.0
Re: [PATCH mptcp-next v2 0/7] bpf sched updates
Posted by MPTCP CI 1 week, 5 days ago
Hi Geliang,

Thank you for your modifications, that's great!

Our CI did some validations and here is its report:

- KVM Validation: normal (except selftest_mptcp_join): Success! ✅
- KVM Validation: normal (only selftest_mptcp_join): Success! ✅
- KVM Validation: debug (except selftest_mptcp_join): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- KVM Validation: debug (only selftest_mptcp_join): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- KVM Validation: btf-normal (only bpftest_all): Success! ✅
- KVM Validation: btf-debug (only bpftest_all): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- Task: https://github.com/multipath-tcp/mptcp_net-next/actions/runs/27933086171

Initiator: Patchew Applier
Commits: https://github.com/multipath-tcp/mptcp_net-next/commits/09e091cc5517
Patchwork: https://patchwork.kernel.org/project/mptcp/list/?series=1114517


If there are some issues, you can reproduce them using the same environment as
the one used by the CI thanks to a docker image, e.g.:

    $ cd [kernel source code]
    $ docker run -v "${PWD}:${PWD}:rw" -w "${PWD}" --privileged --rm -it \
        --pull always mptcp/mptcp-upstream-virtme-docker:latest \
        auto-normal

For more details:

    https://github.com/multipath-tcp/mptcp-upstream-virtme-docker


Please note that despite all the efforts that have been already done to have a
stable tests suite when executed on a public CI like here, it is possible some
reported issues are not due to your modifications. Still, do not hesitate to
help us improve that ;-)

Cheers,
MPTCP GH Action bot
Bot operated by Matthieu Baerts (NGI0 Core)