[PATCH mptcp-next v3 0/6] bpf sched updates

Geliang Tang posted 6 patches 1 week, 5 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/multipath-tcp/mptcp_net-next tags/patchew/cover.1782120674.git.tanggeliang@kylinos.cn
net/mptcp/bpf.c                               | 28 ++++++++++-------
.../selftests/bpf/progs/mptcp_bpf_burst.c     | 25 ++++++++--------
.../selftests/bpf/progs/mptcp_bpf_first.c     | 17 ++++++-----
.../selftests/bpf/progs/mptcp_bpf_rr.c        | 30 +++++++++++--------
4 files changed, 57 insertions(+), 43 deletions(-)
[PATCH mptcp-next v3 0/6] bpf sched updates
Posted by Geliang Tang 1 week, 5 days ago
From: Geliang Tang <tanggeliang@kylinos.cn>

v3:
 - Add sk_type == SOCK_STREAM check in bpf_iter_mptcp_subflow_new() to
   prevent raw sockets from bypassing validation (new patch 1).
 - Zero iterator state (kit->msk, kit->pos) on error paths in
   bpf_iter_mptcp_subflow_new() to avoid uninitialized dereference.
 - Change bpf_sk_stream_memory_free() signature to accept
   struct mptcp_subflow_context * instead of struct sock *, to make it
   work with burst scheduler.

v2:
 - new patches 2-7, address Sashiko's comments to drop __ign in
   arguments of bpf_sk_stream_memory_free() and bpf_mptcp_subflow_ctx().
 - Link: https://patchwork.kernel.org/project/mptcp/cover/cover.1782106180.git.tanggeliang@kylinos.cn/

v1:
 - Link: https://patchwork.kernel.org/project/mptcp/patch/10a30ed6484cc4d48009625f1ed8e12802e78e94.1781699193.git.tanggeliang@kylinos.cn/

This series addresses BPF verifier issues in the MPTCP packet scheduler
helpers and their selftests.

The initial motivation was to fix an incorrect return value in
bpf_sk_stream_memory_free(): the function returns bool but erroneously
returned NULL. This was fixed by changing it to false and dropping the
KF_RET_NULL flag.

However, further review revealed that both bpf_sk_stream_memory_free()
and bpf_mptcp_subflow_ctx() used the __ign suffix on their pointer
arguments to bypass verifier checks. This approach is unsafe because it
allows untrusted pointers to be passed into kfuncs, potentially leading
to verifier rejection or runtime issues. In practice, passing pointers
like msk->first (which are not marked as trusted) to these kfuncs
triggers the verifier error "R1 must be referenced or trusted".

To resolve this cleanly, the series:

- Removes bpf_sk_stream_memory_free() entirely, as its functionality can
  be implemented inline in the BPF scheduler (burst) using MPTCP-specific
  memory checks (msk->notsent_lowat and subflow send buffer).

- Removes the __ign suffix from bpf_mptcp_subflow_ctx() and updates all
  BPF schedulers (first, rr, burst) to avoid calling it. Instead, they
  use bpf_for_each(mptcp_subflow) iterations to obtain trusted subflow
  pointers directly, eliminating the need for reverse lookup from an
  untrusted sock pointer.

With these changes, all BPF scheduler tests pass verification and
function correctly.

Geliang Tang (6):
  Squash to "bpf: Add mptcp_subflow bpf_iter"
  Squash to "bpf: Export mptcp packet scheduler helpers"
  Squash to "selftests/bpf: Add bpf_burst scheduler & test"
  Squash to "bpf: Export mptcp packet scheduler helpers" 2
  Squash to "selftests/bpf: Add bpf_first scheduler & test"
  Squash to "selftests/bpf: Add bpf_rr scheduler & test"

 net/mptcp/bpf.c                               | 28 ++++++++++-------
 .../selftests/bpf/progs/mptcp_bpf_burst.c     | 25 ++++++++--------
 .../selftests/bpf/progs/mptcp_bpf_first.c     | 17 ++++++-----
 .../selftests/bpf/progs/mptcp_bpf_rr.c        | 30 +++++++++++--------
 4 files changed, 57 insertions(+), 43 deletions(-)

-- 
2.53.0
Re: [PATCH mptcp-next v3 0/6] bpf sched updates
Posted by Matthieu Baerts 1 week, 5 days ago
Hi Geliang,

On 22/06/2026 11:38, Geliang Tang wrote:
> From: Geliang Tang <tanggeliang@kylinos.cn>
> 
> v3:
>  - Add sk_type == SOCK_STREAM check in bpf_iter_mptcp_subflow_new() to
>    prevent raw sockets from bypassing validation (new patch 1).
>  - Zero iterator state (kit->msk, kit->pos) on error paths in
>    bpf_iter_mptcp_subflow_new() to avoid uninitialized dereference.
>  - Change bpf_sk_stream_memory_free() signature to accept
>    struct mptcp_subflow_context * instead of struct sock *, to make it
>    work with burst scheduler.
(slowly trying to get back to the reviews, sorry for the delay on older
series, it might take a while...)

Thanks! Sashiko may have found existing issues with other helpers
introduced in our export branch, please see:

https://sashiko.dev/#/patchset/cover.1782120674.git.tanggeliang%40kylinos.cn?part=4

New patches for t/upstream:
- beb6482d3d18: "squashed" patch 1/6 in "bpf: Add mptcp_subflow bpf_iter"
- 21533dcb5a8a: "squashed" patch 2/6 in "bpf: Export mptcp packet
scheduler helpers"
- 0f4ed15e3a62: "squashed" patch 4/6 in "bpf: Export mptcp packet
scheduler helpers"
- 0d8c9711887c: "squashed" patch 5/6 in "selftests/bpf: Add bpf_first
scheduler & test"
- 4824dc0f98f1: "squashed" patch 6/6 in "selftests/bpf: Add bpf_rr
scheduler & test"
- b077032985ac: "squashed" patch 3/6 in "selftests/bpf: Add bpf_burst
scheduler & test"
- Results: bc8075b182f4..7fc976a6891c (export)

Tests are now in progress:

- export:
https://github.com/multipath-tcp/mptcp_net-next/commit/366d3bd40f3e2dbc4d7ffe0816c0c657d6d7c54c/checks

Cheers,
Matt
-- 
Sponsored by the NGI0 Core fund.
Re: [PATCH mptcp-next v3 0/6] bpf sched updates
Posted by MPTCP CI 1 week, 5 days ago
Hi Geliang,

Thank you for your modifications, that's great!

Our CI did some validations and here is its report:

- KVM Validation: normal (except selftest_mptcp_join): Success! ✅
- KVM Validation: normal (only selftest_mptcp_join): Success! ✅
- KVM Validation: debug (except selftest_mptcp_join): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- KVM Validation: debug (only selftest_mptcp_join): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- KVM Validation: btf-normal (only bpftest_all): Success! ✅
- KVM Validation: btf-debug (only bpftest_all): Notice: Call Traces at boot time, rebooted and continued ⚠️ 
- Task: https://github.com/multipath-tcp/mptcp_net-next/actions/runs/27944247890

Initiator: Patchew Applier
Commits: https://github.com/multipath-tcp/mptcp_net-next/commits/526ff6453267
Patchwork: https://patchwork.kernel.org/project/mptcp/list/?series=1114644


If there are some issues, you can reproduce them using the same environment as
the one used by the CI thanks to a docker image, e.g.:

    $ cd [kernel source code]
    $ docker run -v "${PWD}:${PWD}:rw" -w "${PWD}" --privileged --rm -it \
        --pull always mptcp/mptcp-upstream-virtme-docker:latest \
        auto-normal

For more details:

    https://github.com/multipath-tcp/mptcp-upstream-virtme-docker


Please note that despite all the efforts that have been already done to have a
stable tests suite when executed on a public CI like here, it is possible some
reported issues are not due to your modifications. Still, do not hesitate to
help us improve that ;-)

Cheers,
MPTCP GH Action bot
Bot operated by Matthieu Baerts (NGI0 Core)