Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next

Daniel Borkmann says: ==================== pull-request: bpf-next 2018-10-21 The following pull-request contains BPF updates for your *net-next* tree. The main changes are: 1) Implement two new kind of BPF maps, that is, queue and stack map along with new peek, push and pop operations, from Mauricio. 2) Add support for MSG_PEEK flag when redirecting into an ingress psock sk_msg queue, and add a new helper bpf_msg_push_data() for insert data into the message, from John. 3) Allow for BPF programs of type BPF_PROG_TYPE_CGROUP_SKB to use direct packet access for __skb_buff, from Song. 4) Use more lightweight barriers for walking perf ring buffer for libbpf and perf tool as well. Also, various fixes and improvements from verifier side, from Daniel. 5) Add per-symbol visibility for DSO in libbpf and hide by default global symbols such as netlink related functions, from Andrey. 6) Two improvements to nfp's BPF offload to check vNIC capabilities in case prog is shared with multiple vNICs and to protect against mis-initializing atomic counters, from Jakub. 7) Fix for bpftool to use 4 context mode for the nfp disassembler, also from Jakub. 8) Fix a return value comparison in test_libbpf.sh and add several bpftool improvements in bash completion, documentation of bpf fs restrictions and batch mode summary print, from Quentin. 9) Fix a file resource leak in BPF selftest's load_kallsyms() helper, from Peng. 10) Fix an unused variable warning in map_lookup_and_delete_elem(), from Alexei. 11) Fix bpf_skb_adjust_room() signature in BPF UAPI helper doc, from Nicolas. 12) Add missing executables to .gitignore in BPF selftests, from Anders. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2018-10-22 00:11:46 -0400
committer: David S. Miller <davem@davemloft.net> 2018-10-22 00:11:46 -0400
commit: a19c59cc10a5ebc6b5a542e56bfd9f427ce01d74 (patch)
tree: cd04c1af4e800eef175cbc51ffb6e78040d7ee27 /tools/include
parent: 92303c86b7e9b7d3895ccafb441a0354143e2a18 (diff)
parent: fe8ecccc10b3adc071de05ca7af728ca1a4ac9aa (diff)
4 files changed, 234 insertions, 2 deletions
diff --git a/tools/include/asm/barrier.h b/tools/include/asm/barrier.h
index 391d942536e5..8d378c57cb01 100644
--- a/tools/include/asm/barrier.h
+++ b/tools/include/asm/barrier.h
@@ -1,4 +1,5 @@
 /* SPDX-License-Identifier: GPL-2.0 */
+#include <linux/compiler.h>
 #if defined(__i386__) || defined(__x86_64__)
 #include "../../arch/x86/include/asm/barrier.h"
 #elif defined(__arm__)
@@ -26,3 +27,37 @@
 #else
 #include <asm-generic/barrier.h>
 #endif
+/*
+ * Generic fallback smp_*() definitions for archs that haven't
+ * been updated yet.
+ */
+#ifndef smp_rmb
+# define smp_rmb()      rmb()
+#endif
+#ifndef smp_wmb
+# define smp_wmb()      wmb()
+#endif
+#ifndef smp_mb
+# define smp_mb()       mb()
+#endif
+#ifndef smp_store_release
+# define smp_store_release(p, v)                \
+do {                                            \
+        smp_mb();                               \
+        WRITE_ONCE(*p, v);                      \
+} while (0)
+#endif
+#ifndef smp_load_acquire
+# define smp_load_acquire(p)                    \
+({                                              \
+        typeof(*p) ___p1 = READ_ONCE(*p);       \
+        smp_mb();                               \
+        ___p1;                                  \
+})
+#endif
diff --git a/tools/include/linux/ring_buffer.h b/tools/include/linux/ring_buffer.h
new file mode 100644
index 000000000000..9a083ae60473
--- /dev/null
+++ b/tools/include/linux/ring_buffer.h
@@ -0,0 +1,73 @@
+#ifndef _TOOLS_LINUX_RING_BUFFER_H_
+#define _TOOLS_LINUX_RING_BUFFER_H_
+#include <asm/barrier.h>
+/*
+ * Contract with kernel for walking the perf ring buffer from
+ * user space requires the following barrier pairing (quote
+ * from kernel/events/ring_buffer.c):
+ *
+ *   Since the mmap() consumer (userspace) can run on a
+ *   different CPU:
+ *
+ *   kernel                             user
+ *
+ *   if (LOAD ->data_tail) {            LOAD ->data_head
+ *                      (A)             smp_rmb()       (C)
+ *      STORE $data                     LOAD $data
+ *      smp_wmb()       (B)             smp_mb()        (D)
+ *      STORE ->data_head               STORE ->data_tail
+ *   }
+ *
+ *   Where A pairs with D, and B pairs with C.
+ *
+ *   In our case A is a control dependency that separates the
+ *   load of the ->data_tail and the stores of $data. In case
+ *   ->data_tail indicates there is no room in the buffer to
+ *   store $data we do not.
+ *
+ *   D needs to be a full barrier since it separates the data
+ *   READ from the tail WRITE.
+ *
+ *   For B a WMB is sufficient since it separates two WRITEs,
+ *   and for C an RMB is sufficient since it separates two READs.
+ *
+ * Note, instead of B, C, D we could also use smp_store_release()
+ * in B and D as well as smp_load_acquire() in C.
+ *
+ * However, this optimization does not make sense for all kernel
+ * supported architectures since for a fair number it would
+ * resolve into READ_ONCE() + smp_mb() pair for smp_load_acquire(),
+ * and smp_mb() + WRITE_ONCE() pair for smp_store_release().
+ *
+ * Thus for those smp_wmb() in B and smp_rmb() in C would still
+ * be less expensive. For the case of D this has either the same
+ * cost or is less expensive, for example, due to TSO x86 can
+ * avoid the CPU barrier entirely.
+ */
+static inline u64 ring_buffer_read_head(struct perf_event_mmap_page *base)
+{
+/*
+ * Architectures where smp_load_acquire() does not fallback to
+ * READ_ONCE() + smp_mb() pair.
+ */
+#if defined(__x86_64__) || defined(__aarch64__) || defined(__powerpc64__) || \
+    defined(__ia64__) || defined(__sparc__) && defined(__arch64__)
+        return smp_load_acquire(&base->data_head);
+#else
+        u64 head = READ_ONCE(base->data_head);
+        smp_rmb();
+        return head;
+#endif
+}
+static inline void ring_buffer_write_tail(struct perf_event_mmap_page *base,
+                                          u64 tail)
+{
+        smp_store_release(&base->data_tail, tail);
+}
+#endif /* _TOOLS_LINUX_RING_BUFFER_H_ */
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index f9187b41dff6..852dc17ab47a 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -103,6 +103,7 @@ enum bpf_cmd {
        BPF_BTF_LOAD,
        BPF_BTF_GET_FD_BY_ID,
        BPF_TASK_FD_QUERY,
+        BPF_MAP_LOOKUP_AND_DELETE_ELEM,
 };
 enum bpf_map_type {
@@ -128,6 +129,8 @@ enum bpf_map_type {
        BPF_MAP_TYPE_CGROUP_STORAGE,
        BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
        BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,
+        BPF_MAP_TYPE_QUEUE,
+        BPF_MAP_TYPE_STACK,
 };
 enum bpf_prog_type {
@@ -462,6 +465,28 @@ union bpf_attr {
 *      Return
 *              0 on success, or a negative error in case of failure.
 *
+ * int bpf_map_push_elem(struct bpf_map *map, const void *value, u64 flags)
+ *      Description
+ *              Push an element *value* in *map*. *flags* is one of:
+ *
+ *              **BPF_EXIST**
+ *              If the queue/stack is full, the oldest element is removed to
+ *              make room for this.
+ *      Return
+ *              0 on success, or a negative error in case of failure.
+ *
+ * int bpf_map_pop_elem(struct bpf_map *map, void *value)
+ *      Description
+ *              Pop an element from *map*.
+ * Return
+ *              0 on success, or a negative error in case of failure.
+ *
+ * int bpf_map_peek_elem(struct bpf_map *map, void *value)
+ *      Description
+ *              Get an element from *map* without removing it.
+ * Return
+ *              0 on success, or a negative error in case of failure.
+ *
 * int bpf_probe_read(void *dst, u32 size, const void *src)
 *      Description
 *              For tracing programs, safely attempt to read *size* bytes from
@@ -1433,7 +1458,7 @@ union bpf_attr {
 *      Return
 *              0 on success, or a negative error in case of failure.
 *
- * int bpf_skb_adjust_room(struct sk_buff *skb, u32 len_diff, u32 mode, u64 flags)
+ * int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags)
 *      Description
 *              Grow or shrink the room for data in the packet associated to
 *              *skb* by *len_diff*, and according to the selected *mode*.
@@ -2215,6 +2240,23 @@ union bpf_attr {
 *              pointer that was returned from bpf_sk_lookup_xxx\ ().
 *      Return
 *              0 on success, or a negative error in case of failure.
+ *
+ * int bpf_msg_push_data(struct sk_buff *skb, u32 start, u32 len, u64 flags)
+ *      Description
+ *              For socket policies, insert *len* bytes into msg at offset
+ *              *start*.
+ *
+ *              If a program of type **BPF_PROG_TYPE_SK_MSG** is run on a
+ *              *msg* it may want to insert metadata or options into the msg.
+ *              This can later be read and used by any of the lower layer BPF
+ *              hooks.
+ *
+ *              This helper may fail if under memory pressure (a malloc
+ *              fails) in these cases BPF programs will get an appropriate
+ *              error and BPF programs will need to handle them.
+ *
+ *      Return
+ *              0 on success, or a negative error in case of failure.
 */
 #define __BPF_FUNC_MAPPER(FN)           \
        FN(unspec),                     \
@@ -2303,7 +2345,11 @@ union bpf_attr {
        FN(skb_ancestor_cgroup_id),     \
        FN(sk_lookup_tcp),              \
        FN(sk_lookup_udp),              \
-        FN(sk_release),
+        FN(sk_release),                 \
+        FN(map_push_elem),              \
+        FN(map_pop_elem),               \
+        FN(map_peek_elem),              \
+        FN(msg_push_data),
 /* integer value in 'imm' field of BPF_CALL instruction selects which helper
 * function eBPF program intends to call
diff --git a/tools/include/uapi/linux/tls.h b/tools/include/uapi/linux/tls.h
new file mode 100644
index 000000000000..ff02287495ac
--- /dev/null
+++ b/tools/include/uapi/linux/tls.h
@@ -0,0 +1,78 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR Linux-OpenIB) */
+/*
+ * Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
+ *
+ * This software is available to you under a choice of one of two
+ * licenses.  You may choose to be licensed under the terms of the GNU
+ * General Public License (GPL) Version 2, available from the file
+ * COPYING in the main directory of this source tree, or the
+ * OpenIB.org BSD license below:
+ *
+ *     Redistribution and use in source and binary forms, with or
+ *     without modification, are permitted provided that the following
+ *     conditions are met:
+ *
+ *      - Redistributions of source code must retain the above
+ *        copyright notice, this list of conditions and the following
+ *        disclaimer.
+ *
+ *      - Redistributions in binary form must reproduce the above
+ *        copyright notice, this list of conditions and the following
+ *        disclaimer in the documentation and/or other materials
+ *        provided with the distribution.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+#ifndef _UAPI_LINUX_TLS_H
+#define _UAPI_LINUX_TLS_H
+#include <linux/types.h>
+/* TLS socket options */
+#define TLS_TX                  1       /* Set transmit parameters */
+#define TLS_RX                  2       /* Set receive parameters */
+/* Supported versions */
+#define TLS_VERSION_MINOR(ver)  ((ver) & 0xFF)
+#define TLS_VERSION_MAJOR(ver)  (((ver) >> 8) & 0xFF)
+#define TLS_VERSION_NUMBER(id)  ((((id##_VERSION_MAJOR) & 0xFF) << 8) | \
+                                 ((id##_VERSION_MINOR) & 0xFF))
+#define TLS_1_2_VERSION_MAJOR   0x3
+#define TLS_1_2_VERSION_MINOR   0x3
+#define TLS_1_2_VERSION         TLS_VERSION_NUMBER(TLS_1_2)
+/* Supported ciphers */
+#define TLS_CIPHER_AES_GCM_128                          51
+#define TLS_CIPHER_AES_GCM_128_IV_SIZE                  8
+#define TLS_CIPHER_AES_GCM_128_KEY_SIZE         16
+#define TLS_CIPHER_AES_GCM_128_SALT_SIZE                4
+#define TLS_CIPHER_AES_GCM_128_TAG_SIZE         16
+#define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE             8
+#define TLS_SET_RECORD_TYPE     1
+#define TLS_GET_RECORD_TYPE     2
+struct tls_crypto_info {
+        __u16 version;
+        __u16 cipher_type;
+};
+struct tls12_crypto_info_aes_gcm_128 {
+        struct tls_crypto_info info;
+        unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
+        unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
+        unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
+        unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
+};
+#endif /* _UAPI_LINUX_TLS_H */
author	David S. Miller <davem@davemloft.net>	2018-10-22 00:11:46 -0400
committer	David S. Miller <davem@davemloft.net>	2018-10-22 00:11:46 -0400
commit	a19c59cc10a5ebc6b5a542e56bfd9f427ce01d74 (patch)
tree	cd04c1af4e800eef175cbc51ffb6e78040d7ee27 /tools/include
parent	92303c86b7e9b7d3895ccafb441a0354143e2a18 (diff)
parent	fe8ecccc10b3adc071de05ca7af728ca1a4ac9aa (diff)

diff --git a/tools/include/asm/barrier.h b/tools/include/asm/barrier.h index 391d942536e5..8d378c57cb01 100644 --- a/tools/include/asm/barrier.h +++ b/tools/include/asm/barrier.h
@@ -1,4 +1,5 @@
1	/* SPDX-License-Identifier: GPL-2.0 */	1	/* SPDX-License-Identifier: GPL-2.0 */
		2	#include <linux/compiler.h>
2	#if defined(__i386__) \|\| defined(__x86_64__)	3	#if defined(__i386__) \|\| defined(__x86_64__)
3	#include "../../arch/x86/include/asm/barrier.h"	4	#include "../../arch/x86/include/asm/barrier.h"
4	#elif defined(__arm__)	5	#elif defined(__arm__)
@@ -26,3 +27,37 @@
26	#else	27	#else
27	#include <asm-generic/barrier.h>	28	#include <asm-generic/barrier.h>
28	#endif	29	#endif
		30
		31	/*
		32	* Generic fallback smp_*() definitions for archs that haven't
		33	* been updated yet.
		34	*/
		35
		36	#ifndef smp_rmb
		37	# define smp_rmb() rmb()
		38	#endif
		39
		40	#ifndef smp_wmb
		41	# define smp_wmb() wmb()
		42	#endif
		43
		44	#ifndef smp_mb
		45	# define smp_mb() mb()
		46	#endif
		47
		48	#ifndef smp_store_release
		49	# define smp_store_release(p, v) \
		50	do { \
		51	smp_mb(); \
		52	WRITE_ONCE(*p, v); \
		53	} while (0)
		54	#endif
		55
		56	#ifndef smp_load_acquire
		57	# define smp_load_acquire(p) \
		58	({ \
		59	typeof(p) ___p1 = READ_ONCE(p); \
		60	smp_mb(); \
		61	___p1; \
		62	})
		63	#endif


diff --git a/tools/include/linux/ring_buffer.h b/tools/include/linux/ring_buffer.h new file mode 100644 index 000000000000..9a083ae60473 --- /dev/null +++ b/tools/include/linux/ring_buffer.h
@@ -0,0 +1,73 @@
		1	#ifndef _TOOLS_LINUX_RING_BUFFER_H_
		2	#define _TOOLS_LINUX_RING_BUFFER_H_
		3
		4	#include <asm/barrier.h>
		5
		6	/*
		7	* Contract with kernel for walking the perf ring buffer from
		8	* user space requires the following barrier pairing (quote
		9	* from kernel/events/ring_buffer.c):
		10	*
		11	* Since the mmap() consumer (userspace) can run on a
		12	* different CPU:
		13	*
		14	* kernel user
		15	*
		16	* if (LOAD ->data_tail) { LOAD ->data_head
		17	* (A) smp_rmb() (C)
		18	* STORE $data LOAD $data
		19	* smp_wmb() (B) smp_mb() (D)
		20	* STORE ->data_head STORE ->data_tail
		21	* }
		22	*
		23	* Where A pairs with D, and B pairs with C.
		24	*
		25	* In our case A is a control dependency that separates the
		26	* load of the ->data_tail and the stores of $data. In case
		27	* ->data_tail indicates there is no room in the buffer to
		28	* store $data we do not.
		29	*
		30	* D needs to be a full barrier since it separates the data
		31	* READ from the tail WRITE.
		32	*
		33	* For B a WMB is sufficient since it separates two WRITEs,
		34	* and for C an RMB is sufficient since it separates two READs.
		35	*
		36	* Note, instead of B, C, D we could also use smp_store_release()
		37	* in B and D as well as smp_load_acquire() in C.
		38	*
		39	* However, this optimization does not make sense for all kernel
		40	* supported architectures since for a fair number it would
		41	* resolve into READ_ONCE() + smp_mb() pair for smp_load_acquire(),
		42	* and smp_mb() + WRITE_ONCE() pair for smp_store_release().
		43	*
		44	* Thus for those smp_wmb() in B and smp_rmb() in C would still
		45	* be less expensive. For the case of D this has either the same
		46	* cost or is less expensive, for example, due to TSO x86 can
		47	* avoid the CPU barrier entirely.
		48	*/
		49
		50	static inline u64 ring_buffer_read_head(struct perf_event_mmap_page *base)
		51	{
		52	/*
		53	* Architectures where smp_load_acquire() does not fallback to
		54	* READ_ONCE() + smp_mb() pair.
		55	*/
		56	#if defined(__x86_64__) \|\| defined(__aarch64__) \|\| defined(__powerpc64__) \|\| \
		57	defined(__ia64__) \|\| defined(__sparc__) && defined(__arch64__)
		58	return smp_load_acquire(&base->data_head);
		59	#else
		60	u64 head = READ_ONCE(base->data_head);
		61
		62	smp_rmb();
		63	return head;
		64	#endif
		65	}
		66
		67	static inline void ring_buffer_write_tail(struct perf_event_mmap_page *base,
		68	u64 tail)
		69	{
		70	smp_store_release(&base->data_tail, tail);
		71	}
		72
		73	#endif /* _TOOLS_LINUX_RING_BUFFER_H_ */


diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index f9187b41dff6..852dc17ab47a 100644 --- a/tools/include/uapi/linux/bpf.h +++ b/tools/include/uapi/linux/bpf.h
@@ -103,6 +103,7 @@ enum bpf_cmd {
103	BPF_BTF_LOAD,	103	BPF_BTF_LOAD,
104	BPF_BTF_GET_FD_BY_ID,	104	BPF_BTF_GET_FD_BY_ID,
105	BPF_TASK_FD_QUERY,	105	BPF_TASK_FD_QUERY,
		106	BPF_MAP_LOOKUP_AND_DELETE_ELEM,
106	};	107	};
107		108
108	enum bpf_map_type {	109	enum bpf_map_type {
@@ -128,6 +129,8 @@ enum bpf_map_type {
128	BPF_MAP_TYPE_CGROUP_STORAGE,	129	BPF_MAP_TYPE_CGROUP_STORAGE,
129	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,	130	BPF_MAP_TYPE_REUSEPORT_SOCKARRAY,
130	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,	131	BPF_MAP_TYPE_PERCPU_CGROUP_STORAGE,
		132	BPF_MAP_TYPE_QUEUE,
		133	BPF_MAP_TYPE_STACK,
131	};	134	};
132		135
133	enum bpf_prog_type {	136	enum bpf_prog_type {
@@ -462,6 +465,28 @@ union bpf_attr {
462	* Return	465	* Return
463	* 0 on success, or a negative error in case of failure.	466	* 0 on success, or a negative error in case of failure.
464	*	467	*
		468	* int bpf_map_push_elem(struct bpf_map map, const void value, u64 flags)
		469	* Description
		470	* Push an element value in map. flags is one of:
		471	*
		472	* BPF_EXIST
		473	* If the queue/stack is full, the oldest element is removed to
		474	* make room for this.
		475	* Return
		476	* 0 on success, or a negative error in case of failure.
		477	*
		478	* int bpf_map_pop_elem(struct bpf_map map, void value)
		479	* Description
		480	* Pop an element from map.
		481	* Return
		482	* 0 on success, or a negative error in case of failure.
		483	*
		484	* int bpf_map_peek_elem(struct bpf_map map, void value)
		485	* Description
		486	* Get an element from map without removing it.
		487	* Return
		488	* 0 on success, or a negative error in case of failure.
		489	*
465	* int bpf_probe_read(void dst, u32 size, const void src)	490	* int bpf_probe_read(void dst, u32 size, const void src)
466	* Description	491	* Description
467	* For tracing programs, safely attempt to read size bytes from	492	* For tracing programs, safely attempt to read size bytes from
@@ -1433,7 +1458,7 @@ union bpf_attr {
1433	* Return	1458	* Return
1434	* 0 on success, or a negative error in case of failure.	1459	* 0 on success, or a negative error in case of failure.
1435	*	1460	*
1436	* int bpf_skb_adjust_room(struct sk_buff *skb, u32 len_diff, u32 mode, u64 flags)	1461	* int bpf_skb_adjust_room(struct sk_buff *skb, s32 len_diff, u32 mode, u64 flags)
1437	* Description	1462	* Description
1438	* Grow or shrink the room for data in the packet associated to	1463	* Grow or shrink the room for data in the packet associated to
1439	* skb by len_diff, and according to the selected mode.	1464	* skb by len_diff, and according to the selected mode.
@@ -2215,6 +2240,23 @@ union bpf_attr {
2215	* pointer that was returned from bpf_sk_lookup_xxx\ ().	2240	* pointer that was returned from bpf_sk_lookup_xxx\ ().
2216	* Return	2241	* Return
2217	* 0 on success, or a negative error in case of failure.	2242	* 0 on success, or a negative error in case of failure.
		2243	*
		2244	* int bpf_msg_push_data(struct sk_buff *skb, u32 start, u32 len, u64 flags)
		2245	* Description
		2246	* For socket policies, insert len bytes into msg at offset
		2247	* start.
		2248	*
		2249	* If a program of type BPF_PROG_TYPE_SK_MSG is run on a
		2250	* msg it may want to insert metadata or options into the msg.
		2251	* This can later be read and used by any of the lower layer BPF
		2252	* hooks.
		2253	*
		2254	* This helper may fail if under memory pressure (a malloc
		2255	* fails) in these cases BPF programs will get an appropriate
		2256	* error and BPF programs will need to handle them.
		2257	*
		2258	* Return
		2259	* 0 on success, or a negative error in case of failure.
2218	*/	2260	*/
2219	#define __BPF_FUNC_MAPPER(FN) \	2261	#define __BPF_FUNC_MAPPER(FN) \
2220	FN(unspec), \	2262	FN(unspec), \
@@ -2303,7 +2345,11 @@ union bpf_attr {
2303	FN(skb_ancestor_cgroup_id), \	2345	FN(skb_ancestor_cgroup_id), \
2304	FN(sk_lookup_tcp), \	2346	FN(sk_lookup_tcp), \
2305	FN(sk_lookup_udp), \	2347	FN(sk_lookup_udp), \
2306	FN(sk_release),	2348	FN(sk_release), \
		2349	FN(map_push_elem), \
		2350	FN(map_pop_elem), \
		2351	FN(map_peek_elem), \
		2352	FN(msg_push_data),
2307		2353
2308	/* integer value in 'imm' field of BPF_CALL instruction selects which helper	2354	/* integer value in 'imm' field of BPF_CALL instruction selects which helper
2309	* function eBPF program intends to call	2355	* function eBPF program intends to call


diff --git a/tools/include/uapi/linux/tls.h b/tools/include/uapi/linux/tls.h new file mode 100644 index 000000000000..ff02287495ac --- /dev/null +++ b/tools/include/uapi/linux/tls.h
@@ -0,0 +1,78 @@
		1	/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR Linux-OpenIB) */
		2	/*
		3	* Copyright (c) 2016-2017, Mellanox Technologies. All rights reserved.
		4	*
		5	* This software is available to you under a choice of one of two
		6	* licenses. You may choose to be licensed under the terms of the GNU
		7	* General Public License (GPL) Version 2, available from the file
		8	* COPYING in the main directory of this source tree, or the
		9	* OpenIB.org BSD license below:
		10	*
		11	* Redistribution and use in source and binary forms, with or
		12	* without modification, are permitted provided that the following
		13	* conditions are met:
		14	*
		15	* - Redistributions of source code must retain the above
		16	* copyright notice, this list of conditions and the following
		17	* disclaimer.
		18	*
		19	* - Redistributions in binary form must reproduce the above
		20	* copyright notice, this list of conditions and the following
		21	* disclaimer in the documentation and/or other materials
		22	* provided with the distribution.
		23	*
		24	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
		25	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
		26	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
		27	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
		28	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
		29	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
		30	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
		31	* SOFTWARE.
		32	*/
		33
		34	#ifndef _UAPI_LINUX_TLS_H
		35	#define _UAPI_LINUX_TLS_H
		36
		37	#include <linux/types.h>
		38
		39	/* TLS socket options */
		40	#define TLS_TX 1 /* Set transmit parameters */
		41	#define TLS_RX 2 /* Set receive parameters */
		42
		43	/* Supported versions */
		44	#define TLS_VERSION_MINOR(ver) ((ver) & 0xFF)
		45	#define TLS_VERSION_MAJOR(ver) (((ver) >> 8) & 0xFF)
		46
		47	#define TLS_VERSION_NUMBER(id) ((((id##_VERSION_MAJOR) & 0xFF) << 8) \| \
		48	((id##_VERSION_MINOR) & 0xFF))
		49
		50	#define TLS_1_2_VERSION_MAJOR 0x3
		51	#define TLS_1_2_VERSION_MINOR 0x3
		52	#define TLS_1_2_VERSION TLS_VERSION_NUMBER(TLS_1_2)
		53
		54	/* Supported ciphers */
		55	#define TLS_CIPHER_AES_GCM_128 51
		56	#define TLS_CIPHER_AES_GCM_128_IV_SIZE 8
		57	#define TLS_CIPHER_AES_GCM_128_KEY_SIZE 16
		58	#define TLS_CIPHER_AES_GCM_128_SALT_SIZE 4
		59	#define TLS_CIPHER_AES_GCM_128_TAG_SIZE 16
		60	#define TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE 8
		61
		62	#define TLS_SET_RECORD_TYPE 1
		63	#define TLS_GET_RECORD_TYPE 2
		64
		65	struct tls_crypto_info {
		66	__u16 version;
		67	__u16 cipher_type;
		68	};
		69
		70	struct tls12_crypto_info_aes_gcm_128 {
		71	struct tls_crypto_info info;
		72	unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
		73	unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
		74	unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
		75	unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
		76	};
		77
		78	#endif /* _UAPI_LINUX_TLS_H */