Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp78846lqh;
        Thu, 30 May 2024 14:49:05 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXe7rEm97ieCSTQPN2We4SeLKD39Mjnol7ipKENd4zx+eZXP4TyeYfxIx9rEIBTR1uvEqDWKGhWCRgthrox+vSLX0d22GM6oYppc2a7hw==
X-Google-Smtp-Source: AGHT+IHxLwKLPz44+zKkKS9X6ARN2Y4amMYvh/31pxD4z4f0jNZ0mbrvIuhc1dZGEfab5x3/+O43
X-Received: by 2002:a17:90b:4f86:b0:2bd:85bc:5986 with SMTP id 98e67ed59e1d1-2c1dc560be4mr11710a91.9.1717105745050;
        Thu, 30 May 2024 14:49:05 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717105745; cv=pass;
        d=google.com; s=arc-20160816;
        b=PwZvV85C0u73ckFKHcYzYvOskECZOzN+CXGPf9VYePBIiPiSGUerDj6EdIGzZNA4cl
         iwNYDfj1GBVM57e2nk2mSiV09l0T1q4ORLAgHJyXjhunQPaWEpbNCCMUjxyFqMHyR6+2
         XsEjyCwJHPsaMF0aRIW4urg0PtThAErWUy2krWGT/ZASUAq2lA32D0uczv1LbWKJjZTC
         HdM20nveHE74FVJze1Sy0GDC84m/hJx0rsdPHqAiTzhCyXComqwWqg7CGWuOj4fPhClZ
         CownF+LDbGChuNRG66zlTGmxrQAhOi1uInAkkuof96VQOaNBS017Jm9iWESvphjde3LJ
         lVzQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-disposition:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=U+hGbEM+fsi1EeTk/F7iSCEszhWuMBnEsqNB1vusLac=;
        fh=hu6/qR6lczuY64Gv+1937skqivKhLjlbX42336OM9PA=;
        b=rae571kyLnMYxiIYqsUTV88/NZsNZtNWKrTwK+gpnVTvGAjLttDmKBTWX6NebyYySq
         fjSguh8TichTodBbXJqeH6OyOFUXk8q/yZ1tCW3GbvtzZ9qTnjRBo8IHZCuTdKU4kWji
         Hqju6zXQEmIC1ZQ3O49y6oa2PwB7lBd3+cczqPg+ADpP/D1hHEsghf4X/sVjJ1NU63e9
         1fUmECwMWvZZBBSkKMlQjzf8yM0mk2bnACu0Rfw6b2QZ4U7isCgtNGxN6r5AEdIw5u9n
         fWoYm1COzqXMmNLvdHbz4hkeGtIsB+5wZ9c/e7k0miHfRFNQ5v3Th0suW+IOjoz3xP45
         jSWg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=FcquoAme;
       arc=pass (i=1 spf=pass spfdomain=cloudflare.com dkim=pass dkdomain=cloudflare.com dmarc=pass fromdomain=cloudflare.com);
       spf=pass (google.com: domain of linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Return-Path: <linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id 98e67ed59e1d1-2c1a77b71aesi2259874a91.94.2024.05.30.14.49.04
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 14:49:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cloudflare.com header.s=google09082023 header.b=FcquoAme;
       arc=pass (i=1 spf=pass spfdomain=cloudflare.com dkim=pass dkdomain=cloudflare.com dmarc=pass fromdomain=cloudflare.com);
       spf=pass (google.com: domain of linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195948-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 6D50CB23050
	for <linux.lists.archive@gmail.com>; Thu, 30 May 2024 21:47:07 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B4B32182D36;
	Thu, 30 May 2024 21:46:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b="FcquoAme"
Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com [209.85.219.49])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FE9E21A0D
	for <linux-kernel@vger.kernel.org>; Thu, 30 May 2024 21:46:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.49
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717105618; cv=none; b=jjhjiXgG0Q3OWvNzS7Ae2Ne2JTOANxAB4zFEnqDouoQLn+laVzrQH8fudN7E5yo0UfH4R6PQjwPeICPYUSwhSwg5rABWjQvZ1l4MFC+RSpH/YwXdWTsKi0WKQrFWz1VNjr8bEANwLrbuNAWMY957vWW9RfxgdL5cEG+a9lylZV8=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717105618; c=relaxed/simple;
	bh=PCtXbe0h4/GG8mxMBQ8PPq48bwhyZuUXEWugmZ3umHM=;
	h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type:
	 Content-Disposition; b=LjgcWRNgHBtIgoXVG0hiF1oZoyrZj7FB/r4A9qfj9LB0DQcYuKqiTr82zftGTnNaMQp8k/P2l3sNJVHoZFRHJWYEIjCt6xrfFOO6qgyOLkFYX1CWGLhxi7z2vIVmCDYOLJ5cUEk6M6Z4aVgIiNXNru+VW69URCcIgeohpnDvQxg=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com; spf=pass smtp.mailfrom=cloudflare.com; dkim=pass (2048-bit key) header.d=cloudflare.com header.i=@cloudflare.com header.b=FcquoAme; arc=none smtp.client-ip=209.85.219.49
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=cloudflare.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=cloudflare.com
Received: by mail-qv1-f49.google.com with SMTP id 6a1803df08f44-6ae60725ea1so1218776d6.2
        for <linux-kernel@vger.kernel.org>; Thu, 30 May 2024 14:46:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cloudflare.com; s=google09082023; t=1717105616; x=1717710416; darn=vger.kernel.org;
        h=content-disposition:mime-version:message-id:subject:cc:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=U+hGbEM+fsi1EeTk/F7iSCEszhWuMBnEsqNB1vusLac=;
        b=FcquoAmetY6eldxavbnVAF07BtjHgnzejL4f69WW+2gTxQEhHoDVFOINCpfMhvZRmi
         wC3LPS8yuv8BIYvcEBs3LgbcKRFGKgFoPWEAqrNAY+ORRX15J/0cRPrErK/dXOyN7qKn
         8QO6T3JHBxsxzDPLVEfq+bU8CJ5Q0+1XVurJiSQViNTgAoX19S5m5xmyejgpbvQP1j0k
         NEPKk7BW2O5XzTFXkgVg8KJjIW5dpnft0Mg1ih5osk0QbMKQyEJ4ueJX+VVxmy0wqzFJ
         JrgCF8J0CeZDEoWydJDvc/frNram9keTG5MWrkK66jYv8XX1dRYfpBFJTT11n3aAiboq
         AYmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717105616; x=1717710416;
        h=content-disposition:mime-version:message-id:subject:cc:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=U+hGbEM+fsi1EeTk/F7iSCEszhWuMBnEsqNB1vusLac=;
        b=Ao9qIWA6sUJdg6zDlhQEGft9Oupd819KGaIfQsyP5uO+gF1SPYgMP7tdteQzEAcKma
         /k+LXa4FROivN7MDccCCCm6/SkeEMmibEQ/YYYDEeddUgzjJhgP3NTEdXeh43ETdfp22
         0ZIUjFr93SW2lrG/9TuDpmSnooJwSLIPcOnsLNe+0+rYd00GSpb+zABSKAF0tr51Kh2a
         k4oobipca0nNX3LxKl1zD/uTtTjlswLXIN2HSC8Mscu/Q33NVDU3V5v9/owJiAkf2jnq
         QeOLswOGw+mgwTNG5aNtlZD0JkRdik0s/OwaUqu9d5C5pxPvda82yaQ+/l8paIgCZHYx
         jgAw==
X-Forwarded-Encrypted: i=1; AJvYcCVvH4fGNz2kefqDgx3eLYKnLw29mO8+MigVWNHrXYhfd20sH0Pjw0keQoXuXBNdcrCK1r6KbsQdIdsU0vP1mlBdmcMN2vBhfuK/B3qz
X-Gm-Message-State: AOJu0YxPD+PDoHE3zC4+VDhCFgxYpuPWZZd3mO1mGoB9CX+F12FryoQS
	/FQhiizmNHrRp0Lnioeu8MTPYjhEiL5vhypQugzfRmiQ0BhVLQdtR3Wm95NYD90=
X-Received: by 2002:a05:6214:440b:b0:6ad:9e54:e70f with SMTP id 6a1803df08f44-6aecd6f08aamr1779126d6.50.1717105616070;
        Thu, 30 May 2024 14:46:56 -0700 (PDT)
Received: from debian.debian ([2a09:bac5:7a49:f9b::18e:1c])
        by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6ae4a7466a7sm1908696d6.44.2024.05.30.14.46.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 14:46:55 -0700 (PDT)
Date: Thu, 30 May 2024 14:46:53 -0700
From: Yan Zhai <yan@cloudflare.com>
To: netdev@vger.kernel.org
Cc: "David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Simon Horman <horms@kernel.org>, David Ahern <dsahern@kernel.org>,
	Abhishek Chauhan <quic_abchauha@quicinc.com>,
	Mina Almasry <almasrymina@google.com>,
	Florian Westphal <fw@strlen.de>,
	Alexander Lobakin <aleksander.lobakin@intel.com>,
	David Howells <dhowells@redhat.com>, Jiri Pirko <jiri@resnulli.us>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
	Lorenzo Bianconi <lorenzo@kernel.org>,
	Pavel Begunkov <asml.silence@gmail.com>,
	linux-kernel@vger.kernel.org, kernel-team@cloudflare.com,
	Jesper Dangaard Brouer <hawk@kernel.org>
Subject: [RFC net-next 0/6] net: pass receive socket to drop tracepoint
Message-ID: <cover.1717105215.git.yan@cloudflare.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Greeting!

We set up our production packet drop monitoring around the kfree_skb
tracepoint. While this tracepoint is extremely valuable for diagnosing
critical problems, we find some limitation with drops on the local
receive path: this tracepoint can only inspect the dropped skb itself,
but such skb might not carry enough information to:

1. determine in which netns/container this skb gets dropped
2. determine by which socket/service this skb oughts to be received

The 1st issue is because skb->dev is the only member field with valid
netns reference. But skb->dev can get cleared or reused. For example,
tcp_v4_rcv will clear skb->dev and in later processing it might be reused
for OFO tree.

The 2nd issue is because there is no reference on an skb that reliably
points to a receiving socket. skb->sk usually points to the local
sending socket, and it only points to a receive socket briefly after
early demux stage, yet the socket can get stolen later. For certain drop
reason like TCP OFO_MERGE, Zerowindow, UDP at PROTO_MEM error, etc, it
is hard to infer which receiving socket is impacted. This cannot be
overcome by simply looking at the packet header, because of
complications like sk lookup programs. In the past, single purpose
tracepoints like trace_udp_fail_queue_rcv_skb, trace_sock_rcvqueue_full,
etc are added as needed to provide more visibility. This could be
handled in a more generic way.

In this change set we propose a new 'kfree_skb_for_sk' call as a drop-in
replacement for kfree_skb_reason at various local input path. It accepts
an extra receiving socket argument, and places the socket in skb->cb for
tracepoint consumption. With an rx socket, it can easily deal with both
issues above. Using cb field is more of a concern that a tracepoint
signature might be a part of stable ABI, but please advise if otherwise.

Yan Zhai (6):
  net: add kfree_skb_for_sk function
  ping: pass rx socket on rcv drops
  net: raw: pass rx socket on rcv drops
  tcp: pass rx socket on rcv drops
  udp: pass rx socket on rcv drops
  af_packet: pass rx socket on rcv drops

 include/linux/skbuff.h | 48 ++++++++++++++++++++++++++++++++++++++++--
 net/core/dev.c         | 21 +++++++-----------
 net/core/skbuff.c      | 29 +++++++++++++------------
 net/ipv4/ping.c        |  2 +-
 net/ipv4/raw.c         |  4 ++--
 net/ipv4/syncookies.c  |  2 +-
 net/ipv4/tcp_input.c   |  2 +-
 net/ipv4/tcp_ipv4.c    |  4 ++--
 net/ipv4/udp.c         |  6 +++---
 net/ipv6/raw.c         |  8 +++----
 net/ipv6/syncookies.c  |  2 +-
 net/ipv6/tcp_ipv6.c    |  4 ++--
 net/ipv6/udp.c         |  6 +++---
 net/packet/af_packet.c |  6 +++---
 14 files changed, 93 insertions(+), 51 deletions(-)

-- 
2.30.2