Commit 0e5633ac authored by Alexei Starovoitov's avatar Alexei Starovoitov
Browse files

Merge branch 'getpeername' 



Daniel Borkmann says:

====================
Trivial patch to add get{peer,sock}name cgroup attach types to the BPF
sock_addr programs in order to enable rewriting sockaddr structs from
both calls along with libbpf and bpftool support as well as selftests.

Thanks!

v1 -> v2:
  - use __u16 for ports in start_server_with_port() signature and in
    expected_{local,peer} ports in the test case (Andrey)
  - Added both Andrii's and Andrey's ACKs
====================

Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
parents d800bad6 566fc3f5

include/linux/bpf-cgroup.h

+1 −0
Original line number Diff line number Diff line
@@ -396,6 +396,7 @@ static inline int bpf_percpu_cgroup_storage_update(struct bpf_map *map, 
}



#define cgroup_bpf_enabled (0)

#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, type, t_ctx) ({ 0; })

#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0)

#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })

include/uapi/linux/bpf.h

+4 −0
Original line number Diff line number Diff line
@@ -220,6 +220,10 @@ enum bpf_attach_type { 
	BPF_MODIFY_RETURN,

	BPF_LSM_MAC,

	BPF_TRACE_ITER,

	BPF_CGROUP_INET4_GETPEERNAME,

	BPF_CGROUP_INET6_GETPEERNAME,

	BPF_CGROUP_INET4_GETSOCKNAME,

	BPF_CGROUP_INET6_GETSOCKNAME,

	__MAX_BPF_ATTACH_TYPE

};

kernel/bpf/syscall.c

+12 −0
Original line number Diff line number Diff line
@@ -1978,6 +1978,10 @@ bpf_prog_load_check_attach(enum bpf_prog_type prog_type, 
		case BPF_CGROUP_INET6_BIND:

		case BPF_CGROUP_INET4_CONNECT:

		case BPF_CGROUP_INET6_CONNECT:

		case BPF_CGROUP_INET4_GETPEERNAME:

		case BPF_CGROUP_INET6_GETPEERNAME:

		case BPF_CGROUP_INET4_GETSOCKNAME:

		case BPF_CGROUP_INET6_GETSOCKNAME:

		case BPF_CGROUP_UDP4_SENDMSG:

		case BPF_CGROUP_UDP6_SENDMSG:

		case BPF_CGROUP_UDP4_RECVMSG:
@@ -2767,6 +2771,10 @@ attach_type_to_prog_type(enum bpf_attach_type attach_type) 
	case BPF_CGROUP_INET6_BIND:

	case BPF_CGROUP_INET4_CONNECT:

	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_INET4_GETPEERNAME:

	case BPF_CGROUP_INET6_GETPEERNAME:

	case BPF_CGROUP_INET4_GETSOCKNAME:

	case BPF_CGROUP_INET6_GETSOCKNAME:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:
@@ -2912,6 +2920,10 @@ static int bpf_prog_query(const union bpf_attr *attr, 
	case BPF_CGROUP_INET6_POST_BIND:

	case BPF_CGROUP_INET4_CONNECT:

	case BPF_CGROUP_INET6_CONNECT:

	case BPF_CGROUP_INET4_GETPEERNAME:

	case BPF_CGROUP_INET6_GETPEERNAME:

	case BPF_CGROUP_INET4_GETSOCKNAME:

	case BPF_CGROUP_INET6_GETSOCKNAME:

	case BPF_CGROUP_UDP4_SENDMSG:

	case BPF_CGROUP_UDP6_SENDMSG:

	case BPF_CGROUP_UDP4_RECVMSG:

kernel/bpf/verifier.c

+5 −1
Original line number Diff line number Diff line
@@ -7094,7 +7094,11 @@ static int check_return_code(struct bpf_verifier_env *env) 
	switch (env->prog->type) {

	case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:

		if (env->prog->expected_attach_type == BPF_CGROUP_UDP4_RECVMSG ||

		    env->prog->expected_attach_type == BPF_CGROUP_UDP6_RECVMSG)

		    env->prog->expected_attach_type == BPF_CGROUP_UDP6_RECVMSG ||

		    env->prog->expected_attach_type == BPF_CGROUP_INET4_GETPEERNAME ||

		    env->prog->expected_attach_type == BPF_CGROUP_INET6_GETPEERNAME ||

		    env->prog->expected_attach_type == BPF_CGROUP_INET4_GETSOCKNAME ||

		    env->prog->expected_attach_type == BPF_CGROUP_INET6_GETSOCKNAME)

			range = tnum_range(1, 1);

		break;

	case BPF_PROG_TYPE_CGROUP_SKB:

net/core/filter.c

+4 −0
Original line number Diff line number Diff line
@@ -7049,6 +7049,8 @@ static bool sock_addr_is_valid_access(int off, int size, 
		switch (prog->expected_attach_type) {

		case BPF_CGROUP_INET4_BIND:

		case BPF_CGROUP_INET4_CONNECT:

		case BPF_CGROUP_INET4_GETPEERNAME:

		case BPF_CGROUP_INET4_GETSOCKNAME:

		case BPF_CGROUP_UDP4_SENDMSG:

		case BPF_CGROUP_UDP4_RECVMSG:

			break;
@@ -7060,6 +7062,8 @@ static bool sock_addr_is_valid_access(int off, int size, 
		switch (prog->expected_attach_type) {

		case BPF_CGROUP_INET6_BIND:

		case BPF_CGROUP_INET6_CONNECT:

		case BPF_CGROUP_INET6_GETPEERNAME:

		case BPF_CGROUP_INET6_GETSOCKNAME:

		case BPF_CGROUP_UDP6_SENDMSG:

		case BPF_CGROUP_UDP6_RECVMSG:

			break;

CRA Git | Maintained and supported by SUSTech CRA and CCSE