From: Breno Leitao <[email protected]>
To: [email protected], [email protected], [email protected],
[email protected], [email protected],
[email protected], Alexei Starovoitov <[email protected]>,
Daniel Borkmann <[email protected]>,
John Fastabend <[email protected]>,
Andrii Nakryiko <[email protected]>, Song Liu <[email protected]>,
Yonghong Song <[email protected]>,
KP Singh <[email protected]>, Hao Luo <[email protected]>,
Jiri Olsa <[email protected]>,
"David S. Miller" <[email protected]>,
Eric Dumazet <[email protected]>,
Jakub Kicinski <[email protected]>, Paolo Abeni <[email protected]>
Cc: [email protected], [email protected],
[email protected], [email protected]
Subject: [PATCH v4 02/10] bpf: Leverage sockptr_t in BPF setsockopt hook
Date: Mon, 4 Sep 2023 09:24:55 -0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
Change BPF setsockopt hook (__cgroup_bpf_run_filter_setsockopt()) to use
sockptr instead of user pointers. This brings flexibility to the
function, since it could be called with userspace or kernel pointers.
This change will allow the creation of a core sock_setsockopt, called
do_sock_setsockopt(), which will be called from both the system call path
and by io_uring command.
This also aligns with the getsockopt() counterpart, which is now using
sockptr_t universal pointer.
Signed-off-by: Breno Leitao <[email protected]>
---
include/linux/bpf-cgroup.h | 2 +-
kernel/bpf/cgroup.c | 5 +++--
net/socket.c | 2 +-
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h
index f5b4fb6ed8c6..cecfe8c99f28 100644
--- a/include/linux/bpf-cgroup.h
+++ b/include/linux/bpf-cgroup.h
@@ -137,7 +137,7 @@ int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head,
enum cgroup_bpf_attach_type atype);
int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level,
- int *optname, char __user *optval,
+ int *optname, sockptr_t optval,
int *optlen, char **kernel_optval);
int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level,
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index ebc8c58f7e46..f0dedd4f7f2e 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1785,7 +1785,7 @@ static bool sockopt_buf_allocated(struct bpf_sockopt_kern *ctx,
}
int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level,
- int *optname, char __user *optval,
+ int *optname, sockptr_t optval,
int *optlen, char **kernel_optval)
{
struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
@@ -1808,7 +1808,8 @@ int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level,
ctx.optlen = *optlen;
- if (copy_from_user(ctx.optval, optval, min(*optlen, max_optlen)) != 0) {
+ if (copy_from_sockptr(ctx.optval, optval,
+ min(*optlen, max_optlen))) {
ret = -EFAULT;
goto out;
}
diff --git a/net/socket.c b/net/socket.c
index 6fda5d011521..9ec9a8a07c0e 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2287,7 +2287,7 @@ int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
if (!in_compat_syscall())
err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
- user_optval, &optlen,
+ optval, &optlen,
&kernel_optval);
if (err < 0)
goto out_put;
--
2.34.1
next prev parent reply other threads:[~2023-09-04 16:25 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-04 16:24 [PATCH v4 00/10] io_uring: Initial support for {s,g}etsockopt commands Breno Leitao
2023-09-04 16:24 ` [PATCH v4 01/10] bpf: Leverage sockptr_t in BPF getsockopt hook Breno Leitao
2023-09-04 16:24 ` Breno Leitao [this message]
2023-09-04 16:24 ` [PATCH v4 03/10] net/socket: Break down __sys_setsockopt Breno Leitao
2023-09-04 16:24 ` [PATCH v4 04/10] net/socket: Break down __sys_getsockopt Breno Leitao
2023-09-05 9:36 ` David Laight
2023-09-05 10:29 ` Andy Shevchenko
2023-09-04 16:24 ` [PATCH v4 05/10] io_uring/cmd: Pass compat mode in issue_flags Breno Leitao
2023-09-04 16:24 ` [PATCH v4 06/10] selftests/net: Extract uring helpers to be reusable Breno Leitao
2023-09-04 16:25 ` [PATCH v4 07/10] io_uring/cmd: return -EOPNOTSUPP if net is disabled Breno Leitao
2023-09-05 12:32 ` Gabriel Krisman Bertazi
2023-09-08 17:04 ` Breno Leitao
2023-09-04 16:25 ` [PATCH v4 08/10] io_uring/cmd: Introduce SOCKET_URING_OP_GETSOCKOPT Breno Leitao
2023-09-05 12:24 ` Gabriel Krisman Bertazi
2023-09-04 16:25 ` [PATCH v4 09/10] io_uring/cmd: Introduce SOCKET_URING_OP_SETSOCKOPT Breno Leitao
2023-09-05 12:24 ` Gabriel Krisman Bertazi
2023-09-04 16:25 ` [PATCH v4 10/10] selftests/bpf/sockopt: Add io_uring support Breno Leitao
2023-09-05 22:49 ` [PATCH v4 00/10] io_uring: Initial support for {s,g}etsockopt commands Jakub Kicinski
2023-09-08 16:55 ` Breno Leitao
2023-10-06 15:45 ` Breno Leitao
2023-10-09 10:11 ` Willem de Bruijn
2023-10-09 13:28 ` Breno Leitao
2023-10-09 16:55 ` Jakub Kicinski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox