From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: <daan.j.demeyer@gmail.com>
Cc: <bpf@vger.kernel.org>, <kernel-team@meta.com>,
<martin.lau@linux.dev>, <netdev@vger.kernel.org>,
<kuniyu@amazon.com>
Subject: Re: [PATCH bpf-next v9 3/9] bpf: Add bpf_sock_addr_set_unix_addr() to allow writing unix sockaddr from bpf
Date: Tue, 10 Oct 2023 10:00:19 -0700 [thread overview]
Message-ID: <20231010170019.4924-1-kuniyu@amazon.com> (raw)
In-Reply-To: <20231006074530.892825-4-daan.j.demeyer@gmail.com>
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 6 Oct 2023 09:44:57 +0200
> As prep for adding unix socket support to the cgroup sockaddr hooks,
> let's add a kfunc bpf_sock_addr_set_unix_addr() that allows modifying a
> sockaddr from bpf. While this is already possible for AF_INET and AF_INET6,
> we'll need this kfunc when we add unix socket support since modifying the
> address for those requires modifying both the address and the sockaddr
> length.
>
> Signed-off-by: Daan De Meyer <daan.j.demeyer@gmail.com>
> ---
> kernel/bpf/btf.c | 1 +
> net/core/filter.c | 34 +++++++++++++++++++++++++++++++++-
> 2 files changed, 34 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c
> index 69101200c124..15d71d2986d3 100644
> --- a/kernel/bpf/btf.c
> +++ b/kernel/bpf/btf.c
> @@ -7850,6 +7850,7 @@ static int bpf_prog_type_to_kfunc_hook(enum bpf_prog_type prog_type)
> case BPF_PROG_TYPE_SYSCALL:
> return BTF_KFUNC_HOOK_SYSCALL;
> case BPF_PROG_TYPE_CGROUP_SKB:
> + case BPF_PROG_TYPE_CGROUP_SOCK_ADDR:
> return BTF_KFUNC_HOOK_CGROUP_SKB;
> case BPF_PROG_TYPE_SCHED_ACT:
> return BTF_KFUNC_HOOK_SCHED_ACT;
> diff --git a/net/core/filter.c b/net/core/filter.c
> index a094694899c9..bd1c42b28483 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -81,6 +81,7 @@
> #include <net/xdp.h>
> #include <net/mptcp.h>
> #include <net/netfilter/nf_conntrack_bpf.h>
> +#include <linux/un.h>
>
> static const struct bpf_func_proto *
> bpf_sk_base_func_proto(enum bpf_func_id func_id);
> @@ -11752,6 +11753,26 @@ __bpf_kfunc int bpf_dynptr_from_xdp(struct xdp_buff *xdp, u64 flags,
>
> return 0;
> }
> +
> +__bpf_kfunc int bpf_sock_addr_set_unix_addr(struct bpf_sock_addr_kern *sa_kern,
> + const u8 *addr, u32 addrlen__sz)
I'd rename addrlen__sz to sun_path_len or something else because the
conventional addrlen for AF_UNIX contains offsetof(struct sockaddr_un,
sun_path).
Also it would be good to document that the length is of sun_path[].
> +{
> + struct sockaddr *sa = sa_kern->uaddr;
> + struct sockaddr_un *un;
> +
> + if (sa_kern->sk->sk_family != AF_UNIX)
> + return -EINVAL;
> +
> + /* We do not allow changing the address of unnamed unix sockets. */
This comment is slightly confusing as addrlen__sz is a user-specified
value for destination address of named sockets except for getsockname().
So, probably we can just remove the comment. (or s/of/to/ ?)
> + if (addrlen__sz == 0 || addrlen__sz > UNIX_PATH_MAX)
> + return -EINVAL;
> +
> + un = (struct sockaddr_un *)sa;
> + memcpy(un->sun_path, addr, addrlen__sz);
> + sa_kern->uaddrlen = offsetof(struct sockaddr_un, sun_path) + addrlen__sz;
> +
> + return 0;
> +}
> __diag_pop();
>
> int bpf_dynptr_from_skb_rdonly(struct sk_buff *skb, u64 flags,
> @@ -11776,6 +11797,10 @@ BTF_SET8_START(bpf_kfunc_check_set_xdp)
> BTF_ID_FLAGS(func, bpf_dynptr_from_xdp)
> BTF_SET8_END(bpf_kfunc_check_set_xdp)
>
> +BTF_SET8_START(bpf_kfunc_check_set_sock_addr)
> +BTF_ID_FLAGS(func, bpf_sock_addr_set_unix_addr)
> +BTF_SET8_END(bpf_kfunc_check_set_sock_addr)
> +
> static const struct btf_kfunc_id_set bpf_kfunc_set_skb = {
> .owner = THIS_MODULE,
> .set = &bpf_kfunc_check_set_skb,
> @@ -11786,6 +11811,11 @@ static const struct btf_kfunc_id_set bpf_kfunc_set_xdp = {
> .set = &bpf_kfunc_check_set_xdp,
> };
>
> +static const struct btf_kfunc_id_set bpf_kfunc_set_sock_addr = {
> + .owner = THIS_MODULE,
> + .set = &bpf_kfunc_check_set_sock_addr,
> +};
> +
> static int __init bpf_kfunc_init(void)
> {
> int ret;
> @@ -11800,7 +11830,9 @@ static int __init bpf_kfunc_init(void)
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_LWT_XMIT, &bpf_kfunc_set_skb);
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_LWT_SEG6LOCAL, &bpf_kfunc_set_skb);
> ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_NETFILTER, &bpf_kfunc_set_skb);
> - return ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &bpf_kfunc_set_xdp);
> + ret = ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_XDP, &bpf_kfunc_set_xdp);
> + return ret ?: register_btf_kfunc_id_set(BPF_PROG_TYPE_CGROUP_SOCK_ADDR,
> + &bpf_kfunc_set_sock_addr);
> }
> late_initcall(bpf_kfunc_init);
>
> --
> 2.41.0
next prev parent reply other threads:[~2023-10-10 17:00 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-06 7:44 [PATCH bpf-next v9 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-10-06 7:44 ` [PATCH bpf-next v9 1/9] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-10-06 7:44 ` [PATCH bpf-next v9 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs Daan De Meyer
2023-10-10 16:50 ` Kuniyuki Iwashima
2023-10-11 16:34 ` Daan De Meyer
2023-10-06 7:44 ` [PATCH bpf-next v9 3/9] bpf: Add bpf_sock_addr_set_unix_addr() to allow writing unix sockaddr from bpf Daan De Meyer
2023-10-10 17:00 ` Kuniyuki Iwashima [this message]
2023-10-10 20:07 ` Martin KaFai Lau
2023-10-10 20:20 ` Kuniyuki Iwashima
2023-10-06 7:44 ` [PATCH bpf-next v9 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-10-10 17:17 ` Kuniyuki Iwashima
2023-10-06 7:44 ` [PATCH bpf-next v9 5/9] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-10-06 7:45 ` [PATCH bpf-next v9 6/9] bpftool: " Daan De Meyer
2023-10-06 7:45 ` [PATCH bpf-next v9 7/9] documentation/bpf: Document " Daan De Meyer
2023-10-06 7:45 ` [PATCH bpf-next v9 8/9] selftests/bpf: Make sure mount directory exists Daan De Meyer
2023-10-06 7:45 ` [PATCH bpf-next v9 9/9] selftests/bpf: Add tests for cgroup unix socket address hooks Daan De Meyer
-- strict thread matches above, loose matches on Subject: below --
2023-10-11 17:03 [PATCH bpf-next v10 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-10-11 17:03 ` [PATCH bpf-next v9 3/9] bpf: Add bpf_sock_addr_set_unix_addr() to allow writing unix sockaddr from bpf Daan De Meyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231010170019.4924-1-kuniyu@amazon.com \
--to=kuniyu@amazon.com \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.