From: Martin KaFai Lau <martin.lau@linux.dev>
To: Daan De Meyer <daan.j.demeyer@gmail.com>
Cc: kernel-team@meta.com, bpf@vger.kernel.org
Subject: Re: [PATCH bpf-next v3 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs
Date: Tue, 29 Aug 2023 23:21:04 -0700 [thread overview]
Message-ID: <b48c25fd-6c4e-d04f-aea8-65acf6a9fe2a@linux.dev> (raw)
In-Reply-To: <20230829101838.851350-3-daan.j.demeyer@gmail.com>
On 8/29/23 3:18 AM, Daan De Meyer wrote:
> @@ -1482,11 +1485,22 @@ int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
> if (!ctx.uaddr) {
> memset(&unspec, 0, sizeof(unspec));
> ctx.uaddr = (struct sockaddr *)&unspec;
> - }
> + ctx.uaddrlen = sizeof(unspec);
ctx.uaddr could be NULL during BPF_CGROUP_RUN_PROG_UDP[46]_SENDMSG_LOCK(). There
is nothing from the sa_kern->uaddr that is useful to read, so ctx.uaddrlen
should be 0. The new kfunc bpf_sock_addr_set_addr() can do better than the
current sa->user_ip[46] uapi and should return error in this case because the
kernel will eventually ignore it.
> + } else if (uaddrlen)
> + ctx.uaddrlen = *uaddrlen;
> + else if (sk->sk_family == AF_INET)
> + ctx.uaddrlen = sizeof(struct sockaddr_in);
> + else if (sk->sk_family == AF_INET6)
> + ctx.uaddrlen = sizeof(struct sockaddr_in6);
>
> cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
> - return bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,
> - 0, flags);
> + ret = bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,
> + 0, flags);
> +
> + if (!ret && uaddrlen)
> + *uaddrlen = ctx.uaddrlen;
> +
> + return ret;
> }
> EXPORT_SYMBOL(__cgroup_bpf_run_filter_sock_addr);
>
[ ... ]
> diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
> index 3a88545a265d..255b02d98404 100644
> --- a/net/ipv6/tcp_ipv6.c
> +++ b/net/ipv6/tcp_ipv6.c
> @@ -135,7 +135,7 @@ static int tcp_v6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
>
> sock_owned_by_me(sk);
>
> - return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr);
> + return BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, NULL);
For IPv6, there is a minimum SIN6_LEN_RFC2133 which excludes the last '__u32
sin6_scope_id'. Meaning the last 4 bytes in 'struct sockaddr_in6' is optional.
It has been a few months since v2, so my memory faded a bit. I recalled one of
the concerns on passing addrlen to BPF_CGROUP_RUN_PROG is the bpf prog can
change it for AF_INET[6] and the addrlen change could be ignored by the kernel.
The bpf_sock_addr_set_addr() in v3 does not allow addrlen changes in AF_INET[6].
I think it now makes sense to pass addrlen (of AF_INET[6]) to BPF_CGROUP_RUN_*
whenever it is available such that the newly added sa_kern->uaddrlen can better
reflect what is in the sa_kern->uaddr.
I think the only addrlen missing case is in the inet[6]_getname(). Either NULL
can be passed or create a local addrlen var. afaict, the addrlen must be 'struct
sockaddr_in[6]' in those cases.
next prev parent reply other threads:[~2023-08-30 6:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-29 10:18 [PATCH bpf-next v3 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 1/9] selftests/bpf: Add missing section name tests for getpeername/getsockname Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs Daan De Meyer
2023-08-30 6:21 ` Martin KaFai Lau [this message]
2023-08-29 10:18 ` [PATCH bpf-next v3 3/9] bpf: Add bpf_sock_addr_set() to allow writing sockaddr len from bpf Daan De Meyer
2023-08-29 17:42 ` Alexei Starovoitov
2023-08-30 6:28 ` Martin KaFai Lau
2023-08-29 10:18 ` [PATCH bpf-next v3 4/9] bpf: Implement cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 5/9] libbpf: Add support for cgroup unix socket address hooks Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 6/9] bpftool: " Daan De Meyer
2023-08-29 16:27 ` Quentin Monnet
2023-08-29 10:18 ` [PATCH bpf-next v3 7/9] documentation/bpf: Document " Daan De Meyer
2023-08-29 10:18 ` [PATCH bpf-next v3 8/9] selftests/bpf: Make sure mount directory exists Daan De Meyer
2023-08-30 6:32 ` Martin KaFai Lau
2023-08-29 10:18 ` [PATCH bpf-next v3 9/9] selftests/bpf: Add tests for cgroup unix socket address hooks Daan De Meyer
2023-08-30 6:51 ` Martin KaFai Lau
-- strict thread matches above, loose matches on Subject: below --
2023-08-31 15:34 [PATCH bpf-next v4 0/9] Add cgroup sockaddr hooks for unix sockets Daan De Meyer
2023-08-31 15:34 ` [PATCH bpf-next v3 2/9] bpf: Propagate modified uaddrlen from cgroup sockaddr programs Daan De Meyer
2023-09-05 21:21 ` Martin KaFai Lau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b48c25fd-6c4e-d04f-aea8-65acf6a9fe2a@linux.dev \
--to=martin.lau@linux.dev \
--cc=bpf@vger.kernel.org \
--cc=daan.j.demeyer@gmail.com \
--cc=kernel-team@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.