From: Kees Cook <kees@kernel.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Kees Cook <kees@kernel.org>,
"Gustavo A. R. Silva" <gustavo@embeddedor.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
John Fastabend <john.fastabend@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>, Simon Horman <horms@kernel.org>,
Kuniyuki Iwashima <kuniyu@google.com>,
Willem de Bruijn <willemb@google.com>,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
bpf@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH v2 08/10] bpf: Convert bpf_sock_addr_kern "uaddr" to sockaddr_unspec
Date: Tue, 14 Oct 2025 15:43:30 -0700 [thread overview]
Message-ID: <20251014224334.2344521-8-kees@kernel.org> (raw)
In-Reply-To: <20251014223349.it.173-kees@kernel.org>
Change struct bpf_sock_addr_kern to use sockaddr_unspec for the "uaddr"
field instead of sockaddr. This improves type safety in the BPF cgroup
socket address filtering code.
The casting in __cgroup_bpf_run_filter_sock_addr() is updated to match the
new type, removing an unnecessary cast in the initialization and updating
the conditional assignment to use the appropriate sockaddr_unspec cast.
Signed-off-by: Kees Cook <kees@kernel.org>
---
include/linux/filter.h | 2 +-
kernel/bpf/cgroup.c | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/filter.h b/include/linux/filter.h
index f5c859b8131a..52594affe7ee 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -1515,7 +1515,7 @@ static inline int bpf_tell_extensions(void)
struct bpf_sock_addr_kern {
struct sock *sk;
- struct sockaddr *uaddr;
+ struct sockaddr_unspec *uaddr;
/* Temporary "register" to make indirect stores to nested structures
* defined above. We need three registers to make such a store, but
* only two (src and dst) are available at convert_ctx_access time
diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c
index af8b070e71ba..d045bc0ecc70 100644
--- a/kernel/bpf/cgroup.c
+++ b/kernel/bpf/cgroup.c
@@ -1673,10 +1673,10 @@ int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
{
struct bpf_sock_addr_kern ctx = {
.sk = sk,
- .uaddr = (struct sockaddr *)uaddr,
+ .uaddr = uaddr,
.t_ctx = t_ctx,
};
- struct sockaddr_storage unspec;
+ struct sockaddr_storage storage;
struct cgroup *cgrp;
int ret;
@@ -1688,8 +1688,8 @@ int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
return 0;
if (!ctx.uaddr) {
- memset(&unspec, 0, sizeof(unspec));
- ctx.uaddr = (struct sockaddr *)&unspec;
+ memset(&storage, 0, sizeof(storage));
+ ctx.uaddr = (struct sockaddr_unspec *)&storage;
ctx.uaddrlen = 0;
} else {
ctx.uaddrlen = *uaddrlen;
--
2.34.1
next prev parent reply other threads:[~2025-10-14 22:43 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-14 22:43 [PATCH v2 00/10] net: Introduce struct sockaddr_unspec Kees Cook
2025-10-14 22:43 ` [PATCH v2 01/10] net: Add struct sockaddr_unspec for sockaddr of unknown length Kees Cook
2025-10-14 22:43 ` [PATCH v2 02/10] net/l2tp: Add missing sa_family validation in pppol2tp_sockaddr_get_info Kees Cook
2025-10-14 22:43 ` [PATCH v2 03/10] net: Convert proto_ops bind() callbacks to use sockaddr_unspec Kees Cook
2025-10-15 12:15 ` Simon Horman
2025-10-20 18:12 ` Kees Cook
2025-10-14 22:43 ` [PATCH v2 04/10] net: Convert proto_ops connect() " Kees Cook
2025-10-14 22:43 ` [PATCH v2 05/10] net: Remove struct sockaddr from net.h Kees Cook
2025-10-14 22:43 ` [PATCH v2 06/10] net: Convert proto callbacks from sockaddr to sockaddr_unspec Kees Cook
2025-10-14 22:43 ` [PATCH v2 07/10] bpf: Convert cgroup sockaddr filters to use sockaddr_unspec consistently Kees Cook
2025-10-14 22:43 ` Kees Cook [this message]
2025-10-14 22:43 ` [PATCH v2 09/10] bpf: Add size validation to bpf_sock_addr_set_sun_path() Kees Cook
2025-10-14 22:43 ` [PATCH v2 10/10] net: Convert struct sockaddr to fixed-size "sa_data[14]" Kees Cook
[not found] ` <2095031a79fdd5a7765b9e7a0a052fb2b48895c8794a170e567273d2614da9fd@mail.kernel.org>
2025-10-14 23:56 ` [PATCH v2 00/10] net: Introduce struct sockaddr_unspec Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251014224334.2344521-8-kees@kernel.org \
--to=kees@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=gustavo@embeddedor.com \
--cc=horms@kernel.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=kuniyu@google.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).