From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemb@google.com>
Cc: Simon Horman <horms@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Kuniyuki Iwashima <kuniyu@amazon.com>,
Kuniyuki Iwashima <kuni1840@gmail.com>, <netdev@vger.kernel.org>
Subject: [PATCH v1 net-next 4/7] af_unix: Move SOCK_PASS{CRED,PIDFD,SEC} to sk->sk_flags.
Date: Wed, 7 May 2025 18:29:16 -0700 [thread overview]
Message-ID: <20250508013021.79654-5-kuniyu@amazon.com> (raw)
In-Reply-To: <20250508013021.79654-1-kuniyu@amazon.com>
As explained in the next patch, SO_PASSRIGHTS would have a problem
if we assigned a corresponding bit to socket->flags, so it must be
flagged on sk->sk_flags.
Mixing socket->flags and sk->sk_flags for similar options will look
confusing, and sk->sk_flags is unsigned long and has enough space.
Let's move SOCK_PASS{CRED,PIDFD,SEC} to sk->sk_flags.
While at it, BUILD_BUG_ON() is added in sock_set_flag(), and other
SOCK_XXX flags in net.h are grouped as enum.
Now, we can drop unix_sock_inherit_flags() and use sock_copy_flags()
instead to inherit flags from a listener to its embryo socket.
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
---
include/linux/net.h | 15 +++++++--------
include/net/sock.h | 5 +++++
net/core/scm.c | 14 ++++++++------
net/core/sock.c | 12 ++++++------
net/unix/af_unix.c | 19 +++----------------
5 files changed, 29 insertions(+), 36 deletions(-)
diff --git a/include/linux/net.h b/include/linux/net.h
index 0ff950eecc6b..f8418d6e33e0 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -36,14 +36,13 @@ struct net;
* in sock->flags, but moved into sk->sk_wq->flags to be RCU protected.
* Eventually all flags will be in sk->sk_wq->flags.
*/
-#define SOCKWQ_ASYNC_NOSPACE 0
-#define SOCKWQ_ASYNC_WAITDATA 1
-#define SOCK_NOSPACE 2
-#define SOCK_PASSCRED 3
-#define SOCK_PASSSEC 4
-#define SOCK_SUPPORT_ZC 5
-#define SOCK_CUSTOM_SOCKOPT 6
-#define SOCK_PASSPIDFD 7
+enum socket_flags {
+ SOCKWQ_ASYNC_NOSPACE,
+ SOCKWQ_ASYNC_WAITDATA,
+ SOCK_NOSPACE,
+ SOCK_SUPPORT_ZC,
+ SOCK_CUSTOM_SOCKOPT,
+};
#ifndef ARCH_HAS_SOCKET_TYPES
/**
diff --git a/include/net/sock.h b/include/net/sock.h
index f0fabb9fd28a..48b8856e2615 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -964,6 +964,10 @@ enum sock_flags {
SOCK_RCVMARK, /* Receive SO_MARK ancillary data with packet */
SOCK_RCVPRIORITY, /* Receive SO_PRIORITY ancillary data with packet */
SOCK_TIMESTAMPING_ANY, /* Copy of sk_tsflags & TSFLAGS_ANY */
+ SOCK_PASSCRED, /* Receive SCM_CREDENTIALS ancillary data with packet */
+ SOCK_PASSPIDFD, /* Receive SCM_PIDFD ancillary data with packet */
+ SOCK_PASSSEC, /* Receive SCM_SECURITY ancillary data with packet */
+ SOCK_FLAG_MAX,
};
#define SK_FLAGS_TIMESTAMP ((1UL << SOCK_TIMESTAMP) | (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE))
@@ -981,6 +985,7 @@ static inline void sock_copy_flags(struct sock *nsk, const struct sock *osk)
static inline void sock_set_flag(struct sock *sk, enum sock_flags flag)
{
+ BUILD_BUG_ON(BYTES_TO_BITS(sizeof(sk->sk_flags)) <= SOCK_FLAG_MAX);
__set_bit(flag, &sk->sk_flags);
}
diff --git a/net/core/scm.c b/net/core/scm.c
index 3f756f00e41e..4bf19f6303dd 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
@@ -411,7 +411,7 @@ static void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cooki
struct lsm_context ctx;
int err;
- if (test_bit(SOCK_PASSSEC, &sock->flags)) {
+ if (sock_flag(sock->sk, SOCK_PASSSEC)) {
err = security_secid_to_secctx(scm->secid, &ctx);
if (err >= 0) {
@@ -425,7 +425,7 @@ static void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cooki
static bool scm_has_secdata(struct socket *sock)
{
- return test_bit(SOCK_PASSSEC, &sock->flags);
+ return sock_flag(sock->sk, SOCK_PASSSEC);
}
#else
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
@@ -476,9 +476,11 @@ static void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm)
static bool __scm_recv_common(struct socket *sock, struct msghdr *msg,
struct scm_cookie *scm, int flags)
{
+ struct sock *sk = sock->sk;
+
if (!msg->msg_control) {
- if (test_bit(SOCK_PASSCRED, &sock->flags) ||
- test_bit(SOCK_PASSPIDFD, &sock->flags) ||
+ if (sock_flag(sk, SOCK_PASSCRED) ||
+ sock_flag(sk, SOCK_PASSPIDFD) ||
scm->fp || scm_has_secdata(sock))
msg->msg_flags |= MSG_CTRUNC;
@@ -486,7 +488,7 @@ static bool __scm_recv_common(struct socket *sock, struct msghdr *msg,
return false;
}
- if (test_bit(SOCK_PASSCRED, &sock->flags)) {
+ if (sock_flag(sock->sk, SOCK_PASSCRED)) {
struct user_namespace *current_ns = current_user_ns();
struct ucred ucreds = {
.pid = scm->creds.pid,
@@ -521,7 +523,7 @@ void scm_recv_unix(struct socket *sock, struct msghdr *msg,
if (!__scm_recv_common(sock, msg, scm, flags))
return;
- if (test_bit(SOCK_PASSPIDFD, &sock->flags))
+ if (sock_flag(sock->sk, SOCK_PASSPIDFD))
scm_pidfd_recv(msg, scm);
scm_destroy_cred(scm);
diff --git a/net/core/sock.c b/net/core/sock.c
index b64df2463300..a1720c7f9789 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1221,13 +1221,13 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
}
return -EPERM;
case SO_PASSSEC:
- assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
+ sock_valbool_flag(sk, SOCK_PASSSEC, valbool);
return 0;
case SO_PASSCRED:
- assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
+ sock_valbool_flag(sk, SOCK_PASSCRED, valbool);
return 0;
case SO_PASSPIDFD:
- assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
+ sock_valbool_flag(sk, SOCK_PASSPIDFD, valbool);
return 0;
case SO_TYPE:
case SO_PROTOCOL:
@@ -1853,11 +1853,11 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
break;
case SO_PASSCRED:
- v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
+ v.val = sock_flag(sk, SOCK_PASSCRED);
break;
case SO_PASSPIDFD:
- v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
+ v.val = sock_flag(sk, SOCK_PASSPIDFD);
break;
case SO_PEERCRED:
@@ -1954,7 +1954,7 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
break;
case SO_PASSSEC:
- v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
+ v.val = sock_flag(sk, SOCK_PASSSEC);
break;
case SO_PEERSEC:
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index fa86e8c3aec5..e793e55f6c9b 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -767,10 +767,8 @@ static void copy_peercred(struct sock *sk, struct sock *peersk)
static bool unix_passcred_enabled(const struct sock *sk)
{
- struct socket *sock = sk->sk_socket;
-
- return test_bit(SOCK_PASSCRED, &sock->flags) ||
- test_bit(SOCK_PASSPIDFD, &sock->flags);
+ return sock_flag(sk, SOCK_PASSCRED) ||
+ sock_flag(sk, SOCK_PASSPIDFD);
}
static int unix_listen(struct socket *sock, int backlog)
@@ -1713,17 +1711,6 @@ static int unix_socketpair(struct socket *socka, struct socket *sockb)
return 0;
}
-static void unix_sock_inherit_flags(const struct socket *old,
- struct socket *new)
-{
- if (test_bit(SOCK_PASSCRED, &old->flags))
- set_bit(SOCK_PASSCRED, &new->flags);
- if (test_bit(SOCK_PASSPIDFD, &old->flags))
- set_bit(SOCK_PASSPIDFD, &new->flags);
- if (test_bit(SOCK_PASSSEC, &old->flags))
- set_bit(SOCK_PASSSEC, &new->flags);
-}
-
static int unix_accept(struct socket *sock, struct socket *newsock,
struct proto_accept_arg *arg)
{
@@ -1760,7 +1747,7 @@ static int unix_accept(struct socket *sock, struct socket *newsock,
unix_state_lock(tsk);
unix_update_edges(unix_sk(tsk));
newsock->state = SS_CONNECTED;
- unix_sock_inherit_flags(sock, newsock);
+ sock_copy_flags(tsk, sk);
sock_graft(tsk, newsock);
unix_state_unlock(tsk);
return 0;
--
2.49.0
next prev parent reply other threads:[~2025-05-08 1:32 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-08 1:29 [PATCH v1 net-next 0/7] af_unix: Introduce SO_PASSRIGHTS Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 1/7] af_unix: Factorise test_bit() for SOCK_PASSCRED and SOCK_PASSPIDFD Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 2/7] af_unix: Don't pass struct socket to maybe_add_creds() Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 3/7] scm: Move scm_recv() from scm.h to scm.c Kuniyuki Iwashima
2025-05-08 1:29 ` Kuniyuki Iwashima [this message]
2025-05-09 3:15 ` [PATCH v1 net-next 4/7] af_unix: Move SOCK_PASS{CRED,PIDFD,SEC} to sk->sk_flags Jakub Kicinski
2025-05-09 4:33 ` Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 5/7] af_unix: Inherit sk_flags at connect() Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 6/7] af_unix: Introduce SO_PASSRIGHTS Kuniyuki Iwashima
2025-05-08 1:29 ` [PATCH v1 net-next 7/7] selftest: af_unix: Test SO_PASSRIGHTS Kuniyuki Iwashima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250508013021.79654-5-kuniyu@amazon.com \
--to=kuniyu@amazon.com \
--cc=brauner@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=kuni1840@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).