From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-183.mta0.migadu.com (out-183.mta0.migadu.com [91.218.175.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8A97730FC3D for ; Wed, 27 Aug 2025 22:23:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=91.218.175.183 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756333436; cv=none; b=VcNY5uume1dXh+Ec69CagR1ZVay6TEpiQ4NoWiln674UhmC3vtpBgBtNc3d1KihatgNjmBtr5H5fRMnuubC3+AIf4DjvHCZ9cAYliDXw7MYqZL4CSn2XSrWO+NMhGN0NV7ROczfAn/3Vr03Kvn9Oi8cj3xQdlIaNshRJLO9ybkk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756333436; c=relaxed/simple; bh=YfoXYH3cm92sHCjAYQM6pQjLBZ7QQPBb5+txY9E1NA0=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=EH52bCn09qbDwK2s+1NeG3kmUJJ+2FBzzL+Nj7AVrAGB6sT9ATta2jLcd8HXylcCkt4P2qsyuC5cZrtpUvTSGKT6yEJ2yE66cqNUChNVfhaHk2EpbxkE9X/7S4PZscziKng0vvjxQhf0bJDLJVloN0ZEbGAehldn7OB82Lh40HY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=eagy1LZk; arc=none smtp.client-ip=91.218.175.183 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="eagy1LZk" Message-ID: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1756333422; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YXH9gB5skVmjTjxtTahEaINOT63mMXBiq7apizRcrto=; b=eagy1LZkvI6Yu0kL1UO1q9Z7Xsq89PYa/MCWFuCYozy1tW2hAIAkLONuznop9aCX5oNRny uuJSRWpLdjau4AVJF7ppIZ0ra7+B69dmlMawtQzQaweTv2f6ktLxKtkvEvdJlzW6e9UVK+ E+Eb8K1QovpFnEnc6dZacyY24QDmkQk= Date: Wed, 27 Aug 2025 15:23:35 -0700 Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Subject: Re: [PATCH v3 bpf-next/net 2/5] bpf: Support bpf_setsockopt() for BPF_CGROUP_INET_SOCK_CREATE. To: Kuniyuki Iwashima Cc: Alexei Starovoitov , Andrii Nakryiko , Daniel Borkmann , John Fastabend , Stanislav Fomichev , Johannes Weiner , Michal Hocko , Roman Gushchin , Shakeel Butt , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Neal Cardwell , Willem de Bruijn , Mina Almasry , Kuniyuki Iwashima , bpf@vger.kernel.org, netdev@vger.kernel.org References: <20250826183940.3310118-1-kuniyu@google.com> <20250826183940.3310118-3-kuniyu@google.com> Content-Language: en-US X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Martin KaFai Lau In-Reply-To: <20250826183940.3310118-3-kuniyu@google.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT On 8/26/25 11:38 AM, Kuniyuki Iwashima wrote: > We will store a flag in sk->sk_memcg by bpf_setsockopt() during > socket() or before sk->sk_memcg is set in accept(). > > BPF_CGROUP_INET_SOCK_CREATE is invoked by __cgroup_bpf_run_filter_sk() > that passes a pointer to struct sock to the bpf prog as void *ctx. > > But there are no bpf_func_proto for bpf_setsockopt() that receives > the ctx as a pointer to struct sock. > > Let's add a new bpf_setsockopt() variant for BPF_CGROUP_INET_SOCK_CREATE. > > Note that inet_create() is not under lock_sock(). > > Signed-off-by: Kuniyuki Iwashima > --- > v3: Remove bpf_func_proto for accept() > v2: Make 2 new bpf_func_proto static > --- > net/core/filter.c | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/net/core/filter.c b/net/core/filter.c > index 63f3baee2daf..443d12b7d3b2 100644 > --- a/net/core/filter.c > +++ b/net/core/filter.c > @@ -5743,6 +5743,23 @@ static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = { > .arg5_type = ARG_CONST_SIZE, > }; > > +BPF_CALL_5(bpf_unlocked_sock_setsockopt, struct sock *, sk, int, level, > + int, optname, char *, optval, int, optlen) > +{ > + return _bpf_setsockopt(sk, level, optname, optval, optlen); The sock_owned_by_me() will warn. From CI: WARNING: CPU: 0 PID: 102 at include/net/sock.h:1756 bpf_unlocked_sock_setsockopt+0xc7/0x110 > +} > + > +static const struct bpf_func_proto bpf_unlocked_sock_setsockopt_proto = { > + .func = bpf_unlocked_sock_setsockopt, > + .gpl_only = false, > + .ret_type = RET_INTEGER, > + .arg1_type = ARG_PTR_TO_CTX, > + .arg2_type = ARG_ANYTHING, > + .arg3_type = ARG_ANYTHING, > + .arg4_type = ARG_PTR_TO_MEM | MEM_RDONLY, > + .arg5_type = ARG_CONST_SIZE, > +}; > + > static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock, > int optname, const u8 **start) > { > @@ -8051,6 +8068,13 @@ sock_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > return &bpf_sk_storage_get_cg_sock_proto; > case BPF_FUNC_ktime_get_coarse_ns: > return &bpf_ktime_get_coarse_ns_proto; > + case BPF_FUNC_setsockopt: > + switch (prog->expected_attach_type) { > + case BPF_CGROUP_INET_SOCK_CREATE: > + return &bpf_unlocked_sock_setsockopt_proto; > + default: > + return NULL; > + } > default: > return bpf_base_func_proto(func_id, prog); > }