Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4637067rwb; Tue, 8 Aug 2023 11:17:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH5LqxXQSVvjqI9GwWuCqV7dCiFaYLV+xIMkBadQz7WJlhgIED53X4Ux0NN23Vv9zUmq3Of X-Received: by 2002:a05:6a20:914d:b0:137:3c67:85d7 with SMTP id x13-20020a056a20914d00b001373c6785d7mr394444pzc.16.1691518671470; Tue, 08 Aug 2023 11:17:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691518671; cv=none; d=google.com; s=arc-20160816; b=kJkvfGR//4In72coZBTrtSmXY/w9f2iuu2ayzZm+1EL6vY1xxmny+Ucw7DpoBhK4bI 7Zz8S8/KVIigMLrCJvq7eJz8tQgEDilNt9+stVIL3peCLjpB/Hh2/asWeZ6DE+u2lRrA Ek/8EUZndrLdYAoLpVrRu2aX9XN1qW4sEJHokcuwB7mxtpFQhLM2D7licIIR2uKMYRhN 64N+1idL3oaytddiSDyJpPPorRPwE4/FqKQWNB6Sxw0FlVlQuOXQo/GG2Cy8gQvK76NS aKXl4mFNFReu3HyQT5Gd6VY+V8B/g6N4j5SBoUMRj3nuf8kcHER2jdVM5pPIAy/ZCtcb KrUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=Evi9zaaIocUJUljhUqjZf7aG4nW/p3HKqWc5e4qc1/c=; fh=SiNymtM/XkvWuWGO7dBUyyDvOSUUotTARO/JNI3TGrk=; b=YEo+dScwxuI3Vn1S73DNNzd1cfRq4VfH9+hB3rZw64uzmjdfJ+2PC+OVo2tW/wNeah e8I+6jsEr0eRBFK4wrGH7M5ycItLRyDG8nZhphUC0fkpcnqt3zoGf20B8LSU31cv5rMM 4h2NC2B6gvW63VzkJvae3OXQyo8Pnw4O/asDgmSKNVkwHXXNLjN0+ICNVsHljPp1oJ2o NdFiAUy7il0kn16xICjubJbeej77OFrpas+y+vL+Ly7ErxxHnetORYtGwOSWYeKNbKj3 TicJrRi4fAKlpAVATb+FqEZDn4pfR3r8gkDG5uXraR6mjfxePpSKMVqKtdeGjsI/lXQe 2cng== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id by7-20020a056a00400700b0068269b1ebcbsi5453683pfb.394.2023.08.08.11.17.38; Tue, 08 Aug 2023 11:17:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232149AbjHHRx1 (ORCPT + 99 others); Tue, 8 Aug 2023 13:53:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36630 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231982AbjHHRxE (ORCPT ); Tue, 8 Aug 2023 13:53:04 -0400 Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D780429B5D; Tue, 8 Aug 2023 09:23:36 -0700 (PDT) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-31765aee31bso4407799f8f.1; Tue, 08 Aug 2023 09:23:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691511776; x=1692116576; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Evi9zaaIocUJUljhUqjZf7aG4nW/p3HKqWc5e4qc1/c=; b=lD9mAXwki50v5R4shgAO1eWV6+duHpa3z72W63T7UURzzxtw3HoaFXmxhgceq6d7FT q7QMebiG8AHcS1p6i/B0zGbry6Gp/YEFrtKAUzPdclXOfk8h/tgW1VQ+8x4o7J0GHXve LXGmBh8JBE8yAkCwAQcIno4ShJJtcF26kmLq1bVkwv4vxQE368eYHIJywEd9IR3x0SdV AiJq2ikEthR2wECttUhEjMf1mX5dUuWOYpVXPzFfwE/iWv6amFPW9/XBVgzsYAHzEon4 ZWW/+sWxUHHyxlOr7NwDHktMHE/brgKXLPb09e+epZo32UBm1yqYlHCa5o7AUyHW4OAG 8zgQ== X-Gm-Message-State: AOJu0Yx4BO3TxX9eF4R6aGXjrCgpMirBYdzlwbS2IyPskoPDLucjHL7f p4FLyEKCFx2cGKEhc3OpbJith4rK6nMObA== X-Received: by 2002:a17:906:3046:b0:992:6064:f32b with SMTP id d6-20020a170906304600b009926064f32bmr11160819ejd.46.1691502071224; Tue, 08 Aug 2023 06:41:11 -0700 (PDT) Received: from localhost (fwdproxy-cln-020.fbsv.net. [2a03:2880:31ff:14::face:b00c]) by smtp.gmail.com with ESMTPSA id d11-20020a170906c20b00b00992d70f8078sm6731416ejz.106.2023.08.08.06.41.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 08 Aug 2023 06:41:10 -0700 (PDT) From: Breno Leitao To: sdf@google.com, axboe@kernel.dk, asml.silence@gmail.com, willemdebruijn.kernel@gmail.com, Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , John Fastabend , KP Singh , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: bpf@vger.kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, io-uring@vger.kernel.org Subject: [PATCH v2 6/8] bpf: Leverage sockptr_t in BPF setsockopt hook Date: Tue, 8 Aug 2023 06:40:46 -0700 Message-Id: <20230808134049.1407498-7-leitao@debian.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230808134049.1407498-1-leitao@debian.org> References: <20230808134049.1407498-1-leitao@debian.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Move BPF setsockopt hook (__cgroup_bpf_run_filter_setsockopt()) to use sockptr instead of user pointers. This brings flexibility to the function, since it could be called with userspace or kernel pointers. This also aligns with the getsockopt() counterpart, which is now using sockptr_t types. Signed-off-by: Breno Leitao --- include/linux/bpf-cgroup.h | 2 +- kernel/bpf/cgroup.c | 5 +++-- net/socket.c | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/linux/bpf-cgroup.h b/include/linux/bpf-cgroup.h index d16cb99fd4f1..5e3419eb267a 100644 --- a/include/linux/bpf-cgroup.h +++ b/include/linux/bpf-cgroup.h @@ -137,7 +137,7 @@ int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head, enum cgroup_bpf_attach_type atype); int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level, - int *optname, char __user *optval, + int *optname, sockptr_t optval, int *optlen, char **kernel_optval); int __cgroup_bpf_run_filter_getsockopt(struct sock *sk, int level, diff --git a/kernel/bpf/cgroup.c b/kernel/bpf/cgroup.c index ebc8c58f7e46..f0dedd4f7f2e 100644 --- a/kernel/bpf/cgroup.c +++ b/kernel/bpf/cgroup.c @@ -1785,7 +1785,7 @@ static bool sockopt_buf_allocated(struct bpf_sockopt_kern *ctx, } int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level, - int *optname, char __user *optval, + int *optname, sockptr_t optval, int *optlen, char **kernel_optval) { struct cgroup *cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data); @@ -1808,7 +1808,8 @@ int __cgroup_bpf_run_filter_setsockopt(struct sock *sk, int *level, ctx.optlen = *optlen; - if (copy_from_user(ctx.optval, optval, min(*optlen, max_optlen)) != 0) { + if (copy_from_sockptr(ctx.optval, optval, + min(*optlen, max_optlen))) { ret = -EFAULT; goto out; } diff --git a/net/socket.c b/net/socket.c index c686c6e89441..b7d22633995a 100644 --- a/net/socket.c +++ b/net/socket.c @@ -2241,7 +2241,7 @@ int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval, if (!in_compat_syscall()) err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname, - user_optval, &optlen, + optval, &optlen, &kernel_optval); if (err < 0) goto out_put; -- 2.34.1