Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp566180rdb;
        Thu, 19 Oct 2023 12:12:35 -0700 (PDT)
X-Google-Smtp-Source: AGHT+IHkkXmQbrIrV6os7iA9I1IhARzSaKjfNpj3oxsRuqBR8fZFZBeD1I2IMC1xn10VLUCdVjQs
X-Received: by 2002:a05:6870:44d4:b0:1ea:7bd1:c495 with SMTP id t20-20020a05687044d400b001ea7bd1c495mr4168882oai.27.1697742754603;
        Thu, 19 Oct 2023 12:12:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1697742754; cv=none;
        d=google.com; s=arc-20160816;
        b=X4XtPxGLH8SOuxrlCYAVj4pFcvitqDrIb2t7UpySvBzO5QizB3OidO+sFANi8TrIAh
         wcAtYxxtnqwcfr+MPo5ML5OW7e/yFqin/N5m9Uy0vuVhe4R4QuNSZzi3FNBCyyIL9Nbl
         v46F6y+JqwoOwpm4H58H3KXtvWVhl9invHbPE/H9SsFDYNUemf99Xiyxx2jnpl5i9E3G
         nPhLSCer8O773q2sJIgEkriUHjMLvT2yxVHFeG4nBIxaKHdR4XTC/7vM2WCiU2USENrW
         VKB22ZvLJxnWJuSb96z55EdsgfZ1vAYl9n9jrF50IX4Ubu30XTv3Sv8vq4RjCAGpYEMq
         B1/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:mime-version:date
         :dkim-signature:message-id;
        bh=P0h5fWMyT5Vo7k2V5ZPXS3Hx5Ml7GFIc3I0D99ZWvRU=;
        fh=7HUxmGuo+aIOWR6yls4HH7CCO3Xh4ZZEJcF6v6Pjyb8=;
        b=Rv1KalWSC9ikHprJDwOKSDljls0vgYUVkwYxhT82uYfhZLhYabeu3ADZwlkTYViac7
         q4ldCeTS8G09XWWLK4sj6ZEFR+2NNChoUzE8lOirg2aUV1XCsAZAFNTZZV4LjB8aFUbp
         KaKqM038PgN6DzzvlYGO60En76VRR7ZAgutemAKMGuAwdPr3PRA5oICXGWy1lv+IhSIv
         DNXRSNU2QJLqzMDPUr0K+eeffGTYZT4RN0aptdD946tGmylqORtlxVab3ULIuhcbywTg
         oBobyKTiwIhHEelNLeIQgbbMHGg6msXA6EkoNwW+Dd8vU+OkUo0BW1sB6Smg094cfigw
         td/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=d+FTlL4N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from morse.vger.email (morse.vger.email. [2620:137:e000::3:1])
        by mx.google.com with ESMTPS id ca24-20020a056a02069800b005859cd26197si254980pgb.455.2023.10.19.12.12.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 19 Oct 2023 12:12:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) client-ip=2620:137:e000::3:1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux.dev header.s=key1 header.b=d+FTlL4N;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:1 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.dev
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by morse.vger.email (Postfix) with ESMTP id 436BD833E1D6;
	Thu, 19 Oct 2023 12:12:32 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345312AbjJSTMS (ORCPT <rfc822;gvb.lkml@gmail.com> + 99 others);
        Thu, 19 Oct 2023 15:12:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44056 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232935AbjJSTMR (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 19 Oct 2023 15:12:17 -0400
Received: from out-209.mta0.migadu.com (out-209.mta0.migadu.com [91.218.175.209])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF9D5F7
        for <linux-kernel@vger.kernel.org>; Thu, 19 Oct 2023 12:12:14 -0700 (PDT)
Message-ID: <1074c1f1-e676-fbe6-04bc-783821d746a1@linux.dev>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1;
        t=1697742730;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=P0h5fWMyT5Vo7k2V5ZPXS3Hx5Ml7GFIc3I0D99ZWvRU=;
        b=d+FTlL4N6Sg5LI52khLUWtya9wxh3NUBk02cIuaOnCLy+SLqFNSa5lIBw8RSaHQ725A9gd
        snoj8Tm3/rt+fez+p3f/x75NDTq0AcO+LumuU/EybX4CSNIYRVU2FjzDFxUR3euju4mNcA
        oT/hqzu2F5LYIUr8MbDVOUBmmPWg1Ig=
Date:   Thu, 19 Oct 2023 12:12:03 -0700
MIME-Version: 1.0
Subject: Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt
Content-Language: en-US
To:     Breno Leitao <leitao@debian.org>
Cc:     bpf@vger.kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, io-uring@vger.kernel.org,
        Kuniyuki Iwashima <kuniyu@amazon.com>,
        Alexander Mikhalitsyn <alexander@mihalicyn.com>,
        David Howells <dhowells@redhat.com>, sdf@google.com,
        axboe@kernel.dk, asml.silence@gmail.com,
        willemdebruijn.kernel@gmail.com, kuba@kernel.org,
        pabeni@redhat.com, krisman@suse.de,
        Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        John Fastabend <john.fastabend@gmail.com>,
        Andrii Nakryiko <andrii@kernel.org>,
        Song Liu <song@kernel.org>,
        Yonghong Song <yonghong.song@linux.dev>,
        KP Singh <kpsingh@kernel.org>, Hao Luo <haoluo@google.com>,
        Jiri Olsa <jolsa@kernel.org>,
        "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>
References: <20231016134750.1381153-1-leitao@debian.org>
 <20231016134750.1381153-5-leitao@debian.org>
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From:   Martin KaFai Lau <martin.lau@linux.dev>
In-Reply-To: <20231016134750.1381153-5-leitao@debian.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Migadu-Flow: FLOW_OUT
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]); Thu, 19 Oct 2023 12:12:32 -0700 (PDT)

On 10/16/23 6:47 AM, Breno Leitao wrote:
> diff --git a/net/socket.c b/net/socket.c
> index 0087f8c071e7..f4c156a1987e 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -2350,6 +2350,42 @@ SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
>   INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
>   							 int optname));
>   
> +int do_sock_getsockopt(struct socket *sock, bool compat, int level,
> +		       int optname, sockptr_t optval, sockptr_t optlen)
> +{
> +	int max_optlen __maybe_unused;
> +	const struct proto_ops *ops;
> +	int err;
> +
> +	err = security_socket_getsockopt(sock, level, optname);
> +	if (err)
> +		return err;
> +
> +	ops = READ_ONCE(sock->ops);
> +	if (level == SOL_SOCKET) {
> +		err = sk_getsockopt(sock->sk, level, optname, optval, optlen);
> +	} else if (unlikely(!ops->getsockopt)) {
> +		err = -EOPNOTSUPP;
> +	} else {
> +		if (WARN_ONCE(optval.is_kernel || optlen.is_kernel,
> +			      "Invalid argument type"))
> +			return -EOPNOTSUPP;
> +
> +		err = ops->getsockopt(sock, level, optname, optval.user,
> +				      optlen.user);
> +	}
> +
> +	if (!compat) {
> +		max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);

The max_optlen was done before the above sk_getsockopt. The bpf CI cannot catch 
it because it cannot apply patch 5 cleanly. I ran the following out of the 
linux-block tree:

$> ./test_progs -t sockopt_sk
test_sockopt_sk:PASS:join_cgroup /sockopt_sk 0 nsec
run_test:PASS:skel_load 0 nsec
run_test:PASS:setsockopt_link 0 nsec
run_test:PASS:getsockopt_link 0 nsec
(/data/users/kafai/fb-kernel/linux/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c:111: 
errno: Operation not permitted) Failed to call getsockopt, ret=-1
run_test:FAIL:getsetsockopt unexpected error: -1 (errno 1)
#217     sockopt_sk:FAIL


> +		err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
> +						     optval, optlen, max_optlen,
> +						     err);
> +	}
> +
> +	return err;
> +}
> +EXPORT_SYMBOL(do_sock_getsockopt);
> +
>   /*
>    *	Get a socket option. Because we don't know the option lengths we have
>    *	to pass a user mode parameter for the protocols to sort out.
> @@ -2357,37 +2393,18 @@ INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
>   int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
>   		int __user *optlen)
>   {
> -	int max_optlen __maybe_unused;
> -	const struct proto_ops *ops;
>   	int err, fput_needed;
>   	struct socket *sock;
> +	bool compat;
>   
>   	sock = sockfd_lookup_light(fd, &err, &fput_needed);
>   	if (!sock)
>   		return err;
>   
> -	err = security_socket_getsockopt(sock, level, optname);
> -	if (err)
> -		goto out_put;
> -
> -	if (!in_compat_syscall())
> -		max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);

The old max_optlen was done here.

> +	compat = in_compat_syscall();
> +	err = do_sock_getsockopt(sock, compat, level, optname,
> +				 USER_SOCKPTR(optval), USER_SOCKPTR(optlen));
>   
> -	ops = READ_ONCE(sock->ops);
> -	if (level == SOL_SOCKET)
> -		err = sock_getsockopt(sock, level, optname, optval, optlen);
> -	else if (unlikely(!ops->getsockopt))
> -		err = -EOPNOTSUPP;
> -	else
> -		err = ops->getsockopt(sock, level, optname, optval,
> -					    optlen);
> -
> -	if (!in_compat_syscall())
> -		err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
> -						     USER_SOCKPTR(optval),
> -						     USER_SOCKPTR(optlen),
> -						     max_optlen, err);
> -out_put:
>   	fput_light(sock->file, fput_needed);
>   	return err;
>   }