Re: [PATCH v2 net-next 1/2] net: bpf: handle return value of BPF_CGROUP_RUN_PROG_INET{4,6}_POST_BIND()
From: Daniel Borkmann
Date: Wed Jan 05 2022 - 08:02:01 EST
On 12/30/21 9:03 AM, menglong8.dong@xxxxxxxxx wrote:
[...]
diff --git a/include/net/sock.h b/include/net/sock.h
index 44cc25f0bae7..f5fc0432374e 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1209,6 +1209,7 @@ struct proto {
void (*unhash)(struct sock *sk);
void (*rehash)(struct sock *sk);
int (*get_port)(struct sock *sk, unsigned short snum);
+ void (*put_port)(struct sock *sk);
#ifdef CONFIG_BPF_SYSCALL
int (*psock_update_sk_prot)(struct sock *sk,
struct sk_psock *psock,
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5d18d32557d2..8784e72d4b8b 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -531,6 +531,8 @@ int __inet_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len,
err = BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk);
if (err) {
inet->inet_saddr = inet->inet_rcv_saddr = 0;
+ if (sk->sk_prot->get_port)
+ sk->sk_prot->put_port(sk);
goto out_release_sock;
}
}
[...]
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index d1636425654e..ddfc6821e682 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -413,6 +413,8 @@ static int __inet6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len,
if (err) {
sk->sk_ipv6only = saved_ipv6only;
inet_reset_saddr(sk);
+ if (sk->sk_prot->get_port)
+ sk->sk_prot->put_port(sk);
goto out;
}
}
I presume both tests above should test for non-zero sk->sk_prot->put_port
callback given that is what they end up calling when true, no?
Thanks,
Daniel