Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt

From: Martin KaFai Lau
Date: Thu Oct 19 2023 - 16:38:14 EST

Next message: Hugh Dickins: "[PATCH v3 10/12] mempolicy: alloc_pages_mpol() for NUMA policy without vma"
Previous message: kernel test robot: "Re: [PATCH v6 4/4] usb: gadget: uvc: Fix use-after-free for inflight usb_requests"
In reply to: Jens Axboe: "Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt"
Next in thread: Jens Axboe: "Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/19/23 1:04 PM, Jens Axboe wrote:

On 10/19/23 1:12 PM, Martin KaFai Lau wrote:

On 10/16/23 6:47?AM, Breno Leitao wrote:

diff --git a/net/socket.c b/net/socket.c
index 0087f8c071e7..f4c156a1987e 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2350,6 +2350,42 @@ SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
INDIRECT_CALLABLE_DECLARE(bool tcp_bpf_bypass_getsockopt(int level,
int optname));
+int do_sock_getsockopt(struct socket *sock, bool compat, int level,
+ int optname, sockptr_t optval, sockptr_t optlen)
+{
+ int max_optlen __maybe_unused;
+ const struct proto_ops *ops;
+ int err;
+
+ err = security_socket_getsockopt(sock, level, optname);
+ if (err)
+ return err;
+
+ ops = READ_ONCE(sock->ops);
+ if (level == SOL_SOCKET) {
+ err = sk_getsockopt(sock->sk, level, optname, optval, optlen);
+ } else if (unlikely(!ops->getsockopt)) {
+ err = -EOPNOTSUPP;
+ } else {
+ if (WARN_ONCE(optval.is_kernel || optlen.is_kernel,
+ "Invalid argument type"))
+ return -EOPNOTSUPP;
+
+ err = ops->getsockopt(sock, level, optname, optval.user,
+ optlen.user);
+ }
+
+ if (!compat) {
+ max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);

The max_optlen was done before the above sk_getsockopt. The bpf CI cannot catch it because it cannot apply patch 5 cleanly. I ran the following out of the linux-block tree:

$> ./test_progs -t sockopt_sk
test_sockopt_sk:PASS:join_cgroup /sockopt_sk 0 nsec
run_test:PASS:skel_load 0 nsec
run_test:PASS:setsockopt_link 0 nsec
run_test:PASS:getsockopt_link 0 nsec
(/data/users/kafai/fb-kernel/linux/tools/testing/selftests/bpf/prog_tests/sockopt_sk.c:111: errno: Operation not permitted) Failed to call getsockopt, ret=-1
run_test:FAIL:getsetsockopt unexpected error: -1 (errno 1)
#217 sockopt_sk:FAIL

Does it work with this incremental? I can fold that in, will rebase
anyway to collect acks.

Yes, that should work.

Acked-by: Martin KaFai Lau <martin.lau@xxxxxxxxxx>

diff --git a/net/socket.c b/net/socket.c
index bccd257e13fe..eb6960958026 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2344,6 +2344,9 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
if (err)
return err;
+ if (!compat)
+ max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
+
ops = READ_ONCE(sock->ops);
if (level == SOL_SOCKET) {
err = sk_getsockopt(sock->sk, level, optname, optval, optlen);
@@ -2358,12 +2361,10 @@ int do_sock_getsockopt(struct socket *sock, bool compat, int level,
optlen.user);
}
- if (!compat) {
- max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
+ if (!compat)
err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
optval, optlen, max_optlen,
err);
- }
return err;
}

Next message: Hugh Dickins: "[PATCH v3 10/12] mempolicy: alloc_pages_mpol() for NUMA policy without vma"
Previous message: kernel test robot: "Re: [PATCH v6 4/4] usb: gadget: uvc: Fix use-after-free for inflight usb_requests"
In reply to: Jens Axboe: "Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt"
Next in thread: Jens Axboe: "Re: [PATCH v7 04/11] net/socket: Break down __sys_getsockopt"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]