On Thu, Jan 28, 2021 at 4:52 PM Daniel Borkmann <daniel@xxxxxxxxxxxxx> wrote: > > On 1/28/21 12:28 AM, Stanislav Fomichev wrote: > > Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on > > a locked socket. > > > > Signed-off-by: Stanislav Fomichev <sdf@xxxxxxxxxx> > > --- > > net/core/filter.c | 4 ++++ > > tools/testing/selftests/bpf/progs/recvmsg4_prog.c | 5 +++++ > > tools/testing/selftests/bpf/progs/recvmsg6_prog.c | 5 +++++ > > 3 files changed, 14 insertions(+) > > > > diff --git a/net/core/filter.c b/net/core/filter.c > > index ba436b1d70c2..e15d4741719a 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -7023,6 +7023,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > > case BPF_CGROUP_INET6_BIND: > > case BPF_CGROUP_INET4_CONNECT: > > case BPF_CGROUP_INET6_CONNECT: > > + case BPF_CGROUP_UDP4_RECVMSG: > > + case BPF_CGROUP_UDP6_RECVMSG: > > case BPF_CGROUP_UDP4_SENDMSG: > > case BPF_CGROUP_UDP6_SENDMSG: > > case BPF_CGROUP_INET4_GETPEERNAME: > > @@ -7039,6 +7041,8 @@ sock_addr_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) > > case BPF_CGROUP_INET6_BIND: > > case BPF_CGROUP_INET4_CONNECT: > > case BPF_CGROUP_INET6_CONNECT: > > + case BPF_CGROUP_UDP4_RECVMSG: > > + case BPF_CGROUP_UDP6_RECVMSG: > > case BPF_CGROUP_UDP4_SENDMSG: > > case BPF_CGROUP_UDP6_SENDMSG: > > case BPF_CGROUP_INET4_GETPEERNAME: > > Looks good overall, also thanks for adding the test cases! I was about to apply, but noticed one > small nit that would be good to get resolved before that. Above you now list all the attach hooks > for sock_addr ctx, so we should just remove the whole switch that tests on prog->expected_attach_type > altogether in this last commit. Sure, I can resend tomorrow. But do you think it's safe and there won't ever be another sock_addr hook that runs with an unlocked socket?
