The code in bpf_setsockopt() is mostly a copy-and-paste from
the sock_setsockopt(), do_tcp_setsockopt(), do_ipv6_setsockopt(),
and do_ip_setsockopt(). As the allowed optnames in bpf_setsockopt()
grows, so are the duplicated code. The code between the copies
also slowly drifted.
This set is an effort to clean this up and reuse the existing
{sock,do_tcp,do_ipv6,do_ip}_setsockopt() as much as possible.
After the clean up, this set also adds a few allowed optnames
that we need to the bpf_setsockopt().
The initial attempt was to clean up both bpf_setsockopt() and
bpf_getsockopt() together. However, the patch set was getting
too long. It is beneficial to leave the bpf_getsockopt()
out for another patch set. Thus, this set is focusing
on the bpf_setsockopt().
v4:
- This set now depends on the commit f574f7f839fc ("net: bpf: Use the protocol's set_rcvlowat behavior if there is one")
in the net-next tree. The commit calls a specific protocol's
set_rcvlowat and it changed the bpf_setsockopt
which this set has also changed.
Because of this, patch 9 of this set has also adjusted
and a 'sock' NULL check is added to the sk_setsockopt()
because some of the bpf hooks have a NULL sk->sk_socket.
This removes more dup code from the bpf_setsockopt() side.
- Avoid mentioning specific prog types in the comment of
the has_current_bpf_ctx(). (Andrii)
- Replace signed with unsigned int bitfield in the
patch 15 selftest. (Daniel)
v3:
- s/in_bpf/has_current_bpf_ctx/ (Andrii)
- Add comment to has_current_bpf_ctx() and sockopt_lock_sock()
(Stanislav)
- Use vmlinux.h in selftest and add defines to bpf_tracing_net.h
(Stanislav)
- Use bpf_getsockopt(SO_MARK) in selftest (Stanislav)
- Use BPF_CORE_READ_BITFIELD in selftest (Yonghong)
v2:
- A major change is to use in_bpf() to test if a setsockopt()
is called by a bpf prog and use in_bpf() to skip capable
check. Suggested by Stanislav.
- Instead of passing is_locked through sockptr_t or through an extra
argument to sk_setsockopt, v2 uses in_bpf() to skip the lock_sock()
also because bpf prog has the lock acquired.
- No change to the current sockptr_t in this revision
- s/codes/code/
Martin KaFai Lau (15):
net: Add sk_setsockopt() to take the sk ptr instead of the sock ptr
bpf: net: Avoid sk_setsockopt() taking sk lock when called from bpf
bpf: net: Consider has_current_bpf_ctx() when testing capable() in
sk_setsockopt()
bpf: net: Change do_tcp_setsockopt() to use the sockopt's lock_sock()
and capable()
bpf: net: Change do_ip_setsockopt() to use the sockopt's lock_sock()
and capable()
bpf: net: Change do_ipv6_setsockopt() to use the sockopt's lock_sock()
and capable()
bpf: Initialize the bpf_run_ctx in bpf_iter_run_prog()
bpf: Embed kernel CONFIG check into the if statement in bpf_setsockopt
bpf: Change bpf_setsockopt(SOL_SOCKET) to reuse sk_setsockopt()
bpf: Refactor bpf specific tcp optnames to a new function
bpf: Change bpf_setsockopt(SOL_TCP) to reuse do_tcp_setsockopt()
bpf: Change bpf_setsockopt(SOL_IP) to reuse do_ip_setsockopt()
bpf: Change bpf_setsockopt(SOL_IPV6) to reuse do_ipv6_setsockopt()
bpf: Add a few optnames to bpf_setsockopt
selftests/bpf: bpf_setsockopt tests
include/linux/bpf.h | 13 +
include/net/ip.h | 2 +
include/net/ipv6.h | 2 +
include/net/ipv6_stubs.h | 2 +
include/net/sock.h | 7 +
include/net/tcp.h | 2 +
kernel/bpf/bpf_iter.c | 5 +
net/core/filter.c | 371 ++++++--------
net/core/sock.c | 83 +++-
net/ipv4/ip_sockglue.c | 16 +-
net/ipv4/tcp.c | 22 +-
net/ipv6/af_inet6.c | 1 +
net/ipv6/ipv6_sockglue.c | 18 +-
.../selftests/bpf/prog_tests/setget_sockopt.c | 125 +++++
.../selftests/bpf/progs/bpf_tracing_net.h | 31 +-
.../selftests/bpf/progs/setget_sockopt.c | 451 ++++++++++++++++++
16 files changed, 874 insertions(+), 277 deletions(-)
create mode 100644 tools/testing/selftests/bpf/prog_tests/setget_sockopt.c
create mode 100644 tools/testing/selftests/bpf/progs/setget_sockopt.c
--
2.30.2
