On Fri, Apr 21, 2023 at 06:27:11PM +0200, Daan De Meyer wrote:
> *
> * This function will return %-EPERM if an attached program is found and
> - * returned value != 1 during execution. In all other cases, 0 is returned.
> + * returned value != 1 during execution. In all other cases, the new address
> + * length of the sockaddr is returned.
> */
> int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
> struct sockaddr *uaddr,
> + u32 uaddrlen,
> enum cgroup_bpf_attach_type atype,
> void *t_ctx,
> u32 *flags)
> @@ -1469,9 +1472,11 @@ int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
> .sk = sk,
> .uaddr = uaddr,
> .t_ctx = t_ctx,
> + .uaddrlen = uaddrlen,
> };
> struct sockaddr_storage unspec;
> struct cgroup *cgrp;
> + int ret;
>
> /* Check socket family since not all sockets represent network
> * endpoint (e.g. AF_UNIX).
> @@ -1482,11 +1487,16 @@ int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,
> if (!ctx.uaddr) {
> memset(&unspec, 0, sizeof(unspec));
> ctx.uaddr = (struct sockaddr *)&unspec;
> + ctx.uaddrlen = sizeof(unspec);
> }
>
> cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);
> - return bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,
> - 0, flags);
> + ret = bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,
> + 0, flags);
> + if (ret)
> + return ret;
> +
> + return (int) ctx.uaddrlen;
But that is big behavioral change..
instead of 0 or 1 now it will be sizeof(unspec) or 1?
That will surely break some of the __cgroup_bpf_run_filter_sock_addr callers.
