Re: [PATCH v3 bpf-next/net 2/5] bpf: Support bpf_setsockopt() for BPF_CGROUP_INET_SOCK_CREATE.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/26/25 11:38 AM, Kuniyuki Iwashima wrote:

We will store a flag in sk->sk_memcg by bpf_setsockopt() during
socket() or before sk->sk_memcg is set in accept().

BPF_CGROUP_INET_SOCK_CREATE is invoked by __cgroup_bpf_run_filter_sk()
that passes a pointer to struct sock to the bpf prog as void *ctx.

But there are no bpf_func_proto for bpf_setsockopt() that receives
the ctx as a pointer to struct sock.

Let's add a new bpf_setsockopt() variant for BPF_CGROUP_INET_SOCK_CREATE.

Note that inet_create() is not under lock_sock().

Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
---
v3: Remove bpf_func_proto for accept()
v2: Make 2 new bpf_func_proto static
---
  net/core/filter.c | 24 ++++++++++++++++++++++++
  1 file changed, 24 insertions(+)

diff --git a/net/core/filter.c b/net/core/filter.c
index 63f3baee2daf..443d12b7d3b2 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5743,6 +5743,23 @@ static const struct bpf_func_proto bpf_sock_ops_setsockopt_proto = {
  	.arg5_type	= ARG_CONST_SIZE,
  };
+BPF_CALL_5(bpf_unlocked_sock_setsockopt, struct sock *, sk, int, level, 
+	   int, optname, char *, optval, int, optlen)
+{
+	return _bpf_setsockopt(sk, level, optname, optval, optlen);


The sock_owned_by_me() will warn.

From CI:
WARNING: CPU: 0 PID: 102 at include/net/sock.h:1756 bpf_unlocked_sock_setsockopt+0xc7/0x110


+}
+
+static const struct bpf_func_proto bpf_unlocked_sock_setsockopt_proto = {
+	.func		= bpf_unlocked_sock_setsockopt,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_PTR_TO_CTX,
+	.arg2_type	= ARG_ANYTHING,
+	.arg3_type	= ARG_ANYTHING,
+	.arg4_type	= ARG_PTR_TO_MEM | MEM_RDONLY,
+	.arg5_type	= ARG_CONST_SIZE,
+};
+
  static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock,
  				int optname, const u8 **start)
  {
@@ -8051,6 +8068,13 @@ sock_filter_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
  		return &bpf_sk_storage_get_cg_sock_proto;
  	case BPF_FUNC_ktime_get_coarse_ns:
  		return &bpf_ktime_get_coarse_ns_proto;
+	case BPF_FUNC_setsockopt:
+		switch (prog->expected_attach_type) {
+		case BPF_CGROUP_INET_SOCK_CREATE:
+			return &bpf_unlocked_sock_setsockopt_proto;
+		default:
+			return NULL;
+		}
  	default:
  		return bpf_base_func_proto(func_id, prog);
  	}
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux