Commit 35377bf0 authored by JofDiamonds's avatar JofDiamonds
Browse files

bpf: Add bpf_get_sockops_uid_gid helper function 

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I7LTRR
CVE: NA

Reference: https://gitee.com/openeuler/kernel/commit/9d4b4a05ae00d7e5b2f8a33fdbdf974df182ccb7



--------------------------------

Add the function for bpf sock_ops hook to get sock's uid and gid.

Signed-off-by: default avatarLiu Jian <liujian56@huawei.com>
Conflicts:
	include/uapi/linux/bpf.h
	net/core/filter.c
	tools/include/uapi/linux/bpf.h
Signed-off-by: default avatarJofDiamonds <kwb0523@163.com>
Reviewed-by: default avatarwuchangye <wuchangye@huawei.com>
parent 932c1a8f

include/uapi/linux/bpf.h

+8 −0
Original line number Diff line number Diff line
@@ -5559,6 +5559,13 @@ union bpf_attr { 
 *		0 on success.

 *

 *		**-ENOENT** if the bpf_local_storage cannot be found.

 *

 * u64 bpf_get_sockops_uid_gid(void *sockops)

 *     Description

 *             Get sock's uid and gid

 *     Return

 *             A 64-bit integer containing the current GID and UID, and

 *             created as such: *current_gid* **<< 32 \|** *current_uid*.

 */

#define ___BPF_FUNC_MAPPER(FN, ctx...)			\

	FN(unspec, 0, ##ctx)				\
@@ -5773,6 +5780,7 @@ union bpf_attr { 
	FN(user_ringbuf_drain, 209, ##ctx)		\

	FN(cgrp_storage_get, 210, ##ctx)		\

	FN(cgrp_storage_delete, 211, ##ctx)		\

	FN(get_sockops_uid_gid, 212, ##ctx)		\

	/* */



/* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't

net/core/filter.c

+25 −0
Original line number Diff line number Diff line
@@ -5483,6 +5483,29 @@ static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = { 
	.arg5_type	= ARG_CONST_SIZE,

};



BPF_CALL_1(bpf_get_sockops_uid_gid, struct bpf_sock_ops_kern *, bpf_sock)

{

	struct sock *sk = bpf_sock->sk;

	kuid_t uid;

	kgid_t gid;



	if (!sk || !sk_fullsock(sk))

		return -EINVAL;



	uid = sock_net_uid(sock_net(sk), sk);

	gid = sock_net_gid(sock_net(sk), sk);



	return ((u64)from_kgid_munged(sock_net(sk)->user_ns, gid)) << 32 |

		from_kuid_munged(sock_net(sk)->user_ns, uid);

}



static const struct bpf_func_proto bpf_get_sockops_uid_gid_proto = {

	.func		= bpf_get_sockops_uid_gid,

	.gpl_only	= false,

	.ret_type	= RET_INTEGER,

	.arg1_type	= ARG_PTR_TO_CTX,

};



BPF_CALL_5(bpf_sock_addr_getsockopt, struct bpf_sock_addr_kern *, ctx,

	   int, level, int, optname, char *, optval, int, optlen)

{
@@ -8122,6 +8145,8 @@ sock_ops_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) 
		return &bpf_sk_storage_delete_proto;

	case BPF_FUNC_get_netns_cookie:

		return &bpf_get_netns_cookie_sock_ops_proto;

	case BPF_FUNC_get_sockops_uid_gid:

		return &bpf_get_sockops_uid_gid_proto;

#ifdef CONFIG_INET

	case BPF_FUNC_load_hdr_opt:

		return &bpf_sock_ops_load_hdr_opt_proto;

tools/include/uapi/linux/bpf.h

+8 −0
Original line number Diff line number Diff line
@@ -5559,6 +5559,13 @@ union bpf_attr { 
 *		0 on success.

 *

 *		**-ENOENT** if the bpf_local_storage cannot be found.

 *

 * u64 bpf_get_sockops_uid_gid(void *sockops)

 *     Description

 *             Get sock's uid and gid

 *     Return

 *             A 64-bit integer containing the current GID and UID, and

 *             created as such: *current_gid* **<< 32 \|** *current_uid*.

 */

#define ___BPF_FUNC_MAPPER(FN, ctx...)			\

	FN(unspec, 0, ##ctx)				\
@@ -5773,6 +5780,7 @@ union bpf_attr { 
	FN(user_ringbuf_drain, 209, ##ctx)		\

	FN(cgrp_storage_get, 210, ##ctx)		\

	FN(cgrp_storage_delete, 211, ##ctx)		\

	FN(get_sockops_uid_gid, 212, ##ctx)		\

	/* */



/* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't