From patchwork Thu Aug 31 22:05:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Ahern X-Patchwork-Id: 808441 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RVAi1Vbw"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3xjxKm0JXlz9s8J for ; Fri, 1 Sep 2017 08:06:36 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751537AbdHaWGM (ORCPT ); Thu, 31 Aug 2017 18:06:12 -0400 Received: from mail-pf0-f195.google.com ([209.85.192.195]:35639 "EHLO mail-pf0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751001AbdHaWGL (ORCPT ); Thu, 31 Aug 2017 18:06:11 -0400 Received: by mail-pf0-f195.google.com with SMTP id g13so532849pfm.2 for ; Thu, 31 Aug 2017 15:06:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dOM0PlPLyKevorfLDpiFIF9JjUKDx1xzEAyK5l+umqQ=; b=RVAi1VbwXWyVZ0blUf727Wzyphhc2WRHP+tRfQtcRaLyGmnQuJKQccjC2ocQQwTpz9 kPjUba90uDyEUHWGMBBCSoVe9qR5rY361WjXnnzcQyL+nb8VVXZoH+qdBRgqNo8kAHlu jNoS2Hzc8NNPjb6kf89NZCDm1r3UPHGaMfS5/ars3E+5j7O6pE/FJ4yybGfyw4MkcXfW vLvn9FOCWxqIaAGsJhbzL+Zva9U/7Xvx8qMDp9pkdby1uPz4X/yLYPfZRpnleE02HYCu bLF5htf9HAU6brV8SrWyGeKcs606c07nB+dXPgFPzaC8C0Jp45sivtRhK1jL3iioWkwp pmMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dOM0PlPLyKevorfLDpiFIF9JjUKDx1xzEAyK5l+umqQ=; b=fLLxQmEWtZ8+DriO/iC29q1GbcxY4Dja7ssuC4pwv9TP77q95/sdivsBYqVnPaxuUw OrQcFPiEEo+Hl0oTKv9HAu4ZrhQszNKatohAcEY0eVLSrSAsKNyfqXNYDp1HrX/0aa67 w2MxeJtkZTDB70dlFfG9jnN9IadLzhOvzds2LK3BwfYXWHM9O1fne4FFx+hVFZj5qD6q qHI/FoTs+dMXAQ8ECRaaeCyeDv+/2swm34QYo/vwaoQS12wYLgIIEh0ptgtKcvHGoXtD XIW9IzJbIuzM1iMslUS3Xf0lgsPZZfVZCDnIoAB1mTPzD7VNq9IY0nH1PvnlV0HHiHzZ CkQA== X-Gm-Message-State: AHYfb5hn66Q9mGECJPIp9WEStUH7eQU6bwIohKXpfO/jt+91guRvRwG2 01gyM9gA1Wb2OGGS X-Google-Smtp-Source: ADKCNb56wi/5/CKV0KGuB6UP3VgbPw2mRkdgLLp6QHJ2Ruc+4IVKVmfOONUq7TeZtq/zZ3gokoACcA== X-Received: by 10.99.112.71 with SMTP id a7mr4123963pgn.187.1504217170519; Thu, 31 Aug 2017 15:06:10 -0700 (PDT) Received: from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com. [216.129.126.126]) by smtp.googlemail.com with ESMTPSA id x12sm845336pfk.42.2017.08.31.15.06.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 31 Aug 2017 15:06:10 -0700 (PDT) From: David Ahern To: netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org Cc: David Ahern Subject: [PATCH v3 net-next 2/7] bpf: Allow cgroup sock filters to use get_current_uid_gid helper Date: Thu, 31 Aug 2017 15:05:45 -0700 Message-Id: <1504217150-16151-3-git-send-email-dsahern@gmail.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1504217150-16151-1-git-send-email-dsahern@gmail.com> References: <1504217150-16151-1-git-send-email-dsahern@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Allow BPF programs run on sock create to use the get_current_uid_gid helper. IPv4 and IPv6 sockets are created in a process context so there is always a valid uid/gid Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann --- net/core/filter.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/net/core/filter.c b/net/core/filter.c index f51b9690adf3..9dad3e7e2e10 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -3150,6 +3150,20 @@ bpf_base_func_proto(enum bpf_func_id func_id) } static const struct bpf_func_proto * +sock_filter_func_proto(enum bpf_func_id func_id) +{ + switch (func_id) { + /* inet and inet6 sockets are created in a process + * context so there is always a valid uid/gid + */ + case BPF_FUNC_get_current_uid_gid: + return &bpf_get_current_uid_gid_proto; + default: + return bpf_base_func_proto(func_id); + } +} + +static const struct bpf_func_proto * sk_filter_func_proto(enum bpf_func_id func_id) { switch (func_id) { @@ -4233,7 +4247,7 @@ const struct bpf_verifier_ops lwt_xmit_prog_ops = { }; const struct bpf_verifier_ops cg_sock_prog_ops = { - .get_func_proto = bpf_base_func_proto, + .get_func_proto = sock_filter_func_proto, .is_valid_access = sock_filter_is_valid_access, .convert_ctx_access = sock_filter_convert_ctx_access, };