{"id":806002,"url":"http://patchwork.ozlabs.org/api/1.2/patches/806002/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/1503687941-626-4-git-send-email-dsahern@gmail.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1503687941-626-4-git-send-email-dsahern@gmail.com>","list_archive_url":null,"date":"2017-08-25T19:05:36","name":"[v2,net-next,3/8] bpf: Allow cgroup sock filters to use get_current_uid_gid helper","commit_ref":null,"pull_url":null,"state":"deferred","archived":true,"hash":"dde4f161291d0bfbe2f6cf02875e5814bda887b1","submitter":{"id":6918,"url":"http://patchwork.ozlabs.org/api/1.2/people/6918/?format=json","name":"David Ahern","email":"dsahern@gmail.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/1503687941-626-4-git-send-email-dsahern@gmail.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/806002/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/806002/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"bFb53y5C\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xf9ck6gQgz9t1m\n\tfor ;\n\tSat, 26 Aug 2017 05:06:30 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1758156AbdHYTGY (ORCPT );\n\tFri, 25 Aug 2017 15:06:24 -0400","from mail-pg0-f68.google.com ([74.125.83.68]:37652 \"EHLO\n\tmail-pg0-f68.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1756571AbdHYTFx (ORCPT\n\t); Fri, 25 Aug 2017 15:05:53 -0400","by mail-pg0-f68.google.com with SMTP id a7so887807pgn.4\n\tfor ; Fri, 25 Aug 2017 12:05:53 -0700 (PDT)","from kenny.it.cumulusnetworks.com. (fw.cumulusnetworks.com.\n\t[216.129.126.126]) by smtp.googlemail.com with ESMTPSA id\n\t16sm16642137pfn.188.2017.08.25.12.05.51\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);\n\tFri, 25 Aug 2017 12:05:52 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=1+Z9rQYQHWpYB4Ykkz9ZZlr+O4kvu8h/JOaw4HxmOoM=;\n\tb=bFb53y5C4EP+7g91uKLG4kFX0fOPC3wbJWwVHmIiiJt6SWzZYJA3w9lp8mCYN5KdDp\n\tB7fQiPYDSv87Kcl6UoOWqM0znq0rD4qIFP1xg4UZHo8GEuQ4TaAp2jg4cFTy+KLHOyp+\n\tjgkz8yWH/lBYfVr6ATH72kHnF536lQZkns7ni+4pZ4C8GB34q9b7LlEvqnd5S11tMHxI\n\tsvanK0wfLGo68baxrbm6T4Mdd+0LhnLdEy7Dspmx83p4ZL/D9R96/kDSiJMRmKI7+G67\n\txI0Ij+7bGmDVhob6ytrSGSPsbcwg79vZ/Az94+HMWHoqTBloWrss5+MrLyVHVPJlkaVZ\n\tLpEw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=1+Z9rQYQHWpYB4Ykkz9ZZlr+O4kvu8h/JOaw4HxmOoM=;\n\tb=YoasqiBiqgE/Slxo1iScOOuPWzRu6KP83T8caL+TjlqrYCuKAO+pA7Tmqb9GMnjQiW\n\tpySQLDwPuXBmSbT/J4lwM5TbgjFoEgHMbYmrvYnfx6rG9DEhClnlb5cIO0P4ABvrMcmP\n\tHaFgqJH71bFeTtHqAuViM09dhzOAzVwdcu4FvsZ02XffCxUkekWHG4F9J8F9MsjaWsbs\n\t54igl4kbRo5mMM4gT8MvVSDX5jsJNysR5k7f9OfHskpI99W5aUKpAUPHET253eT8KHdE\n\tiIsLedwiSAEKY/3J/2ontsVfC33gAxUfi6wbvf9Ha1xdZ8S49e2DYgnHi3KDzq7VjUcT\n\t9fDA==","X-Gm-Message-State":"AHYfb5ha/39JUJmXkYomb4teaYSF7hLBEsdsSWHempBwxYSOexbArWKd\n\tmeU16fMZ13n1rKGf","X-Received":"by 10.84.150.164 with SMTP id h33mr10468397plh.6.1503687952868; \n\tFri, 25 Aug 2017 12:05:52 -0700 (PDT)","From":"David Ahern ","To":"netdev@vger.kernel.org, daniel@iogearbox.net, ast@kernel.org,\n\ttj@kernel.org, davem@davemloft.net","Cc":"David Ahern ","Subject":"[PATCH v2 net-next 3/8] bpf: Allow cgroup sock filters to use\n\tget_current_uid_gid helper","Date":"Fri, 25 Aug 2017 12:05:36 -0700","Message-Id":"<1503687941-626-4-git-send-email-dsahern@gmail.com>","X-Mailer":"git-send-email 2.1.4","In-Reply-To":"<1503687941-626-1-git-send-email-dsahern@gmail.com>","References":"<1503687941-626-1-git-send-email-dsahern@gmail.com>","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Allow BPF programs run on sock create to use the get_current_uid_gid\nhelper. IPv4 and IPv6 sockets are created in a process context so\nthere is always a valid uid/gid\n\nSigned-off-by: David Ahern \n---\n net/core/filter.c | 16 +++++++++++++++-\n 1 file changed, 15 insertions(+), 1 deletion(-)","diff":"diff --git a/net/core/filter.c b/net/core/filter.c\nindex d582d1b1e533..eb505842a77e 100644\n--- a/net/core/filter.c\n+++ b/net/core/filter.c\n@@ -3139,6 +3139,20 @@ bpf_base_func_proto(enum bpf_func_id func_id)\n }\n \n static const struct bpf_func_proto *\n+sock_filter_func_proto(enum bpf_func_id func_id)\n+{\n+\tswitch (func_id) {\n+\t/* inet and inet6 sockets are created in a process\n+\t * context so there is always a valid uid/gid\n+\t */\n+\tcase BPF_FUNC_get_current_uid_gid:\n+\t\treturn &bpf_get_current_uid_gid_proto;\n+\tdefault:\n+\t\treturn bpf_base_func_proto(func_id);\n+\t}\n+}\n+\n+static const struct bpf_func_proto *\n sk_filter_func_proto(enum bpf_func_id func_id)\n {\n \tswitch (func_id) {\n@@ -4222,7 +4236,7 @@ const struct bpf_verifier_ops lwt_xmit_prog_ops = {\n };\n \n const struct bpf_verifier_ops cg_sock_prog_ops = {\n-\t.get_func_proto\t\t= bpf_base_func_proto,\n+\t.get_func_proto\t\t= sock_filter_func_proto,\n \t.is_valid_access\t= sock_filter_is_valid_access,\n \t.convert_ctx_access\t= sock_filter_convert_ctx_access,\n };\n","prefixes":["v2","net-next","3/8"]}