From: Liu Jian liujian56@huawei.com
hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8KU3B CVE: NA
--------------------------------
Access bpf_sock's src_ip4 and sorc_port in BPF_CGROUP_INET_SOCK_RELEASE hook.
Signed-off-by: Liu Jian liujian56@huawei.com Signed-off-by: Zhengchao Shao shaozhengchao@huawei.com --- net/core/filter.c | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/net/core/filter.c b/net/core/filter.c index 4c9d429babaa..2acf7141b644 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -8685,6 +8685,9 @@ static bool __sock_filter_check_attach_type(int off, case bpf_ctx_range(struct bpf_sock, src_ip4): switch (attach_type) { case BPF_CGROUP_INET4_POST_BIND: +#if IS_ENABLED(CONFIG_NETACC_TERRACE) + case BPF_CGROUP_INET_SOCK_RELEASE: +#endif goto read_only; default: return false; @@ -8700,6 +8703,9 @@ static bool __sock_filter_check_attach_type(int off, switch (attach_type) { case BPF_CGROUP_INET4_POST_BIND: case BPF_CGROUP_INET6_POST_BIND: +#if IS_ENABLED(CONFIG_NETACC_TERRACE) + case BPF_CGROUP_INET_SOCK_RELEASE: +#endif goto read_only; default: return false;