[PATCH OLK-6.6 v2 2/4] bpf: Add bpf_get_sockops_uid_gid helper function

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I8KU3B CVE: NA

--------------------------------

Add the function for bpf sock_ops hook to get sock's uid and gid.

Signed-off-by: Zhengchao Shao shaozhengchao@huawei.com --- include/uapi/linux/bpf.h | 2 ++ net/core/filter.c | 25 +++++++++++++++++++++++++ 2 files changed, 27 insertions(+)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index 4924f0cde1bc..fd9e24be0956 100644 --- a/include/uapi/linux/bpf.h +++ b/include/uapi/linux/bpf.h @@ -6898,6 +6898,8 @@ enum { TCP_BPF_SYN_MAC = 1007, /* Copy the MAC, IP[46], and TCP header */ };

+#define SK_BPF_GID_UID 18000 + enum { BPF_LOAD_HDR_OPT_TCP_SYN = (1ULL << 0), }; diff --git a/net/core/filter.c b/net/core/filter.c index d6905153cba2..3332aaac79a9 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5576,6 +5576,27 @@ static int bpf_sock_ops_get_syn(struct bpf_sock_ops_kern *bpf_sock, return ret; }

+#if IS_ENABLED(CONFIG_NETACC_TERRACE) +static int bpf_sock_ops_get_uid_gid(struct bpf_sock_ops_kern *bpf_sock, + char *optval, int optlen) +{ + struct sock *sk = bpf_sock->sk; + kuid_t uid; + kgid_t gid; + + if (!sk || !sk_fullsock(sk) || optlen < sizeof(u64)) + return -EINVAL; + + uid = sock_net_uid(sock_net(sk), sk); + gid = sock_net_gid(sock_net(sk), sk); + + *(u32 *)optval = from_kgid_munged(sock_net(sk)->user_ns, gid); + *((u32 *)optval + 1) = from_kuid_munged(sock_net(sk)->user_ns, uid); + + return sizeof(u64); +} +#endif + BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock, int, level, int, optname, char *, optval, int, optlen) { @@ -5600,6 +5621,10 @@ BPF_CALL_5(bpf_sock_ops_getsockopt, struct bpf_sock_ops_kern *, bpf_sock,

return ret; } +#if IS_ENABLED(CONFIG_NETACC_TERRACE) + if (IS_ENABLED(CONFIG_INET) && optname == SK_BPF_GID_UID) + return bpf_sock_ops_get_uid_gid(bpf_sock, optval, optlen); +#endif

return _bpf_getsockopt(bpf_sock->sk, level, optname, optval, optlen); }