From: Ziyang Xuan william.xuanziyang@huawei.com

Offering: HULK hulk inclusion category: bugfix bugzilla: 187826, https://gitee.com/openeuler/kernel/issues/I9K8D1

--------------------------------

Format '%u' specifies type 'unsigned int' which is nominally inconsistent with ntohs() result of promoted type 'unsigned short int'.

Use '%u' for ntohs() result will trigger warnings. Fix them by using '%hu' for ntohs() result.

Fixes: 877e893ac68e ("[Huawei] bpf: Add new bpf helper to get SO_ORIGINAL_DST/REPLY_SRC") Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- net/netfilter/nf_conntrack_proto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index dd1fff72c736..1922620c8405 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -340,14 +340,14 @@ bpf_getorigdst_impl(struct sock *sk, int optval, void *user, int *len, int dir) } memset(sin.sin_zero, 0, sizeof(sin.sin_zero));

- pr_debug("SO_ORIGINAL_DST: %pI4 %u\n", + pr_debug("SO_ORIGINAL_DST: %pI4 %hu\n", &sin.sin_addr.s_addr, ntohs(sin.sin_port)); nf_ct_put(ct);

memcpy(user, &sin, sizeof(sin)); return 0; } - pr_debug("SO_ORIGINAL_DST: Can't find %pI4/%u-%pI4/%u.\n", + pr_debug("SO_ORIGINAL_DST: Can't find %pI4/%hu-%pI4/%hu.\n", &tuple.src.u3.ip, ntohs(tuple.src.u.tcp.port), &tuple.dst.u3.ip, ntohs(tuple.dst.u.tcp.port)); return -ENOENT;

From: Lu Wei luwei32@huawei.com

Offering: HULK hulk inclusion category: bugfix bugzilla: 187830, https://gitee.com/openeuler/kernel/issues/I9K8D1

--------------------------------

The return-type-of-the-function should be on the same line as the function-name.

Fixes: 877e893ac68e ("bpf: Add new bpf helper to get SO_ORIGINAL_DST/REPLY_SRC") Signed-off-by: Lu Wei luwei32@huawei.com Signed-off-by: Dong Chenchen dongchenchen2@huawei.com --- net/netfilter/nf_conntrack_proto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index ca4bfbc8afd8..b0fc4d881d76 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -292,8 +292,8 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) return -ENOENT; }

-static int -bpf_getorigdst_impl(struct sock *sk, int optval, void *user, int *len, int dir) +static int bpf_getorigdst_impl(struct sock *sk, int optval, void *user, + int *len, int dir) { const struct inet_sock *inet = inet_sk(sk); const struct nf_conntrack_tuple_hash *h;

From: Lu Wei luwei32@huawei.com

Offering: HULK hulk inclusion category: feature bugzilla: 187986, https://gitee.com/openeuler/kernel/issues/I9K8D1

-------------------------------

Add Kconfig for customized socketmap for EulerOS.

Signed-off-by: Lu Wei luwei32@huawei.com Signed-off-by: Dong Chenchen dongchenchen2@huawei.com --- arch/arm64/configs/openeuler_defconfig | 1 + arch/x86/configs/openeuler_defconfig | 1 + include/net/netfilter/nf_conntrack.h | 2 ++ include/net/sock.h | 6 +++++- net/Kconfig | 10 ++++++++++ net/core/filter.c | 8 ++++++++ net/core/sock.c | 4 ++++ net/netfilter/nf_conntrack_proto.c | 6 ++++++ net/socket.c | 2 ++ 9 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/arch/arm64/configs/openeuler_defconfig b/arch/arm64/configs/openeuler_defconfig index a83bf85e289b..7547c26698b6 100644 --- a/arch/arm64/configs/openeuler_defconfig +++ b/arch/arm64/configs/openeuler_defconfig @@ -1835,6 +1835,7 @@ CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y CONFIG_BPF_JIT=y CONFIG_BPF_STREAM_PARSER=y +CONFIG_EULER_SOCKETMAP=y CONFIG_NET_FLOW_LIMIT=y

# diff --git a/arch/x86/configs/openeuler_defconfig b/arch/x86/configs/openeuler_defconfig index 9a570231e72a..d5087a9bd0da 100644 --- a/arch/x86/configs/openeuler_defconfig +++ b/arch/x86/configs/openeuler_defconfig @@ -1769,6 +1769,7 @@ CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y CONFIG_BPF_JIT=y CONFIG_BPF_STREAM_PARSER=y +CONFIG_EULER_SOCKETMAP=y CONFIG_NET_FLOW_LIMIT=y

# diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 2b2d9deed907..d4b628317781 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -342,8 +342,10 @@ nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info) #define MODULE_ALIAS_NFCT_HELPER(helper) \ MODULE_ALIAS("nfct-helper-" helper)

+#ifdef CONFIG_EULER_SOCKETMAP typedef int (*bpf_getorigdst_opt_func)(struct sock *sk, int optname, void *optval, int *optlen, int dir); extern bpf_getorigdst_opt_func bpf_getorigdst_opt; +#endif

#endif /* _NF_CONNTRACK_H */ diff --git a/include/net/sock.h b/include/net/sock.h index 7078c98f9726..eb05a34499cf 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -525,7 +525,7 @@ struct sock { #endif struct rcu_head sk_rcu;

-#ifndef __GENKSYMS__ +#if defined(CONFIG_EULER_SOCKETMAP) && !defined(__GENKSYMS__) union { kgid_t sk_gid; u64 sk_gid_padding; @@ -1985,7 +1985,9 @@ static inline void sock_graft(struct sock *sk, struct socket *parent) parent->sk = sk; sk_set_socket(sk, parent); sk->sk_uid = SOCK_INODE(parent)->i_uid; +#ifdef CONFIG_EULER_SOCKETMAP sk->sk_gid = SOCK_INODE(parent)->i_gid; +#endif security_sock_graft(sk, parent); write_unlock_bh(&sk->sk_callback_lock); } @@ -1999,10 +2001,12 @@ static inline kuid_t sock_net_uid(const struct net *net, const struct sock *sk) return sk ? sk->sk_uid : make_kuid(net->user_ns, 0); }

+#ifdef CONFIG_EULER_SOCKETMAP static inline kgid_t sock_net_gid(const struct net *net, const struct sock *sk) { return sk ? sk->sk_gid : make_kgid(net->user_ns, 0); } +#endif

static inline u32 net_tx_rndhash(void) { diff --git a/net/Kconfig b/net/Kconfig index 6186e9ad88a3..51a934426f9f 100644 --- a/net/Kconfig +++ b/net/Kconfig @@ -318,6 +318,16 @@ config BPF_STREAM_PARSER It can be used to enforce socket policy, implement socket redirects, etc.

+config EULER_SOCKETMAP + bool "enable EulerOS SOCKETMAP" + depends on INET + depends on BPF_SYSCALL + depends on CGROUP_BPF + select NET_SOCK_MSG + default n + help + Enabling this support socket map in EulerOS. + config NET_FLOW_LIMIT bool depends on RPS diff --git a/net/core/filter.c b/net/core/filter.c index 96a3e7f5c9e3..838813229564 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -5095,6 +5095,7 @@ static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = { .arg5_type = ARG_CONST_SIZE, };

+#ifdef CONFIG_EULER_SOCKETMAP BPF_CALL_1(bpf_get_sockops_uid_gid, struct bpf_sock_ops_kern *, bpf_sock) { struct sock *sk = bpf_sock->sk; @@ -5165,6 +5166,7 @@ static const struct bpf_func_proto bpf_sk_original_addr_proto = { .arg3_type = ARG_PTR_TO_UNINIT_MEM, .arg4_type = ARG_CONST_SIZE, }; +#endif

BPF_CALL_5(bpf_sock_addr_getsockopt, struct bpf_sock_addr_kern *, ctx, int, level, int, optname, char *, optval, int, optlen) @@ -7470,10 +7472,12 @@ sock_ops_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog) return &bpf_sk_storage_delete_proto; case BPF_FUNC_get_netns_cookie: return &bpf_get_netns_cookie_sock_ops_proto; +#ifdef CONFIG_EULER_SOCKETMAP case BPF_FUNC_get_sockops_uid_gid: return &bpf_get_sockops_uid_gid_proto; case BPF_FUNC_sk_original_addr: return &bpf_sk_original_addr_proto; +#endif #ifdef CONFIG_INET case BPF_FUNC_load_hdr_opt: return &bpf_sock_ops_load_hdr_opt_proto; @@ -7870,7 +7874,9 @@ static bool __sock_filter_check_attach_type(int off, case bpf_ctx_range(struct bpf_sock, src_ip4): switch (attach_type) { case BPF_CGROUP_INET4_POST_BIND: +#ifdef CONFIG_EULER_SOCKETMAP case BPF_CGROUP_INET_SOCK_RELEASE: +#endif goto read_only; default: return false; @@ -7886,7 +7892,9 @@ static bool __sock_filter_check_attach_type(int off, switch (attach_type) { case BPF_CGROUP_INET4_POST_BIND: case BPF_CGROUP_INET6_POST_BIND: +#ifdef CONFIG_EULER_SOCKETMAP case BPF_CGROUP_INET_SOCK_RELEASE: +#endif goto read_only; default: return false; diff --git a/net/core/sock.c b/net/core/sock.c index da0c980ad238..a64ad3aeea8e 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -3029,10 +3029,14 @@ void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid) sk->sk_type = sock->type; RCU_INIT_POINTER(sk->sk_wq, &sock->wq); sock->sk = sk; +#ifdef CONFIG_EULER_SOCKETMAP sk->sk_gid = SOCK_INODE(sock)->i_gid; +#endif } else { RCU_INIT_POINTER(sk->sk_wq, NULL); +#ifdef CONFIG_EULER_SOCKETMAP sk->sk_gid = make_kgid(sock_net(sk)->user_ns, 0); +#endif } sk->sk_uid = uid;

diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index b0fc4d881d76..f4d62fced6dd 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -292,6 +292,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) return -ENOENT; }

+#ifdef CONFIG_EULER_SOCKETMAP static int bpf_getorigdst_impl(struct sock *sk, int optval, void *user, int *len, int dir) { @@ -352,6 +353,7 @@ static int bpf_getorigdst_impl(struct sock *sk, int optval, void *user, &tuple.dst.u3.ip, ntohs(tuple.dst.u.tcp.port)); return -ENOENT; } +#endif

static struct nf_sockopt_ops so_getorigdst = { .pf = PF_INET, @@ -717,7 +719,9 @@ int nf_conntrack_proto_init(void) goto cleanup_sockopt; #endif

+#ifdef CONFIG_EULER_SOCKETMAP bpf_getorigdst_opt = bpf_getorigdst_impl; +#endif

return ret;

@@ -730,7 +734,9 @@ int nf_conntrack_proto_init(void)

void nf_conntrack_proto_fini(void) { +#ifdef CONFIG_EULER_SOCKETMAP bpf_getorigdst_opt = NULL; +#endif

nf_unregister_sockopt(&so_getorigdst); #if IS_ENABLED(CONFIG_IPV6) diff --git a/net/socket.c b/net/socket.c index 32136e9bebdb..a72baac5074e 100644 --- a/net/socket.c +++ b/net/socket.c @@ -545,7 +545,9 @@ static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)

if (sock->sk) { sock->sk->sk_uid = iattr->ia_uid; +#ifdef CONFIG_EULER_SOCKETMAP sock->sk->sk_gid = iattr->ia_gid; +#endif } else { err = -ENOENT; }

Offering: HULK hulk inclusion category: bugfix bugzilla: 188614, https://gitee.com/openeuler/kernel/issues/I9K8D1

--------------------------------

BUG: KASAN: slab-use-after-free in xfrm_policy_inexact_list_reinsert+0xb6/0x430 Read of size 1 at addr ffff8881051f3bf8 by task ip/668

CPU: 2 PID: 668 Comm: ip Not tainted 6.5.0-rc5-00182-g25aa0bebba72 #64 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13 Call Trace: <TASK> dump_stack_lvl+0x72/0xa0 print_report+0xd0/0x620 kasan_report+0xb6/0xf0 xfrm_policy_inexact_list_reinsert+0xb6/0x430 xfrm_policy_inexact_insert_node.constprop.0+0x537/0x800 xfrm_policy_inexact_alloc_chain+0x23f/0x320 xfrm_policy_inexact_insert+0x6b/0x590 xfrm_policy_insert+0x3b1/0x480 xfrm_add_policy+0x23c/0x3c0 xfrm_user_rcv_msg+0x2d0/0x510 netlink_rcv_skb+0x10d/0x2d0 xfrm_netlink_rcv+0x49/0x60 netlink_unicast+0x3fe/0x540 netlink_sendmsg+0x528/0x970 sock_sendmsg+0x14a/0x160 ____sys_sendmsg+0x4fc/0x580 ___sys_sendmsg+0xef/0x160 __sys_sendmsg+0xf7/0x1b0 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x73/0xdd

The root cause is:

cpu 0 cpu1 xfrm_dump_policy xfrm_policy_walk list_move_tail xfrm_add_policy ... ... xfrm_policy_inexact_list_reinsert list_for_each_entry_reverse if (!policy->bydst_reinsert) //read non-existent policy xfrm_dump_policy_done xfrm_policy_walk_done list_del(&walk->walk.all);

If dump_one_policy() returns err (triggered by netlink socket), xfrm_policy_walk() will move walk initialized by socket to list net->xfrm.policy_all. so this socket becomes visible in the global policy list. The head *walk can be traversed when users add policies with different prefixlen and trigger xfrm_policy node merge.

It can be fixed by skip such "policies" with walk.dead set to 1.

Fixes: 9cf545ebd591 ("xfrm: policy: store inexact policies in a tree ordered by destination address") Fixes: 12a169e7d8f4 ("ipsec: Put dumpers on the dump list") Signed-off-by: Dong Chenchen dongchenchen2@huawei.com --- net/xfrm/xfrm_policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 8ec9c893a7ea..9e46793a5a26 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -850,7 +850,7 @@ static void xfrm_policy_inexact_list_reinsert(struct net *net, struct hlist_node *newpos = NULL; bool matches_s, matches_d;

- if (!policy->bydst_reinsert) + if (policy->walk.dead || !policy->bydst_reinsert) continue;

WARN_ON_ONCE(policy->family != family);