| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241028110535.82999-14-kerneljasonxing@gmail.com>
Date: Mon, 28 Oct 2024 19:05:34 +0800
From: Jason Xing <kerneljasonxing@...il.com>
To: davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
dsahern@...nel.org,
willemdebruijn.kernel@...il.com,
willemb@...gle.com,
ast@...nel.org,
daniel@...earbox.net,
andrii@...nel.org,
martin.lau@...ux.dev,
eddyz87@...il.com,
song@...nel.org,
yonghong.song@...ux.dev,
john.fastabend@...il.com,
kpsingh@...nel.org,
sdf@...ichev.me,
haoluo@...gle.com,
jolsa@...nel.org,
shuah@...nel.org,
ykolal@...com
Cc: bpf@...r.kernel.org,
netdev@...r.kernel.org,
Jason Xing <kernelxing@...cent.com>
Subject: [PATCH net-next v3 13/14] net-timestamp: use static key to control bpf extension
From: Jason Xing <kernelxing@...cent.com>
Using the existing cgroup static key to control every possible
call in bpf extension.
Signed-off-by: Jason Xing <kernelxing@...cent.com>
---
net/core/skbuff.c | 3 ++-
net/core/sock.c | 4 ++--
net/ipv4/ip_output.c | 5 +++--
net/ipv4/tcp.c | 3 ++-
net/ipv4/udp.c | 3 ++-
net/ipv6/ip6_output.c | 5 +++--
6 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index d1739317b97d..2e5af24802ee 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -5692,7 +5692,8 @@ void __skb_tstamp_tx(struct sk_buff *orig_skb,
if (!sk)
return;
- skb_tstamp_tx_output_bpf(sk, tstype, orig_skb, hwtstamps);
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
+ skb_tstamp_tx_output_bpf(sk, tstype, orig_skb, hwtstamps);
skb_tstamp_tx_output(orig_skb, ack_skb, hwtstamps, sk, tstype);
}
EXPORT_SYMBOL_GPL(__skb_tstamp_tx);
diff --git a/net/core/sock.c b/net/core/sock.c
index 914ec8046f86..3a6f7c9b6459 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1479,7 +1479,7 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
}
if (!bpf_timetamping)
ret = sock_set_timestamping(sk, optname, timestamping);
- else
+ else if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
ret = sock_set_timestamping_bpf(sk, timestamping);
break;
@@ -1869,7 +1869,7 @@ int sk_getsockopt(struct sock *sk, int level, int optname,
v.timestamping.flags = READ_ONCE(sk->sk_tsflags);
v.timestamping.bind_phc = READ_ONCE(sk->sk_bind_phc);
}
- } else {
+ } else if (cgroup_bpf_enabled(CGROUP_SOCK_OPS)) {
v.timestamping.flags = READ_ONCE(sk->sk_tsflags_bpf);
}
break;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 45033105b34c..9678a88714e5 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -1058,7 +1058,7 @@ static int __ip_append_data(struct sock *sk,
hold_tskey = true;
}
}
- if (!hold_tskey &&
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS) && !hold_tskey &&
READ_ONCE(sk->sk_tsflags_bpf) & SOF_TIMESTAMPING_OPT_ID) {
tskey = atomic_inc_return(&sk->sk_tskey) - 1;
hold_tskey = true;
@@ -1338,7 +1338,8 @@ static int ip_setup_cork(struct sock *sk, struct inet_cork *cork,
cork->transmit_time = ipc->sockc.transmit_time;
cork->tx_flags = 0;
sock_tx_timestamp(sk, &ipc->sockc, &cork->tx_flags);
- sock_tx_timestamp_bpf(READ_ONCE(sk->sk_tsflags_bpf), &cork->tx_flags);
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
+ sock_tx_timestamp_bpf(READ_ONCE(sk->sk_tsflags_bpf), &cork->tx_flags);
if (ipc->sockc.tsflags & SOCKCM_FLAG_TS_OPT_ID) {
cork->flags |= IPCORK_TS_OPT_ID;
cork->ts_opt_id = ipc->sockc.ts_opt_id;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index f77dc7a4a98e..8f42c254bc7e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -509,7 +509,8 @@ static void tcp_tx_timestamp(struct sock *sk, struct sockcm_cookie *sockc)
shinfo->tskey = TCP_SKB_CB(skb)->seq + skb->len - 1;
}
- tcp_tx_timestamp_bpf(sk, skb);
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
+ tcp_tx_timestamp_bpf(sk, skb);
}
static bool tcp_stream_is_readable(struct sock *sk, int target)
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index e768421abc37..27cf2f8a9409 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1264,7 +1264,8 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
if (!corkreq) {
struct inet_cork cork;
- timestamp_call_bpf(sk, BPF_SOCK_OPS_TS_UDP_SND_CB, 0, NULL);
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
+ timestamp_call_bpf(sk, BPF_SOCK_OPS_TS_UDP_SND_CB, 0, NULL);
skb = ip_make_skb(sk, fl4, getfrag, msg, ulen,
sizeof(struct udphdr), &ipc, &rt,
&cork, msg->msg_flags);
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index ec956ada7179..3a96fb09f068 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1402,7 +1402,8 @@ static int ip6_setup_cork(struct sock *sk, struct inet_cork_full *cork,
cork->base.tx_flags = 0;
cork->base.mark = ipc6->sockc.mark;
sock_tx_timestamp(sk, &ipc6->sockc, &cork->base.tx_flags);
- sock_tx_timestamp_bpf(READ_ONCE(sk->sk_tsflags_bpf), &cork->base.tx_flags);
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS))
+ sock_tx_timestamp_bpf(READ_ONCE(sk->sk_tsflags_bpf), &cork->base.tx_flags);
if (ipc6->sockc.tsflags & SOCKCM_FLAG_TS_OPT_ID) {
cork->base.flags |= IPCORK_TS_OPT_ID;
cork->base.ts_opt_id = ipc6->sockc.ts_opt_id;
@@ -1556,7 +1557,7 @@ static int __ip6_append_data(struct sock *sk,
hold_tskey = true;
}
}
- if (!hold_tskey &&
+ if (cgroup_bpf_enabled(CGROUP_SOCK_OPS) && !hold_tskey &&
READ_ONCE(sk->sk_tsflags_bpf) & SOF_TIMESTAMPING_OPT_ID) {
tskey = atomic_inc_return(&sk->sk_tskey) - 1;
hold_tskey = true;
--
2.37.3
Powered by blists - more mailing lists