bpf: Propagate modified uaddrlen from cgroup sockaddr programs

int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,

				      struct sockaddr *uaddr,

				      int *uaddrlen,

				      enum cgroup_bpf_attach_type atype,

				      void *t_ctx,

				      u32 *flags);

#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk)				       \

	BPF_CGROUP_RUN_SK_PROG(sk, CGROUP_INET6_POST_BIND)

#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, atype)				       \

#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, uaddrlen, atype)		       \

({									       \

	int __ret = 0;							       \

	if (cgroup_bpf_enabled(atype))					       \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype,     \

							  NULL, NULL);	       \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, uaddrlen, \

							  atype, NULL, NULL);  \

	__ret;								       \

})

#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, atype, t_ctx)		       \

#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, atype, t_ctx)	       \

({									       \

	int __ret = 0;							       \

	if (cgroup_bpf_enabled(atype))	{				       \

		lock_sock(sk);						       \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype,     \

							  t_ctx, NULL);	       \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, uaddrlen, \

							  atype, t_ctx, NULL); \

		release_sock(sk);					       \

	}								       \

	__ret;								       \

 * (at bit position 0) is to indicate CAP_NET_BIND_SERVICE capability check

 * should be bypassed (BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE).

 */

#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, atype, bind_flags)	       \

#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, uaddrlen, atype, bind_flags) \

({									       \

	u32 __flags = 0;						       \

	int __ret = 0;							       \

	if (cgroup_bpf_enabled(atype))	{				       \

		lock_sock(sk);						       \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, atype,     \

							  NULL, &__flags);     \

		__ret = __cgroup_bpf_run_filter_sock_addr(sk, uaddr, uaddrlen, \

							  atype, NULL, &__flags); \

		release_sock(sk);					       \

		if (__flags & BPF_RET_BIND_NO_CAP_NET_BIND_SERVICE)	       \

			*bind_flags |= BIND_NO_CAP_NET_BIND_SERVICE;	       \

	  cgroup_bpf_enabled(CGROUP_INET6_CONNECT)) &&		       \

	 (sk)->sk_prot->pre_connect)

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr)			       \

	BPF_CGROUP_RUN_SA_PROG(sk, uaddr, CGROUP_INET4_CONNECT)

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr, uaddrlen)			\

	BPF_CGROUP_RUN_SA_PROG(sk, uaddr, uaddrlen, CGROUP_INET4_CONNECT)

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr)			       \

	BPF_CGROUP_RUN_SA_PROG(sk, uaddr, CGROUP_INET6_CONNECT)

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, uaddrlen)			\

	BPF_CGROUP_RUN_SA_PROG(sk, uaddr, uaddrlen, CGROUP_INET6_CONNECT)

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_INET4_CONNECT, NULL)

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr, uaddrlen)		\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_INET4_CONNECT, NULL)

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_INET6_CONNECT, NULL)

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr, uaddrlen)		\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_INET6_CONNECT, NULL)

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP4_SENDMSG, t_ctx)

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx)	\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_UDP4_SENDMSG, t_ctx)

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx)		       \

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP6_SENDMSG, t_ctx)

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx)	\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_UDP6_SENDMSG, t_ctx)

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP4_RECVMSG, NULL)

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr, uaddrlen)		\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_UDP4_RECVMSG, NULL)

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr)			\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, CGROUP_UDP6_RECVMSG, NULL)

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr, uaddrlen)		\

	BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, CGROUP_UDP6_RECVMSG, NULL)

/* The SOCK_OPS"_SK" macro should be used when sock_ops->sk is not a

 * fullsock and its parent fullsock cannot be traced by

}

#define cgroup_bpf_enabled(atype) (0)

#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, atype, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, atype) ({ 0; })

#define BPF_CGROUP_RUN_SA_PROG_LOCK(sk, uaddr, uaddrlen, atype, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_SA_PROG(sk, uaddr, uaddrlen, atype) ({ 0; })

#define BPF_CGROUP_PRE_CONNECT_ENABLED(sk) (0)

#define BPF_CGROUP_RUN_PROG_INET_INGRESS(sk,skb) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_EGRESS(sk,skb) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_SOCK(sk) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_SOCK_RELEASE(sk) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, atype, flags) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, uaddrlen, atype, flags) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET4_POST_BIND(sk) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET6_POST_BIND(sk) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_INET6_CONNECT_LOCK(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_SENDMSG_LOCK(sk, uaddr, uaddrlen, t_ctx) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP4_RECVMSG_LOCK(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr, uaddrlen) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; })

#define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(atype, major, minor, access) ({ 0; })

#define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos) ({ 0; })

	 */

	u64 tmp_reg;

	void *t_ctx;	/* Attach type specific context. */

	u32 uaddrlen;

};

struct bpf_sock_ops_kern {

 *                                       provided by user sockaddr

 * @sk: sock struct that will use sockaddr

 * @uaddr: sockaddr struct provided by user

 * @uaddrlen: Pointer to the size of the sockaddr struct provided by user. It is

 *            read-only for AF_INET[6] uaddr but can be modified for AF_UNIX

 *            uaddr.

 * @atype: The type of program to be executed

 * @t_ctx: Pointer to attach type specific context

 * @flags: Pointer to u32 which contains higher bits of BPF program

 */

int __cgroup_bpf_run_filter_sock_addr(struct sock *sk,

				      struct sockaddr *uaddr,

				      int *uaddrlen,

				      enum cgroup_bpf_attach_type atype,

				      void *t_ctx,

				      u32 *flags)

	};

	struct sockaddr_storage unspec;

	struct cgroup *cgrp;

	int ret;

	/* Check socket family since not all sockets represent network

	 * endpoint (e.g. AF_UNIX).

	if (!ctx.uaddr) {

		memset(&unspec, 0, sizeof(unspec));

		ctx.uaddr = (struct sockaddr *)&unspec;

		ctx.uaddrlen = 0;

	} else {

		ctx.uaddrlen = *uaddrlen;

	}

	cgrp = sock_cgroup_ptr(&sk->sk_cgrp_data);

	return bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,

	ret = bpf_prog_run_array_cg(&cgrp->bpf, atype, &ctx, bpf_prog_run,

				    0, flags);

	if (!ret && uaddr)

		*uaddrlen = ctx.uaddrlen;

	return ret;

}

EXPORT_SYMBOL(__cgroup_bpf_run_filter_sock_addr);

	/* BPF prog is run before any checks are done so that if the prog

	 * changes context in a wrong way it will be caught.

	 */

	err = BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr,

	err = BPF_CGROUP_RUN_PROG_INET_BIND_LOCK(sk, uaddr, &addr_len,

						 CGROUP_INET4_BIND, &flags);

	if (err)

		return err;

	struct sock *sk		= sock->sk;

	struct inet_sock *inet	= inet_sk(sk);

	DECLARE_SOCKADDR(struct sockaddr_in *, sin, uaddr);

	int sin_addr_len = sizeof(*sin);

	sin->sin_family = AF_INET;

	lock_sock(sk);

		}

		sin->sin_port = inet->inet_dport;

		sin->sin_addr.s_addr = inet->inet_daddr;

		BPF_CGROUP_RUN_SA_PROG(sk, (struct sockaddr *)sin,

		BPF_CGROUP_RUN_SA_PROG(sk, (struct sockaddr *)sin, &sin_addr_len,

				       CGROUP_INET4_GETPEERNAME);

	} else {

		__be32 addr = inet->inet_rcv_saddr;

			addr = inet->inet_saddr;

		sin->sin_port = inet->inet_sport;

		sin->sin_addr.s_addr = addr;

		BPF_CGROUP_RUN_SA_PROG(sk, (struct sockaddr *)sin,

		BPF_CGROUP_RUN_SA_PROG(sk, (struct sockaddr *)sin, &sin_addr_len,

				       CGROUP_INET4_GETSOCKNAME);

	}

	release_sock(sk);

	if (addr_len < sizeof(struct sockaddr_in))

		return -EINVAL;

	return BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr);

	return BPF_CGROUP_RUN_PROG_INET4_CONNECT_LOCK(sk, uaddr, &addr_len);

}

/* Checks the bind address and possibly modifies sk->sk_bound_dev_if. */