git.ipfire.org Git - thirdparty/linux.git/commit

author	Kuniyuki Iwashima <kuniyu@google.com>
	Tue, 14 Oct 2025 23:54:57 +0000 (23:54 +0000)
committer	Martin KaFai Lau <martin.lau@kernel.org>
	Thu, 16 Oct 2025 19:04:47 +0000 (12:04 -0700)
commit	5ed17896a09e2cc3f07b7d8f6a8b1d6be54550f7
tree	fdacaeaf2e070d8f600a1a2d81a3a2b75aa3acb3	tree \| snapshot
parent	b46ab63181ff973ddce44ebc9ac24b269d42f481	commit \| diff

bpf: Support bpf_setsockopt() for BPF_CGROUP_INET_SOCK_CREATE.

We will support flagging sk->sk_bypass_prot_mem via bpf_setsockopt()
at the BPF_CGROUP_INET_SOCK_CREATE hook.

BPF_CGROUP_INET_SOCK_CREATE is invoked by __cgroup_bpf_run_filter_sk()
that passes a pointer to struct sock to the bpf prog as void *ctx.

But there are no bpf_func_proto for bpf_setsockopt() that receives
the ctx as a pointer to struct sock.

Also, bpf_getsockopt() will be necessary for a cgroup with multiple
bpf progs running.

Let's add new bpf_setsockopt() and bpf_getsockopt() variants for
BPF_CGROUP_INET_SOCK_CREATE.

Note that inet_create() is not under lock_sock() and has the same
semantics with bpf_lsm_unlocked_sockopt_hooks.

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Acked-by: Roman Gushchin <roman.gushchin@linux.dev>
Link: https://patch.msgid.link/20251014235604.3057003-5-kuniyu@google.com