Re: Re: [PATCH bpf-next v2] bpf: Fix bpf_get/setsockopt to tos not take effect when TCP over IPv4 via INET6 API

From: Feng Zhou
Date: Fri Sep 13 2024 - 22:20:23 EST


在 2024/9/13 22:44, Eric Dumazet 写道:
On Tue, Aug 27, 2024 at 10:08 AM Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx> wrote:

在 2024/8/24 02:53, Eric Dumazet 写道:
On Fri, Aug 23, 2024 at 8:49 PM Martin KaFai Lau <martin.lau@xxxxxxxxx> wrote:

On 8/23/24 6:35 AM, Eric Dumazet wrote:
On Fri, Aug 23, 2024 at 10:53 AM Feng zhou <zhoufeng.zf@xxxxxxxxxxxxx> wrote:

From: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>

when TCP over IPv4 via INET6 API, bpf_get/setsockopt with ipv4 will
fail, because sk->sk_family is AF_INET6. With ipv6 will success, not
take effect, because inet_csk(sk)->icsk_af_ops is ipv6_mapped and
use ip_queue_xmit, inet_sk(sk)->tos.

So bpf_get/setsockopt needs add the judgment of this case. Just check
"inet_csk(sk)->icsk_af_ops == &ipv6_mapped".

| Reported-by: kernel test robot <lkp@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-kbuild-all/202408152034.lw9Ilsj6-lkp@xxxxxxxxx/
Signed-off-by: Feng Zhou <zhoufeng.zf@xxxxxxxxxxxxx>
---
Changelog:
v1->v2: Addressed comments from kernel test robot
- Fix compilation error
Details in here:
https://lore.kernel.org/bpf/202408152058.YXAnhLgZ-lkp@xxxxxxxxx/T/

include/net/tcp.h | 2 ++
net/core/filter.c | 6 +++++-
net/ipv6/tcp_ipv6.c | 6 ++++++
3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/include/net/tcp.h b/include/net/tcp.h
index 2aac11e7e1cc..ea673f88c900 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -493,6 +493,8 @@ struct request_sock *cookie_tcp_reqsk_alloc(const struct request_sock_ops *ops,
struct tcp_options_received *tcp_opt,
int mss, u32 tsoff);

+bool is_tcp_sock_ipv6_mapped(struct sock *sk);
+
#if IS_ENABLED(CONFIG_BPF)
struct bpf_tcp_req_attrs {
u32 rcv_tsval;
diff --git a/net/core/filter.c b/net/core/filter.c
index ecf2ddf633bf..02a825e35c4d 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5399,7 +5399,11 @@ static int sol_ip_sockopt(struct sock *sk, int optname,
char *optval, int *optlen,
bool getopt)
{
- if (sk->sk_family != AF_INET)
+ if (sk->sk_family != AF_INET
+#if IS_BUILTIN(CONFIG_IPV6)
+ && !is_tcp_sock_ipv6_mapped(sk)
+#endif
+ )
return -EINVAL;

This does not look right to me.

I would remove the test completely.

SOL_IP socket options are available on AF_INET6 sockets just fine.

Good point on the SOL_IP options.

The sk could be neither AF_INET nor AF_INET6. e.g. the bpf_get/setsockopt
calling from the bpf_lsm's socket_post_create). so the AF_INET test is still needed.


OK, then I suggest using sk_is_inet() helper.

Adding "&& sk->sk_family != AF_INET6" should do. From ipv6_setsockopt, I think
it also needs to consider the "sk->sk_type != SOCK_RAW".

Please add a test in the next re-spin.

pw-bot: cr

Thanks for your suggestion, I will add it in the next version.

Gentle ping.

Have you sent the new version ?

Sorry, there have been a lot of delays in work recently. V3 will be sent in two days. Thanks.