From 35377bf0d0af3a07357e8c03762d680919fb3ec4 Mon Sep 17 00:00:00 2001
From: JofDiamonds <kwb0523@163.com>
Date: Mon, 17 Jul 2023 15:52:05 +0800
Subject: [PATCH] bpf: Add bpf_get_sockops_uid_gid helper function

hulk inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I7LTRR
CVE: NA

Reference: https://gitee.com/openeuler/kernel/commit/9d4b4a05ae00d7e5b2f8a33fdbdf974df182ccb7

--------------------------------

Add the function for bpf sock_ops hook to get sock's uid and gid.

Signed-off-by: Liu Jian <liujian56@huawei.com>
Conflicts:
	include/uapi/linux/bpf.h
	net/core/filter.c
	tools/include/uapi/linux/bpf.h
Signed-off-by: JofDiamonds <kwb0523@163.com>
Reviewed-by: wuchangye <wuchangye@huawei.com>
---
 include/uapi/linux/bpf.h       |  8 ++++++++
 net/core/filter.c              | 25 +++++++++++++++++++++++++
 tools/include/uapi/linux/bpf.h |  8 ++++++++
 3 files changed, 41 insertions(+)

diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h
index c994ff5b157c..12af3ddaf39b 100644
--- a/include/uapi/linux/bpf.h
+++ b/include/uapi/linux/bpf.h
@@ -5559,6 +5559,13 @@ union bpf_attr {
  *		0 on success.
  *
  *		**-ENOENT** if the bpf_local_storage cannot be found.
+ *
+ * u64 bpf_get_sockops_uid_gid(void *sockops)
+ *     Description
+ *             Get sock's uid and gid
+ *     Return
+ *             A 64-bit integer containing the current GID and UID, and
+ *             created as such: *current_gid* **<< 32 \|** *current_uid*.
  */
 #define ___BPF_FUNC_MAPPER(FN, ctx...)			\
 	FN(unspec, 0, ##ctx)				\
@@ -5773,6 +5780,7 @@ union bpf_attr {
 	FN(user_ringbuf_drain, 209, ##ctx)		\
 	FN(cgrp_storage_get, 210, ##ctx)		\
 	FN(cgrp_storage_delete, 211, ##ctx)		\
+	FN(get_sockops_uid_gid, 212, ##ctx)		\
 	/* */
 
 /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't
diff --git a/net/core/filter.c b/net/core/filter.c
index d9ce04ca22ce..f6fe4d24e48c 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5483,6 +5483,29 @@ static const struct bpf_func_proto bpf_sock_addr_setsockopt_proto = {
 	.arg5_type	= ARG_CONST_SIZE,
 };
 
+BPF_CALL_1(bpf_get_sockops_uid_gid, struct bpf_sock_ops_kern *, bpf_sock)
+{
+	struct sock *sk = bpf_sock->sk;
+	kuid_t uid;
+	kgid_t gid;
+
+	if (!sk || !sk_fullsock(sk))
+		return -EINVAL;
+
+	uid = sock_net_uid(sock_net(sk), sk);
+	gid = sock_net_gid(sock_net(sk), sk);
+
+	return ((u64)from_kgid_munged(sock_net(sk)->user_ns, gid)) << 32 |
+		from_kuid_munged(sock_net(sk)->user_ns, uid);
+}
+
+static const struct bpf_func_proto bpf_get_sockops_uid_gid_proto = {
+	.func		= bpf_get_sockops_uid_gid,
+	.gpl_only	= false,
+	.ret_type	= RET_INTEGER,
+	.arg1_type	= ARG_PTR_TO_CTX,
+};
+
 BPF_CALL_5(bpf_sock_addr_getsockopt, struct bpf_sock_addr_kern *, ctx,
 	   int, level, int, optname, char *, optval, int, optlen)
 {
@@ -8122,6 +8145,8 @@ sock_ops_func_proto(enum bpf_func_id func_id, const struct bpf_prog *prog)
 		return &bpf_sk_storage_delete_proto;
 	case BPF_FUNC_get_netns_cookie:
 		return &bpf_get_netns_cookie_sock_ops_proto;
+	case BPF_FUNC_get_sockops_uid_gid:
+		return &bpf_get_sockops_uid_gid_proto;
 #ifdef CONFIG_INET
 	case BPF_FUNC_load_hdr_opt:
 		return &bpf_sock_ops_load_hdr_opt_proto;
diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h
index c994ff5b157c..12af3ddaf39b 100644
--- a/tools/include/uapi/linux/bpf.h
+++ b/tools/include/uapi/linux/bpf.h
@@ -5559,6 +5559,13 @@ union bpf_attr {
  *		0 on success.
  *
  *		**-ENOENT** if the bpf_local_storage cannot be found.
+ *
+ * u64 bpf_get_sockops_uid_gid(void *sockops)
+ *     Description
+ *             Get sock's uid and gid
+ *     Return
+ *             A 64-bit integer containing the current GID and UID, and
+ *             created as such: *current_gid* **<< 32 \|** *current_uid*.
  */
 #define ___BPF_FUNC_MAPPER(FN, ctx...)			\
 	FN(unspec, 0, ##ctx)				\
@@ -5773,6 +5780,7 @@ union bpf_attr {
 	FN(user_ringbuf_drain, 209, ##ctx)		\
 	FN(cgrp_storage_get, 210, ##ctx)		\
 	FN(cgrp_storage_delete, 211, ##ctx)		\
+	FN(get_sockops_uid_gid, 212, ##ctx)		\
 	/* */
 
 /* backwards-compatibility macros for users of __BPF_FUNC_MAPPER that don't
-- 
GitLab